r20116: Start merging in the work done to create the new idmap subsystem.

Simo.
(This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)

3 files changed, 202 insertions, 98 deletions

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 758fe968fc..d1d0f425ad 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1112,29 +1112,16 @@ void store_gid_sid_cache(const DOM_SID *psid, gid_t gid)
 }
 
 /*****************************************************************
- *THE CANONICAL* convert uid_t to SID function.
+ *THE LEGACY* convert uid_t to SID function.
 *****************************************************************/  
 
-void uid_to_sid(DOM_SID *psid, uid_t uid)
+void legacy_uid_to_sid(DOM_SID *psid, uid_t uid)
 {
-	uid_t low, high;
 	uint32 rid;
 	BOOL ret;
 
 	ZERO_STRUCTP(psid);
 
-	if (fetch_sid_from_uid_cache(psid, uid))
-		return;
-
-	if ((lp_winbind_trusted_domains_only() ||
-	     (lp_idmap_uid(&low, &high) && (uid >= low) && (uid <= high))) &&
-	    winbind_uid_to_sid(psid, uid)) {
-
-		DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
-			  (unsigned int)uid, sid_string_static(psid)));
-		goto done;
-	}
-
 	become_root_uid_only();
 	ret = pdb_uid_to_rid(uid, &rid);
 	unbecome_root_uid_only();
@@ -1151,36 +1138,22 @@ void uid_to_sid(DOM_SID *psid, uid_t uid)
 	uid_to_unix_users_sid(uid, psid);
 
  done:
-	DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid,
+	DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
 		  sid_string_static(psid)));
 
-	store_uid_sid_cache(psid, uid);
 	return;
 }
 
 /*****************************************************************
- *THE CANONICAL* convert gid_t to SID function.
+ *THE LEGACY* convert gid_t to SID function.
 *****************************************************************/  
 
-void gid_to_sid(DOM_SID *psid, gid_t gid)
+void legacy_gid_to_sid(DOM_SID *psid, gid_t gid)
 {
 	BOOL ret;
-	gid_t low, high;
 
 	ZERO_STRUCTP(psid);
 
-	if (fetch_sid_from_gid_cache(psid, gid))
-		return;
-
-	if ((lp_winbind_trusted_domains_only() ||
-	     (lp_idmap_gid(&low, &high) && (gid >= low) && (gid <= high))) &&
-	    winbind_gid_to_sid(psid, gid)) {
-
-		DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
-			  (unsigned int)gid, sid_string_static(psid)));
-		goto done;
-	}
-
 	become_root_uid_only();
 	ret = pdb_gid_to_sid(gid, psid);
 	unbecome_root_uid_only();
@@ -1195,29 +1168,20 @@ void gid_to_sid(DOM_SID *psid, gid_t gid)
 	gid_to_unix_groups_sid(gid, psid);
 
  done:
-	DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid,
+	DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
 		  sid_string_static(psid)));
 
-	store_gid_sid_cache(psid, gid);
 	return;
 }
 
 /*****************************************************************
- *THE CANONICAL* convert SID to uid function.
+ *THE LEGACY* convert SID to uid function.
 *****************************************************************/  
 
-BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid)
+BOOL legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid)
 {
 	enum lsa_SidType type;
 	uint32 rid;
-	gid_t gid;
-
-	if (fetch_uid_from_cache(puid, psid))
-		return True;
-
-	if (fetch_gid_from_cache(&gid, psid)) {
-		return False;
-	}
 
 	if (sid_peek_check_rid(&global_sid_Unix_Users, psid, &rid)) {
 		uid_t uid = rid;
@@ -1249,55 +1213,26 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid)
 		return False;
 	}
 
-	if (winbind_lookup_sid(NULL, psid, NULL, NULL, &type)) {
-
-		if (type != SID_NAME_USER) {
-			DEBUG(10, ("sid_to_uid: sid %s is a %s\n",
-				   sid_string_static(psid),
-				   sid_type_lookup(type)));
-			return False;
-		}
-
-		if (!winbind_sid_to_uid(puid, psid)) {
-			DEBUG(5, ("sid_to_uid: winbind failed to allocate a "
-				  "new uid for sid %s\n",
-				  sid_string_static(psid)));
-			return False;
-		}
-		goto done;
-	}
-
-	/* TODO: Here would be the place to allocate both a gid and a uid for
-	 * the SID in question */
-
 	return False;
 
  done:
-	DEBUG(10,("sid_to_uid: %s -> %u\n", sid_string_static(psid),
+	DEBUG(10,("LEGACY: sid %s -> uid %u\n", sid_string_static(psid),
 		(unsigned int)*puid ));
 
