diff options
author | Simo Sorce <idra@samba.org> | 2003-04-02 10:36:02 +0000 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2003-04-02 10:36:02 +0000 |
commit | a557af96e9f232e2fa012850e0725fde353521bd (patch) | |
tree | 7057a2e03df773832c512c2cbda2399b190c19d8 /source3/sam | |
parent | 66806b53dcf8957b1bc1b6477abbeda2a072a197 (diff) | |
download | samba-a557af96e9f232e2fa012850e0725fde353521bd.tar.gz samba-a557af96e9f232e2fa012850e0725fde353521bd.tar.bz2 samba-a557af96e9f232e2fa012850e0725fde353521bd.zip |
THE Idmap patch :-)
includes a --with-idmap=no switch to disable idmap usage if you find
problems.
cosmetic fixes and param aliases to separate winbind from idamp roles.
A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.
The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.
As usual, comments and fisex are welcome :-)
Simo.
(This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
Diffstat (limited to 'source3/sam')
-rw-r--r-- | source3/sam/idmap.c | 93 | ||||
-rw-r--r-- | source3/sam/idmap_tdb.c | 54 | ||||
-rw-r--r-- | source3/sam/idmap_winbind.c | 108 |
3 files changed, 170 insertions, 85 deletions
diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c index b18423a13b..0e55ca5141 100644 --- a/source3/sam/idmap.c +++ b/source3/sam/idmap.c @@ -17,8 +17,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/ #include "includes.h" @@ -34,14 +33,13 @@ static struct { } remote_idmap_functions[] = { - { "tdb", idmap_reg_tdb, NULL }, - /* { "ldap", idmap_reg_ldap, NULL },*/ + { "winbind", idmap_reg_winbind, NULL }, { NULL, NULL, NULL } }; -static struct idmap_methods *local_cache; -static struct idmap_methods *remote_repo; +static struct idmap_methods *local_map; +static struct idmap_methods *remote_map; static struct idmap_methods *get_methods(const char *name) { @@ -64,48 +62,33 @@ static struct idmap_methods *get_methods(const char *name) return ret; } -/* Load idmap backend functions */ -BOOL load_methods(void) +/* Initialize backend */ +BOOL idmap_init(const char *remote_backend) { - if (!local_cache) { - idmap_reg_tdb(&local_cache); + if (!local_map) { + idmap_reg_tdb(&local_map); + local_map->init("idmap.tdb"); } - if (!remote_repo && lp_idmap_backend()) { - DEBUG(3, ("load_methods: using '%s' as remote backend\n", lp_idmap_backend())); + if (!remote_map && remote_backend && *remote_backend != 0) { + DEBUG(3, ("load_methods: using '%s' as remote backend\n", remote_backend)); - remote_repo = get_methods(lp_idmap_backend()); - if (!remote_repo) { - DEBUG(0, ("load_methods: could not load remote backend '%s'\n", lp_idmap_backend())); + remote_map = get_methods(remote_backend); + if (!remote_map) { + DEBUG(0, ("load_methods: could not load remote backend '%s'\n", remote_backend)); return False; } + remote_map->init(""); } - idmap_init(); - return True; } -/* Initialize backend */ -NTSTATUS idmap_init(void) +NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type) { NTSTATUS ret; - ret = remote_repo->init("idmap.tdb"); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(3, ("idmap_init: init failed!\n")); - } - - return ret; -} - -static NTSTATUS idmap_set_mapping(DOM_SID *sid, unid_t id, int id_type) -{ - NTSTATUS ret; - - if (!load_methods()) return NT_STATUS_UNSUCCESSFUL; - - ret = local_cache->set_mapping(sid, id, id_type); + ret = local_map->set_mapping(sid, id, id_type); if (NT_STATUS_IS_ERR(ret)) { DEBUG (0, ("idmap_set_mapping: Error, unable to modify local cache!