diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/Makefile.in | 5 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd.c | 5 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_group.c | 31 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_idmap.c | 195 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_idmap_ldap.c | 395 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_idmap_tdb.c | 459 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_sid.c | 20 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_user.c | 28 | ||||
| -rw-r--r-- | source3/sam/idmap.c | 7 | ||||
| -rw-r--r-- | source3/sam/idmap_winbind.c | 155 | ||||
| -rw-r--r-- | source3/smbd/server.c | 2 |
11 files changed, 59 insertions, 1243 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 7291b4b3c5..a73f8c9682 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -288,7 +288,7 @@ DEVEL_HELP_OBJ = modules/developer.o SAM_STATIC_MODULES = sam/sam_plugin.o sam/sam_skel.o sam/sam_ads.o -IDMAP_OBJ = sam/idmap.o sam/idmap_tdb.o sam/idmap_winbind.o +IDMAP_OBJ = sam/idmap.o sam/idmap_tdb.o SAM_OBJ = sam/account.o sam/get_set_account.o sam/get_set_group.o \ sam/get_set_domain.o sam/interface.o $(SAM_STATIC_MODULES) @@ -590,9 +590,6 @@ WINBINDD_OBJ1 = \ nsswitch/winbindd.o \ nsswitch/winbindd_user.o \ nsswitch/winbindd_group.o \ - nsswitch/winbindd_idmap.o \ - nsswitch/winbindd_idmap_tdb.o \ - nsswitch/winbindd_idmap_ldap.o \ nsswitch/winbindd_util.o \ nsswitch/winbindd_cache.o \ nsswitch/winbindd_pam.o \ diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index ff21a4644f..1be5a18c7c 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -128,7 +128,6 @@ static void winbindd_status(void) static void print_winbindd_status(void) { winbindd_status(); - winbindd_idmap_status(); winbindd_cm_status(); } @@ -146,7 +145,7 @@ static void terminate(void) { pstring path; - winbindd_idmap_close(); + idmap_close(); /* Remove socket file */ snprintf(path, sizeof(path), "%s/%s", @@ -755,7 +754,7 @@ BOOL winbind_setup_common(void) /* Winbind daemon initialisation */ - if (!winbindd_idmap_init()) + if (!idmap_init()) return False; /* Unblock all signals we are interested in as they may have been diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index d06db5943c..02114a3891 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -193,8 +193,9 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) enum SID_NAME_USE name_type; fstring name_domain, name_group; char *tmp, *gr_mem; - gid_t gid; int gr_mem_len; + unid_t id; + int id_type; /* Ensure null termination */ state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0'; @@ -233,13 +234,14 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) { + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, &group_sid))) { DEBUG(1, ("error converting unix gid to sid\n")); return WINBINDD_ERROR; } if (!fill_grent(&state->response.data.gr, name_domain, - name_group, gid) || + name_group, id.gid) || !fill_grent_mem(domain, &group_sid, name_type, &state->response.data.gr.num_gr_mem, &gr_mem, &gr_mem_len)) { @@ -267,6 +269,7 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) fstring group_name; int gr_mem_len; char *gr_mem; + unid_t id; DEBUG(3, ("[%5d]: getgrgid %d\n", state->pid, state->request.data.gid)); @@ -278,8 +281,8 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) return WINBINDD_ERROR; /* Get rid from gid */ - - if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &group_sid)) { + id.gid = state->request.data.gid; + if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(&group_sid, id, ID_GROUPID))) { DEBUG(1, ("could not convert gid %d to rid\n", state->request.data.gid)); return WINBINDD_ERROR; @@ -544,6 +547,8 