diff options
author | Jim McDonough <jmcd@samba.org> | 2003-02-20 22:46:37 +0000 |
---|---|---|
committer | Jim McDonough <jmcd@samba.org> | 2003-02-20 22:46:37 +0000 |
commit | 5bec7f5fcac1a3e5a48b04f140b96f03b88f0965 (patch) | |
tree | 5cb222ca209a4159336997d58f664d255642ba71 /source3/nsswitch | |
parent | 8d8a8c9633ea04d269d70b1fa8f4393cc73f7bbd (diff) | |
download | samba-5bec7f5fcac1a3e5a48b04f140b96f03b88f0965.tar.gz samba-5bec7f5fcac1a3e5a48b04f140b96f03b88f0965.tar.bz2 samba-5bec7f5fcac1a3e5a48b04f140b96f03b88f0965.zip |
From aliguori@us.ibm.com:
This patch adds the architecture for an IDMAP backend system including a new
smb.conf parameter "winbind backend". Right now, the only valid value is "tdb"
but I'm currently working on an LDAP backend.
(This used to be commit 35e4448dcb2deb0d5d34d9e974a49f2fb31f1356)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/winbindd.h | 25 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_idmap.c | 625 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_idmap_tdb.c | 519 |
3 files changed, 731 insertions, 438 deletions
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h index 164b7ffda7..a498b76626 100644 --- a/source3/nsswitch/winbindd.h +++ b/source3/nsswitch/winbindd.h @@ -4,6 +4,7 @@ Winbind daemon for ntdom nss module Copyright (C) Tim Potter 2000 + Copyright (C) Anthony Liguori 2003 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -195,6 +196,30 @@ typedef struct { POLICY_HND pol; } CLI_POLICY_HND; +/* Filled out by IDMAP backends */ +struct idmap_methods { + /* Called when backend is first loaded */ + BOOL (*init)(void); + + BOOL (*get_sid_from_uid)(uid_t uid, DOM_SID *sid); + BOOL (*get_sid_from_gid)(gid_t gid, DOM_SID *sid); + + BOOL (*get_uid_from_sid)(DOM_SID *sid, uid_t *uid); + BOOL (*get_gid_from_sid)(DOM_SID *sid, gid_t *gid); + + BOOL (*get_rid_from_uid)(uid_t uid, uint32 *user_rid, + struct winbindd_domain **domain); + BOOL (*get_rid_from_gid)(gid_t gid, uint32 *group_rid, + struct winbindd_domain **domain); + BOOL (*get_uid_from_rid)(const char *dom_name, uint32 rid, uid_t *uid); + BOOL (*get_gid_from_rid)(const char *dom_name, uint32 rid, gid_t *gid); + + /* Called when backend is unloaded */ + BOOL (*close)(void); + /* Called to dump backend status */ + void (*status)(void); +}; + #include "winbindd_proto.h" #include "rpc_parse.h" diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c index 6d184fec5f..d9448ef859 100644 --- a/source3/nsswitch/winbindd_idmap.c +++ b/source3/nsswitch/winbindd_idmap.c @@ -1,20 +1,19 @@ /* Unix SMB/CIFS implementation. - - Winbind daemon - user related function - + Winbind ID Mapping Copyright (C) Tim Potter 2000 - + Copyright (C) Anthony Liguori <aliguor@us.ibm.com> 2003 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. @@ -22,508 +21,258 @@ #include "winbindd.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* High water mark keys */ - -#define HWM_GROUP "GROUP HWM" -#define HWM_USER "USER HWM" - -/* idmap version determines auto-conversion */ -#define IDMAP_VERSION 2 - -/* Globals */ - -static TDB_CONTEXT *idmap_tdb; - -/* Allocate either a user or group id from the pool */ - -static BOOL allocate_id(uid_t *id, BOOL isgroup) +static struct { + const char *name; + /* Function to create a member of the idmap_methods list */ + BOOL (*reg_meth)(struct idmap_methods **methods); + struct idmap_methods *methods; +} builtin_idmap_functions[] = { + { "tdb", winbind_idmap_reg_tdb, NULL }, + /* { "ldap", winbind_idmap_reg_ldap, NULL },*/ + { NULL, NULL, NULL } +}; + +/* singleton pattern: uberlazy evaluation */ +static struct idmap_methods *impl; + +static struct idmap_methods *get_impl(const char *name) { - int hwm; - - /* Get current high water mark */ - - if ((hwm = tdb_fetch_int32(idmap_tdb, - isgroup ? HWM_GROUP : HWM_USER)) == -1) { - return False; - } - - /* Return next available uid in list */ + int i = 0; + struct idmap_methods *ret = NULL; - if ((isgroup && (hwm > server_state.gid_high)) || - (!isgroup && (hwm > server_state.uid_high))) { - DEBUG(0, ("winbind %sid range full!