\n")); return ret; @@ -113,8 +96,8 @@ static NTSTATUS idmap_set_mapping(DOM_SID *sid, unid_t id, int id_type) /* Being able to update the remote cache is seldomly right. Generally this is a forbidden operation. */ - if (!(id_type & ID_CACHE) && (remote_repo != NULL)) { - remote_repo->set_mapping(sid, id, id_type); + if (!(id_type & ID_CACHE) && (remote_map != NULL)) { + remote_map->set_mapping(sid, id, id_type); if (NT_STATUS_IS_ERR(ret)) { DEBUG (0, ("idmap_set_mapping: Error, unable to modify remote cache!\n")); } @@ -124,23 +107,22 @@ static NTSTATUS idmap_set_mapping(DOM_SID *sid, unid_t id, int id_type) } /* Get ID from SID */ -NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, DOM_SID *sid) +NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) { NTSTATUS ret; int loc_type; - if (!load_methods()) return NT_STATUS_UNSUCCESSFUL; - loc_type = *id_type; - if (remote_repo) { /* We have a central remote idmap */ + if (remote_map) { /* We have a central remote idmap */ loc_type |= ID_NOMAP; } - ret = local_cache->get_id_from_sid(id, &loc_type, sid); + ret = local_map->get_id_from_sid(id, &loc_type, sid); if (NT_STATUS_IS_ERR(ret)) { - if (remote_repo) { - ret = remote_repo->get_id_from_sid(id, id_type, sid); + if (remote_map) { + ret = remote_map->get_id_from_sid(id, id_type, sid); if (NT_STATUS_IS_ERR(ret)) { DEBUG(3, ("idmap_get_id_from_sid: error fetching id!\n")); + return ret; } else { loc_type |= ID_CACHE; idmap_set_mapping(sid, *id, loc_type); @@ -159,18 +141,17 @@ NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) NTSTATUS ret; int loc_type; - if (!load_methods()) return NT_STATUS_UNSUCCESSFUL; - loc_type = id_type; - if (remote_repo) { + if (remote_map) { loc_type = id_type | ID_NOMAP; } - ret = local_cache->get_sid_from_id(sid, id, loc_type); + ret = local_map->get_sid_from_id(sid, id, loc_type); if (NT_STATUS_IS_ERR(ret)) { - if (remote_repo) { - ret = remote_repo->get_sid_from_id(sid, id, id_type); + if (remote_map) { + ret = remote_map->get_sid_from_id(sid, id, id_type); if (NT_STATUS_IS_ERR(ret)) { DEBUG(3, ("idmap_get_sid_from_id: unable to fetch sid!\n")); + return ret; } else { loc_type |= ID_CACHE; idmap_set_mapping(sid, id, loc_type); @@ -186,15 +167,13 @@ NTSTATUS idmap_close(void) { NTSTATUS ret; - if (!load_methods()) return NT_STATUS_UNSUCCESSFUL; - - ret = local_cache->close(); + ret = local_map->close(); if (NT_STATUS_IS_ERR(ret)) { DEBUG(3, ("idmap_close: failed to close local cache!\n")); } - if (remote_repo) { - ret = remote_repo->close(); + if (remote_map) { + ret = remote_map->close(); if (NT_STATUS_IS_ERR(ret)) { DEBUG(3, ("idmap_close: failed to close remote idmap repository!