-	store_uid_sid_cache(psid, *puid);
 	return True;
 }
 
 /*****************************************************************
- *THE CANONICAL* convert SID to gid function.
+ *THE LEGACY* convert SID to gid function.
  Group mapping is used for gids that maps to Wellknown SIDs
 *****************************************************************/  
 
-BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid)
+BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
 {
 	uint32 rid;
 	GROUP_MAP map;
 	union unid_t id;
 	enum lsa_SidType type;
-	uid_t uid;
-
-	if (fetch_gid_from_cache(pgid, psid))
-		return True;
-
-	if (fetch_uid_from_cache(&uid, psid))
-		return False;
 
 	if (sid_peek_check_rid(&global_sid_Unix_Groups, psid, &rid)) {
 		gid_t gid = rid;
@@ -1344,33 +1279,137 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid)
 		return False;
 	}
 	
-	if (!winbind_lookup_sid(NULL, psid, NULL, NULL, &type)) {
-		DEBUG(11,("sid_to_gid: no one knows the SID %s (tried local, "
-			  "then winbind)\n", sid_string_static(psid)));
-		
+ done:
+	DEBUG(10,("LEGACY: sid %s -> gid %u\n", sid_string_static(psid),
+		  (unsigned int)*pgid ));
+
+	return True;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert uid_t to SID function.
+*****************************************************************/  
+
+void uid_to_sid(DOM_SID *psid, uid_t uid)
+{
+	ZERO_STRUCTP(psid);
+
+	if (fetch_sid_from_uid_cache(psid, uid))
+		return;
+
+	if (!winbind_uid_to_sid(psid, uid)) {
+		if (!winbind_ping()) {
+			DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code"));
+			return legacy_uid_to_sid(psid, uid);
+		}
+
+		DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n",
+			uid));
+		return;
+	}
+
+	DEBUG(10,("uid %u -> sid %s\n",
+		  (unsigned int)uid, sid_string_static(psid)));
+
+	store_uid_sid_cache(psid, uid);
+	return;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert gid_t to SID function.
+*****************************************************************/  
+
+void gid_to_sid(DOM_SID *psid, gid_t gid)
+{
+	ZERO_STRUCTP(psid);
+
+	if (fetch_sid_from_gid_cache(psid, gid))
+		return;
+
+	if (!winbind_gid_to_sid(psid, gid)) {
+		if (!winbind_ping()) {
+			DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code"));
+			return legacy_gid_to_sid(psid, gid);
+		}
+
+		DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n",
+			gid));
+		return;
+	}
+
+	DEBUG(10,("gid %u -> sid %s\n",
+		  (unsigned int)gid, sid_string_static(psid)));
+	
+	store_gid_sid_cache(psid, gid);
+	return;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert SID to uid function.
+*****************************************************************/  
+
+BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid)
+{
+	gid_t gid;
+
+	if (fetch_uid_from_cache(puid, psid))
+		return True;
+
+	if (fetch_gid_from_cache(&gid, psid)) {
 		return False;
 	}
 
-	/* winbindd knows it; Ensure this is a group sid */
+	if (!winbind_sid_to_uid(puid, psid)) {
+		if (!winbind_ping()) {
+			DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code"));
+			return legacy_sid_to_uid(psid, puid);
+		}
 
-	if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
-	    (type != SID_NAME_WKN_GRP)) {
-		DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is "
-			  "a %s\n", sid_type_lookup(type)));
+		DEBUG(5, ("winbind failed to find a uid for sid %s\n",
+			  sid_string_static(psid)));
 		return False;
 	}
-	
-	/* winbindd knows it and it is a type of group; sid_to_gid must succeed
-	   or we are dead in the water */
+
+	/* TODO: Here would be the place to allocate both a gid and a uid for
+	 * the SID in question */
+
+	DEBUG(10,("sid %s -> uid %u\n", sid_string_static(psid),
+		(unsigned int)*puid ));
+
+	store_uid_sid_cache(psid, *puid);
+	return True;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert SID to gid function.
+ Group mapping is used for gids that maps to Wellknown SIDs
+*****************************************************************/  
+
+BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid)
+{
+	uid_t uid;
+
+	if (fetch_gid_from_cache(pgid, psid))
+		return True;
+
+	if (fetch_uid_from_cache(&uid, psid))
+		return False;
+
+	/* Ask winbindd if it can map this sid to a gid.
+	 * (Idmap will check it is a valid SID and of the right type) */
 
 	if ( !winbind_sid_to_gid(pgid, psid) ) {
-		DEBUG(10,("sid_to_gid: winbind failed to allocate a new gid "
-			  "for sid %s\n", sid_string_static(psid)));
+		if (!winbind_ping()) {
+			DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code"));
+			return legacy_sid_to_uid(psid, pgid);
+		}
+
+		DEBUG(10,("winbind failed to find a gid for sid %s\n",
+					sid_string_static(psid)));
 		return False;
 	}
 
