moving more code around.

  * move rid allocation into IDMAP.  See comments in _api_samr_create_user()
  * add winbind delete user/group functions

I'm checking this in to sync up with everyone.  But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet.  Will do that tomorrow.

Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.

going to bed now.
(This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)

1 files changed, 114 insertions, 0 deletions

diff --git a/source3/sam/idmap_util.c b/source3/sam/idmap_util.c
index 94de30a5ce..f767cc898c 100644
--- a/source3/sam/idmap_util.c
+++ b/source3/sam/idmap_util.c
@@ -22,6 +22,120 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_IDMAP
 
+/**********************************************************************
+**********************************************************************/
+
+BOOL idmap_get_free_ugid_range(uint32 *low, uint32 *high)
+{
+	uid_t u_low, u_high;
+	gid_t g_low, g_high;
+
+	if (!lp_idmap_uid(&u_low, &u_high) || !lp_idmap_gid(&g_low, &g_high)) {
+		return False;
+	}
+	
+	*low  = (u_low < g_low)   ? u_low  : g_low;
+	*high = (u_high < g_high) ? u_high : g_high;
+	
+	return True;
+}
+
+/******************************************************************
+ Get the the non-algorithmic RID range if idmap range are defined
+******************************************************************/
+
+BOOL idmap_get_free_rid_range(uint32 *low, uint32 *high)
+{
+	uint32 id_low, id_high;
+
+	if (!lp_enable_rid_algorithm()) {
+		*low = BASE_RID;
+		*high = (uint32)-1;
+	}
+
+	if (!idmap_get_free_ugid_range(&id_low, &id_high)) {
+		return False;
+	}
+
+	*low = fallback_pdb_uid_to_user_rid(id_low);
+	if (fallback_pdb_user_rid_to_uid((uint32)-1) < id_high) {
+		*high = (uint32)-1;
+	} else {
+		*high = fallback_pdb_uid_to_user_rid(id_high);
+	}
+
+	return True;
+}
+
+/**********************************************************************
+ Get the free RID base if idmap is configured, otherwise return 0
+**********************************************************************/
+
+uint32 idmap_get_free_rid_base(void)
+{
+	uint32 low, high;
+	if (idmap_get_free_rid_range(&low, &high)) {
+		return low;
+	}
+	return 0;
+}
+
+/**********************************************************************
+**********************************************************************/
+
+BOOL idmap_check_ugid_is_in_free_range(uint32 id)
+{
+	uint32 low, high;
+
+	if (!idmap_get_free_ugid_range(&low, &high)) {
+		return False;
+	}
+	if (id < low || id > high) {
+		return False;
+	}
+	return True;
+}
+
+/**********************************************************************
+**********************************************************************/
+
+BOOL idmap_check_rid_is_in_free_range(uint32 rid)
+{
+	uint32 low, high;
+
+	if (!idmap_get_free_rid_range(&low, &high)) {
+		return False;
+	}
+	if (rid < algorithmic_rid_base()) {
+		return True;
+	}
+
+	if (rid < low || rid > high) {
+		return False;
+	}
+
+	return True;
+}
+
+/**********************************************************************
+ if it is a foreign SID or if the SID is in the free range, return true
+**********************************************************************/
+
+BOOL idmap_check_sid_is_in_free_range(const DOM_SID *sid)
+{
+	if (sid_compare_domain(get_global_sam_sid(), sid) == 0) {
+	
+		uint32 rid;
+
+		if (sid_peek_rid(sid, &rid)) {
+			return idmap_check_rid_is_in_free_range(rid);
+		}
+
+		return False;
+	}
+
+	return True;
+}
 
 /*****************************************************************
  Returns SID pointer.