\n")); } @@ -206,9 +185,7 @@ NTSTATUS idmap_close(void) /* Dump backend status */ void idmap_status(void) { - if (load_methods()) { - local_cache->status(); - remote_repo->status(); - } + local_map->status(); + if (remote_map) remote_map->status(); } diff --git a/source3/sam/idmap_tdb.c b/source3/sam/idmap_tdb.c index 4af46ac8d3..72c602664c 100644 --- a/source3/sam/idmap_tdb.c +++ b/source3/sam/idmap_tdb.c @@ -37,7 +37,7 @@ /* Globals */ static TDB_CONTEXT *idmap_tdb; -struct idmap_state { +static struct idmap_state { /* User and group id pool */ @@ -183,7 +183,7 @@ static BOOL tdb_idmap_convert(const char *idmap_name) #endif /* Allocate either a user or group id from the pool */ -static NTSTATUS tdb_allocate_id(unid_t *id, int id_type) +static NTSTATUS db_allocate_id(unid_t *id, int id_type) { int hwm; @@ -229,7 +229,7 @@ static NTSTATUS tdb_allocate_id(unid_t *id, int id_type) } /* Get a sid from an id */ -static NTSTATUS tdb_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) +static NTSTATUS db_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) { TDB_DATA key, data; fstring keystr; @@ -239,13 +239,13 @@ static NTSTATUS tdb_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) switch (id_type & ID_TYPEMASK) { case ID_USERID: - slprintf(keystr, sizeof(keystr), "UID %d", id.uid); - break; + slprintf(keystr, sizeof(keystr), "UID %d", id.uid); + break; case ID_GROUPID: - slprintf(keystr, sizeof(keystr), "GID %d", id.gid); - break; + slprintf(keystr, sizeof(keystr), "GID %d", id.gid); + break; default: - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_UNSUCCESSFUL; } key.dptr = keystr; @@ -264,7 +264,7 @@ static NTSTATUS tdb_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) } /* Get an id from a sid */ -static NTSTATUS tdb_get_id_from_sid(unid_t *id, int *id_type, DOM_SID *sid) +static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, DOM_SID *sid) { TDB_DATA data, key; fstring keystr; @@ -288,7 +288,7 @@ static NTSTATUS tdb_get_id_from_sid(unid_t *id, int *id_type, DOM_SID *sid) /* Parse and return existing uid */ fstrcpy(scanstr, "UID %d"); - if (sscanf(data.dptr, scanstr, (*id).uid) == 1) { + if (sscanf(data.dptr, scanstr, &((*id).uid)) == 1) { /* uid ok? */ if (type == ID_EMPTY) { *id_type = ID_USERID; @@ -302,7 +302,7 @@ static NTSTATUS tdb_get_id_from_sid(unid_t *id, int *id_type, DOM_SID *sid) /* Parse and return existing gid */ fstrcpy(scanstr, "GID %d"); - if (sscanf(data.dptr, scanstr, (*id).gid) == 1) { + if (sscanf(data.dptr, scanstr, &((*id).gid)) == 1) { /* gid ok? */ if (type == ID_EMPTY) { *id_type = ID_GROUPID; @@ -318,7 +318,7 @@ idok: || (*id_type & ID_TYPEMASK) == ID_GROUPID)) { /* Allocate a new id for this sid */ - ret = tdb_allocate_id(id, *id_type); + ret = db_allocate_id(id, *id_type); if (NT_STATUS_IS_OK(ret)) { fstring keystr2; @@ -332,11 +332,11 @@ idok: data.dptr = keystr2; data.dsize = strlen(keystr2) + 1; - if (tdb_store(idmap_tdb, key, data, TDB_INSERT) == -1) { + if (tdb_store(idmap_tdb, key, data, TDB_REPLACE) == -1) { /* TODO: print tdb error !! */ return NT_STATUS_UNSUCCESSFUL; } - if (tdb_store(idmap_tdb, data, key, TDB_INSERT) == -1) { + if (tdb_store(idmap_tdb, data, key, TDB_REPLACE) == -1) { /* TODO: print tdb error !! */ return NT_STATUS_UNSUCCESSFUL; } @@ -344,11 +344,11 @@ idok: ret = NT_STATUS_OK; } } - + return ret; } -static NTSTATUS tdb_set_mapping(DOM_SID *sid, unid_t id, int id_type) +static NTSTATUS db_set_mapping(DOM_SID *sid, unid_t id, int id_type) { TDB_DATA ksid, kid; fstring ksidstr; @@ -387,7 +387,7 @@ static NTSTATUS tdb_set_mapping(DOM_SID *sid, unid_t id, int id_type) /***************************************************************************** Initialise idmap database. *****************************************************************************/ -static NTSTATUS tdb_idmap_init(const char *db_name) +static NTSTATUS db_idmap_init(const char *db_name) { /* Open tdb cache */ if (!