diff options
| author | Simo Sorce <idra@samba.org> | 2003-04-27 12:07:20 +0000 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2003-04-27 12:07:20 +0000 |
| commit | c737b1f7587ca7d32a974c6249eec9510e566a9c (patch) | |
| tree | e64d93c90d9ef832a1bf50f535d60752bb383392 /source3/nsswitch | |
| parent | d2fd4707ab6c53d1dd886c6ec189163d12c8ce8b (diff) | |
| download | samba-c737b1f7587ca7d32a974c6249eec9510e566a9c.tar.gz samba-c737b1f7587ca7d32a974c6249eec9510e566a9c.tar.bz2 samba-c737b1f7587ca7d32a974c6249eec9510e566a9c.zip | |
make winbind use idmap as well.
change idmap_init call
removed ldap backend for winbind idmap, seem it had problems anyway and it
have to be reworked to work with idmap without calling winbind code.
simo
(This used to be commit 9d7d007443fc75264b2764b90f272ffc40c9be6c)
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/winbindd.c | 5 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_group.c | 31 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_idmap.c | 195 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_idmap_ldap.c | 395 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_idmap_tdb.c | 459 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_sid.c | 20 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_user.c | 28 |
7 files changed, 54 insertions, 1079 deletions
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index ff21a4644f..1be5a18c7c 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -128,7 +128,6 @@ static void winbindd_status(void) static void print_winbindd_status(void) { winbindd_status(); - winbindd_idmap_status(); winbindd_cm_status(); } @@ -146,7 +145,7 @@ static void terminate(void) { pstring path; - winbindd_idmap_close(); + idmap_close(); /* Remove socket file */ snprintf(path, sizeof(path), "%s/%s", @@ -755,7 +754,7 @@ BOOL winbind_setup_common(void) /* Winbind daemon initialisation */ - if (!winbindd_idmap_init()) + if (!idmap_init()) return False; /* Unblock all signals we are interested in as they may have been diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index d06db5943c..02114a3891 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -193,8 +193,9 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) enum SID_NAME_USE name_type; fstring name_domain, name_group; char *tmp, *gr_mem; - gid_t gid; int gr_mem_len; + unid_t id; + int id_type; /* Ensure null termination */ state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0'; @@ -233,13 +234,14 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) { + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, &group_sid))) { DEBUG(1, ("error converting unix gid to sid\n")); return WINBINDD_ERROR; } if (!fill_grent(&state->response.data.gr, name_domain, - name_group, gid) || + name_group, id.gid) || !fill_grent_mem(domain, &group_sid, name_type, &state->response.data.gr.num_gr_mem, &gr_mem, &gr_mem_len)) { @@ -267,6 +269,7 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) fstring group_name; int gr_mem_len; char *gr_mem; + unid_t id; DEBUG(3, ("[%5d]: getgrgid %d\n", state->pid, state->request.data.gid)); @@ -278,8 +281,8 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) return WINBINDD_ERROR; /* Get rid from gid */ - - if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &group_sid)) { + id.gid = state->request.data.gid; + if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(&group_sid, id, ID_GROUPID))) { DEBUG(1, ("could not convert gid %d to rid\n", state->request.data.gid)); return WINBINDD_ERROR; @@ -544,6 +547,8 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) char *gr_mem, *new_gr_mem_list; DOM_SID group_sid; struct winbindd_domain *domain; + unid_t id; + int id_type; /* Do we need to fetch another chunk of groups? */ @@ -590,9 +595,8 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) sid_copy(&group_sid, &domain->sid); sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid); - if (!winbindd_idmap_get_gid_from_sid( - &group_sid, - &group_gid)) { + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, &group_sid))) { DEBUG(1, ("could not look up