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) char *gr_mem, *new_gr_mem_list; DOM_SID group_sid; struct winbindd_domain *domain; + unid_t id; + int id_type; /* Do we need to fetch another chunk of groups? */ @@ -590,9 +595,8 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) sid_copy(&group_sid, &domain->sid); sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid); - if (!winbindd_idmap_get_gid_from_sid( - &group_sid, - &group_gid)) { + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, &group_sid))) { DEBUG(1, ("could not look up gid for group %s\n", name_list[ent->sam_entry_index].acct_name)); @@ -600,6 +604,7 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) ent->sam_entry_index++; goto tryagain; } + group_gid = id.gid; DEBUG(10, ("got gid %d for group %x\n", group_gid, name_list[ent->sam_entry_index].rid)); @@ -869,16 +874,18 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; for (i = 0; i < num_groups; i++) { - if (!winbindd_idmap_get_gid_from_sid( - user_gids[i], - &gid_list[num_gids])) { + unid_t id; + int id_type; + + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, user_gids[i]))) { fstring sid_string; DEBUG(1, ("unable to convert group sid %s to gid\n", sid_to_string(sid_string, user_gids[i]))); continue; } - + gid_list[num_gids] = id.gid; num_gids++; } diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c deleted file mode 100644 index 23f4b4d081..0000000000 --- a/source3/nsswitch/winbindd_idmap.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Winbind ID Mapping - Copyright (C) Tim Potter 2000 - Copyright (C) Anthony Liguori <aliguor@us.ibm.com> 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -static struct { - const char *name; - /* Function to create a member of the idmap_methods list */ - BOOL (*reg_meth)(struct winbindd_idmap_methods **methods); - struct winbindd_idmap_methods *methods; -} builtin_winbindd_idmap_functions[] = { - { "tdb", winbind_idmap_reg_tdb, NULL }, - { "ldap", winbind_idmap_reg_ldap, NULL }, - { NULL, NULL, NULL } -}; - -/* singleton pattern: uberlazy evaluation */ -static struct winbindd_idmap_methods *impl; - -static struct winbindd_idmap_methods *get_impl(const char *name) -{ - int i = 0; - struct winbindd_idmap_methods *ret = NULL; - - while (builtin_winbindd_idmap_functions[i].name && - strcmp(builtin_winbindd_idmap_functions[i].name, name)) { - i++; - } - - if (builtin_winbindd_idmap_functions[i].name) { - if (!builtin_winbindd_idmap_functions[i].methods) { - builtin_winbindd_idmap_functions[i].reg_meth(&builtin_winbindd_idmap_functions[i].methods); - } - - ret = builtin_winbindd_idmap_functions[i].methods; - } - - return ret; -} - -/* Initialize backend */ -BOOL winbindd_idmap_init(void) -{ - BOOL ret = False; - - DEBUG(3, ("winbindd_idmap_init: using '%s' as backend\n", - lp_winbind_backend())); - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - } - - if (impl) { - ret = impl->init(); - } - - DEBUG(3, ("winbind_idmap_init: returning %s\n", ret ? "true" : "false")); - - return ret; -} - -/* Get UID from SID */ -BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - } - - if (impl) { - ret = impl->get_uid_from_sid(sid, uid); - } - - return ret; -} - -/* Get GID from SID */ -BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - } - - if (impl) { - ret = impl->get_gid_from_sid(sid, gid); - } - - return ret; -} - -/* Get SID from UID */ -BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - if (!impl) { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - } - - if (impl) { - ret = impl->get_sid_from_uid(uid, sid); - } - - return ret; -} - -/* Get SID from GID */ -BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - } - - if (impl) { - ret = impl->get_sid_from_gid(gid, sid); - } else { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - - return ret; -} - -/* Close backend */ -BOOL winbindd_idmap_close(void) -{ - BOOL ret = False; - - if (!impl) { - impl = get_impl(lp_winbind_backend()); - } - - if (impl) { - ret = impl->close(); - } else { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } - - return ret; -} - -/* Dump backend status */ -void winbindd_idmap_status(void) -{ - if (!impl) { - impl = get_impl(lp_winbind_backend()); - } - - if (impl) { - impl->status(); - } else { - DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", - lp_winbind_backend())); - } -} diff --git a/source3/nsswitch/winbindd_idmap_ldap.c b/source3/nsswitch/winbindd_idmap_ldap.c deleted file mode 100644 index 55efb7f45c..0000000000 --- a/source3/nsswitch/winbindd_idmap_ldap.c +++ /dev/null @@ -1,395 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon - user related function - - Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -#ifdef HAVE_LDAP - -#include <lber.h> -#include <ldap.h> - -#include "smb_ldap.h" - -/* Globals */ -static struct smb_ldap_privates *ldap_state; - -static const char *attr[] = { "uid", "rid", "domain", "uidNumber", - "gidNumber", NULL }; - -static const char *pool_attr[] = {"uidNumber", "gidNumber", "cn", NULL}; - -static long ldap_allocate_id(BOOL is_user) -{ - int rc, count; - LDAPMessage *result; - int scope = LDAP_SCOPE_SUBTREE; - long ret = 0; - int sanity = 0; - - do { - rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, is_user?"cn=UID Pool":"cn=GID Pool", pool_attr, 0, &result); - - if (LDAP_SUCCESS != rc) { - DEBUG(0,("ldap_allocate_id: No ID pool found in directory\n")); - return 0; - } - - count = ldap_count_entries(ldap_state->ldap_struct, result); - - if (1 < count) { - DEBUG(0,("ldap_allocate_id: Multiple UID pools found in directory?\n")); - break; - } else if (1 == count) { - LDAPMessage *entry = - ldap_first_entry(ldap_state->ldap_struct, - result); - LDAPMod **mods = NULL; - pstring temp; - - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, is_user?"uidNumber":"gidNumber", temp)) { - return False; - } - ret = atol(temp); - smb_ldap_make_a_mod(&mods, LDAP_MOD_DELETE, - is_user?"uidNumber":"gidNumber", - temp); - slprintf(temp, sizeof(temp) - 1, "%ld", ret + 1); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, is_user?"uidNumber":"gidNumber", temp); - slprintf(temp, sizeof(temp) - 1, "cn=%cID Pool,%s", is_user?'U':'G', lp_ldap_user_suffix()); - rc = smb_ldap_modify(ldap_state, temp, mods); - ldap_mods_free(mods, 1); - } else { - DEBUG(0,("ldap_allocate_id: unexpected number of entries returned\n")); - break; - } - } while (LDAP_NO_SUCH_ATTRIBUTE == rc && ++sanity < 100); - - return ret; -} - -/***************************************************************************** - Initialise idmap database. -*****************************************************************************/ -static BOOL ldap_idmap_init(void) -{ - static struct smb_ldap_privates state; - ldap_state = &state; - -#ifdef WITH_LDAP_SAMCONFIG - { - int ldap_port = lp_ldap_port(); - char *uri; - /* remap default port if not using SSL */ - if (lp_ldap_ssl() != LDAP_SSL_ON && ldap_port == 636) { - ldap_port = 389; - } - - uri = NULL; - - asprintf(&uri, "%s://%s:%d", - lp_ldap_ssl() == LDAP_SSL_ON ? "ldaps" : "ldap", - lp_ldap_server(), ldap_port); - ldap_state->uri = uri; - if (!ldap_state->uri) { - DEBUG(0,("Out of memory\n")); - return False; - } - } -#else - ldap_state->uri = "ldap://localhost"; -#endif - return True; -} - -static BOOL ldap_get_sid_from_uid(uid_t uid, DOM_SID * sid) -{ - pstring filter; - int scope = LDAP_SCOPE_SUBTREE; - int rc, count; - LDAPMessage *result; - - slprintf(filter, sizeof(filter) - 