(idmap_tdb = tdb_open_log(lock_path(db_name), 0, @@ -425,7 +425,7 @@ static NTSTATUS tdb_idmap_init(const char *db_name) } /* Close the tdb */ -static NTSTATUS tdb_idmap_close(void) +static NTSTATUS db_idmap_close(void) { if (idmap_tdb) { if (tdb_close(idmap_tdb) == 0) { @@ -449,7 +449,7 @@ static NTSTATUS tdb_idmap_close(void) #define DUMP_INFO 0 -static void tdb_idmap_status(void) +static void db_idmap_status(void) { int user_hwm, group_hwm; @@ -506,20 +506,20 @@ static void tdb_idmap_status(void) /* Display complete mapping of users and groups to rids */ } -struct idmap_methods tdb_idmap_methods = { +struct idmap_methods db_methods = { - tdb_idmap_init, - tdb_get_sid_from_id, - tdb_get_id_from_sid, - tdb_set_mapping, - tdb_idmap_close, - tdb_idmap_status + db_idmap_init, + db_get_sid_from_id, + db_get_id_from_sid, + db_set_mapping, + db_idmap_close, + db_idmap_status }; NTSTATUS idmap_reg_tdb(struct idmap_methods **meth) { - *meth = &tdb_idmap_methods; + *meth = &db_methods; return NT_STATUS_OK; } diff --git a/source3/sam/idmap_winbind.c b/source3/sam/idmap_winbind.c new file mode 100644 index 0000000000..a5ba658674 --- /dev/null +++ b/source3/sam/idmap_winbind.c @@ -0,0 +1,108 @@ +/* + Unix SMB/CIFS implementation. + + idmap Winbind backend + + Copyright (C) Simo Sorce 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_IDMAP + +/* Get a sid from an id */ +static NTSTATUS db_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) { + switch (id_type & ID_TYPEMASK) { + case ID_USERID: + if (winbind_uid_to_sid(sid, id.uid)) { + return NT_STATUS_OK; + } + break; + case ID_GROUPID: + if (winbind_gid_to_sid(sid, id.gid)) { + return NT_STATUS_OK; + } + break; + default: + return NT_STATUS_INVALID_PARAMETER; + } + + return NT_STATUS_UNSUCCESSFUL; +} + +/* Get an id from a sid */ +static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) { + switch (*id_type & ID_TYPEMASK) { + case ID_USERID: + if (winbind_sid_to_uid(&((*id).uid), sid)) { + return NT_STATUS_OK; + } + break; + case ID_GROUPID: + if (winbind_sid_to_gid(&((*id).gid), sid)) { + return NT_STATUS_OK; + } + break; + default: + if (winbind_sid_to_uid(&((*id).uid), sid) || + winbind_sid_to_gid(&((*id).gid), sid)) { + return NT_STATUS_OK; + } + } + + return NT_STATUS_UNSUCCESSFUL; +} + +static NTSTATUS db_set_mapping(DOM_SID *sid, unid_t id, int id_type) { + return NT_STATUS_UNSUCCESSFUL; +} + +/***************************************************************************** + Initialise idmap database. +*****************************************************************************/ +static NTSTATUS db_init(const char *db_name) { + return NT_STATUS_OK; +} + +/* Close the tdb */ +static NTSTATUS db_close(void) { + return NT_STATUS_OK; +} + +static void db_status(void) { + return; +} + +struct idmap_methods winbind_methods = { + + db_init, + db_get_sid_from_id, + db_get_id_from_sid, + db_set_mapping, + db_close, + db_status + +}; + +NTSTATUS idmap_reg_winbind(struct idmap_methods **meth) +{ + *meth = &winbind_methods; + + return NT_STATUS_OK; +} + |