gid for group %s\n", name_list[ent->sam_entry_index].acct_name)); @@ -600,6 +604,7 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) ent->sam_entry_index++; goto tryagain; } + group_gid = id.gid; DEBUG(10, ("got gid %d for group %x\n", group_gid, name_list[ent->sam_entry_index].rid)); @@ -869,16 +874,18 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; for (i = 0; i < num_groups; i++) { - if (!winbindd_idmap_get_gid_from_sid( - user_gids[i], - &gid_list[num_gids])) { + unid_t id; + int id_type; + + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, user_gids[i]))) { fstring sid_string; DEBUG(1, ("unable to convert group sid %s to gid\n", sid_to_string(sid_string, user_gids[i]))); continue; } - + gid_list[num_gids] = id.gid; num_gids++; } diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c deleted file mode 100644 index 23f4b4d081..0000000000 --- a/source3/nsswitch/winbindd_idmap.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Winbind ID Mapping - Copyright (C) Tim Potter 2000 - Copyright (C) Anthony Liguori <aliguor@us.ibm.com> 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -static struct { - const char *name; - /* Function to create a member of the idmap_methods list */ - BOOL (*reg_meth)(struct winbindd_idmap_methods **methods); - struct winbindd_idmap_methods *methods; -} builtin_winbindd_idmap_functions[] = { - { "tdb", winbind_idmap_reg_tdb, NULL }, - { "ldap", winbind_idmap_reg_ldap, NULL }, - { NULL, NULL, NULL } -}; - -/* singleton pattern: uberlazy evaluation */ -static struct winbindd_idmap_methods *impl; - -static struct winbindd_idmap_methods *get_impl(const char *name) -{ - int i = 0; - struct winbindd_idmap_methods *ret = NULL; - - while (builtin_winbindd_idmap_functions[i].name && - strcmp(builtin_winbindd_idmap_functions[i].name, name)) { - i++; - } - - if (builtin_winbindd_idmap_functions[i].name) { - if (!builtin_winbindd_idmap_functions[i].methods) { - builtin_winbindd_idmap_functions[i].reg_meth(&builtin_winbindd_idmap_functions[i].methods); - } - - ret = builtin_winbindd_idmap_functions[i].methods; - } - - return ret; -} - -/* Initialize backend */ -BOOL winbindd_idmap_init(void) -{ - BOOL ret = False; - - DEBUG(3, ("winbindd_idmap_init: using '%s' as backend\n", - lp_winbind_backend())); - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - } - - if (impl) { - ret = impl->init(); - } - - DEBUG(3, ("winbind_idmap_init: returning %s\n", ret ? "true" : "false")); - - return ret; -} - -/* Get UID from SID */ -BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - } - - if (impl) { - ret = impl->get_uid_from_sid(sid, uid); - } - - return ret; -} - -/* Get GID from SID */ -BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - } - - if (impl) { - ret = impl->get_gid_from_sid(sid, gid); - } - - return ret; -} - -/* Get SID from UID */ -BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - } - - if (impl) { - ret = impl->get_sid_from_uid(uid, sid); - } - - return ret; -} - -/* Get SID from GID */ -BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - } - - if (impl) { - ret = impl->get_sid_from_gid(gid, sid); - } else { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - - return ret; -} - -/* Close backend */ -BOOL winbindd_idmap_close(void) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - } - - if (impl) { - ret = impl->close(); - } else { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - - return ret; -} - -/* Dump backend status */ -void winbindd_idmap_status(void) -{ - if (!impl) { - impl = get_impl(lp_winbind_backend()); - } - - if (impl) { - impl->status(); - } else { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } -} diff --git a/source3/nsswitch/winbindd_idmap_ldap.c b/source3/nsswitch/winbindd_idmap_ldap.c deleted file mode 100644 index 55efb7f45c..0000000000 --- a/source3/nsswitch/winbindd_idmap_ldap.c +++ /dev/null @@ -1,395 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon - user related function - - Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -#ifdef HAVE_LDAP - -#include <lber.h> -#include <ldap.h> - -#include "smb_ldap.h" - -/* Globals */ -static struct smb_ldap_privates *ldap_state; - -static const char *attr[] = { "uid", "rid", "domain", "uidNumber", - "gidNumber", NULL }; - -static const char *pool_attr[] = {"uidNumber", "gidNumber", "cn", NULL}; - -static long ldap_allocate_id(BOOL is_user) -{ - int rc, count; - LDAPMessage *result; - int scope = LDAP_SCOPE_SUBTREE; - long ret = 0; - int sanity = 0; - - do { - rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, is_user?"cn=UID Pool":"cn=GID Pool", pool_attr, 0, &result); - - if (LDAP_SUCCESS != rc) { - DEBUG(0,("ldap_allocate_id: No ID pool found in directory\n")); - return 0; - } - - count = ldap_count_entries(ldap_state->ldap_struct, result); - - if (1 < count) { - DEBUG(0,("ldap_allocate_id: Multiple UID pools found in directory?\n")); - break; - } else if (1 == count) { - LDAPMessage *entry = - ldap_first_entry(ldap_state->ldap_struct, - result); - LDAPMod **mods = NULL; - pstring temp; - - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, is_user?"uidNumber":"gidNumber", temp)) { - return False; - } - ret = atol(temp); - smb_ldap_make_a_mod(&mods, LDAP_MOD_DELETE, - is_user?"uidNumber":"gidNumber", - temp); - slprintf(temp, sizeof(temp) - 1, "%ld", ret + 1); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, is_user?"uidNumber":"gidNumber", temp); - slprintf(temp, sizeof(temp) - 1, "cn=%cID Pool,%s", is_user?'U':'G', lp_ldap_user_suffix()); - rc = smb_ldap_modify(ldap_state, temp, mods); - ldap_mods_free(mods, 1); - } else { - DEBUG(0,("ldap_allocate_id: unexpected number of entries returned\n")); - break; - } - } while (LDAP_NO_SUCH_ATTRIBUTE == rc && ++sanity < 100); - - return ret; -} - -/***************************************************************************** - Initialise idmap database. -*****************************************************************************/ -static BOOL ldap_idmap_init(void) -{ - static struct smb_ldap_privates state; - ldap_state = &state; - -#ifdef WITH_LDAP_SAMCONFIG - { - int ldap_port = lp_ldap_port(); - char *uri; - /* remap default port if not using SSL */ - if (lp_ldap_ssl() != LDAP_SSL_ON && ldap_port == 636) { - ldap_port = 389; - } - - uri = NULL; - - asprintf(&uri, "%s://%s:%d", - lp_ldap_ssl() == LDAP_SSL_ON ? "ldaps" : "ldap", - lp_ldap_server(), ldap_port); - ldap_state->uri = uri; - if (!ldap_state->uri) { - DEBUG(0,("Out of memory\n")); - return False; - } - } -#else - ldap_state->uri = "ldap://localhost"; -#endif - return True; -} - -static BOOL ldap_get_sid_from_uid(uid_t uid, DOM_SID * sid) -{ - pstring filter; - int scope = LDAP_SCOPE_SUBTREE; - int rc, count; - LDAPMessage *result; - - slprintf(filter, sizeof(filter) - 1, "uidNumber=%i", uid); - - DEBUG(2, ("ldap_get_sid_from_uid: searching for:[%s]\n", filter)); - - rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); - if (LDAP_SUCCESS != rc) { - DEBUG(0,("ldap_get_sid_from_uid: user search failed\n")); - return False; - } - - count = ldap_count_entries(ldap_state->ldap_struct, result); - if (1 < count) { - DEBUG(0,("More than one user exists where: %s\n", filter)); - ldap_msgfree(result); - return False; - } else if (1 == count) { - /* we found the user, get the users RID */ - LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, - result); - pstring temp, domain; - uint32 rid; - struct winbindd_domain *wb_dom; - - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "domain", domain)) { - return False; - } - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "rid", temp)) { - return False; - } - rid = (uint32)atol(temp); - wb_dom = find_domain_from_name(domain); - - if (!wb_dom) { - DEBUG(0,("ldap_get_sid_from_uid: could not find domain %s\n", domain)); - return False; - } - - sid_copy(sid, &wb_dom->sid); - sid_append_rid(sid, rid); - } else { - /* 0 entries? that ain't right */ - DEBUG(0,("ldap_get_sid_from_uid: not user entry found for %s\n", filter)); - } - - return True; -} - -static BOOL ldap_get_uid_from_sid(DOM_SID *sid, uid_t *uid) -{ - pstring filter; - int scope = LDAP_SCOPE_SUBTREE; - int rc, count; - LDAPMessage *result; - uint32 rid = 0; - struct winbindd_domain *wb_dom; - DOM_SID dom_sid; - - sid_copy(&dom_sid, sid); - - if (!sid_split_rid(&dom_sid, &rid)) { - DEBUG(0,("ldap_get_uid_from_sid: sid does not contain an rid\n")); - return False; - } - - if (!