- done:
-	DEBUG(10,("sid_to_gid: %s -> %u\n", sid_string_static(psid),
+	DEBUG(10,("sid %s -> gid %u\n", sid_string_static(psid),
 		  (unsigned int)*pgid ));
 
 	store_gid_sid_cache(psid, *pgid);
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index b84b0bfaff..478d1ac036 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -995,6 +995,12 @@ BOOL pdb_uid_to_rid(uid_t uid, uint32 *rid)
 	return pdb->uid_to_rid(pdb, uid, rid);
 }
 
+BOOL pdb_uid_to_sid(uid_t uid, DOM_SID *sid)
+{
+	struct pdb_methods *pdb = pdb_get_methods();
+	return pdb->uid_to_sid(pdb, uid, sid);
+}
+
 BOOL pdb_gid_to_sid(gid_t gid, DOM_SID *sid)
 {
 	struct pdb_methods *pdb = pdb_get_methods();
@@ -1161,8 +1167,8 @@ static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq
 	return NT_STATUS_OK;
 }
 
-static BOOL pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid,
-				   uint32 *rid)
+static BOOL pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
+				   DOM_SID *sid)
 {
 	struct samu *sampw = NULL;
 	struct passwd *unix_pw;
@@ -1193,15 +1199,31 @@ static BOOL pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid,
 		return False;
 	}
 
-	ret = sid_peek_check_rid(get_global_sam_sid(),
-				 pdb_get_user_sid(sampw), rid);
+	sid_copy(sid, pdb_get_user_sid(sampw));
+
+	TALLOC_FREE(sampw);
+
+	return True;
+}
+
+static BOOL pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid,
+				   uint32 *rid)
+{
+	DOM_SID sid;
+	BOOL ret;
+
+	ret = pdb_default_uid_to_sid(methods, uid, &sid);
+	if (!ret) {
+		return ret;
+	}
+	
+	ret = sid_peek_check_rid(get_global_sam_sid(), &sid, rid);
 
 	if (!ret) {
 		DEBUG(1, ("Could not peek rid out of sid %s\n",
-			  sid_string_static(pdb_get_user_sid(sampw))));
+			  sid_string_static(&sid)));
 	}
 
-	TALLOC_FREE(sampw);
 	return ret;
 }
 
@@ -2015,6 +2037,7 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods )
 	(*methods)->set_account_policy = pdb_default_set_account_policy;
 	(*methods)->get_seq_num = pdb_default_get_seq_num;
 	(*methods)->uid_to_rid = pdb_default_uid_to_rid;
+	(*methods)->uid_to_sid = pdb_default_uid_to_sid;
 	(*methods)->gid_to_sid = pdb_default_gid_to_sid;
 	(*methods)->sid_to_id = pdb_default_sid_to_id;
 
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index a1be400c46..d169ffa329 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -1252,3 +1252,45 @@ BOOL secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx,
 
 	return True;
 }
+
+BOOL secrets_store_generic(const char *owner, const char *key, const char *secret)
+{
+	char *tdbkey = NULL;
+	BOOL ret;
+	
+	if (asprintf(&tdbkey, "SECRETS/GENERIC/%s/%s", owner, key) < 0) {
+		DEBUG(0, ("asprintf failed!\n"));
+		return False;
+	}
+		
+	ret = secrets_store(tdbkey, secret, strlen(secret)+1);
+	
+	SAFE_FREE(tdbkey);
+	return ret;
+}
+
+/*******************************************************************
+ Find the ldap password.
+******************************************************************/
+
+char *secrets_fetch_generic(const char *owner, const char *key)
+{
+	char *secret = NULL;
+	char *tdbkey = NULL;
+
+	if (( ! owner) || ( ! key)) {
+		DEBUG(1, ("Invalid Paramters"));
+		return NULL;
+	}
+
+	if (asprintf(&tdbkey, "SECRETS/GENERIC/%s/%s", owner, key) < 0) {
+		DEBUG(0, ("Out of memory!\n"));
+		return NULL;
+	}
+	
+	secret = (char *)secrets_fetch(tdbkey, NULL);
+	SAFE_FREE(tdbkey);
+
+	return secret;
+}
+