summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/nsswitch/idmap.c415
1 files changed, 255 insertions, 160 deletions
diff --git a/source3/nsswitch/idmap.c b/source3/nsswitch/idmap.c
index ebbf24e3f6..009d7a610b 100644
--- a/source3/nsswitch/idmap.c
+++ b/source3/nsswitch/idmap.c
@@ -1,9 +1,9 @@
-/*
+/*
Unix SMB/CIFS implementation.
ID Mapping
Copyright (C) Tim Potter 2000
Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
- Copyright (C) Simo Sorce 2003
+ Copyright (C) Simo Sorce 2003-2007
Copyright (C) Jeremy Allison 2006
This program is free software; you can redistribute it and/or modify
@@ -60,11 +60,23 @@ static int def_dom_num = -1;
static struct idmap_alloc_backend *alloc_backends = NULL;
static struct idmap_alloc_context *idmap_alloc_ctx = NULL;
-#define IDMAP_CHECK_RET(ret) do { if ( ! NT_STATUS_IS_OK(ret)) { DEBUG(2, ("ERROR: NTSTATUS = 0x%08x\n", NT_STATUS_V(ret))); goto done; } } while(0)
-#define IDMAP_REPORT_RET(ret) do { if ( ! NT_STATUS_IS_OK(ret)) { DEBUG(2, ("ERROR: NTSTATUS = 0x%08x\n", NT_STATUS_V(ret))); } } while(0)
-#define IDMAP_CHECK_ALLOC(mem) do { if (!mem) { DEBUG(0, ("Out of memory!\n")); ret = NT_STATUS_NO_MEMORY; goto done; } } while(0)
-
-static struct idmap_methods *get_methods(struct idmap_backend *be, const char *name)
+#define IDMAP_CHECK_RET(ret) do { \
+ if ( ! NT_STATUS_IS_OK(ret)) { \
+ DEBUG(2, ("ERROR: NTSTATUS = 0x%08x\n", NT_STATUS_V(ret))); \
+ goto done; \
+ } } while(0)
+#define IDMAP_REPORT_RET(ret) do { \
+ if ( ! NT_STATUS_IS_OK(ret)) { \
+ DEBUG(2, ("ERROR: NTSTATUS = 0x%08x\n", NT_STATUS_V(ret))); \
+ } } while(0)
+#define IDMAP_CHECK_ALLOC(mem) do { \
+ if (!mem) { \
+ DEBUG(0, ("Out of memory!\n")); ret = NT_STATUS_NO_MEMORY; \
+ goto done; \
+ } } while(0)
+
+static struct idmap_methods *get_methods(struct idmap_backend *be,
+ const char *name)
{
struct idmap_backend *b;
@@ -77,7 +89,9 @@ static struct idmap_methods *get_methods(struct idmap_backend *be, const char *n
return NULL;
}
-static struct idmap_alloc_methods *get_alloc_methods(struct idmap_alloc_backend *be, const char *name)
+static struct idmap_alloc_methods *get_alloc_methods(
+ struct idmap_alloc_backend *be,
+ const char *name)
{
struct idmap_alloc_backend *b;
@@ -100,7 +114,8 @@ BOOL idmap_is_offline(void)
Allow a module to register itself as a method.
**********************************************************************/
-NTSTATUS smb_register_idmap(int version, const char *name, struct idmap_methods *methods)
+NTSTATUS smb_register_idmap(int version, const char *name,
+ struct idmap_methods *methods)
{
struct idmap_methods *test;
struct idmap_backend *entry;
@@ -111,9 +126,11 @@ NTSTATUS smb_register_idmap(int version, const char *name, struct idmap_methods
if ((version != SMB_IDMAP_INTERFACE_VERSION)) {
DEBUG(0, ("Failed to register idmap module.\n"
- "The module was compiled against SMB_IDMAP_INTERFACE_VERSION %d,\n"
+ "The module was compiled against "
+ "SMB_IDMAP_INTERFACE_VERSION %d,\n"
"current SMB_IDMAP_INTERFACE_VERSION is %d.\n"
- "Please recompile against the current version of samba!\n",
+ "Please recompile against the current version "
+ "of samba!\n",
version, SMB_IDMAP_INTERFACE_VERSION));
return NT_STATUS_OBJECT_TYPE_MISMATCH;
}
@@ -150,7 +167,8 @@ NTSTATUS smb_register_idmap(int version, const char *name, struct idmap_methods
Allow a module to register itself as a method.