\n", isgroup ? "g" : "u")); - return False; - } + while (builtin_idmap_functions[i].name && + strcmp(builtin_idmap_functions[i].name, name)) { + i++; + } - if (id) { - *id = hwm; + if (builtin_idmap_functions[i].name) { + if (!builtin_idmap_functions[i].methods) { + builtin_idmap_functions[i].reg_meth(&builtin_idmap_functions[i].methods); } - hwm++; + ret = builtin_idmap_functions[i].methods; + } - /* Store new high water mark */ - - tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm); - - return True; + return ret; } -/* Get an id from a rid */ -static BOOL get_id_from_sid(DOM_SID *sid, uid_t *id, BOOL isgroup) +/* Initialize backend */ +BOOL winbindd_idmap_init(void) { - TDB_DATA data, key; - fstring keystr; - BOOL result = False; - - /* Check if sid is present in database */ - sid_to_string(keystr, sid); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(idmap_tdb, key); + BOOL ret = False; - if (data.dptr) { - fstring scanstr; - int the_id; + DEBUG(3, ("winbindd_idmap_init: using '%s' as backend\n", + lp_winbind_backend())); - /* Parse and return existing uid */ - fstrcpy(scanstr, isgroup ? "GID" : "UID"); - fstrcat(scanstr, " %d"); - - if (sscanf(data.dptr, scanstr, &the_id) == 1) { - /* Store uid */ - if (id) { - *id = the_id; - } - - result = True; - } - - SAFE_FREE(data.dptr); - } else { - - /* Allocate a new id for this sid */ + if (!impl) { + impl = get_impl(lp_winbind_backend()); + if (!impl) { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } + } - if (id && allocate_id(id, isgroup)) { - fstring keystr2; + if (impl) { + ret = impl->init(); + } - /* Store new id */ - - slprintf(keystr2, sizeof(keystr2), "%s %d", isgroup ? "GID" : "UID", *id); + DEBUG(3, ("winbind_idmap_init: returning %s\n", ret ? "true" : "false")); - data.dptr = keystr2; - data.dsize = strlen(keystr2) + 1; + return ret; +} - tdb_store(idmap_tdb, key, data, TDB_REPLACE); - tdb_store(idmap_tdb, data, key, TDB_REPLACE); +/* Get UID from SID */ +BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid) +{ + BOOL ret = False; - result = True; - } + if (!impl) { + impl = get_impl(lp_winbind_backend()); + if (!impl) { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); } + } - return result; -} + if (impl) { + ret = impl->get_uid_from_sid(sid, uid); + } -/* Get a uid from a user sid */ -BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid) -{ - return get_id_from_sid(sid, uid, False); + return ret; } -/* Get a gid from a group sid */ +/* Get GID from SID */ BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid) { - return get_id_from_sid(sid, gid, True); -} - -/* Get a uid from a user rid */ -BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, uid_t *uid) -{ - struct winbindd_domain *domain; - DOM_SID sid; + BOOL ret = False; - if (!(domain = find_domain_from_name(dom_name))) { - return False; - } + if (!impl) { + impl = get_impl(lp_winbind_backend()); + if (!impl) { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } + } - sid_copy(&sid, &domain->sid); - sid_append_rid(&sid, rid); + if (impl) { + ret = impl->get_gid_from_sid(sid, gid); + } - return get_id_from_sid(&sid, uid, False); + return ret; } -/* Get a gid from a group rid */ -BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, gid_t *gid) +/* Get UID from RID */ +BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, + uid_t *uid) { - struct winbindd_domain *domain; - DOM_SID sid; + BOOL ret = False; - if (!