THE Idmap patch :-)

includes a --with-idmap=no switch to disable idmap usage if you find
problems.

cosmetic fixes and param aliases to separate winbind from idamp roles.

A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.

The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.

As usual, comments and fisex are welcome :-)

Simo.
(This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)

2 files changed, 123 insertions, 2 deletions

diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 9d43db20c6..ae587ea251 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -856,6 +856,9 @@ static BOOL init_structs(void )
 	if (!init_registry())
 		exit(1);
 
+	if (!idmap_init(lp_idmap_backend()))
+		exit(1);
+
 	if(!initialize_password_db(False))
 		exit(1);
 
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index b9cf0de3bd..0fa65f47ca 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -722,6 +722,33 @@ static void store_gid_sid_cache(const DOM_SID *psid, const enum SID_NAME_USE sid
 
 DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
 {
+#ifdef WITH_IDMAP
+	unid_t id;
+
+	DEBUG(10,("uid_to_sid: uid = [%d]\n", uid));
+
+	id.uid = uid;
+	if (NT_STATUS_IS_OK(idmap_get_sid_from_id(psid, id, ID_USERID))) {
+		DEBUG(10, ("uid_to_sid: sid = [%s]\n", sid_string_static(psid)));
+		return psid;
+	}
+
+	/* If mapping is not found in idmap try with traditional method,
+	   then stores the result in idmap.
+	   We may add a switch in future to allow smooth migrations to
+	   idmap-only db  ---Simo */	
+
+	become_root();
+	psid = local_uid_to_sid(psid, uid);
+        unbecome_root();
+
+	DEBUG(10,("uid_to_sid: algorithmic %u -> %s\n", (unsigned int)uid, sid_string_static(psid)));
+	if (psid)
+		idmap_set_mapping(psid, id, ID_USERID);
+
+	return psid;
+	
+#else
 	uid_t low, high;
 	enum SID_NAME_USE sidtype;
 	fstring sid;
@@ -729,7 +756,7 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
 	if (fetch_sid_from_uid_cache(psid, &sidtype, uid))
 		return psid;
 
-	if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
+	if (lp_idmap_uid(&low, &high) && uid >= low && uid <= high) {
 		if (winbind_uid_to_sid(psid, uid)) {
 
 			DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
@@ -751,6 +778,7 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
 		store_uid_sid_cache(psid, SID_NAME_USER, uid);
 
 	return psid;
+#endif
 }
 
 /*****************************************************************
@@ -761,6 +789,33 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
 
 DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
 {
+#ifdef WITH_IDMAP
+	unid_t id;
+
+	DEBUG(10,("gid_to_sid: gid = [%d]\n", gid));
+
+		id.gid = gid;
+	if (NT_STATUS_IS_OK(idmap_get_sid_from_id(psid, id, ID_GROUPID))) {
+		DEBUG(10, ("gid_to_sid: sid = [%s]\n", sid_string_static(psid)));
+		return psid;
+	}
+
+	/* If mapping is not found in idmap try with traditional method,
+	   then stores the result in idmap.
+	   We may add a switch in future to allow smooth migrations to
+	   idmap-only db  ---Simo */	
+
+	become_root();
+	psid = local_gid_to_sid(psid, gid);
+        unbecome_root();
+
+	DEBUG(10,("gid_to_sid: algorithmic %u -> %s\n", (unsigned int)gid, sid_string_static(psid)));
+	if (psid)
+		idmap_set_mapping(psid, id, ID_GROUPID);
+
+	return psid;
+	
+#else
 	gid_t low, high;
 	enum SID_NAME_USE sidtype;
 	fstring sid;
@@ -768,7 +823,7 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
 	if (fetch_sid_from_gid_cache(psid, &sidtype, gid))
 		return psid;
 
-	if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
+	if (lp_idmap_gid(&low, &high) && gid >= low && gid <= high) {
 		if (winbind_gid_to_sid(psid, gid)) {
 
 			DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
@@ -789,6 +844,7 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
 		store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid);
 
 	return psid;
+#endif
 }
 
 /*****************************************************************
@@ -800,6 +856,35 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
 
 BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
 {
+#ifdef WITH_IDMAP
+	unid_t id;
+	int type;
+
+	DEBUG(10,("sid_to_uid: sid = [%s]\n", sid_string_static(psid)));
+
+	*sidtype = SID_NAME_USER;
+
+	type = ID_USERID;
+	if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &type, psid))) {
+		DEBUG(10,("sid_to_uid: uid = [%d]\n", id.uid));
+		*puid = id.uid;
+		return True;
+	}
+
+	if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
+		BOOL result;
+		become_root();
+		result = local_sid_to_uid(puid, psid, sidtype);
+		unbecome_root();
+		if (result) {
+			id.uid = *puid;
+			DEBUG(10,("sid_to_uid: uid = [%d]\n", id.uid));
+			idmap_set_mapping(psid, id, ID_USERID);
+			return True;
+		}
+	}
+	return False;
+#else
 	fstring sid_str;
 
 	if (fetch_uid_from_cache(puid, psid, *sidtype))
@@ -873,6 +958,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
 
 	store_uid_sid_cache(psid, *sidtype, *puid);
 	return True;
+#endif
 }
 
 /*****************************************************************
@@ -884,6 +970,37 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
 
 BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
 {
+#ifdef WITH_IDMAP
+	unid_t id;
+	int type;
+
+	DEBUG(10,("sid_to_gid: sid = [%s]\n", sid_string_static(psid)));
+
+	*sidtype = SID_NAME_ALIAS;
+
+	type = ID_GROUPID;
+	if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &type, psid))) {
+		DEBUG(10,("sid_to_gid: gid = [%d]\n", id.gid));
+		*pgid = id.gid;
+		return True;
+	}
+
+	if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
+		BOOL result;
+		become_root();
+		result = local_sid_to_gid(pgid, psid, sidtype);
+		unbecome_root();
+		if (result) {
+			id.gid = *pgid;
+			DEBUG(10,("sid_to_gid: gid = [%d]\n", id.gid));
+			idmap_set_mapping(psid, id, ID_GROUPID);
+			return True;
+		}
+	}
+
+	return False;
+
+#else
 	fstring dom_name, name, sid_str;
 	enum SID_NAME_USE name_type;
 
@@ -944,5 +1061,6 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
 
 	store_gid_sid_cache(psid, *sidtype, *pgid);
 	return True;
+#endif
 }