**********************************************************************/
-NTSTATUS smb_register_idmap_alloc(int version, const char *name, struct idmap_alloc_methods *methods)
+NTSTATUS smb_register_idmap_alloc(int version, const char *name,
+ struct idmap_alloc_methods *methods)
{
struct idmap_alloc_methods *test;
struct idmap_alloc_backend *entry;
@@ -161,9 +179,11 @@ NTSTATUS smb_register_idmap_alloc(int version, const char *name, struct idmap_al
if ((version != SMB_IDMAP_INTERFACE_VERSION)) {
DEBUG(0, ("Failed to register idmap alloc module.\n"
- "The module was compiled against SMB_IDMAP_INTERFACE_VERSION %d,\n"
+ "The module was compiled against "
+ "SMB_IDMAP_INTERFACE_VERSION %d,\n"
"current SMB_IDMAP_INTERFACE_VERSION is %d.\n"
- "Please recompile against the current version of samba!\n",
+ "Please recompile against the current version "
+ "of samba!\n",
version, SMB_IDMAP_INTERFACE_VERSION));
return NT_STATUS_OBJECT_TYPE_MISMATCH;
}
@@ -241,14 +261,14 @@ static const char *idmap_default_domain[] = { "default domain", NULL };
****************************************************************************/
NTSTATUS idmap_init_cache(void)
-{
+{
/* Always initialize the cache. We'll have to delay initialization
of backends if we are offline */
if ( idmap_ctx ) {
return NT_STATUS_OK;
- }
-
+ }
+
if ( (idmap_ctx = talloc_named_const(NULL, 0, "idmap_ctx")) == NULL ) {
return NT_STATUS_NO_MEMORY;
}
@@ -264,7 +284,7 @@ NTSTATUS idmap_init_cache(void)
****************************************************************************/
NTSTATUS idmap_init(void)
-{
+{
NTSTATUS ret;
static NTSTATUS idmap_init_status = NT_STATUS_UNSUCCESSFUL;
struct idmap_domain *dom;
@@ -278,15 +298,15 @@ NTSTATUS idmap_init(void)
int i;
ret = idmap_init_cache();
- if ( !NT_STATUS_IS_OK(ret) )
+ if (!NT_STATUS_IS_OK(ret))
return ret;
- if (NT_STATUS_IS_OK(idmap_init_status)) {
+ if (NT_STATUS_IS_OK(idmap_init_status)) {
return NT_STATUS_OK;
}
-
- /* We can't reliably call intialization code here unless
- we are online. But return NT_STATUS_OK so the upper
+
+ /* We can't reliably call intialization code here unless
+ we are online. But return NT_STATUS_OK so the upper
level code doesn't abort idmap lookups. */
if ( get_global_winbindd_state_offline() ) {
@@ -297,46 +317,48 @@ NTSTATUS idmap_init(void)
static_init_idmap;
dom_list = lp_idmap_domains();
-
+
if ( lp_idmap_backend() ) {
const char **compat_list = lp_idmap_backend();
char *p = NULL;
- const char *q = NULL;
+ const char *q = NULL;
- if ( dom_list ) {
- DEBUG(0, ("WARNING: idmap backend and idmap domains are "
- "mutually exclusive!\n"));
+ if ( dom_list ) {
+ DEBUG(0, ("WARNING: idmap backend and idmap domains are"
+ " mutually exclusive!\n"));
DEBUGADD(0,("idmap backend option will be IGNORED!\n"));
} else {
compat = 1;
- if ( (compat_backend = talloc_strdup( idmap_ctx, *compat_list )) == NULL ) {
+ compat_backend = talloc_strdup(idmap_ctx, *compat_list);
+ if (compat_backend == NULL ) {
ret = NT_STATUS_NO_MEMORY;
goto done;
}
-
+
/* strip any leading idmap_ prefix of */
if (strncmp(*compat_list, "idmap_", 6) == 0 ) {
q = *compat_list += 6;
- DEBUG(0, ("WARNING: idmap backend uses obsolete and "
- "deprecated 'idmap_' prefix.\n"
- "Please replace 'idmap_%s' by '%s' in %s\n",
- q, q, dyn_CONFIGFILE));
- compat_backend = talloc_strdup( idmap_ctx, q);
+ DEBUG(0, ("WARNING: idmap backend uses obsolete"
+ " and deprecated 'idmap_' prefix.\n"
+ "Please replace 'idmap_%s' by '%s' in"
+ " %s\n", q, q, dyn_CONFIGFILE));
+ compat_backend = talloc_strdup(idmap_ctx, q);
} else {
- compat_backend = talloc_strdup( idmap_ctx, *compat_list);
+ compat_backend = talloc_strdup(idmap_ctx,
+ *compat_list);
}
-
+
/* separate the backend and module arguements */
if ((p = strchr(compat_backend, ':')) != NULL) {
- *p = '\0';
+ *p = '\0';
compat_params = p + 1;
}
- }
+ }
} else if ( !dom_list ) {
/* Back compatible: without idmap domains and explicit
idmap backend. Taking default idmap backend: tdb */
-
+
compat = 1;
compat_backend = talloc_strdup( idmap_ctx, "tdb");
compat_params = compat_backend;
@@ -345,7 +367,7 @@ NTSTATUS idmap_init(void)
if ( ! dom_list) {
dom_list = idmap_default_domain;
}
-
+
