summaryrefslogtreecommitdiff
path: root/source4/ntvfs/common
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2006-04-07 13:15:46 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:00:47 -0500
commit2e894625e7c951b5ee66670124b4bef82a8129d9 (patch)
treef0020b62a5e8258bb9b3bb999ec2f9a63c6ec305 /source4/ntvfs/common
parent5b1a495e96be6f92df3ba2d30095d879041f757e (diff)
downloadsamba-2e894625e7c951b5ee66670124b4bef82a8129d9.tar.gz
samba-2e894625e7c951b5ee66670124b4bef82a8129d9.tar.bz2
samba-2e894625e7c951b5ee66670124b4bef82a8129d9.zip
r14964: - move sidmap code from ntvfs_common to SAMDB
- make ntvfs_common a library - create sys_notify library metze (This used to be commit a3e1d56cf7b688c515f5d6d4d43e0b24c2261d15)
Diffstat (limited to 'source4/ntvfs/common')
-rw-r--r--source4/ntvfs/common/config.mk16
-rw-r--r--source4/ntvfs/common/init.c33
-rw-r--r--source4/ntvfs/common/notify.c2
-rw-r--r--source4/ntvfs/common/sidmap.c566
4 files changed, 43 insertions, 574 deletions
diff --git a/source4/ntvfs/common/config.mk b/source4/ntvfs/common/config.mk
index 6eb9073b73..96ddfb348b 100644
--- a/source4/ntvfs/common/config.mk
+++ b/source4/ntvfs/common/config.mk
@@ -1,13 +1,15 @@
################################################
-# Start MODULE ntvfs_common
-[MODULE::ntvfs_common]
-SUBSYSTEM = ntvfs
+# Start LIBRARY ntvfs_common
+[LIBRARY::ntvfs_common]
PRIVATE_PROTO_HEADER = proto.h
+VERSION = 0.0.1
+SO_VERSION = 0
+DESCRIPTION = Generic Code for use in NTVFS modules
OBJ_FILES = \
+ init.o \
brlock.o \
opendb.o \
- notify.o \
- sidmap.o
-REQUIRED_SUBSYSTEMS =
-# End MODULE ntvfs_common
+ notify.o
+REQUIRED_SUBSYSTEMS = NDR_OPENDB NDR_NOTIFY sys_notify
+# End LIBRARY ntvfs_common
################################################
diff --git a/source4/ntvfs/common/init.c b/source4/ntvfs/common/init.c
new file mode 100644
index 0000000000..6cdc70dc50
--- /dev/null
+++ b/source4/ntvfs/common/init.c
@@ -0,0 +1,33 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Copyright (C) Stefan Metzmacher 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+ this is the change notify database. It implements mechanisms for
+ storing current change notify waiters in a tdb, and checking if a
+ given event matches any of the stored notify waiiters.
+*/
+
+#include "includes.h"
+#include "ntvfs/sysdep/sys_notify.h"
+
+_PUBLIC_ NTSTATUS ntvfs_common_init(void)
+{
+ return sys_notify_init();
+}
diff --git a/source4/ntvfs/common/notify.c b/source4/ntvfs/common/notify.c
index a701880701..2d880dd5c4 100644
--- a/source4/ntvfs/common/notify.c
+++ b/source4/ntvfs/common/notify.c
@@ -115,7 +115,7 @@ struct notify_context *notify_init(TALLOC_CTX *mem_ctx, uint32_t server,
messaging_register(notify->messaging_ctx, notify,
MSG_PVFS_NOTIFY, notify_handler);
- notify->sys_notify_ctx = sys_notify_init(snum, notify, ev);
+ notify->sys_notify_ctx = sys_notify_context_create(snum, notify, ev);
return notify;
}
diff --git a/source4/ntvfs/common/sidmap.c b/source4/ntvfs/common/sidmap.c
deleted file mode 100644
index 6f3cd42b62..0000000000
--- a/source4/ntvfs/common/sidmap.c
+++ /dev/null
@@ -1,566 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- mapping routines for SID <-> unix uid/gid
-
- Copyright (C) Andrew Tridgell 2004
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "system/passwd.h"
-#include "ads.h"
-#include "dsdb/samdb/samdb.h"
-#include "auth/auth.h"
-#include "libcli/ldap/ldap.h"
-#include "db_wrap.h"
-#include "libcli/security/security.h"
-#include "librpc/gen_ndr/ndr_security.h"
-
-/*
- these are used for the fallback local uid/gid to sid mapping
- code.
