s3:utils: Add a testparm check for idmap autorid

What we want to avoid:

$ ./bin/testparm -s | grep "idmap config"
        idmap config * : rangesize = 10000
        idmap config * : range = 10000-19999
        idmap config * : backend = autorid

$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)

$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000

$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)

$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid

If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 98bcc219b1e8bfb24ed14f9f6c5b7596ff6fac59..58ba46bc15fbfaea648a64388327a0fa0b513dfb 100644 (file)
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -128,6 +128,21 @@ static bool lp_scan_idmap_found_domain(const char *string,
        return false; /* Keep scanning */
 }
 
+static int idmap_config_int(const char *domname, const char *option, int def)
+{
+       int len = snprintf(NULL, 0, "idmap config %s", domname);
+
+       if (len == -1) {
+               return def;
+       }
+       {
+               char config_option[len+1];
+               snprintf(config_option, sizeof(config_option),
+                        "idmap config %s", domname);
+               return lp_parm_int(-1, config_option, option, def);
+       }
+}
+
 static bool do_idmap_check(void)
 {
        struct idmap_domains *d;
@@ -157,6 +172,42 @@ static bool do_idmap_check(void)
                        rc);
        }
 
+       /* Check autorid backend */
+       if (strequal(lp_idmap_default_backend(), "autorid")) {
+               struct idmap_config *c = NULL;
+               bool found = false;
+
+               for (i = 0; i < d->count; i++) {
+                       c = &d->c[i];
+
+                       if (strequal(c->backend, "autorid")) {
+                               found = true;
+                               break;
+                       }
+               }
+
+               if (found) {
+                       uint32_t rangesize =
+                               idmap_config_int("*", "rangesize", 100000);
+                       uint32_t maxranges =
+                               (c->high - c->low  + 1) / rangesize;
+
+                       if (maxranges < 2) {
+                               fprintf(stderr,
+                                       "ERROR: The idmap autorid range "
+                                       "[%u-%u] needs to be at least twice as"
+                                       "big as the rangesize [%u]!"
+                                       "\n\n",
+                                       c->low,
+                                       c->high,
+                                       rangesize);
+                               ok = false;
+                               goto done;
+                       }
+               }
+       }
+
+       /* Check for overlapping idmap ranges */
        for (i = 0; i < d->count; i++) {
                struct idmap_config *c = &d->c[i];
                uint32_t j;