/***************************
* initialize idmap domains
*/
@@ -356,10 +378,10 @@ NTSTATUS idmap_init(void)
char *config_option;
/* ignore BUILTIN and local MACHINE domains */
- if ( strequal(dom_list[i], "BUILTIN")
- || strequal(dom_list[i], get_global_sam_name() ) )
+ if (strequal(dom_list[i], "BUILTIN")
+ || strequal(dom_list[i], get_global_sam_name()))
{
- DEBUG(0,("idmap_init: Ignoring invalid domain %s\n",
+ DEBUG(0,("idmap_init: Ignoring invalid domain %s\n",
dom_list[i]));
continue;
}
@@ -368,44 +390,50 @@ NTSTATUS idmap_init(void)
pri_dom_is_in_list = True;
}
/* init domain */
-
+
dom = TALLOC_ZERO_P(idmap_ctx, struct idmap_domain);
IDMAP_CHECK_ALLOC(dom);
dom->name = talloc_strdup(dom, dom_list[i]);
IDMAP_CHECK_ALLOC(dom->name);
- config_option = talloc_asprintf(dom, "idmap config %s", dom->name);
+ config_option = talloc_asprintf(dom, "idmap config %s",
+ dom->name);
IDMAP_CHECK_ALLOC(config_option);
/* default or specific ? */
- dom->default_domain = lp_parm_bool(-1, config_option, "default", False);
+ dom->default_domain = lp_parm_bool(-1, config_option,
+ "default", False);
if (dom->default_domain ||
strequal(dom_list[i], idmap_default_domain[0])) {
- /* make sure this is set even when we match idmap_default_domain[0] */
+ /* make sure this is set even when we match
+ * idmap_default_domain[0] */
dom->default_domain = True;
if (default_already_defined) {
- DEBUG(1, ("ERROR: Multiple domains defined as default!\n"));
+ DEBUG(1, ("ERROR: Multiple domains defined as"
+ " default!\n"));
ret = NT_STATUS_INVALID_PARAMETER;
goto done;
}
default_already_defined = True;
- }
+ }
- dom->readonly = lp_parm_bool(-1, config_option, "readonly", False);
+ dom->readonly = lp_parm_bool(-1, config_option,
+ "readonly", False);
/* find associated backend (default: tdb) */
if (compat) {
parm_backend = talloc_strdup(idmap_ctx, compat_backend);
} else {
- parm_backend = talloc_strdup(idmap_ctx,
- lp_parm_const_string(-1, config_option, "backend", "tdb"));
+ char *backend = lp_parm_const_string(-1, config_option,
+ "backend", "tdb");
+ parm_backend = talloc_strdup(idmap_ctx, backend);
}
IDMAP_CHECK_ALLOC(parm_backend);
@@ -415,22 +443,27 @@ NTSTATUS idmap_init(void)
if ( ! dom->methods) {
ret = smb_probe_module("idmap", parm_backend);
if (NT_STATUS_IS_OK(ret)) {
- dom->methods = get_methods(backends, parm_backend);
+ dom->methods = get_methods(backends,
+ parm_backend);
}
}
if ( ! dom->methods) {
- DEBUG(0, ("ERROR: Could not get methods for backend %s\n", parm_backend));
+ DEBUG(0, ("ERROR: Could not get methods for "
+ "backend %s\n", parm_backend));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- /* check the set_mapping function exists otherwise mark the module as readonly */
+ /* check the set_mapping function exists otherwise mark the
+ * module as readonly */
if ( ! dom->methods->set_mapping) {
- DEBUG(5, ("Forcing to readonly, as this module can't store arbitrary mappings.\n"));
+ DEBUG(5, ("Forcing to readonly, as this module can't"
+ " store arbitrary mappings.\n"));
dom->readonly = True;
}
- /* now that we have methods, set the destructor for this domain */
+ /* now that we have methods,
+ * set the destructor for this domain */
talloc_set_destructor(dom, close_domain_destructor);
if (compat_params) {
@@ -443,10 +476,12 @@ NTSTATUS idmap_init(void)
/* Finally instance a backend copy for this domain */
ret = dom->methods->init(dom);
if ( ! NT_STATUS_IS_OK(ret)) {
- DEBUG(0, ("ERROR: Initialization failed for backend %s (domain %s), deferred!\n",
- parm_backend, dom->name));
+ DEBUG(0, ("ERROR: Initialization failed for backend "
+ "%s (domain %s), deferred!\n",
+ parm_backend, dom->name));
}
- idmap_domains = talloc_realloc(idmap_ctx, idmap_domains, struct idmap_domain *, i+1);
+ idmap_domains = talloc_realloc(idmap_ctx, idmap_domains,
+ struct idmap_domain *, i+1);
if ( ! idmap_domains) {
DEBUG(0, ("Out of memory!\n"));
ret = NT_STATUS_NO_MEMORY;
@@ -454,13 +489,15 @@ NTSTATUS idmap_init(void)
}
idmap_domains[i] = dom;
- if (dom->default_domain) { /* save default domain position for future uses */
+ /* save default domain position for future uses */
+ if (dom->default_domain) {
def_dom_num = i;
}