-*/
-#define SIDMAP_LOCAL_USER_BASE 0x80000000
-#define SIDMAP_LOCAL_GROUP_BASE 0xC0000000
-#define SIDMAP_MAX_LOCAL_UID 0x3fffffff
-#define SIDMAP_MAX_LOCAL_GID 0x3fffffff
-
-/*
- private context for sid mapping routines
-*/
-struct sidmap_context {
- struct ldb_wrap *samctx;
-};
-
-/*
- open a sidmap context - use talloc_free to close
-*/
-struct sidmap_context *sidmap_open(TALLOC_CTX *mem_ctx)
-{
- struct sidmap_context *sidmap;
- sidmap = talloc(mem_ctx, struct sidmap_context);
- if (sidmap == NULL) {
- return NULL;
- }
- sidmap->samctx = samdb_connect(sidmap, system_session(sidmap));
- if (sidmap->samctx == NULL) {
- talloc_free(sidmap);
- return NULL;
- }
-
- return sidmap;
-}
-
-
-/*
- check the sAMAccountType field of a search result to see if
- the account is a user account
-*/
-static BOOL is_user_account(struct ldb_message *res)
-{
- uint_t atype = samdb_result_uint(res, "sAMAccountType", 0);
- if (atype && (!(atype & ATYPE_ACCOUNT))) {
- return False;
- }
- return True;
-}
-
-/*
- check the sAMAccountType field of a search result to see if
- the account is a group account
-*/
-static BOOL is_group_account(struct ldb_message *res)
-{
- uint_t atype = samdb_result_uint(res, "sAMAccountType", 0);
- if (atype && atype == ATYPE_NORMAL_ACCOUNT) {
- return False;
- }
- return True;
-}
-
-
-
-/*
- return the dom_sid of our primary domain
-*/
-static NTSTATUS sidmap_primary_domain_sid(struct sidmap_context *sidmap,
- TALLOC_CTX *mem_ctx, struct dom_sid **sid)
-{
- const char *attrs[] = { "objectSid", NULL };
- int ret;
- struct ldb_message **res = NULL;
-
- ret = gendb_search_dn(sidmap->samctx, mem_ctx, samdb_base_dn(mem_ctx),
- &res, attrs);
- if (ret != 1) {
- talloc_free(res);
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- *sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
- talloc_free(res);
- if (*sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}
-
-
-/*
- map a sid to a unix uid
-*/
-NTSTATUS sidmap_sid_to_unixuid(struct sidmap_context *sidmap,
- struct dom_sid *sid, uid_t *uid)
-{
- const char *attrs[] = { "sAMAccountName", "unixID",
- "unixName", "sAMAccountType", NULL };
- int ret;
- const char *s;
- TALLOC_CTX *tmp_ctx;
- struct ldb_message **res;
- struct dom_sid *domain_sid;
- NTSTATUS status;
-
- tmp_ctx = talloc_new(sidmap);
-
- ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
- "objectSid=%s", ldap_encode_ndr_dom_sid(tmp_ctx, sid));
- if (ret != 1) {
- goto allocated_sid;
- }
-
- /* make sure its a user, not a group */
- if (!is_user_account(res[0])) {
- DEBUG(0,("sid_to_unixuid: sid %s is not an account!\n",
- dom_sid_string(tmp_ctx, sid)));
- talloc_free(tmp_ctx);
- return NT_STATUS_INVALID_SID;
- }
-
- /* first try to get the uid directly */
- s = samdb_result_string(res[0], "unixID", NULL);
- if (s != NULL) {
- *uid = strtoul(s, NULL, 0);
- talloc_free(tmp_ctx);
- return NT_STATUS_OK;
- }
-
- /* next try via the UnixName attribute */
- s = samdb_result_string(res[0], "unixName", NULL);
- if (s != NULL) {
- struct passwd *pwd = getpwnam(s);
- if (!pwd) {
- DEBUG(0,("unixName %s for sid %s does not exist as a local user\n", s,
- dom_sid_string(tmp_ctx, sid)));
- talloc_free(tmp_ctx);
- return NT_STATUS_NO_SUCH_USER;
