summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/include/proto.h4
-rw-r--r--source3/librpc/idl/messaging.idl4
-rw-r--r--source3/smbd/msg_idmap.c205
-rw-r--r--source3/smbd/server.c2
-rw-r--r--source3/utils/smbcontrol.c49
6 files changed, 265 insertions, 1 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 2f3575f948..b7a7a7858b 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -868,7 +868,7 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_hash2.o
-SMBD_OBJ_MAIN = smbd/server.o smbd/server_exit.o
+SMBD_OBJ_MAIN = smbd/server.o smbd/server_exit.o smbd/msg_idmap.o
BUILDOPT_OBJ = smbd/build_options.o
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 43426795de..cf58cdf99e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5457,6 +5457,10 @@ struct AvahiPoll *tevent_avahi_poll(TALLOC_CTX *mem_ctx,
void *avahi_start_register(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
uint16_t port);
+/* The following definitions come from smbd/msg_idmap.c */
+
+void msg_idmap_register_msgs(struct messaging_context *ctx);
+
/* Misc protos */
struct fncall_context *fncall_context_init(TALLOC_CTX *mem_ctx,
diff --git a/source3/librpc/idl/messaging.idl b/source3/librpc/idl/messaging.idl
index 36f064f23d..8618d53c9a 100644
--- a/source3/librpc/idl/messaging.idl
+++ b/source3/librpc/idl/messaging.idl
@@ -35,6 +35,10 @@ interface messaging
MSG_REQ_DMALLOC_LOG_CHANGED = 0x000C,
MSG_SHUTDOWN = 0x000D,
+ MSG_IDMAP_FLUSH = 0x000E,
+ MSG_IDMAP_DELETE = 0x000F,
+ MSG_IDMAP_KILL = 0x0010,
+
/* nmbd messages */
MSG_FORCE_ELECTION = 0x0101,
MSG_WINS_NEW_ENTRY = 0x0102,
diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c
new file mode 100644
index 0000000000..9e2424d45e
--- /dev/null
+++ b/source3/smbd/msg_idmap.c
@@ -0,0 +1,205 @@
+/*
+ * Samba Unix/Linux SMB client library
+ *
+ * Copyright (C) Gregor Beck 2011
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @brief Notify smbd about idmap changes
+ * @file msg_idmap.c
+ * @author Gregor Beck <gb@sernet.de>
+ * @date Feb 2011
+ *
+ */
+
+#include "includes.h"
+#include "memcache.h"
+#include "globals.h"
+#include "../libcli/security/dom_sid.h"
+#include "../librpc/gen_ndr/messaging.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "idmap_cache.h"
+
+struct id {
+ union {
+ uid_t uid;
+ gid_t gid;
+ struct dom_sid sid;
+ };
+ enum {UID, GID, SID} type;
+};
+
+static bool parse_id(const char* str, struct id* id)
+{
+ struct dom_sid sid;
+ unsigned long ul;
+ char c, trash;
+
+ if (sscanf(str, "%cID %lu%c", &c, &ul, &trash) == 2) {
+ switch(c) {
+ case 'G':
+ id->gid = ul;
+ id->type = GID;
+ return true;
+ case 'U':
+ id->uid = ul;
+ id->type = UID;
+ return true;
+ default:
+ break;
+ }
+ } else if (string_to_sid(&sid, str)) {
+ id->sid = sid;
+ id->type = SID;
+ return true;
+ }
+ return false;
+}
+
+static bool uid_in_use(const struct user_struct* user, uid_t uid)
+{
+ while (user) {
+ if (user->session_info && (user->session_info->utok.uid == uid)) {
+ return true;
+ }
+ user = user->next;
+ }
+ return false;
+}
+
+static bool gid_in_use(const struct user_struct* user, gid_t gid)
+{
+ while (user) {
+ if (user->session_info != NULL) {
+ int i;
+ struct unix_user_token utok = user->session_info->utok;
+ if (utok.gid == gid) {
+ return true;
+ }
+ for(i=0; i<utok.ngroups; i++) {
+ if (utok.groups[i] == gid) {
+ return true;
+ }
+ }
+ }
+ user = user->next;
+ }
+ return false;
+}
+
+static bool sid_in_use(const struct user_struct* user, const struct dom_sid* psid)
+{
+ uid_t uid;
+ gid_t gid;
+ if (sid_to_gid(psid, &gid)) {
+ return gid_in_use(user, gid);
+ } else if (sid_to_uid(psid, &uid)) {
+ return uid_in_use(user, uid);
+ }
+ return false;
+}
+
+
+static bool id_in_use(const struct user_struct* user, const struct id* id)
+{
+ switch(id->type) {
+ case UID:
+ return uid_in_use(user, id->uid);
+ case GID:
+ return gid_in_use(user, id->gid);
+ case SID:
+ return sid_in_use(user, &id->sid);
+ default:
+ break;
+ }
+ return false;
+}
+
+static void delete_from_cache(const struct id* id)