DEBUG(10, ("Domain %s - Backend %s - %sdefault - %sreadonly\n",
dom->name, parm_backend,
- dom->default_domain?"":"not ", dom->readonly?"":"not "));
+ dom->default_domain?"":"not ",
+ dom->readonly?"":"not "));
talloc_free(config_option);
}
@@ -487,12 +524,13 @@ NTSTATUS idmap_init(void)
/* (the nss module is always statically linked) */
if ( ! dom->methods) {
- DEBUG(0, ("ERROR: Could not get methods for idmap_nss ?!\n"));
+ DEBUG(0, ("ERROR: No methods for idmap_nss ?!\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- /* now that we have methods, set the destructor for this domain */
+ /* now that we have methods,
+ * set the destructor for this domain */
talloc_set_destructor(dom, close_domain_destructor);
if (compat_params) {
@@ -505,12 +543,15 @@ NTSTATUS idmap_init(void)
/* Finally instance a backend copy for this domain */
ret = dom->methods->init(dom);
if ( ! NT_STATUS_IS_OK(ret)) {
- DEBUG(0, ("ERROR: Initialization failed for idmap_nss ?!\n"));
+ DEBUG(0, ("ERROR: Init. failed for idmap_nss ?!\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- idmap_domains = talloc_realloc(idmap_ctx, idmap_domains, struct idmap_domain *, num_domains+1);
+ idmap_domains = talloc_realloc(idmap_ctx,
+ idmap_domains,
+ struct idmap_domain *,
+ num_domains+1);
if ( ! idmap_domains) {
DEBUG(0, ("Out of memory!\n"));
ret = NT_STATUS_NO_MEMORY;
@@ -518,7 +559,8 @@ NTSTATUS idmap_init(void)
}
idmap_domains[num_domains] = dom;
- DEBUG(10, ("Domain %s - Backend nss - not default - readonly\n", dom->name ));
+ DEBUG(10, ("Domain %s - Backend nss - not default - readonly\n",
+ dom->name ));
num_domains++;
}
@@ -538,7 +580,7 @@ NTSTATUS idmap_init(void)
/* (the passdb module is always statically linked) */
if ( ! dom->methods) {
- DEBUG(0, ("ERROR: Could not get methods for idmap_passdb ?!\n"));
+ DEBUG(0, ("ERROR: No methods for idmap_passdb ?!\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
@@ -556,12 +598,15 @@ NTSTATUS idmap_init(void)
/* Finally instance a backend copy for this domain */
ret = dom->methods->init(dom);
if ( ! NT_STATUS_IS_OK(ret)) {
- DEBUG(0, ("ERROR: Initialization failed for idmap_passdb ?!\n"));
+ DEBUG(0, ("ERROR: Init. failed for idmap_passdb ?!\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- idmap_domains = talloc_realloc(idmap_ctx, idmap_domains, struct idmap_domain *, num_domains+1);
+ idmap_domains = talloc_realloc(idmap_ctx,
+ idmap_domains,
+ struct idmap_domain *,
+ num_domains+1);
if ( ! idmap_domains) {
DEBUG(0, ("Out of memory!\n"));
ret = NT_STATUS_NO_MEMORY;
@@ -572,14 +617,16 @@ NTSTATUS idmap_init(void)
/* needed to handle special BUILTIN and wellknown SIDs cases */
pdb_dom_num = num_domains;
- DEBUG(10, ("Domain %s - Backend passdb - not default - readonly\n", dom->name));
+ DEBUG(10, ("Domain %s - Backend passdb - not default - readonly\n",
+ dom->name));
num_domains++;
/**** finished adding idmap_passdb backend ****/
/* sort domains so that the default is the last one */
/* don't sort if no default domain defined */
- if (def_dom_num != -1 && def_dom_num != num_domains-1) { /* default is not last, move it */
+ if (def_dom_num != -1 && def_dom_num != num_domains-1) {
+ /* default is not last, move it */
struct idmap_domain *tmp;
if (pdb_dom_num > def_dom_num) {
@@ -608,28 +655,35 @@ NTSTATUS idmap_init(void)
alloc_backend = talloc_strdup(idmap_ctx, compat_backend);
} else {
char *ab = lp_idmap_alloc_backend();
-
+
if (ab && (ab[0] != '\0')) {
- alloc_backend = talloc_strdup(idmap_ctx, lp_idmap_alloc_backend());
+ alloc_backend = talloc_strdup(idmap_ctx,
+ lp_idmap_alloc_backend());
}
}
if ( alloc_backend ) {
-
- idmap_alloc_ctx = TALLOC_ZERO_P(idmap_ctx, struct idmap_alloc_context);
+
+ idmap_alloc_ctx = TALLOC_ZERO_P(idmap_ctx,
+ struct idmap_alloc_context);
IDMAP_CHECK_ALLOC(idmap_alloc_ctx);
- idmap_alloc_ctx->methods = get_alloc_methods(alloc_backends, alloc_backend);
+ idmap_alloc_ctx->methods = get_alloc_methods(alloc_backends,
+ alloc_backend);
if ( ! idmap_alloc_ctx->methods) {
ret = smb_probe_module("idmap", alloc_backend);
if (NT_STATUS_IS_OK(ret)) {
- idmap_alloc_ctx->methods = get_alloc_methods(alloc_backends, alloc_backend);
+ idmap_alloc_ctx->methods =