- }
- *uid = pwd->pw_uid;
- talloc_free(tmp_ctx);
- return NT_STATUS_OK;
- }
-
- /* finally try via the sAMAccountName attribute */
- s = samdb_result_string(res[0], "sAMAccountName", NULL);
- if (s != NULL) {
- struct passwd *pwd = getpwnam(s);
- if (!pwd) {
- DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local user\n",
- s, dom_sid_string(tmp_ctx, sid)));
- talloc_free(tmp_ctx);
- return NT_STATUS_NO_SUCH_USER;
- }
- *uid = pwd->pw_uid;
- talloc_free(tmp_ctx);
- return NT_STATUS_OK;
- }
-
-
-allocated_sid:
- status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(tmp_ctx);
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- if (dom_sid_in_domain(domain_sid, sid)) {
- uint32_t rid = sid->sub_auths[sid->num_auths-1];
- if (rid >= SIDMAP_LOCAL_USER_BASE &&
- rid < SIDMAP_LOCAL_GROUP_BASE) {
- *uid = rid - SIDMAP_LOCAL_USER_BASE;
- talloc_free(tmp_ctx);
- return NT_STATUS_OK;
- }
- }
-
-
- DEBUG(0,("sid_to_unixuid: no unixID, unixName or sAMAccountName for sid %s\n",
- dom_sid_string(tmp_ctx, sid)));
-
- talloc_free(tmp_ctx);
- return NT_STATUS_INVALID_SID;
-}
-
-
-/*
- map a sid to a unix gid
-*/
-NTSTATUS sidmap_sid_to_unixgid(struct sidmap_context *sidmap,
- struct dom_sid *sid, gid_t *gid)
-{
- const char *attrs[] = { "sAMAccountName", "unixID",
- "unixName", "sAMAccountType", NULL };
- int ret;
- const char *s;
- TALLOC_CTX *tmp_ctx;
- struct ldb_message **res;
- NTSTATUS status;
- struct dom_sid *domain_sid;
-
- tmp_ctx = talloc_new(sidmap);
-
- ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
- "objectSid=%s", ldap_encode_ndr_dom_sid(tmp_ctx, sid));
- if (ret != 1) {
- goto allocated_sid;
- }
-
- /* make sure its not a user */
- if (!is_group_account(res[0])) {
- DEBUG(0,("sid_to_unixgid: sid %s is a ATYPE_NORMAL_ACCOUNT\n",
- dom_sid_string(tmp_ctx, sid)));
- talloc_free(tmp_ctx);
- return NT_STATUS_INVALID_SID;
- }
-
- /* first try to get the gid directly */
- s = samdb_result_string(res[0], "unixID", NULL);
- if (s != NULL) {
- *gid = strtoul(s, NULL, 0);
- talloc_free(tmp_ctx);
- return NT_STATUS_OK;
- }
-
- /* next try via the UnixName attribute */
- s = samdb_result_string(res[0], "unixName", NULL);
- if (s != NULL) {
- struct group *grp = getgrnam(s);
- if (!grp) {
- DEBUG(0,("unixName '%s' for sid %s does not exist as a local group\n",
- s, dom_sid_string(tmp_ctx, sid)));
- talloc_free(tmp_ctx);
- return NT_STATUS_NO_SUCH_USER;
- }
- *gid = grp->gr_gid;
- talloc_free(tmp_ctx);
- return NT_STATUS_OK;
- }
-
- /* finally try via the sAMAccountName attribute */
- s = samdb_result_string(res[0], "sAMAccountName", NULL);
- if (s != NULL) {
- struct group *grp = getgrnam(s);
- if (!grp) {
- DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local group\n", s, dom_sid_string(tmp_ctx, sid)));
- talloc_free(tmp_ctx);
- return NT_STATUS_NO_SUCH_USER;
- }
- *gid = grp->gr_gid;
- talloc_free(tmp_ctx);
- return NT_STATUS_OK;
- }
-
-allocated_sid:
- status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(tmp_ctx);
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- if (dom_sid_in_domain(domain_sid, sid)) {
- uint32_t rid = sid->sub_auths[sid->num_auths-1];
- if (rid >= SIDMAP_LOCAL_GROUP_BASE) {
- *gid = rid - SIDMAP_LOCAL_GROUP_BASE;
