summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/include/idmap.h8
-rw-r--r--source3/sam/idmap.c10
-rw-r--r--source3/sam/idmap_tdb.c22
-rw-r--r--source3/sam/idmap_util.c14
4 files changed, 38 insertions, 16 deletions
diff --git a/source3/include/idmap.h b/source3/include/idmap.h
index 4b38128c2f..5a5e87c141 100644
--- a/source3/include/idmap.h
+++ b/source3/include/idmap.h
@@ -1,3 +1,5 @@
+#ifndef _IDMAP_H_
+#define _IDMAP_H_
/*
Unix SMB/CIFS implementation.
@@ -32,8 +34,8 @@
#define ID_TYPEMASK 0x0f
-#define ID_NOMAP 0x10
-#define ID_CACHE 0x20
+#define ID_QUERY_ONLY 0x10
+#define ID_CACHE_SAVE 0x20
/* Filled out by IDMAP backends */
struct idmap_methods {
@@ -51,4 +53,4 @@ struct idmap_methods {
/* Called to dump backend status */
void (*status)(void);
};
-
+#endif /* _IDMAP_H_ */
diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c
index d2f68acf60..25a3c2ba94 100644
--- a/source3/sam/idmap.c
+++ b/source3/sam/idmap.c
@@ -154,7 +154,7 @@ NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
/* Being able to update the remote cache is seldomly right.
Generally this is a forbidden operation. */
- if (!(id_type & ID_CACHE) && (remote_map != NULL)) {
+ if (!(id_type & ID_CACHE_SAVE) && (remote_map != NULL)) {
remote_map->set_mapping(sid, id, id_type);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG (0, ("idmap_set_mapping: Error, unable to modify remote cache!\n"));
@@ -175,7 +175,7 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
loc_type = *id_type;
if (remote_map) { /* We have a central remote idmap */
- loc_type |= ID_NOMAP;
+ loc_type |= ID_QUERY_ONLY;
}
ret = local_map->get_id_from_sid(id, &loc_type, sid);
if (!NT_STATUS_IS_OK(ret)) {
@@ -185,7 +185,7 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
DEBUG(3, ("idmap_get_id_from_sid: error fetching id!\n"));
return ret;
} else {
- loc_type |= ID_CACHE;
+ loc_type |= ID_CACHE_SAVE;
idmap_set_mapping(sid, *id, loc_type);
}
}
@@ -206,7 +206,7 @@ NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
loc_type = id_type;
if (remote_map) {
- loc_type = id_type | ID_NOMAP;
+ loc_type = id_type | ID_QUERY_ONLY;
}
ret = local_map->get_sid_from_id(sid, id, loc_type);
if (!NT_STATUS_IS_OK(ret)) {
@@ -216,7 +216,7 @@ NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
DEBUG(3, ("idmap_get_sid_from_id: unable to fetch sid!\n"));
return ret;
} else {
- loc_type |= ID_CACHE;
+ loc_type |= ID_CACHE_SAVE;
idmap_set_mapping(sid, id, loc_type);
}
}
diff --git a/source3/sam/idmap_tdb.c b/source3/sam/idmap_tdb.c
index d01f6f4609..c30443f6da 100644
--- a/source3/sam/idmap_tdb.c
+++ b/source3/sam/idmap_tdb.c
@@ -292,7 +292,7 @@ static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
return NT_STATUS_UNSUCCESSFUL;
}
- if (!(*id_type & ID_NOMAP) && (iderr != GET_ID_FROM_SID_OK) &&
+ if (!(*id_type & ID_QUERY_ONLY) && (iderr != GET_ID_FROM_SID_OK) &&
(((*id_type & ID_TYPEMASK) == ID_USERID)
|| (*id_type & ID_TYPEMASK) == ID_GROUPID)) {
TDB_DATA sid_data;
@@ -304,6 +304,13 @@ static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
sid_data.dptr = sid_string;
sid_data.dsize = strlen(sid_string)+1;
+ /* Lock the record for this SID. */
+ if (tdb_chainlock(idmap_tdb, sid_data) != 0) {
+ DEBUG(10,("db_get_id_from_sid: failed to lock record %s. Error %s\n",
+ sid_string, tdb_errorstr(idmap_tdb) ));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
do {
fstring ugid_str;
@@ -343,9 +350,12 @@ static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
if (tdb_store(idmap_tdb, sid_data, ugid_data, TDB_REPLACE) == -1) {
DEBUG(10,("db_get_id_from_sid: error %s\n", tdb_errorstr(idmap_tdb) ));
/* TODO: print tdb error !! */
+ tdb_chainunlock(idmap_tdb, sid_data);
return NT_STATUS_UNSUCCESSFUL;
}
}
+
+ tdb_chainunlock(idmap_tdb, sid_data);
}
return ret;
@@ -381,6 +391,13 @@ static NTSTATUS db_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
/* *DELETE* prevoius mappings if any.