+ get_alloc_methods(alloc_backends,
+ alloc_backend);
}
}
if (idmap_alloc_ctx->methods) {
if (compat_params) {
- idmap_alloc_ctx->params = talloc_strdup(idmap_alloc_ctx, compat_params);
+ idmap_alloc_ctx->params =
+ talloc_strdup(idmap_alloc_ctx,
+ compat_params);
IDMAP_CHECK_ALLOC(idmap_alloc_ctx->params);
} else {
idmap_alloc_ctx->params = NULL;
@@ -637,13 +691,15 @@ NTSTATUS idmap_init(void)
ret = idmap_alloc_ctx->methods->init(idmap_alloc_ctx->params);
if ( ! NT_STATUS_IS_OK(ret)) {
- DEBUG(0, ("ERROR: Initialization failed for alloc "
- "backend %s, deferred!\n", alloc_backend));
+ DEBUG(0, ("ERROR: Initialization failed for "
+ "alloc backend %s, deferred!\n",
+ alloc_backend));
} else {
idmap_alloc_ctx->initialized = True;
}
} else {
- DEBUG(2, ("idmap_init: Unable to get methods for alloc backend %s\n",
+ DEBUG(2, ("idmap_init: Unable to get methods for "
+ "alloc backend %s\n",
alloc_backend));
/* certain compat backends are just readonly */
if ( compat ) {
@@ -654,12 +710,12 @@ NTSTATUS idmap_init(void)
}
}
}
-
+
/* cleanpu temporary strings */
TALLOC_FREE( compat_backend );
idmap_init_status = NT_STATUS_OK;
-
+
return ret;
done:
@@ -757,16 +813,16 @@ static struct idmap_domain* find_idmap_domain_from_sid( DOM_SID *account_sid )
uint32 rid;
struct winbindd_domain *domain = NULL;
int i;
-
+
/* 1. Handle BUILTIN or Special SIDs and prevent them from
falling into the default domain space (if we have a
configured passdb backend. */
- if ( (pdb_dom_num != -1) &&
+ if ( (pdb_dom_num != -1) &&
(sid_check_is_in_builtin(account_sid) ||
sid_check_is_in_wellknown_domain(account_sid) ||
sid_check_is_in_unix_groups(account_sid) ||
- sid_check_is_in_unix_users(account_sid)) )
+ sid_check_is_in_unix_users(account_sid)) )
{
return idmap_domains[pdb_dom_num];
}
@@ -774,8 +830,8 @@ static struct idmap_domain* find_idmap_domain_from_sid( DOM_SID *account_sid )
/* 2. Lookup the winbindd_domain from the account_sid */
sid_copy( &domain_sid, account_sid );
- sid_split_rid( &domain_sid, &rid );
- domain = find_domain_from_sid_noinit( &domain_sid );
+ sid_split_rid( &domain_sid, &rid );
+ domain = find_domain_from_sid_noinit( &domain_sid );
for (i = 0; domain && i < num_domains; i++) {
if ( strequal( idmap_domains[i]->name, domain->name ) ) {
@@ -799,13 +855,13 @@ static struct idmap_domain* find_idmap_domain_from_sid( DOM_SID *account_sid )
static uint32 find_idmap_domain_index( struct idmap_domain *id_domain)
{
int i;
-
+
for (i = 0; i < num_domains; i++) {
if ( idmap_domains[i] == id_domain )
- return i;
+ return i;
}
- return -1;
+ return -1;
}
@@ -813,18 +869,21 @@ static uint32 find_idmap_domain_index( struct idmap_domain *id_domain)
Check if creating a mapping is permitted for the domain
*********************************************************/
-static NTSTATUS idmap_can_map(const struct id_map *map, struct idmap_domain **ret_dom)
+static NTSTATUS idmap_can_map(const struct id_map *map,
+ struct idmap_domain **ret_dom)
{
struct idmap_domain *dom;
- /* Check we do not create mappings for our own local domain, or BUILTIN or special SIDs */
+ /* Check we do not create mappings for our own local domain,
+ * or BUILTIN or special SIDs */
if ((sid_compare_domain(map->sid, get_global_sam_sid()) == 0) ||
sid_check_is_in_builtin(map->sid) ||
sid_check_is_in_wellknown_domain(map->sid) ||
sid_check_is_in_unix_users(map->sid) ||
- sid_check_is_in_unix_groups(map->sid) )
+ sid_check_is_in_unix_groups(map->sid) )
{
- DEBUG(10, ("We are not supposed to create mappings for our own domains (local, builtin, specials)\n"));
+ DEBUG(10, ("We are not supposed to create mappings for our own "
+ "domains (local, builtin, specials)\n"));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -832,21 +891,28 @@ static NTSTATUS idmap_can_map(const struct id_map *map, struct idmap_domain **re
if (lp_winbind_trusted_domains_only()) {
struct winbindd_domain *wdom = find_our_domain();
if (wdom && (sid_compare_domain(map->sid, &wdom->sid) == 0)) {
- DEBUG(10, ("We are not supposed to create mappings for our primary domain when <trusted domain only> is True\n"));
- DEBUGADD(10, ("Leave [%s] unmapped\n", sid_string_static(map->sid)));