- talloc_free(tmp_ctx);
- return NT_STATUS_OK;
- }
- }
-
- DEBUG(0,("sid_to_unixgid: no unixID, unixName or sAMAccountName for sid %s\n",
- dom_sid_string(tmp_ctx, sid)));
-
- talloc_free(tmp_ctx);
- return NT_STATUS_INVALID_SID;
-}
-
-
-/*
- map a unix uid to a dom_sid
- the returned sid is allocated in the supplied mem_ctx
-*/
-NTSTATUS sidmap_uid_to_sid(struct sidmap_context *sidmap,
- TALLOC_CTX *mem_ctx,
- uid_t uid, struct dom_sid **sid)
-{
- const char *attrs[] = { "sAMAccountName", "objectSid", "sAMAccountType", NULL };
- int ret, i;
- TALLOC_CTX *tmp_ctx;
- struct ldb_message **res;
- struct passwd *pwd;
- struct dom_sid *domain_sid;
- NTSTATUS status;
-
- /*
- we search for the mapping in the following order:
-
- - check if the uid is in the dynamic uid range assigned for winbindd
- use. If it is, then look in winbindd sid mapping
- database (not implemented yet)
- - look for a user account in samdb that has unixID set to the
- given uid
- - look for a user account in samdb that has unixName or
- sAMAccountName set to the name given by getpwuid()
- - assign a SID by adding the uid to SIDMAP_LOCAL_USER_BASE in the local
- domain
- */
-
-
- tmp_ctx = talloc_new(mem_ctx);
-
-
- /*
- step 2: look for a user account in samdb that has unixID set to the
- given uid
- */
-
- ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
- "unixID=%u", (unsigned int)uid);
- for (i=0;i<ret;i++) {
- if (!is_user_account(res[i])) continue;
-
- *sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
- talloc_free(tmp_ctx);
- NT_STATUS_HAVE_NO_MEMORY(*sid);
- return NT_STATUS_OK;
- }
-
- /*
- step 3: look for a user account in samdb that has unixName
- or sAMAccountName set to the name given by getpwuid()
- */
- pwd = getpwuid(uid);
- if (pwd == NULL) {
- goto allocate_sid;
- }
-
- ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
- "(|(unixName=%s)(sAMAccountName=%s))",
- pwd->pw_name, pwd->pw_name);
- for (i=0;i<ret;i++) {
- if (!is_user_account(res[i])) continue;
-
- *sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
- talloc_free(tmp_ctx);
- NT_STATUS_HAVE_NO_MEMORY(*sid);
- return NT_STATUS_OK;
- }
-
-
- /*
- step 4: assign a SID by adding the uid to
- SIDMAP_LOCAL_USER_BASE in the local domain
- */
-allocate_sid:
- if (uid > SIDMAP_MAX_LOCAL_UID) {
- return NT_STATUS_INVALID_SID;
- }
-
- status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(tmp_ctx);
- return status;
- }
-
- *sid = dom_sid_add_rid(mem_ctx, domain_sid, SIDMAP_LOCAL_USER_BASE + uid);
- talloc_free(tmp_ctx);
-
- if (*sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}
-
-
-/*
- map a unix gid to a dom_sid
- the returned sid is allocated in the supplied mem_ctx
-*/
-NTSTATUS sidmap_gid_to_sid(struct sidmap_context *sidmap,
- TALLOC_CTX *mem_ctx,
- gid_t gid, struct dom_sid **sid)
-{
- const char *attrs[] = { "sAMAccountName", "objectSid", "sAMAccountType", NULL };
- int ret, i;
- TALLOC_CTX *tmp_ctx;
- struct ldb_message **res;
- struct group *grp;
- struct dom_sid *domain_sid;
- NTSTATUS status;
-
- /*
- we search for the mapping in the following order:
-
- - check if the gid is in the dynamic gid range assigned for winbindd
- use. If it is, then look in winbindd sid mapping