(domain = find_domain_from_name(dom_name))) { - return False; - } + if (!impl) { + impl = get_impl(lp_winbind_backend()); + if (!impl) { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } + } - sid_copy(&sid, &domain->sid); - sid_append_rid(&sid, rid); + if (impl) { + ret = impl->get_uid_from_rid(dom_name, rid, uid); + } - return get_id_from_sid(&sid, gid, True); + return ret; } - -BOOL get_sid_from_id(int id, DOM_SID *sid, BOOL isgroup) +/* Get GID From RID */ +BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, + gid_t *gid) { - TDB_DATA key, data; - fstring keystr; - BOOL result = False; - - slprintf(keystr, sizeof(keystr), "%s %d", isgroup ? "GID" : "UID", id); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; + BOOL ret = False; - data = tdb_fetch(idmap_tdb, key); - - if (data.dptr) { - result = string_to_sid(sid, data.dptr); - SAFE_FREE(data.dptr); + if (!impl) { + impl = get_impl(lp_winbind_backend()); + if (!impl) { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); } + } + + if (impl) { + ret = impl->get_gid_from_rid(dom_name, rid, gid); + } - return result; + return ret; } -/* Get a sid from a uid */ +/* Get SID from UID */ BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid) { - return get_sid_from_id((int)uid, sid, False); -} + BOOL ret = False; -/* Get a sid from a gid */ -BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid) -{ - return get_sid_from_id((int)gid, sid, True); + if (!impl) { + impl = get_impl(lp_winbind_backend()); + if (!impl) { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } + } + + if (impl) { + ret = impl->get_sid_from_uid(uid, sid); + } + + return ret; } -/* Get a user rid from a uid */ -BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid, - struct winbindd_domain **domain) +/* Get SID from GID */ +BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid) { - DOM_SID sid; + BOOL ret = False; - if (!get_sid_from_id((int)uid, &sid, False)) { - return False; - } + if (!impl) { + impl = get_impl(lp_winbind_backend()); + } - *domain = find_domain_from_sid(&sid); - if (! *domain) return False; + if (impl) { + ret = impl->get_sid_from_gid(gid, sid); + } else { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } - sid_split_rid(&sid, user_rid); - - return True; + return ret; } -/* Get a group rid from a gid */ - -BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, +/* Get RID From UID */ +BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid, struct winbindd_domain **domain) { - DOM_SID sid; - - if (!get_sid_from_id((int)gid, &sid, True)) { - return False; - } + BOOL ret = False; - *domain = find_domain_from_sid(&sid); - if (! *domain) return False; + if (!impl) { + impl = get_impl(lp_winbind_backend()); + } - sid_split_rid(&sid, group_rid); + if (impl) { + ret = impl->get_rid_from_uid(uid, user_rid, domain); + } else { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } - return True; + return ret; } -/* convert one record to the new format */ -static int convert_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA data, void *ignored) +/* Get RID from GID */ +BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, + struct winbindd_domain **domain) { - struct winbindd_domain *domain; - char *p; - DOM_SID sid; - uint32 rid; - fstring keystr; - fstring dom_name; - TDB_DATA key2; - - p = strchr(key.dptr, '/'); - if (!p) - return 0; - - *p = 0; - fstrcpy(dom_name, key.dptr); - *p++ = '/'; - - domain = find_domain_from_name(dom_name); - if (!domain) { - /* We must delete the old record. */ - DEBUG(0,("winbindd: convert_fn : Unable to find domain %s\n", dom_name )); - DEBUG(0,("winbindd: convert_fn : deleting record %s\n", key.dptr )); - tdb_delete(idmap_tdb, key); - return 0; - } - - rid = atoi(p); - - sid_copy(&sid, &domain->sid); - sid_append_rid(&sid, rid); - - sid_to_string(keystr, &sid); - key2.dptr = keystr; - key2.dsize = strlen(keystr) + 1; - - if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) { - /* not good! */ - DEBUG(0,("winbindd: convert_fn : Unable to update record %s\n", key2.dptr )); - DEBUG(0,("winbindd: convert_fn : conversion failed - idmap corrupt ?