+ DEBUG(10, ("We are not supposed to create mappings for "
+ "our primary domain when <trusted domain "
+ "only> is True\n"));
+ DEBUGADD(10, ("Leave [%s] unmapped\n",
+ sid_string_static(map->sid)));
return NT_STATUS_UNSUCCESSFUL;
}
}
if ( (dom = find_idmap_domain_from_sid( map->sid )) == NULL ) {
- /* huh, couldn't find a suitable domain, let's just leave it unmapped */
- DEBUG(10, ("Could not find idmap backend for SID %s", sid_string_static(map->sid)));
+ /* huh, couldn't find a suitable domain,
+ * let's just leave it unmapped */
+ DEBUG(10, ("Could not find idmap backend for SID %s",
+ sid_string_static(map->sid)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
if (dom->readonly) {
- /* ouch the domain is read only, let's just leave it unmapped */
- DEBUG(10, ("idmap backend for SID %s is READONLY!\n", sid_string_static(map->sid)));
+ /* ouch the domain is read only,
+ * let's just leave it unmapped */
+ DEBUG(10, ("idmap backend for SID %s is READONLY!\n",
+ sid_string_static(map->sid)));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -875,7 +941,8 @@ static NTSTATUS idmap_new_mapping(TALLOC_CTX *ctx, struct id_map *map)
ret = idmap_allocate_uid(&map->xid);
if ( ! NT_STATUS_IS_OK(ret)) {
/* can't allocate id, let's just leave it unmapped */
- DEBUG(2, ("uid allocation failed! Can't create mapping\n"));
+ DEBUG(2, ("uid allocation failed! "
+ "Can't create mapping\n"));
return NT_STATUS_NONE_MAPPED;
}
break;
@@ -883,14 +950,15 @@ static NTSTATUS idmap_new_mapping(TALLOC_CTX *ctx, struct id_map *map)
ret = idmap_allocate_gid(&map->xid);
if ( ! NT_STATUS_IS_OK(ret)) {
/* can't allocate id, let's just leave it unmapped */
- DEBUG(2, ("gid allocation failed! Can't create mapping\n"));
+ DEBUG(2, ("gid allocation failed! "
+ "Can't create mapping\n"));
return NT_STATUS_NONE_MAPPED;
}
break;
default:
/* invalid sid, let's just leave it unmapped */
DEBUG(3,("idmap_new_mapping: Refusing to create a "
- "mapping for an unspecified ID type.\n"));
+ "mapping for an unspecified ID type.\n"));
return NT_STATUS_NONE_MAPPED;
}
@@ -907,7 +975,7 @@ static NTSTATUS idmap_new_mapping(TALLOC_CTX *ctx, struct id_map *map)
/* something wrong here :-( */
DEBUG(2, ("Failed to commit mapping\n!"));
- /* TODO: would it make sense to have an "unalloc_id function?" */
+ /* TODO: would it make sense to have an "unalloc_id function?" */
return NT_STATUS_NONE_MAPPED;
}
@@ -930,7 +998,7 @@ static NTSTATUS idmap_backends_set_mapping(const struct id_map *map)
return ret;
}
- DEBUG(10,("set_mapping for domain %s\n", dom->name ));
+ DEBUG(10,("set_mapping for domain %s\n", dom->name ));
return dom->methods->set_mapping(dom, map);
}
@@ -968,7 +1036,7 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids)
dom = idmap_domains[n];
DEBUG(10, ("Query sids from domain %s\n", dom->name));
-
+
ret = dom->methods->unixids_to_sids(dom, _ids);
IDMAP_REPORT_RET(ret);
@@ -976,7 +1044,8 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids)
for (i = 0, u = 0; _ids[i]; i++) {
if (_ids[i]->status != ID_MAPPED) {
- unmapped = talloc_realloc(ctx, unmapped, struct id_map *, u + 2);
+ unmapped = talloc_realloc(ctx, unmapped,
+ struct id_map *, u + 2);
IDMAP_CHECK_ALLOC(unmapped);
unmapped[u] = _ids[i];
u++;
@@ -990,21 +1059,27 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids)
}
_ids = unmapped;
-
+
}
if (unmapped) {
- /* there are still unmapped ids, map them to the unix users/groups domains */
- /* except for expired entries, these will be returned as valid (offline mode) */
+ /* there are still unmapped ids,
+ * map them to the unix users/groups domains */
+ /* except for expired entries,
+ * these will be returned as valid (offline mode) */
for (i = 0; unmapped[i]; i++) {
if (unmapped[i]->status == ID_EXPIRED) continue;
switch (unmapped[i]->xid.type) {
case ID_TYPE_UID:
- uid_to_unix_users_sid((uid_t)unmapped[i]->xid.id, unmapped[i]->sid);
+ uid_to_unix_users_sid(
+ (uid_t)unmapped[i]->xid.id,
+ unmapped[i]->sid);
unmapped[i]->status = ID_MAPPED;
break;
case ID_TYPE_GID:
- gid_to_unix_groups_sid((gid_t)unmapped[i]->xid.id, unmapped[i]->sid);
+ gid_to_unix_groups_sid(
+ (gid_t)unmapped[i]->xid.id,
+ unmapped[i]->sid);
unmapped[i]->status = ID_MAPPED;
