diff options
Diffstat (limited to 'source3/nsswitch/idmap.c')
-rw-r--r-- | source3/nsswitch/idmap.c | 53 |
1 files changed, 30 insertions, 23 deletions
diff --git a/source3/nsswitch/idmap.c b/source3/nsswitch/idmap.c index bd81d1e83f..2bcff7b717 100644 --- a/source3/nsswitch/idmap.c +++ b/source3/nsswitch/idmap.c @@ -719,7 +719,7 @@ static NTSTATUS idmap_new_mapping(TALLOC_CTX *ctx, struct id_map *map) /* by default calls to winbindd are disabled the following call will not recurse so this is safe */ winbind_on(); - wbret =winbind_lookup_sid(ctx, map->sid, &domname, &name, &sid_type); + wbret = winbind_lookup_sid(ctx, map->sid, &domname, &name, &sid_type); winbind_off(); /* check if this is a valid SID and then map it */ @@ -750,7 +750,7 @@ static NTSTATUS idmap_new_mapping(TALLOC_CTX *ctx, struct id_map *map) } /* ok, got a new id, let's set a mapping */ - map->mapped = True; + map->status = ID_MAPPED; DEBUG(10, ("Setting mapping: %s <-> %s %lu\n", sid_string_static(map->sid), @@ -822,9 +822,9 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids) _ids = ids; - /* make sure all maps are marked as false */ + /* make sure all maps are marked as in UNKNOWN status */ for (i = 0; _ids[i]; i++) { - _ids[i]->mapped = False; + _ids[i]->status = ID_UNKNOWN; } unmapped = NULL; @@ -840,7 +840,7 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids) unmapped = NULL; for (i = 0, u = 0; _ids[i]; i++) { - if (_ids[i]->mapped == False) { + if (_ids[i]->status == ID_UNKNOWN || _ids[i]->status == ID_UNMAPPED) { unmapped = talloc_realloc(ctx, unmapped, struct id_map *, u + 2); IDMAP_CHECK_ALLOC(unmapped); unmapped[u] = _ids[i]; @@ -864,14 +864,14 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids) switch (unmapped[i]->xid.type) { case ID_TYPE_UID: uid_to_unix_users_sid((uid_t)unmapped[i]->xid.id, unmapped[i]->sid); - unmapped[i]->mapped = True; + unmapped[i]->status = ID_MAPPED; break; case ID_TYPE_GID: gid_to_unix_groups_sid((gid_t)unmapped[i]->xid.id, unmapped[i]->sid); - unmapped[i]->mapped = True; + unmapped[i]->status = ID_MAPPED; break; default: /* what?! */ - unmapped[i]->mapped = False; + unmapped[i]->status = ID_UNKNOWN; break; } } @@ -913,8 +913,8 @@ static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids) for (i = 0; ids[i]; i++) { int dom_num; - /* make sure they are unmapped by default */ - ids[i]->mapped = False; + /* make sure they are unknown to start off */ + ids[i]->status = ID_UNKNOWN; for (dom_num = 0, dom = NULL; dom_num < num_domains; dom_num++) { if (idmap_domains[dom_num]->default_domain) { @@ -975,17 +975,18 @@ static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids) /* let's see if we have any unmapped SID left and act accordingly */ for (i = 0; ids[i]; i++) { - if ( ! ids[i]->mapped) { /* ok this is an unmapped one, see if we can map it */ + if (ids[i]->status == ID_UNKNOWN || ids[i]->status == ID_UNMAPPED) { + /* ok this is an unmapped one, see if we can map it */ ret = idmap_new_mapping(ctx, ids[i]); if (NT_STATUS_IS_OK(ret)) { /* successfully mapped */ - ids[i]->mapped = True; + ids[i]->status = ID_MAPPED; } else if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) { /* could not map it */ - ids[i]->mapped = False; - } else{ + ids[i]->status = ID_UNMAPPED; + } else { /* Something very bad happened down there */ - goto done; + ids[i]->status = ID_UNKNOWN; } } } @@ -1038,8 +1039,6 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids) ret = idmap_cache_map_id(idmap_cache, ids[i]); - /* TODO: handle NT_STATUS_SYNCHRONIZATION_REQUIRED for disconnected mode */ - if ( ! NT_STATUS_IS_OK(ret)) { if ( ! bids) { @@ -1080,9 +1079,14 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids) /* update the cache */ for (i = 0; i < bi; i++) { - if (bids[i]->mapped) { + if (bids[i]->status == ID_MAPPED) { ret = idmap_cache_set(idmap_cache, bids[i]); - } else { + } else if (bids[i]->status == ID_UNKNOWN) { + /* return an expired entry in the cache or an unknown */ + /* this handles a previous NT_STATUS_SYNCHRONIZATION_REQUIRED + * for disconnected mode */ + idmap_cache_map_id(idmap_cache, ids[i]); + } else { /* unmapped */ ret = idmap_cache_set_negative_id(idmap_cache, bids[i]); } IDMAP_CHECK_RET(ret); @@ -1132,8 +1136,6 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids) ret = idmap_cache_map_sid(idmap_cache, ids[i]); - /* TODO: handle NT_STATUS_SYNCHRONIZATION_REQUIRED for disconnected mode */ - if ( ! NT_STATUS_IS_OK(ret)) { if ( ! bids) { @@ -1174,8 +1176,13 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids) /* update the cache */ for (i = 0; bids[i]; i++) { - if (bids[i]->mapped) { + if (bids[i]->status == ID_MAPPED) { ret = idmap_cache_set(idmap_cache, bids[i]); + } else if (bids[i]->status == ID_UNKNOWN) { + /* return an expired entry in the cache or an unknown */ + /* this handles a previous NT_STATUS_SYNCHRONIZATION_REQUIRED + * for disconnected mode */ + idmap_cache_map_id(idmap_cache, ids[i]); } else { ret = idmap_cache_set_negative_sid(idmap_cache, bids[i]); } @@ -1199,7 +1206,7 @@ NTSTATUS idmap_set_mapping(const struct id_map *id) } /* sanity checks */ - if ((id->sid == NULL) || (! id->mapped)) { + if ((id->sid == NULL) || (id->status != ID_MAPPED)) { DEBUG(1, ("NULL SID or unmapped entry\n")); return NT_STATUS_INVALID_PARAMETER; } |