\n")); - return -1; - } - - if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) { - /* not good! */ - DEBUG(0,("winbindd: convert_fn : Unable to update record %s\n", data.dptr )); - DEBUG(0,("winbindd: convert_fn : conversion failed - idmap corrupt ?\n")); - return -1; - } - - tdb_delete(idmap_tdb, key); - - return 0; -} + BOOL ret = False; -#if 0 -/***************************************************************************** - Make a backup copy of the old idmap just to be safe.... JRA. -*****************************************************************************/ + if (!impl) { + impl = get_impl(lp_winbind_backend()); + } -static BOOL backup_old_idmap(const char *idmap_name) -{ - pstring new_name; - int outfd = -1; - SMB_OFF_T size; - struct stat st; - - pstrcpy(new_name, idmap_name); - pstrcat(new_name, ".bak"); - - DEBUG(10,("backup_old_idmap: backing up %s to %s before upgrade.\n", - idmap_name, new_name )); - - if (tdb_lockall(idmap_tdb) == -1) { - DEBUG(10,("backup_old_idmap: failed to lock %s. Error %s\n", - idmap_name, tdb_errorstr(idmap_tdb) )); - return False; - } - if ((outfd = open(new_name, O_CREAT|O_EXCL|O_RDWR, 0600)) == -1) { - DEBUG(10,("backup_old_idmap: failed to open %s. Error %s\n", - new_name, strerror(errno) )); - goto fail; - } - - if (fstat(idmap_tdb->fd, &st) == -1) { - DEBUG(10,("backup_old_idmap: failed to fstat %s. Error %s\n", - idmap_name, strerror(errno) )); - goto fail; - } - - size = (SMB_OFF_T)st.st_size; - - if (transfer_file(idmap_tdb->fd, outfd, size) != size ) { - DEBUG(10,("backup_old_idmap: failed to copy %s. Error %s\n", - idmap_name, strerror(errno) )); - goto fail; - } - - if (close(outfd) == -1) { - DEBUG(10,("backup_old_idmap: failed to close %s. Error %s\n", - idmap_name, strerror(errno) )); - outfd = -1; - goto fail; - } - tdb_unlockall(idmap_tdb); - return True; - -fail: - - if (outfd != -1) - close(outfd); - tdb_unlockall(idmap_tdb); - return False; -} -#endif - -/***************************************************************************** - Convert the idmap database from an older version. -*****************************************************************************/ + if (impl) { + ret = impl->get_rid_from_gid(gid, group_rid, domain); + } else { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } -static BOOL idmap_convert(const char *idmap_name) -{ - int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); - BOOL bigendianheader = (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False; - - if (vers == IDMAP_VERSION) - return True; - -#if 0 - /* Make a backup copy before doing anything else.... */ - if (!backup_old_idmap(idmap_name)) - return False; -#endif - - if (((vers == -1) && bigendianheader) || (IREV(vers) == IDMAP_VERSION)) { - /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */ - /* - * high and low records were created on a - * big endian machine and will need byte-reversing. - */ - - int32 wm; - - wm = tdb_fetch_int32(idmap_tdb, HWM_USER); - - if (wm != -1) { - wm = IREV(wm); - } else - wm = server_state.uid_low; - - if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { - DEBUG(0, ("idmap_convert: Unable to byteswap user hwm in idmap database\n")); - return False; - } - - wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); - if (wm != -1) { - wm = IREV(wm); - } else - wm = server_state.gid_low; - - if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { - DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n")); - return False; - } - } - - /* the old format stored as DOMAIN/rid - now we store the SID direct */ - tdb_traverse(idmap_tdb, convert_fn, NULL); - - if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == -1) { - DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n")); - return False; - } - - return True; -} - -/***************************************************************************** - Initialise idmap database. -*****************************************************************************/ - -BOOL winbindd_idmap_init(void) -{ - /* Open tdb cache */ - - if (!