1, "uidNumber=%i", uid); - - DEBUG(2, ("ldap_get_sid_from_uid: searching for:[%s]\n", filter)); - - rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); - if (LDAP_SUCCESS != rc) { - DEBUG(0,("ldap_get_sid_from_uid: user search failed\n")); - return False; - } - - count = ldap_count_entries(ldap_state->ldap_struct, result); - if (1 < count) { - DEBUG(0,("More than one user exists where: %s\n", filter)); - ldap_msgfree(result); - return False; - } else if (1 == count) { - /* we found the user, get the users RID */ - LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, - result); - pstring temp, domain; - uint32 rid; - struct winbindd_domain *wb_dom; - - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "domain", domain)) { - return False; - } - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "rid", temp)) { - return False; - } - rid = (uint32)atol(temp); - wb_dom = find_domain_from_name(domain); - - if (!wb_dom) { - DEBUG(0,("ldap_get_sid_from_uid: could not find domain %s\n", domain)); - return False; - } - - sid_copy(sid, &wb_dom->sid); - sid_append_rid(sid, rid); - } else { - /* 0 entries? that ain't right */ - DEBUG(0,("ldap_get_sid_from_uid: not user entry found for %s\n", filter)); - } - - return True; -} - -static BOOL ldap_get_uid_from_sid(DOM_SID *sid, uid_t *uid) -{ - pstring filter; - int scope = LDAP_SCOPE_SUBTREE; - int rc, count; - LDAPMessage *result; - uint32 rid = 0; - struct winbindd_domain *wb_dom; - DOM_SID dom_sid; - - sid_copy(&dom_sid, sid); - - if (!sid_split_rid(&dom_sid, &rid)) { - DEBUG(0,("ldap_get_uid_from_sid: sid does not contain an rid\n")); - return False; - } - - if (!(wb_dom = find_domain_from_sid(&dom_sid))) { - DEBUG(0,("ldap_get_uid_from_sid: cannot lookup domain from sid\n")); - return False; - } - - slprintf(filter, sizeof(filter) - 1, "rid=%d,domain=%s,objectClass=sambaAccount", rid, wb_dom->name); - - DEBUG(2, ("ldap_get_uid_from_sid: searching for:[%s]\n", filter)); - - rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); - if (LDAP_NO_SUCH_OBJECT == rc) { - LDAPMod **mods = NULL; - pstring temp; - fstring dom, name; - int sid_type; - - winbindd_lookup_name_by_sid(sid, dom, name, - (enum SID_USE_TYPE *)&sid_type); - slprintf(temp, sizeof(temp) - 1, "%i", rid); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "rid", temp); - - *uid = ldap_allocate_id(True); - slprintf(temp, sizeof(temp) - 1, "%i", *uid); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "uidNumber", temp); - - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "uid", name); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "sambaAccount"); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "account"); - slprintf(temp, sizeof(temp) - 1, "uid=%s,%s", name, lp_ldap_user_suffix()); - rc = smb_ldap_modify(ldap_state, temp, mods); - - ldap_mods_free(mods, 1); - if (LDAP_SUCCESS != rc) { - return False; - } - } else if (LDAP_SUCCESS == rc) { - count = ldap_count_entries(ldap_state->ldap_struct, result); - if (1 < count) { - DEBUG(0,("More than one user exists where: %s\n", filter)); - ldap_msgfree(result); - return False; - } else if (1 == count) { - /* we found the user, get the idNumber */ - LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, result); - pstring temp; - - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp)) { - return False; - } - *uid = atol(temp); - } else { - DEBUG(0,("ldap_get_uid_from_sid: zero entries returned?