diff options
-rw-r--r-- | source3/include/idmap.h | 8 | ||||
-rw-r--r-- | source3/sam/idmap.c | 10 | ||||
-rw-r--r-- | source3/sam/idmap_tdb.c | 22 | ||||
-rw-r--r-- | source3/sam/idmap_util.c | 14 |
4 files changed, 38 insertions, 16 deletions
diff --git a/source3/include/idmap.h b/source3/include/idmap.h index 4b38128c2f..5a5e87c141 100644 --- a/source3/include/idmap.h +++ b/source3/include/idmap.h @@ -1,3 +1,5 @@ +#ifndef _IDMAP_H_ +#define _IDMAP_H_ /* Unix SMB/CIFS implementation. @@ -32,8 +34,8 @@ #define ID_TYPEMASK 0x0f -#define ID_NOMAP 0x10 -#define ID_CACHE 0x20 +#define ID_QUERY_ONLY 0x10 +#define ID_CACHE_SAVE 0x20 /* Filled out by IDMAP backends */ struct idmap_methods { @@ -51,4 +53,4 @@ struct idmap_methods { /* Called to dump backend status */ void (*status)(void); }; - +#endif /* _IDMAP_H_ */ diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c index d2f68acf60..25a3c2ba94 100644 --- a/source3/sam/idmap.c +++ b/source3/sam/idmap.c @@ -154,7 +154,7 @@ NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type) /* Being able to update the remote cache is seldomly right. Generally this is a forbidden operation. */ - if (!(id_type & ID_CACHE) && (remote_map != NULL)) { + if (!(id_type & ID_CACHE_SAVE) && (remote_map != NULL)) { remote_map->set_mapping(sid, id, id_type); if (!NT_STATUS_IS_OK(ret)) { DEBUG (0, ("idmap_set_mapping: Error, unable to modify remote cache!\n")); @@ -175,7 +175,7 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) loc_type = *id_type; if (remote_map) { /* We have a central remote idmap */ - loc_type |= ID_NOMAP; + loc_type |= ID_QUERY_ONLY; } ret = local_map->get_id_from_sid(id, &loc_type, sid); if (!NT_STATUS_IS_OK(ret)) { @@ -185,7 +185,7 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) DEBUG(3, ("idmap_get_id_from_sid: error fetching id!\n")); return ret; } else { - loc_type |= ID_CACHE; + loc_type |= ID_CACHE_SAVE; idmap_set_mapping(sid, *id, loc_type); } } @@ -206,7 +206,7 @@ NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) loc_type = id_type; if (remote_map) { - loc_type = id_type | ID_NOMAP; + loc_type = id_type | ID_QUERY_ONLY; } ret = local_map->get_sid_from_id(sid, id, loc_type); if (!NT_STATUS_IS_OK(ret)) { @@ -216,7 +216,7 @@ NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) DEBUG(3, ("idmap_get_sid_from_id: unable to fetch sid!\n")); return ret; } else { - loc_type |= ID_CACHE; + loc_type |= ID_CACHE_SAVE; idmap_set_mapping(sid, id, loc_type); } } diff --git a/source3/sam/idmap_tdb.c b/source3/sam/idmap_tdb.c index d01f6f4609..c30443f6da 100644 --- a/source3/sam/idmap_tdb.c +++ b/source3/sam/idmap_tdb.c @@ -292,7 +292,7 @@ static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) return NT_STATUS_UNSUCCESSFUL; } - if (!(*id_type & ID_NOMAP) && (iderr != GET_ID_FROM_SID_OK) && + if (!(*id_type & ID_QUERY_ONLY) && (iderr != GET_ID_FROM_SID_OK) && (((*id_type & ID_TYPEMASK) == ID_USERID) || (*id_type & ID_TYPEMASK) == ID_GROUPID)) { TDB_DATA sid_data; @@ -304,6 +304,13 @@ static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) sid_data.dptr = sid_string; sid_data.dsize = strlen(sid_string)+1; + /* Lock the record for this SID. */ + if (tdb_chainlock(idmap_tdb, sid_data) != 0) { + DEBUG(10,("db_get_id_from_sid: failed to lock record %s. Error %s\n", + sid_string, tdb_errorstr(idmap_tdb) )); + return NT_STATUS_UNSUCCESSFUL; + } + do { fstring ugid_str; @@ -343,9 +350,12 @@ static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) if (tdb_store(idmap_tdb, sid_data, ugid_data, TDB_REPLACE) == -1) { DEBUG(10,("db_get_id_from_sid: error %s\n", tdb_errorstr(idmap_tdb) )); /* TODO: print tdb error !! */ + tdb_chainunlock(idmap_tdb, sid_data); return NT_STATUS_UNSUCCESSFUL; } } + + tdb_chainunlock(idmap_tdb, sid_data); } return ret; @@ -381,6 +391,13 @@ static NTSTATUS db_set_mapping(const DOM_SID *sid, unid_t id, int id_type) /* *DELETE* prevoius mappings if any. * This is done both SID and [U|G]ID passed in */ + /* Lock the record for this SID. */ + if (tdb_chainlock(idmap_tdb, ksid) != 0) { + DEBUG(10,("db_get_id_from_sid: failed to lock record %s. Error %s\n", + ksidstr, tdb_errorstr(idmap_tdb) )); + return NT_STATUS_UNSUCCESSFUL; + } + DEBUG(10,("db_set_mapping: fetching %s\n", ksid.dptr)); data = tdb_fetch(idmap_tdb, ksid); @@ -400,13 +417,16 @@ static NTSTATUS db_set_mapping(const DOM_SID *sid, unid_t id, int id_type) if (tdb_store(idmap_tdb, ksid, kid, TDB_INSERT) == -1) { DEBUG(0, ("idb_set_mapping: tdb_store 1 error: %s\n", tdb_errorstr(idmap_tdb))); + tdb_chainunlock(idmap_tdb, ksid); return NT_STATUS_UNSUCCESSFUL; } if (tdb_store(idmap_tdb, kid, ksid, TDB_INSERT) == -1) { DEBUG(0, ("idb_set_mapping: tdb_store 2 error: %s\n", tdb_errorstr(idmap_tdb))); + tdb_chainunlock(idmap_tdb, ksid); return NT_STATUS_UNSUCCESSFUL; } + tdb_chainunlock(idmap_tdb, ksid); DEBUG(10,("db_set_mapping: stored %s -> %s and %s -> %s\n", ksid.dptr, kid.dptr, kid.dptr, ksid.dptr )); return NT_STATUS_OK; } diff --git a/source3/sam/idmap_util.c b/source3/sam/idmap_util.c index f10c20a750..42762e48fa 100644 --- a/source3/sam/idmap_util.c +++ b/source3/sam/idmap_util.c @@ -146,13 +146,13 @@ NTSTATUS uid_to_sid(DOM_SID *sid, uid_t uid) flags = ID_USERID; if (!lp_idmap_only() && !idmap_check_ugid_is_in_free_range(uid)) { - flags |= ID_NOMAP; + flags |= ID_QUERY_ONLY; } id.uid = uid; if (!NT_STATUS_IS_OK(ret = idmap_get_sid_from_id(sid, id, flags))) { DEBUG(10, ("uid_to_sid: Failed to map uid = [%u]\n", (unsigned int)uid)); - if (flags & ID_NOMAP) { + if (flags & ID_QUERY_ONLY) { sid_copy(sid, get_global_sam_sid()); sid_append_rid(sid, fallback_pdb_uid_to_user_rid(uid)); @@ -182,13 +182,13 @@ NTSTATUS gid_to_sid(DOM_SID *sid, gid_t gid) flags = ID_GROUPID; if (!lp_idmap_only() && !idmap_check_ugid_is_in_free_range(gid)) { - flags |= ID_NOMAP; + flags |= ID_QUERY_ONLY; } id.gid = gid; if (!NT_STATUS_IS_OK(ret = idmap_get_sid_from_id(sid, id, flags))) { DEBUG(10, ("gid_to_sid: Failed to map gid = [%u]\n", (unsigned int)gid)); - if (flags & ID_NOMAP) { + if (flags & ID_QUERY_ONLY) { sid_copy(sid, get_global_sam_sid()); sid_append_rid(sid, pdb_gid_to_group_rid(gid)); @@ -221,7 +221,7 @@ NTSTATUS sid_to_uid(const DOM_SID *sid, uid_t *uid) flags = ID_USERID; if (!lp_idmap_only()) { if (!idmap_check_sid_is_in_free_range(sid)) { - flags |= ID_NOMAP; + flags |= ID_QUERY_ONLY; fallback = True; } } @@ -278,7 +278,7 @@ NTSTATUS sid_to_gid(const DOM_SID *sid, gid_t *gid) flags = ID_GROUPID; if (!lp_idmap_only()) { if (!idmap_check_sid_is_in_free_range(sid)) { - flags |= ID_NOMAP; + flags |= ID_QUERY_ONLY; fallback = True; } } @@ -355,7 +355,7 @@ BOOL idmap_init_wellknown_sids(void) /* check if DOMAIN_GROUP_RID_GUESTS SID is set, if not store the * guest account gid as mapping */ - flags = ID_GROUPID | ID_NOMAP; + flags = ID_GROUPID | ID_QUERY_ONLY; sid_copy(&sid, get_global_sam_sid()); sid_append_rid(&sid, DOMAIN_GROUP_RID_GUESTS); if (!NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &flags, &sid))) { |