(idmap_tdb = tdb_open_log(lock_path("winbindd_idmap.tdb"), 0, - TDB_DEFAULT, O_RDWR | O_CREAT, 0600))) { - DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n")); - return False; - } - - /* possibly convert from an earlier version */ - if (!idmap_convert(lock_path("winbindd_idmap.tdb"))) { - DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n")); - return False; - } - - /* Create high water marks for group and user id */ - - if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) { - if (tdb_store_int32(idmap_tdb, HWM_USER, server_state.uid_low) == -1) { - DEBUG(0, ("winbindd_idmap_init: Unable to initialise user hwm in idmap database\n")); - return False; - } - } - - if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) { - if (tdb_store_int32(idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) { - DEBUG(0, ("winbindd_idmap_init: Unable to initialise group hwm in idmap database\n")); - return False; - } - } - - return True; + return ret; } +/* Close backend */ BOOL winbindd_idmap_close(void) { - if (idmap_tdb) - return (tdb_close(idmap_tdb) == 0); - return True; -} + BOOL ret = False; -/* Dump status information to log file. Display different stuff based on - the debug level: + if (!impl) { + impl = get_impl(lp_winbind_backend()); + } - Debug Level Information Displayed - ================================================================= - 0 Percentage of [ug]id range allocated - 0 High water marks (next allocated ids) -*/ + if (impl) { + ret = impl->close(); + } else { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } -#define DUMP_INFO 0 + return ret; +} +/* Dump backend status */ void winbindd_idmap_status(void) { - int user_hwm, group_hwm; - - DEBUG(0, ("winbindd idmap status:\n")); - - /* Get current high water marks */ - - if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) { - DEBUG(DUMP_INFO, ("\tCould not get userid high water mark!\n")); - } - - if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) { - DEBUG(DUMP_INFO, ("\tCould not get groupid high water mark!\n")); - } - - /* Display next ids to allocate */ - - if (user_hwm != -1) { - DEBUG(DUMP_INFO, ("\tNext userid to allocate is %d\n", user_hwm)); - } - - if (group_hwm != -1) { - DEBUG(DUMP_INFO, ("\tNext groupid to allocate is %d\n", group_hwm)); - } - - /* Display percentage of id range already allocated. */ - - if (user_hwm != -1) { - int num_users = user_hwm - server_state.uid_low; - int total_users = server_state.uid_high - server_state.uid_low; - - DEBUG(DUMP_INFO, ("\tUser id range is %d%% full (%d of %d)\n", - num_users * 100 / total_users, num_users, - total_users)); - } - - if (group_hwm != -1) { - int num_groups = group_hwm - server_state.gid_low; - int total_groups = server_state.gid_high - server_state.gid_low; - - DEBUG(DUMP_INFO, ("\tGroup id range is %d%% full (%d of %d)\n", - num_groups * 100 / total_groups, num_groups, - total_groups)); - } - - /* Display complete mapping of users and groups to rids */ + if (!impl) { + impl = get_impl(lp_winbind_backend()); + } + + if (impl) { + impl->status(); + } else { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } } + diff --git a/source3/nsswitch/winbindd_idmap_tdb.c b/source3/nsswitch/winbindd_idmap_tdb.c new file mode 100644 index 0000000000..f27c3c1b5f --- /dev/null +++ b/source3/nsswitch/winbindd_idmap_tdb.c @@ -0,0 +1,519 @@ +/* + Unix SMB/CIFS implementation. + + Winbind daemon - user related function + + Copyright (C) Tim Potter 2000 + Copyright (C) Anthony Liguori 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "winbindd.