* This is done both SID and [U|G]ID passed in */
+ /* Lock the record for this SID. */
+ if (tdb_chainlock(idmap_tdb, ksid) != 0) {
+ DEBUG(10,("db_get_id_from_sid: failed to lock record %s. Error %s\n",
+ ksidstr, tdb_errorstr(idmap_tdb) ));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
DEBUG(10,("db_set_mapping: fetching %s\n", ksid.dptr));
data = tdb_fetch(idmap_tdb, ksid);
@@ -400,13 +417,16 @@ static NTSTATUS db_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
if (tdb_store(idmap_tdb, ksid, kid, TDB_INSERT) == -1) {
DEBUG(0, ("idb_set_mapping: tdb_store 1 error: %s\n", tdb_errorstr(idmap_tdb)));
+ tdb_chainunlock(idmap_tdb, ksid);
return NT_STATUS_UNSUCCESSFUL;
}
if (tdb_store(idmap_tdb, kid, ksid, TDB_INSERT) == -1) {
DEBUG(0, ("idb_set_mapping: tdb_store 2 error: %s\n", tdb_errorstr(idmap_tdb)));
+ tdb_chainunlock(idmap_tdb, ksid);
return NT_STATUS_UNSUCCESSFUL;
}
+ tdb_chainunlock(idmap_tdb, ksid);
DEBUG(10,("db_set_mapping: stored %s -> %s and %s -> %s\n", ksid.dptr, kid.dptr, kid.dptr, ksid.dptr ));
return NT_STATUS_OK;
}
diff --git a/source3/sam/idmap_util.c b/source3/sam/idmap_util.c
index f10c20a750..42762e48fa 100644
--- a/source3/sam/idmap_util.c
+++ b/source3/sam/idmap_util.c
@@ -146,13 +146,13 @@ NTSTATUS uid_to_sid(DOM_SID *sid, uid_t uid)
flags = ID_USERID;
if (!lp_idmap_only() && !idmap_check_ugid_is_in_free_range(uid)) {
- flags |= ID_NOMAP;
+ flags |= ID_QUERY_ONLY;
}
id.uid = uid;
if (!NT_STATUS_IS_OK(ret = idmap_get_sid_from_id(sid, id, flags))) {
DEBUG(10, ("uid_to_sid: Failed to map uid = [%u]\n", (unsigned int)uid));
- if (flags & ID_NOMAP) {
+ if (flags & ID_QUERY_ONLY) {
sid_copy(sid, get_global_sam_sid());
sid_append_rid(sid, fallback_pdb_uid_to_user_rid(uid));
@@ -182,13 +182,13 @@ NTSTATUS gid_to_sid(DOM_SID *sid, gid_t gid)
flags = ID_GROUPID;
if (!lp_idmap_only() && !idmap_check_ugid_is_in_free_range(gid)) {
- flags |= ID_NOMAP;
+ flags |= ID_QUERY_ONLY;
}
id.gid = gid;
if (!NT_STATUS_IS_OK(ret = idmap_get_sid_from_id(sid, id, flags))) {
DEBUG(10, ("gid_to_sid: Failed to map gid = [%u]\n", (unsigned int)gid));
- if (flags & ID_NOMAP) {
+ if (flags & ID_QUERY_ONLY) {
sid_copy(sid, get_global_sam_sid());
sid_append_rid(sid, pdb_gid_to_group_rid(gid));
@@ -221,7 +221,7 @@ NTSTATUS sid_to_uid(const DOM_SID *sid, uid_t *uid)
flags = ID_USERID;
if (!lp_idmap_only()) {
if (!idmap_check_sid_is_in_free_range(sid)) {
- flags |= ID_NOMAP;
+ flags |= ID_QUERY_ONLY;
fallback = True;
}
}
@@ -278,7 +278,7 @@ NTSTATUS sid_to_gid(const DOM_SID *sid, gid_t *gid)
flags = ID_GROUPID;
if (!lp_idmap_only()) {
if (!idmap_check_sid_is_in_free_range(sid)) {
- flags |= ID_NOMAP;
+ flags |= ID_QUERY_ONLY;
fallback = True;
}
}
@@ -355,7 +355,7 @@ BOOL idmap_init_wellknown_sids(void)
/* check if DOMAIN_GROUP_RID_GUESTS SID is set, if not store the
* guest account gid as mapping */
- flags = ID_GROUPID | ID_NOMAP;
+ flags = ID_GROUPID | ID_QUERY_ONLY;
sid_copy(&sid, get_global_sam_sid());
sid_append_rid(&sid, DOMAIN_GROUP_RID_GUESTS);
if (!NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &flags, &sid))) {