(wb_dom = find_domain_from_sid(&dom_sid))) { - DEBUG(0,("ldap_get_uid_from_sid: cannot lookup domain from sid\n")); - return False; - } - - slprintf(filter, sizeof(filter) - 1, "rid=%d,domain=%s,objectClass=sambaAccount", rid, wb_dom->name); - - DEBUG(2, ("ldap_get_uid_from_sid: searching for:[%s]\n", filter)); - - rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); - if (LDAP_NO_SUCH_OBJECT == rc) { - LDAPMod **mods = NULL; - pstring temp; - fstring dom, name; - int sid_type; - - winbindd_lookup_name_by_sid(sid, dom, name, - (enum SID_USE_TYPE *)&sid_type); - slprintf(temp, sizeof(temp) - 1, "%i", rid); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "rid", temp); - - *uid = ldap_allocate_id(True); - slprintf(temp, sizeof(temp) - 1, "%i", *uid); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "uidNumber", temp); - - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "uid", name); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "sambaAccount"); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "account"); - slprintf(temp, sizeof(temp) - 1, "uid=%s,%s", name, lp_ldap_user_suffix()); - rc = smb_ldap_modify(ldap_state, temp, mods); - - ldap_mods_free(mods, 1); - if (LDAP_SUCCESS != rc) { - return False; - } - } else if (LDAP_SUCCESS == rc) { - count = ldap_count_entries(ldap_state->ldap_struct, result); - if (1 < count) { - DEBUG(0,("More than one user exists where: %s\n", filter)); - ldap_msgfree(result); - return False; - } else if (1 == count) { - /* we found the user, get the idNumber */ - LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, result); - pstring temp; - - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp)) { - return False; - } - *uid = atol(temp); - } else { - DEBUG(0,("ldap_get_uid_from_sid: zero entries returned?\n")); - return False; - } - } else { - DEBUG(0,("ldap_get_uid_from_sid: unknown error querying user info\n")); - return False; - } - - return True; -} - -static BOOL ldap_get_sid_from_gid(gid_t gid, DOM_SID * sid) -{ - pstring filter; - int scope = LDAP_SCOPE_SUBTREE; - int rc, count; - LDAPMessage *result; - - slprintf(filter, sizeof(filter) - 1, "gidNumber=%i,objectClass=sambaGroupMapping", gid); - - DEBUG(2, ("ldap_get_sid_from_gid: searching for:[%s]\n", filter)); - - rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); - if (LDAP_SUCCESS != rc) { - DEBUG(0,("ldap_get_sid_from_gid: user search failed\n")); - return False; - } - - count = ldap_count_entries(ldap_state->ldap_struct, result); - if (1 < count) { - DEBUG(0,("More than one group exists where: %s\n", filter)); - ldap_msgfree(result); - return False; - } else if (1 == count) { - LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, - result); - pstring str_sid; - - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "ntSid", str_sid)) { - return False; - } - - string_to_sid(sid, str_sid); - } else { - /* 0 entries? that ain't right */ - DEBUG(0,("ldap_get_sid_from_gid: not group entry found for %s\n", filter)); - } - - return True; -} - -static BOOL ldap_get_gid_from_sid(DOM_SID *sid, gid_t *gid) -{ - pstring filter; - int scope = LDAP_SCOPE_SUBTREE; - int rc, count; - LDAPMessage *result; - fstring str_sid; - - sid_to_string(str_sid, sid); - - slprintf(filter, sizeof(filter) - 1, "ntSid=%s,objectClass=sambaGroupMapping", str_sid); - - DEBUG(2, ("ldap_get_gid_from_sid: searching for:[%s]\n", filter)); - - rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); - if (LDAP_NO_SUCH_OBJECT == rc) { - LDAPMod **mods = NULL; - pstring temp; - - *gid = ldap_allocate_id(False); - slprintf(temp, sizeof(temp) - 1, "%i", *gid); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "gidNumber", temp); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "sambaGroupMapping"); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "account"); - slprintf(temp, sizeof(temp) - 