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + +/* High water mark keys */ +#define HWM_GROUP "GROUP HWM" +#define HWM_USER "USER HWM" + +/* idmap version determines auto-conversion */ +#define IDMAP_VERSION 2 + +/* Globals */ +static TDB_CONTEXT *idmap_tdb; + +/* convert one record to the new format */ +static int tdb_convert_fn(TDB_CONTEXT * tdb, TDB_DATA key, TDB_DATA data, + void *ignored) +{ + struct winbindd_domain *domain; + char *p; + DOM_SID sid; + uint32 rid; + fstring keystr; + fstring dom_name; + TDB_DATA key2; + + p = strchr(key.dptr, '/'); + if (!p) + return 0; + + *p = 0; + fstrcpy(dom_name, key.dptr); + *p++ = '/'; + + domain = find_domain_from_name(dom_name); + if (!domain) { + /* We must delete the old record. */ + DEBUG(0, + ("winbindd: tdb_convert_fn : Unable to find domain %s\n", + dom_name)); + DEBUG(0, + ("winbindd: tdb_convert_fn : deleting record %s\n", + key.dptr)); + tdb_delete(idmap_tdb, key); + return 0; + } + + rid = atoi(p); + + sid_copy(&sid, &domain->sid); + sid_append_rid(&sid, rid); + + sid_to_string(keystr, &sid); + key2.dptr = keystr; + key2.dsize = strlen(keystr) + 1; + + if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) { + /* not good! */ + DEBUG(0, + ("winbindd: tdb_convert_fn : Unable to update record %s\n", + key2.dptr)); + DEBUG(0, + ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n")); + return -1; + } + + if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) { + /* not good! */ + DEBUG(0, + ("winbindd: tdb_convert_fn : Unable to update record %s\n", + data.dptr)); + DEBUG(0, + ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n")); + return -1; + } + + tdb_delete(idmap_tdb, key); + + return 0; +} + +/***************************************************************************** + Convert the idmap database from an older version. +*****************************************************************************/ +static BOOL tdb_idmap_convert(const char *idmap_name) +{ + int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); + BOOL bigendianheader = + (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False; + + if (vers == IDMAP_VERSION) + return True; + + if (((vers == -1) && bigendianheader) + || (IREV(vers) == IDMAP_VERSION)) { + /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */ + /* + * high and low records were created on a + * big endian machine and will need byte-reversing. + */ + + int32 wm; + + wm = tdb_fetch_int32(idmap_tdb, HWM_USER); + + if (wm != -1) { + wm = IREV(wm); + } else + wm = server_state.uid_low; + + if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { + DEBUG(0, + ("tdb_idmap_convert: Unable to byteswap user hwm in idmap database\n")); + return False; + } + + wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); + if (wm != -1) { + wm = IREV(wm); + } else + wm = server_state.gid_low; + + if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { + DEBUG(0, + ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n")); + return False; + } + } + + /* the old format stored as DOMAIN/rid - now we store the SID direct */ + tdb_traverse(idmap_tdb, tdb_convert_fn, NULL); + + if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == + -1) { + DEBUG(0, + ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n")); + return False; + } + + return True; +} + +/* Allocate either a user or group id from the pool */ +static BOOL tdb_allocate_id(uid_t * id, BOOL isgroup) +{ + int hwm; + + /* Get current high water mark */ + if ((hwm = tdb_fetch_int32(idmap_tdb, + isgroup ? HWM_GROUP : HWM_USER)) == + -1) { + return False; + } + + /* Return next available uid in list */ + if ((isgroup && (hwm > server_state.gid_high)) || + (!isgroup && (hwm > server_state.uid_high))) { + DEBUG(0, + ("winbind %sid range full!