- database (not implemented yet)
- - look for a group account in samdb that has unixID set to the
- given gid
- - look for a group account in samdb that has unixName or
- sAMAccountName set to the name given by getgrgid()
- - assign a SID by adding the gid to SIDMAP_LOCAL_GROUP_BASE in the local
- domain
- */
-
-
- tmp_ctx = talloc_new(sidmap);
-
-
- /*
- step 2: look for a group account in samdb that has unixID set to the
- given gid
- */
-
- ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
- "unixID=%u", (unsigned int)gid);
- for (i=0;i<ret;i++) {
- if (!is_group_account(res[i])) continue;
-
- *sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
- talloc_free(tmp_ctx);
- NT_STATUS_HAVE_NO_MEMORY(*sid);
- return NT_STATUS_OK;
- }
-
- /*
- step 3: look for a group account in samdb that has unixName
- or sAMAccountName set to the name given by getgrgid()
- */
- grp = getgrgid(gid);
- if (grp == NULL) {
- goto allocate_sid;
- }
-
- ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
- "(|(unixName=%s)(sAMAccountName=%s))",
- grp->gr_name, grp->gr_name);
- for (i=0;i<ret;i++) {
- if (!is_group_account(res[i])) continue;
-
- *sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
- talloc_free(tmp_ctx);
- NT_STATUS_HAVE_NO_MEMORY(*sid);
- return NT_STATUS_OK;
- }
-
-
- /*
- step 4: assign a SID by adding the gid to
- SIDMAP_LOCAL_GROUP_BASE in the local domain
- */
-allocate_sid:
- if (gid > SIDMAP_MAX_LOCAL_GID) {
- return NT_STATUS_INVALID_SID;
- }
-
- status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(tmp_ctx);
- return status;
- }
-
- *sid = dom_sid_add_rid(mem_ctx, domain_sid, SIDMAP_LOCAL_GROUP_BASE + gid);
- talloc_free(tmp_ctx);
-
- if (*sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}
-
-/*
- check if a sid is in the range of auto-allocated SIDs from our primary domain,
- and if it is, then return the name and atype
-*/
-NTSTATUS sidmap_allocated_sid_lookup(struct sidmap_context *sidmap,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
- const char **name,
- uint32_t *atype)
-{
- NTSTATUS status;
- struct dom_sid *domain_sid;
- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- uint32_t rid;
-
- status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
- if (!NT_STATUS_IS_OK(status)) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- if (!dom_sid_in_domain(domain_sid, sid)) {
- talloc_free(tmp_ctx);
- return NT_STATUS_INVALID_SID;
- }
-
- talloc_free(tmp_ctx);
-
- rid = sid->sub_auths[sid->num_auths-1];
- if (rid < SIDMAP_LOCAL_USER_BASE) {
- return NT_STATUS_INVALID_SID;
- }
-
- if (rid < SIDMAP_LOCAL_GROUP_BASE) {
- struct passwd *pwd;
- uid_t uid = rid - SIDMAP_LOCAL_USER_BASE;
- *atype = ATYPE_NORMAL_ACCOUNT;
- pwd = getpwuid(uid);
- if (pwd == NULL) {
- *name = talloc_asprintf(mem_ctx, "uid%u", uid);
- } else {
- *name = talloc_strdup(mem_ctx, pwd->pw_name);
- }
- } else {
- struct group *grp;
- gid_t gid = rid - SIDMAP_LOCAL_GROUP_BASE;
- *atype = ATYPE_LOCAL_GROUP;
- grp = getgrgid(gid);
- if (grp == NULL) {
- *name = talloc_asprintf(mem_ctx, "gid%u", gid);
- } else {
- *name = talloc_strdup(mem_ctx, grp->gr_name);
- }
- }
-
- if (*name == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}