1, "gidNumber=%i,%s", *gid, lp_ldap_user_suffix()); - rc = smb_ldap_modify(ldap_state, temp, mods); - - ldap_mods_free(mods, 1); - if (LDAP_SUCCESS != rc) { - return False; - } - } else if (LDAP_SUCCESS == rc) { - count = ldap_count_entries(ldap_state->ldap_struct, result); - if (1 < count) { - DEBUG(0,("More than one group exists where: %s\n", filter)); - ldap_msgfree(result); - return False; - } else if (1 == count) { - LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, result); - pstring temp; - - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp)) { - return False; - } - *gid = atol(temp); - } else { - DEBUG(0,("ldap_get_gid_from_sid: zero entries returned?\n")); - return False; - } - } else { - DEBUG(0,("ldap_get_gid_from_sid: unknown error querying user info\n")); - return False; - } - - return True; -} - -static BOOL ldap_idmap_close(void) -{ - smb_ldap_close(ldap_state); - ldap_state = 0; - return True; -} - -static void ldap_idmap_status(void) -{ - DEBUG(0, ("winbindd idmap status:\n")); - DEBUG(0, ("Using LDAP\n")); -} - -struct winbindd_idmap_methods ldap_idmap_methods = { - ldap_idmap_init, - - ldap_get_sid_from_uid, - ldap_get_sid_from_gid, - - ldap_get_uid_from_sid, - ldap_get_gid_from_sid, - - ldap_idmap_close, - - ldap_idmap_status -}; - -#endif - -BOOL winbind_idmap_reg_ldap(struct winbindd_idmap_methods **meth) -{ -#ifdef HAVE_LDAP - *meth = &ldap_idmap_methods; - - return True; -#else - DEBUG(0,("winbind_idmap_reg_ldap: LDAP support not compiled\n")); - return False; -#endif -} diff --git a/source3/nsswitch/winbindd_idmap_tdb.c b/source3/nsswitch/winbindd_idmap_tdb.c deleted file mode 100644 index 12d6972bae..0000000000 --- a/source3/nsswitch/winbindd_idmap_tdb.c +++ /dev/null @@ -1,459 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon - user related function - - Copyright (C) Tim Potter 2000 - Copyright (C) Anthony Liguori 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* High water mark keys */ -#define HWM_GROUP "GROUP HWM" -#define HWM_USER "USER HWM" - -/* idmap version determines auto-conversion */ -#define IDMAP_VERSION 2 - -/* Globals */ -static TDB_CONTEXT *idmap_tdb; - -/* convert one record to the new format */ -static int tdb_convert_fn(TDB_CONTEXT * tdb, TDB_DATA key, TDB_DATA data, - void *ignored) -{ - struct winbindd_domain *domain; - char *p; - DOM_SID sid; - uint32 rid; - fstring keystr; - fstring dom_name; - TDB_DATA key2; - - p = strchr(key.dptr, '/'); - if (!p) - return 0; - - *p = 0; - fstrcpy(dom_name, key.dptr); - *p++ = '/'; - - domain = find_domain_from_name(dom_name); - if (!domain) { - /* We must delete the old record. */ - DEBUG(0, - ("winbindd: tdb_convert_fn : Unable to find domain %s\n", - dom_name)); - DEBUG(0, - ("winbindd: tdb_convert_fn : deleting record %s\n", - key.dptr)); - tdb_delete(idmap_tdb, key); - return 0; - } - - rid = atoi(p); - - sid_copy(&sid, &domain->sid); - sid_append_rid(&sid, rid); - - sid_to_string(keystr, &sid); - key2.dptr = keystr; - key2.dsize = strlen(keystr) + 1; - - if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) { - /* not good! */ - DEBUG(0, - ("winbindd: tdb_convert_fn : Unable to update record %s\n", - key2.dptr)); - DEBUG(0, - ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n")); - return -1; - } - - if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) { - /* not good! */ - DEBUG(0, - ("winbindd: tdb_convert_fn : Unable to update record %s\n", - data.dptr)); - DEBUG(0, - ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n")); - return -1; - } - - tdb_delete(idmap_tdb, key); - - return 0; -} - -/***************************************************************************** - Convert the idmap database from an older version. -*****************************************************************************/ -static BOOL tdb_idmap_convert(void) -{ - int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); - BOOL bigendianheader = - (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False; - - if (vers == IDMAP_VERSION) - return True; - - if (((vers == -1) && bigendianheader) - || (IREV(vers) == IDMAP_VERSION)) { - /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */ - /* - * high and low records were created on a - * big endian machine and will need byte-reversing. - */ - - int32 wm; - - wm = tdb_fetch_int32(idmap_tdb, HWM_USER); - - if (wm != -1) { - wm = IREV(wm); - } else - wm = server_state.uid_low; - - if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { - DEBUG(0, - ("tdb_idmap_convert: Unable to byteswap user hwm in idmap database\n")); - return False; - } - - wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); - if (wm != -1) { - wm = IREV(wm); - } else - wm = server_state.gid_low; - - if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { - DEBUG(0, - ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n")); - return False; - } - } - - /* the old format stored as DOMAIN/rid - now we store the SID direct */ - tdb_traverse(idmap_tdb, tdb_convert_fn, NULL); - - if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == - -1) { - DEBUG(0, - ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n")); - return False; - } - - return True; -} - -/* Allocate either a user or group id from the pool */ -static BOOL tdb_allocate_id(uid_t * id, BOOL isgroup) -{ - int hwm; - - /* Get current high water mark */ - if ((hwm = tdb_fetch_int32(idmap_tdb, - isgroup ? HWM_GROUP : HWM_USER)) == - -1) { - return False; - } - - /* Return next available uid in list */ - if ((isgroup && (hwm > server_state.gid_high)) || - (!isgroup && (hwm > server_state.uid_high))) { - DEBUG(0, - ("winbind %sid range full!\n", isgroup ? "g" : "u")); - return False; - } - - if (id) { - *id = hwm; - } - - hwm++; - - /* Store new high water mark */ - tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm); - - return True; -} - -/* Get a sid from an id */ -static BOOL tdb_get_sid_from_id(int id, DOM_SID * sid, BOOL isgroup) -{ - TDB_DATA key, data; - fstring keystr; - BOOL result = False; - - slprintf(keystr, sizeof(keystr), "%s %d", isgroup ? "GID" : "UID", - id); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(idmap_tdb, key); - - if (data.dptr) { - result = string_to_sid(sid, data.dptr); - SAFE_FREE(data.dptr); - } - - return result; -} - -/* Get an id from a sid */ -static BOOL tdb_get_id_from_sid(DOM_SID * sid, uid_t * id, BOOL isgroup) -{ - TDB_DATA data, key; - fstring keystr; - BOOL result = False; - - /* Check if sid is present in database */ - sid_to_string(keystr, sid); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(idmap_tdb, key); - - if (data.dptr) { - fstring scanstr; - int the_id; - - /* Parse and return existing uid */ - fstrcpy(scanstr, isgroup ? "GID" : "UID"); - fstrcat(scanstr, " %d"); - - if (sscanf(data.dptr, scanstr, &the_id) == 1) { - /* Store uid */ - if (id) { - *id = the_id; - } - - result = True; - } - - SAFE_FREE(data.dptr); - } else { - - /* Allocate a new id for this sid */ - if (id && tdb_allocate_id(id, isgroup)) { - fstring keystr2; - - /* Store new id */ - slprintf(keystr2, sizeof(keystr2), "%s %d", - isgroup ? "GID" : "UID", *id); - - data.dptr = keystr2; - data.dsize = strlen(keystr2) + 1; - - tdb_store(idmap_tdb, key, data, TDB_REPLACE); - tdb_store(idmap_tdb, data, key, TDB_REPLACE); - - result = True; - } - } - - return result; -} - -/***************************************************************************** - Initialise idmap database. -*****************************************************************************/ -static BOOL tdb_idmap_init(void) -{ - SMB_STRUCT_STAT stbuf; - - /* move to the new database on first startup */ - if (!file_exist(lock_path("idmap.tdb"), &stbuf)) { - if (file_exist(lock_path("winbindd_idmap.tdb"), &stbuf)) { - char *cmd = NULL; - - /* lazy file copy */ - if (asprintf(&cmd, "cp -p %s/winbindd_idmap.tdb %s/idmap.tdb", lp_lockdir(), lp_lockdir()) != -1) { - system(cmd); - free(cmd); - } - if (!file_exist(lock_path("idmap.tdb"), &stbuf)) { - DEBUG(0, ("idmap_init: Unable to make a new database copy\n")); - return False; - } - } - } - - /* Open tdb cache */ - if (!