\n", isgroup ? "g" : "u")); + return False; + } + + if (id) { + *id = hwm; + } + + hwm++; + + /* Store new high water mark */ + tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm); + + return True; +} + +/* Get a sid from an id */ +static BOOL tdb_get_sid_from_id(int id, DOM_SID * sid, BOOL isgroup) +{ + TDB_DATA key, data; + fstring keystr; + BOOL result = False; + + slprintf(keystr, sizeof(keystr), "%s %d", isgroup ? "GID" : "UID", + id); + + key.dptr = keystr; + key.dsize = strlen(keystr) + 1; + + data = tdb_fetch(idmap_tdb, key); + + if (data.dptr) { + result = string_to_sid(sid, data.dptr); + SAFE_FREE(data.dptr); + } + + return result; +} + +/* Get an id from a sid */ +static BOOL tdb_get_id_from_sid(DOM_SID * sid, uid_t * id, BOOL isgroup) +{ + TDB_DATA data, key; + fstring keystr; + BOOL result = False; + + /* Check if sid is present in database */ + sid_to_string(keystr, sid); + + key.dptr = keystr; + key.dsize = strlen(keystr) + 1; + + data = tdb_fetch(idmap_tdb, key); + + if (data.dptr) { + fstring scanstr; + int the_id; + + /* Parse and return existing uid */ + fstrcpy(scanstr, isgroup ? "GID" : "UID"); + fstrcat(scanstr, " %d"); + + if (sscanf(data.dptr, scanstr, &the_id) == 1) { + /* Store uid */ + if (id) { + *id = the_id; + } + + result = True; + } + + SAFE_FREE(data.dptr); + } else { + + /* Allocate a new id for this sid */ + if (id && tdb_allocate_id(id, isgroup)) { + fstring keystr2; + + /* Store new id */ + slprintf(keystr2, sizeof(keystr2), "%s %d", + isgroup ? "GID" : "UID", *id); + + data.dptr = keystr2; + data.dsize = strlen(keystr2) + 1; + + tdb_store(idmap_tdb, key, data, TDB_REPLACE); + tdb_store(idmap_tdb, data, key, TDB_REPLACE); + + result = True; + } + } + + return result; +} + +/***************************************************************************** + Initialise idmap database. +*****************************************************************************/ +static BOOL tdb_idmap_init(void) +{ + /* Open tdb cache */ + if (!(idmap_tdb = tdb_open_log(lock_path("winbindd_idmap.tdb"), 0, + TDB_DEFAULT, O_RDWR | O_CREAT, + 0600))) { + DEBUG(0, + ("winbindd_idmap_init: Unable to open idmap database\n")); + return False; + } + + /* possibly convert from an earlier version */ + if (!tdb_idmap_convert(lock_path("winbindd_idmap.tdb"))) { + DEBUG(0, + ("winbindd_idmap_init: Unable to open idmap database\n")); + return False; + } + + /* Create high water marks for group and user id */ + if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) { + if (tdb_store_int32 + (idmap_tdb, HWM_USER, server_state.uid_low) == -1) { + DEBUG(0, + ("winbindd_idmap_init: Unable to initialise user hwm in idmap database\n")); + return False; + } + } + + if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) { + if (tdb_store_int32 + (idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) { + DEBUG(0, + ("winbindd_idmap_init: Unable to initialise group hwm in idmap database\n")); + return False; + } + } + + return True; +} + +/* Get a sid from a uid */ +static BOOL tdb_get_sid_from_uid(uid_t uid, DOM_SID * sid) +{ + return tdb_get_sid_from_id((int) uid, sid, False); +} + +/* Get a sid from a gid */ +static BOOL tdb_get_sid_from_gid(gid_t gid, DOM_SID * sid) +{ + return tdb_get_sid_from_id((int) gid, sid, True); +} + +/* Get a uid from a sid */ +static BOOL tdb_get_uid_from_sid(DOM_SID * sid, uid_t * uid) +{ + return tdb_get_id_from_sid(sid, uid, False); +} + +/* Get a gid from a group sid */ +static BOOL tdb_get_gid_from_sid(DOM_SID * sid, gid_t * gid) +{ + return tdb_get_id_from_sid(sid, gid, True); +} + +/* Get a uid from a user rid */ +static BOOL tdb_get_uid_from_rid(const char *dom_name, uint32 rid, + uid_t * uid) +{ + struct winbindd_domain *domain; + DOM_SID sid; + + if (!