break;
default: /* what?! */
@@ -1019,7 +1094,7 @@ static NTSTATUS idmap_backends_unixids_to_sids(struct id_map **ids)
done:
talloc_free(ctx);
return ret;
-}
+}
static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids)
{
@@ -1050,22 +1125,23 @@ static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids)
/* partition the requests by domain */
for (i = 0; ids[i]; i++) {
- uint32 idx;
+ uint32 idx;
- if ( (dom = find_idmap_domain_from_sid( ids[i]->sid )) == NULL ) {
+ if ((dom = find_idmap_domain_from_sid(ids[i]->sid)) == NULL) {
/* no available idmap_domain. Move on */
continue;
}
- DEBUG(10,("SID %s is being handled by %s\n",
- sid_string_static(ids[i]->sid),
+ DEBUG(10,("SID %s is being handled by %s\n",
+ sid_string_static(ids[i]->sid),
dom ? dom->name : "none" ));
idx = find_idmap_domain_index( dom );
SMB_ASSERT( idx != -1 );
-
- dom_ids[idx] = talloc_realloc(ctx, dom_ids[idx],
- struct id_map *, counters[idx] + 2);
+
+ dom_ids[idx] = talloc_realloc(ctx, dom_ids[idx],
+ struct id_map *,
+ counters[idx] + 2);
IDMAP_CHECK_ALLOC(dom_ids[idx]);
dom_ids[idx][counters[idx]] = ids[i];
@@ -1091,13 +1167,15 @@ static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids)
for (i = 0; ids[i]; i++) {
/* NOTE: this will NOT touch ID_EXPIRED entries that the backend
* was not able to confirm/deny (offline mode) */
- if (ids[i]->status == ID_UNKNOWN || ids[i]->status == ID_UNMAPPED) {
+ if (ids[i]->status == ID_UNKNOWN ||
+ ids[i]->status == ID_UNMAPPED) {
/* ok this is an unmapped one, see if we can map it */
ret = idmap_new_mapping(ctx, ids[i]);
if (NT_STATUS_IS_OK(ret)) {
/* successfully mapped */
ids[i]->status = ID_MAPPED;
- } else if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
+ } else
+ if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
/* could not map it */
ids[i]->status = ID_UNMAPPED;
} else {
@@ -1113,7 +1191,7 @@ static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids)
done:
talloc_free(ctx);
return ret;
-}
+}
/**************************************************************************
idmap interface functions
@@ -1126,7 +1204,7 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids)
struct id_map **bids;
int i, bi;
int bn = 0;
- struct winbindd_domain *our_domain = find_our_domain();
+ struct winbindd_domain *our_domain = find_our_domain();
if (! NT_STATUS_IS_OK(ret = idmap_init())) {
return ret;
@@ -1146,7 +1224,7 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids)
/* no ids to be asked to the backends by default */
bids = NULL;
bi = 0;
-
+
for (i = 0; ids[i]; i++) {
if ( ! ids[i]->sid) {
@@ -1160,7 +1238,8 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids)
if ( ! NT_STATUS_IS_OK(ret)) {
if ( ! bids) {
- /* alloc space for ids to be resolved by backends (realloc ten by ten) */
+ /* alloc space for ids to be resolved by
+ * backends (realloc ten by ten) */
bids = TALLOC_ARRAY(ctx, struct id_map *, 10);
if ( ! bids) {
DEBUG(1, ("Out of memory!\n"));
@@ -1170,14 +1249,17 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids)
bn = 10;
}
- /* add this id to the ones to be retrieved from the backends */
+ /* add this id to the ones to be retrieved
+ * from the backends */
bids[bi] = ids[i];
bi++;
-
- /* check if we need to allocate new space on the rids array */
+
+ /* check if we need to allocate new space
+ * on the rids array */
if (bi == bn) {
bn += 10;
- bids = talloc_realloc(ctx, bids, struct id_map *, bn);
+ bids = talloc_realloc(ctx, bids,
+ struct id_map *, bn);
if ( ! bids) {
DEBUG(1, ("Out of memory!\n"));
talloc_free(ctx);
@@ -1190,7 +1272,8 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids)
}
}
- /* let's see if there is any id mapping to be retieved from the backends */
+ /* let's see if there is any id mapping to be retieved
+ * from the backends */
if (bi) {
/* Only do query if we are online */
if ( IS_DOMAIN_OFFLINE(our_domain) ) {
@@ -1206,18 +1289,21 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids)
if (bids[i]->status == ID_MAPPED) {
ret = idmap_cache_set(idmap_cache, bids[i]);
} else if (bids[i]->status == ID_EXPIRED) {
- /* the cache returned an expired entry and the backend was
- * was not able to clear the situation (offline).