(idmap_tdb = tdb_open_log(lock_path("idmap.tdb"), 0, - TDB_DEFAULT, O_RDWR | O_CREAT, - 0600))) { - DEBUG(0, - ("winbindd_idmap_init: Unable to open idmap database\n")); - return False; - } - - /* possibly convert from an earlier version */ - if (!tdb_idmap_convert()) { - DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n")); - return False; - } - - /* Create high water marks for group and user id */ - if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) { - if (tdb_store_int32 - (idmap_tdb, HWM_USER, server_state.uid_low) == -1) { - DEBUG(0, - ("winbindd_idmap_init: Unable to initialise user hwm in idmap database\n")); - return False; - } - } - - if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) { - if (tdb_store_int32 - (idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) { - DEBUG(0, - ("winbindd_idmap_init: Unable to initialise group hwm in idmap database\n")); - return False; - } - } - - return True; -} - -/* Get a sid from a uid */ -static BOOL tdb_get_sid_from_uid(uid_t uid, DOM_SID * sid) -{ - return tdb_get_sid_from_id((int) uid, sid, False); -} - -/* Get a sid from a gid */ -static BOOL tdb_get_sid_from_gid(gid_t gid, DOM_SID * sid) -{ - return tdb_get_sid_from_id((int) gid, sid, True); -} - -/* Get a uid from a sid */ -static BOOL tdb_get_uid_from_sid(DOM_SID * sid, uid_t * uid) -{ - return tdb_get_id_from_sid(sid, uid, False); -} - -/* Get a gid from a group sid */ -static BOOL tdb_get_gid_from_sid(DOM_SID * sid, gid_t * gid) -{ - return tdb_get_id_from_sid(sid, gid, True); -} - -/* Close the tdb */ -static BOOL tdb_idmap_close(void) -{ - if (idmap_tdb) - return (tdb_close(idmap_tdb) == 0); - return True; -} - - -/* Dump status information to log file. Display different stuff based on - the debug level: - - Debug Level Information Displayed - ================================================================= - 0 Percentage of [ug]id range allocated - 0 High water marks (next allocated ids) -*/ - -#define DUMP_INFO 0 - -static void tdb_idmap_status(void) -{ - int user_hwm, group_hwm; - - DEBUG(0, ("winbindd idmap status:\n")); - - /* Get current high water marks */ - - if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) { - DEBUG(DUMP_INFO, - ("\tCould not get userid high water mark!\n")); - } - - if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) { - DEBUG(DUMP_INFO, - ("\tCould not get groupid high water mark!\n")); - } - - /* Display next ids to allocate */ - - if (user_hwm != -1) { - DEBUG(DUMP_INFO, - ("\tNext userid to allocate is %d\n", user_hwm)); - } - - if (group_hwm != -1) { - DEBUG(DUMP_INFO, - ("\tNext groupid to allocate is %d\n", group_hwm)); - } - - /* Display percentage of id range already allocated. */ - - if (user_hwm != -1) { - int num_users = user_hwm - server_state.uid_low; - int total_users = - server_state.uid_high - server_state.uid_low; - - DEBUG(DUMP_INFO, - ("\tUser id range is %d%% full (%d of %d)\n", - num_users * 100 / total_users, num_users, - total_users)); - } - - if (group_hwm != -1) { - int num_groups = group_hwm - server_state.gid_low; - int total_groups = - server_state.gid_high - server_state.gid_low; - - DEBUG(DUMP_INFO, - ("\tGroup id range is %d%% full (%d of %d)\n", - num_groups * 100 / total_groups, num_groups, - total_groups)); - } - - /* Display complete mapping of users and groups to rids */ -} - -struct winbindd_idmap_methods tdb_idmap_methods = { - tdb_idmap_init, - - tdb_get_sid_from_uid, - tdb_get_sid_from_gid, - - tdb_get_uid_from_sid, - tdb_get_gid_from_sid, - - tdb_idmap_close, - - tdb_idmap_status -}; - -BOOL winbind_idmap_reg_tdb(struct winbindd_idmap_methods **meth) -{ - *meth = &tdb_idmap_methods; - - return True; -} diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index 6ab2eaa646..f01f20bb34 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -122,6 +122,8 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) { DOM_SID sid; + unid_t id; + int id_type; /* Ensure null termination */ state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; @@ -137,11 +139,13 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) } /* Find uid for this sid and return it */ - if (!winbindd_idmap_get_uid_from_sid(&sid, &state->response.data.uid)) { + id_type = ID_USERID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, &sid))) { DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; } + state->response.data.uid = id.uid; return WINBINDD_OK; } @@ -152,6 +156,8 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) { DOM_SID sid; + unid_t id; + int id_type; /* Ensure null termination */ state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; @@ -166,11 +172,13 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) } /* Find gid for this sid and return it */ - if (!winbindd_idmap_get_gid_from_sid(&sid, &state->response.data.gid)) { + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, &sid))) { DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; } + state->response.data.gid = id.gid; return WINBINDD_OK; } @@ -180,6 +188,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state) { DOM_SID sid; + unid_t id; /* Bug out if the uid isn't in the winbind range */ @@ -192,7 +201,8 @@ enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state) state->request.data.uid)); /* Lookup rid for this uid */ - if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, &sid)) { + id.uid = state->request.data.uid; + if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(&sid, id, ID_USERID))) { DEBUG(1, ("Could not convert uid %d to rid\n", state->request.data.uid)); return WINBINDD_ERROR; @@ -209,6 +219,7 @@ enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state) enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state) { DOM_SID sid; + unid_t id; /* Bug out if the gid isn't in the winbind range */ @@ -221,7 +232,8 @@ enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state) state->request.data.gid)); /* Lookup sid for this uid */ - if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &sid)) { + id.gid = state->request.data.gid; + if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(&sid, id, ID_GROUPID))) { DEBUG(1, ("Could not convert gid %d to sid\n", state->request.data.gid)); return WINBINDD_ERROR; diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index d2bd231918..dd66275390 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -36,25 +36,29 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, fstring output_username; pstring homedir; fstring sid_string; + unid_t id; + int id_type; if (!pw || !dom_name || !user_name) return False; /* Resolve the uid number */ - - if (!winbindd_idmap_get_uid_from_sid(user_sid, - &pw->pw_uid)) { + + id_type = ID_USERID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, user_sid))) { DEBUG(1, ("error getting user id for sid %s\n", sid_to_string(sid_string, user_sid))); return False; } + pw->pw_uid = id.uid; /* Resolve the gid number */ - - if (!winbindd_idmap_get_gid_from_sid(group_sid, - &pw->pw_gid)) { + + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, group_sid))) { DEBUG(1, ("error getting group id for sid %s\n", sid_to_string(sid_string, group_sid))); return False; } + pw->pw_gid = id.gid; /* Username */ @@ -178,9 +182,10 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) fstring user_name; enum SID_NAME_USE name_type; WINBIND_USERINFO user_info; - gid_t gid; TALLOC_CTX *mem_ctx; NTSTATUS status; + unid_t id; + int id_type; /* Bug out if the uid isn't in the winbind range */ @@ -193,8 +198,8 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) /* Get rid from uid */ - if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, - &user_sid)) { + id.uid = state->request.data.uid; + if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(&user_sid, id, ID_USERID))) { DEBUG(1, ("could not convert uid %d to SID\n", state->request.data.uid)); return WINBINDD_ERROR; @@ -236,9 +241,10 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - /* Resolve gid number */ + /* Check group has a gid number */ - if (!winbindd_idmap_get_gid_from_sid(user_info.group_sid, &gid)) { + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, user_info.group_sid))) { DEBUG(1, ("error getting group id for user %s\n", user_name)); talloc_destroy(mem_ctx); return WINBINDD_ERROR; |