(domain = find_domain_from_name(dom_name))) { + return False; + } + + sid_copy(&sid, &domain->sid); + sid_append_rid(&sid, rid); + + return tdb_get_id_from_sid(&sid, uid, False); +} + +/* Get a gid from a group rid */ +static BOOL tdb_get_gid_from_rid(const char *dom_name, uint32 rid, + gid_t * gid) +{ + struct winbindd_domain *domain; + DOM_SID sid; + + if (!(domain = find_domain_from_name(dom_name))) { + return False; + } + + sid_copy(&sid, &domain->sid); + sid_append_rid(&sid, rid); + + return tdb_get_id_from_sid(&sid, gid, True); +} + +/* Get a user rid from a uid */ +static BOOL tdb_get_rid_from_uid(uid_t uid, uint32 * user_rid, + struct winbindd_domain **domain) +{ + DOM_SID sid; + + if (!tdb_get_sid_from_id((int) uid, &sid, False)) { + return False; + } + + *domain = find_domain_from_sid(&sid); + if (!*domain) + return False; + + sid_split_rid(&sid, user_rid); + + return True; +} + +/* Get a group rid from a gid */ +static BOOL tdb_get_rid_from_gid(gid_t gid, uint32 * group_rid, + struct winbindd_domain **domain) +{ + DOM_SID sid; + + if (!tdb_get_sid_from_id((int) gid, &sid, True)) { + return False; + } + + *domain = find_domain_from_sid(&sid); + if (!*domain) + return False; + + sid_split_rid(&sid, group_rid); + + return True; +} + +/* Close the tdb */ +static BOOL tdb_idmap_close(void) +{ + if (idmap_tdb) + return (tdb_close(idmap_tdb) == 0); + return True; +} + + +/* Dump status information to log file. Display different stuff based on + the debug level: + + Debug Level Information Displayed + ================================================================= + 0 Percentage of [ug]id range allocated + 0 High water marks (next allocated ids) +*/ + +#define DUMP_INFO 0 + +static void tdb_idmap_status(void) +{ + int user_hwm, group_hwm; + + DEBUG(0, ("winbindd idmap status:\n")); + + /* Get current high water marks */ + + if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) { + DEBUG(DUMP_INFO, + ("\tCould not get userid high water mark!\n")); + } + + if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) { + DEBUG(DUMP_INFO, + ("\tCould not get groupid high water mark!\n")); + } + + /* Display next ids to allocate */ + + if (user_hwm != -1) { + DEBUG(DUMP_INFO, + ("\tNext userid to allocate is %d\n", user_hwm)); + } + + if (group_hwm != -1) { + DEBUG(DUMP_INFO, + ("\tNext groupid to allocate is %d\n", group_hwm)); + } + + /* Display percentage of id range already allocated. */ + + if (user_hwm != -1) { + int num_users = user_hwm - server_state.uid_low; + int total_users = + server_state.uid_high - server_state.uid_low; + + DEBUG(DUMP_INFO, + ("\tUser id range is %d%% full (%d of %d)\n", + num_users * 100 / total_users, num_users, + total_users)); + } + + if (group_hwm != -1) { + int num_groups = group_hwm - server_state.gid_low; + int total_groups = + server_state.gid_high - server_state.gid_low; + + DEBUG(DUMP_INFO, + ("\tGroup id range is %d%% full (%d of %d)\n", + num_groups * 100 / total_groups, num_groups, + total_groups)); + } + + /* Display complete mapping of users and groups to rids */ +} + +struct idmap_methods tdb_idmap_methods = { + tdb_idmap_init, + + tdb_get_sid_from_uid, + tdb_get_sid_from_gid, + + tdb_get_uid_from_sid, + tdb_get_gid_from_sid, + + tdb_get_rid_from_uid, + tdb_get_rid_from_gid, + + tdb_get_uid_from_rid, + tdb_get_gid_from_rid, + + tdb_idmap_close, + + tdb_idmap_status +}; + +BOOL winbind_idmap_reg_tdb(struct idmap_methods **meth) +{ + *meth = &tdb_idmap_methods; + + return True; +} |