+{
+ switch(id->type) {
+ case UID:
+ delete_uid_cache(id->uid);
+ idmap_cache_del_uid(id->uid);
+ break;
+ case GID:
+ delete_gid_cache(id->gid);
+ idmap_cache_del_gid(id->gid);
+ break;
+ case SID:
+ delete_sid_cache(&id->sid);
+ idmap_cache_del_sid(&id->sid);
+ break;
+ default:
+ break;
+ }
+}
+
+
+static void message_idmap_flush(struct messaging_context *msg_ctx,
+ void* private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB* data)
+{
+ const char* msg = data ? (const char*)data->data : NULL;
+
+ DEBUG(0, ("Foo: idmap flush cache message(0x%.2x): %s\n", msg_type, msg ? msg : "<NULL>"));
+
+ if ((msg == NULL) || (msg[0] == '\0')) {
+ flush_gid_cache();
+ flush_uid_cache();
+ } else if (strncmp(msg, "GID", 3)) {
+ flush_gid_cache();
+ } else if (strncmp(msg, "UID", 3)) {
+ flush_uid_cache();
+ } else {
+ DEBUG(0, ("Invalid argument: %s\n", msg));
+ }
+}
+
+
+static void message_idmap_delete(struct messaging_context *msg_ctx,
+ void* private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB* data)
+{
+ const char* msg = (data && data->data) ? (const char*)data->data : "<NULL>";
+ bool do_kill = (msg_type == MSG_IDMAP_KILL);
+ struct user_struct* validated_users = smbd_server_conn->smb1.sessions.validated_users;
+ struct id id;
+
+ DEBUG(0, ("Foo: idmap delete message(0x%.2x): %s\n", msg_type, msg));
+
+ if (!parse_id(msg, &id)) {
+ DEBUG(0, ("Invalid ?ID: %s\n", msg));
+ return;
+ }
+
+ if( do_kill && id_in_use(validated_users, &id) ) {
+ exit_server_cleanly(msg);
+ } else {
+ delete_from_cache(&id);
+ }
+}
+
+void msg_idmap_register_msgs(struct messaging_context *ctx)
+{
+ messaging_register(ctx, NULL, MSG_IDMAP_FLUSH, message_idmap_flush);
+ messaging_register(ctx, NULL, MSG_IDMAP_DELETE, message_idmap_delete);
+ messaging_register(ctx, NULL, MSG_IDMAP_KILL, message_idmap_delete);
+}
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 81283f0ec9..dd715e993a 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -760,6 +760,8 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
messaging_register(msg_ctx, NULL, MSG_PRINTER_PCAP, smb_pcap_updated);
brl_register_msgs(msg_ctx);
+ msg_idmap_register_msgs(msg_ctx);
+
#ifdef CLUSTER_SUPPORT
if (lp_clustering()) {
ctdbd_register_reconfigure(messaging_ctdbd_connection());
diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index 378534d87a..ed7ca596d8 100644
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -167,6 +167,54 @@ static bool do_debug(struct messaging_context *msg_ctx,
strlen(argv[1]) + 1);
}
+
+static bool do_idmap(struct messaging_context *msg_ctx,
+ const struct server_id pid,
+ const int argc, const char **argv)
+{
+ static const char* usage = "Usage: "
+ "smbcontrol <dest> idmap <cmd> [arg]\n"
+ "\tcmd:\tflush [gid|uid]\n"
+ "\t\tdelete \"UID <uid>\"|\"GID <gid>\"|<sid>\n"
+ "\t\tkill \"UID <uid>\"|\"GID <gid>\"|<sid>\n";
+ const char* arg = NULL;
+ int arglen = 0;
+ int msg_type;
+
+ switch (argc) {
+ case 2:
+ break;
+ case 3:
+ arg = argv[2];
+ arglen = strlen(arg) + 1;
+ break;
+ default:
+ fprintf(stderr, "%s", usage);
+ return false;
+ }
+
+ if (strcmp(argv[1], "flush") == 0) {
+ msg_type = MSG_IDMAP_FLUSH;
+ }
+ else if (strcmp(argv[1], "delete") == 0) {
+ msg_type = MSG_IDMAP_DELETE;
+ }
+ else if (strcmp(argv[1], "kill") == 0) {
+ msg_type = MSG_IDMAP_KILL;
+ }
+ else if (strcmp(argv[1], "help") == 0) {
+ fprintf(stdout, "%s", usage);
+ return true;
+ }
+ else {
+ fprintf(stderr, "%s", usage);
+ return false;
+ }
+
+ return send_message(msg_ctx, pid, msg_type, arg, arglen);
+}
+
+
#if defined(HAVE_LIBUNWIND_PTRACE) && defined(HAVE_LINUX_PTRACE)
/* Return the name of a process given it's PID. This will only work on Linux,
@@ -1201,6 +1249,7 @@ static const struct {
const char *help; /* Short help text */
} msg_types[] = {
{ "debug", do_debug, "Set debuglevel" },
+ { "idmap", do_idmap, "Manipulate idmap cache" },
{ "force-election", do_election,
"Force a browse election" },
{ "ping", do_ping, "Elicit a response" },