- * This handles a previous NT_STATUS_SYNCHRONIZATION_REQUIRED
+ /* the cache returned an expired entry and the
+ * backend was not able to clear the situation
+ * (offline). This handles a previous
+ * NT_STATUS_SYNCHRONIZATION_REQUIRED
* for disconnected mode, */
bids[i]->status = ID_MAPPED;
} else if (bids[i]->status == ID_UNKNOWN) {
- /* something bad here. We were not able to handle this for some
- * reason, mark it as unmapped and hope next time things will
+ /* something bad here. We were not able to
+ * handle this for some reason, mark it as
+ * unmapped and hope next time things will
* settle down. */
bids[i]->status = ID_UNMAPPED;
} else { /* unmapped */
- ret = idmap_cache_set_negative_id(idmap_cache, bids[i]);
+ ret = idmap_cache_set_negative_id(idmap_cache,
+ bids[i]);
}
IDMAP_CHECK_RET(ret);
}
@@ -1236,7 +1322,7 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids)
struct id_map **bids;
int i, bi;
int bn = 0;
- struct winbindd_domain *our_domain = find_our_domain();
+ struct winbindd_domain *our_domain = find_our_domain();
if (! NT_STATUS_IS_OK(ret = idmap_init())) {
return ret;
@@ -1256,7 +1342,7 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids)
/* no ids to be asked to the backends by default */
bids = NULL;
bi = 0;
-
+
for (i = 0; ids[i]; i++) {
if ( ! ids[i]->sid) {
@@ -1281,14 +1367,17 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids)
bn = 10;
}
- /* add this id to the ones to be retrieved from the backends */
+ /* add this id to the ones to be retrieved
+ * from the backends */
bids[bi] = ids[i];
bi++;
- /* check if we need to allocate new space on the ids array */
+ /* check if we need to allocate new space
+ * on the ids array */
if (bi == bn) {
bn += 10;
- bids = talloc_realloc(ctx, bids, struct id_map *, bn);
+ bids = talloc_realloc(ctx, bids,
+ struct id_map *, bn);
if ( ! bids) {
DEBUG(1, ("Out of memory!\n"));
talloc_free(ctx);
@@ -1301,14 +1390,15 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids)
}
}
- /* let's see if there is any id mapping to be retieved from the backends */
+ /* let's see if there is any id mapping to be retieved
+ * from the backends */
if (bids) {
/* Only do query if we are online */
if ( IS_DOMAIN_OFFLINE(our_domain) ) {
ret = NT_STATUS_FILE_IS_OFFLINE;
goto done;
}
-
+
ret = idmap_backends_sids_to_unixids(bids);
IDMAP_CHECK_RET(ret);
@@ -1317,18 +1407,21 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids)
if (bids[i]->status == ID_MAPPED) {
ret = idmap_cache_set(idmap_cache, bids[i]);
} else if (bids[i]->status == ID_EXPIRED) {
- /* the cache returned an expired entry and the backend was
- * was not able to clear the situation (offline).
- * This handles a previous NT_STATUS_SYNCHRONIZATION_REQUIRED
+ /* the cache returned an expired entry and the
+ * backend was not able to clear the situation
+ * (offline). This handles a previous
+ * NT_STATUS_SYNCHRONIZATION_REQUIRED
* for disconnected mode, */
bids[i]->status = ID_MAPPED;
} else if (bids[i]->status == ID_UNKNOWN) {
- /* something bad here. We were not able to handle this for some
- * reason, mark it as unmapped and hope next time things will
+ /* something bad here. We were not able to
+ * handle this for some reason, mark it as
+ * unmapped and hope next time things will
* settle down. */
bids[i]->status = ID_UNMAPPED;
} else { /* unmapped */
- ret = idmap_cache_set_negative_sid(idmap_cache, bids[i]);
+ ret = idmap_cache_set_negative_sid(idmap_cache,
+ bids[i]);
}
IDMAP_CHECK_RET(ret);
}
@@ -1395,28 +1488,30 @@ void idmap_dump_maps(char *logfile)
dump = fopen(logfile, "w");
if ( ! dump) {
- DEBUG(0, ("Unable to open open stream for file [%s], errno: %d\n", logfile, errno));
+ DEBUG(0, ("Unable to open open stream for file [%s], "
+ "errno: %d\n", logfile, errno));
return;
}
- if (NT_STATUS_IS_OK(ret = idmap_alloc_init())) {
+ if (NT_STATUS_IS_OK(ret = idmap_alloc_init())) {
allid.type = ID_TYPE_UID;
allid.id = 0;
idmap_alloc_ctx->methods->get_id_hwm(&allid);
fprintf(dump, "USER HWM %lu\n", (unsigned long)allid.id);
-
+
allid.type = ID_TYPE_GID;
allid.id = 0;
idmap_alloc_ctx->methods->get_id_hwm(&allid);
fprintf(dump, "GROUP HWM %lu\n", (unsigned long)allid.id);
}
-
+
maps = talloc(idmap_ctx, struct id_map);
num_maps = 0;
for (i = 0; i < num_domains; i++) {
if (idmap_domains[i]->methods->dump_data) {
- idmap_domains[i]->methods->dump_data(idmap_domains[i], &maps, &num_maps);
+ idmap_domains[i]->methods->dump_data(idmap_domains[i],
+ &maps, &num_maps);
}
}
@@ -1453,13 +1548,13 @@ char *idmap_fetch_secret(const char *backend, bool alloc,
r = asprintf(&tmp, "IDMAP_%s_%s", backend, domain);
}
- if (r < 0)
+ if (r < 0)
return NULL;
strupper_m(tmp); /* make sure the key is case insensitive */
ret = secrets_fetch_generic(tmp, identity);
- SAFE_FREE( tmp );
+ SAFE_FREE(tmp);
return ret;
}