\n")); - return False; - } - } else { - DEBUG(0,("ldap_get_uid_from_sid: unknown error querying user info\n")); - return False; - } - - return True; -} - -static BOOL ldap_get_sid_from_gid(gid_t gid, DOM_SID * sid) -{ - pstring filter; - int scope = LDAP_SCOPE_SUBTREE; - int rc, count; - LDAPMessage *result; - - slprintf(filter, sizeof(filter) - 1, "gidNumber=%i,objectClass=sambaGroupMapping", gid); - - DEBUG(2, ("ldap_get_sid_from_gid: searching for:[%s]\n", filter)); - - rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); - if (LDAP_SUCCESS != rc) { - DEBUG(0,("ldap_get_sid_from_gid: user search failed\n")); - return False; - } - - count = ldap_count_entries(ldap_state->ldap_struct, result); - if (1 < count) { - DEBUG(0,("More than one group exists where: %s\n", filter)); - ldap_msgfree(result); - return False; - } else if (1 == count) { - LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, - result); - pstring str_sid; - - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "ntSid", str_sid)) { - return False; - } - - string_to_sid(sid, str_sid); - } else { - /* 0 entries? that ain't right */ - DEBUG(0,("ldap_get_sid_from_gid: not group entry found for %s\n", filter)); - } - - return True; -} - -static BOOL ldap_get_gid_from_sid(DOM_SID *sid, gid_t *gid) -{ - pstring filter; - int scope = LDAP_SCOPE_SUBTREE; - int rc, count; - LDAPMessage *result; - fstring str_sid; - - sid_to_string(str_sid, sid); - - slprintf(filter, sizeof(filter) - 1, "ntSid=%s,objectClass=sambaGroupMapping", str_sid); - - DEBUG(2, ("ldap_get_gid_from_sid: searching for:[%s]\n", filter)); - - rc = smb_ldap_search(ldap_state, lp_ldap_suffix(), scope, filter, attr, 0, &result); - if (LDAP_NO_SUCH_OBJECT == rc) { - LDAPMod **mods = NULL; - pstring temp; - - *gid = ldap_allocate_id(False); - slprintf(temp, sizeof(temp) - 1, "%i", *gid); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "gidNumber", temp); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "sambaGroupMapping"); - smb_ldap_make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", "account"); - slprintf(temp, sizeof(temp) - 1, "gidNumber=%i,%s", *gid, lp_ldap_user_suffix()); - rc = smb_ldap_modify(ldap_state, temp, mods); - - ldap_mods_free(mods, 1); - if (LDAP_SUCCESS != rc) { - return False; - } - } else if (LDAP_SUCCESS == rc) { - count = ldap_count_entries(ldap_state->ldap_struct, result); - if (1 < count) { - DEBUG(0,("More than one group exists where: %s\n", filter)); - ldap_msgfree(result); - return False; - } else if (1 == count) { - LDAPMessage *entry = ldap_first_entry(ldap_state->ldap_struct, result); - pstring temp; - - if (!smb_ldap_get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp)) { - return False; - } - *gid = atol(temp); - } else { - DEBUG(0,("ldap_get_gid_from_sid: zero entries returned?\n")); - return False; - } - } else { - DEBUG(0,("ldap_get_gid_from_sid: unknown error querying user info\n")); - return False; - } - - return True; -} - -static BOOL ldap_idmap_close(void) -{ - smb_ldap_close(ldap_state); - ldap_state = 0; - return True; -} - -static void ldap_idmap_status(void) -{ - DEBUG(0, ("winbindd idmap status:\n")); - DEBUG(0, ("Using LDAP\n")); -} - -struct winbindd_idmap_methods ldap_idmap_methods = { - ldap_idmap_init, - - ldap_get_sid_from_uid, - ldap_get_sid_from_gid, - - ldap_get_uid_from_sid, - ldap_get_gid_from_sid, - - ldap_idmap_close, - - ldap_idmap_status -}; - -#endif - -BOOL winbind_idmap_reg_ldap(struct winbindd_idmap_methods **meth) -{ -#ifdef HAVE_LDAP - *meth = &ldap_idmap_methods; - - return True; -#else - DEBUG(0,("winbind_idmap_reg_ldap: LDAP support not compiled\n")); - return False; -#endif -} diff --git a/source3/nsswitch/winbindd_idmap_tdb.c b/source3/nsswitch/winbindd_idmap_tdb.c deleted file mode 100644 index 12d6972bae..0000000000 --- a/source3/nsswitch/winbindd_idmap_tdb.c +++ /dev/null @@ -1,459 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon - user related function - - Copyright (C) Tim Potter 2000 - Copyright (C) Anthony Liguori 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -/* High water mark keys */ -#define HWM_GROUP "GROUP HWM" -#define HWM_USER "USER HWM" - -/* idmap version determines auto-conversion */ -#define IDMAP_VERSION 2 - -/* Globals */ -static TDB_CONTEXT *idmap_tdb; - -/* convert one record to the new format */ -static int tdb_convert_fn(TDB_CONTEXT * tdb, TDB_DATA key, TDB_DATA data, - void *ignored) -{ - struct winbindd_domain *domain; - char *p; - DOM_SID sid; - uint32 rid; - fstring keystr; - fstring dom_name; - TDB_DATA key2; - - p = strchr(key.dptr, '/'); - if (!p) - return 0; - - *p = 0; - fstrcpy(dom_name, key.dptr); - *p++ = '/'; - - domain = find_domain_from_name(dom_name); - if (!domain) { - /* We must delete the old record. */ - DEBUG(0, - ("winbindd: tdb_convert_fn : Unable to find domain %s\n", - dom_name)); - DEBUG(0, - ("winbindd: tdb_convert_fn : deleting record %s\n", - key.dptr)); - tdb_delete(idmap_tdb, key); - return 0; - } - - rid = atoi(p); - - sid_copy(&sid, &domain->sid); - sid_append_rid(&sid, rid); - - sid_to_string(keystr, &sid); - key2.dptr = keystr; - key2.dsize = strlen(keystr) + 1; - - if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) { - /* not good! */ - DEBUG(0, - ("winbindd: tdb_convert_fn : Unable to update record %s\n", - key2.dptr)); - DEBUG(0, - ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n")); - return -1; - } - - if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) { - /* not good! */ - DEBUG(0, - ("winbindd: tdb_convert_fn : Unable to update record %s\n", - data.dptr)); - DEBUG(0, - ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n")); - return -1; - } - - tdb_delete(idmap_tdb, key); - - return 0; -} - -/***************************************************************************** - Convert the idmap database from an older version. -*****************************************************************************/ -static BOOL tdb_idmap_convert(void) -{ - int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); - BOOL bigendianheader = - (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False; - - if (vers == IDMAP_VERSION) - return True; - - if (((vers == -1) && bigendianheader) - || (IREV(vers) == IDMAP_VERSION)) { - /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */ - /* - * high and low records were created on a - * big endian machine and will need byte-reversing. - */ - - int32 wm; - - wm = tdb_fetch_int32(idmap_tdb, HWM_USER); - - if (wm != -1) { - wm = IREV(wm); - } else - wm = server_state.uid_low; - - if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { - DEBUG(0, - ("tdb_idmap_convert: Unable to byteswap user hwm in idmap database\n")); - return False; - } - - wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); - if (wm != -1) { - wm = IREV(wm); - } else - wm = server_state.gid_low; - - if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { - DEBUG(0, - ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n")); - return False; - } - } - - /* the old format stored as DOMAIN/rid - now we store the SID direct */ - tdb_traverse(idmap_tdb, tdb_convert_fn, NULL); - - if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == - -1) { - DEBUG(0, - ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n")); - return False; - } - - return True; -} - -/* Allocate either a user or group id from the pool */ -static BOOL tdb_allocate_id(uid_t * id, BOOL isgroup) -{ - int hwm; - - /* Get current high water mark */ - if ((hwm = tdb_fetch_int32(idmap_tdb, - isgroup ? HWM_GROUP : HWM_USER)) == - -1) { - return False; - } - - /* Return next available uid in list */ - if ((isgroup && (hwm > server_state.gid_high)) || - (!isgroup && (hwm > server_state.uid_high))) { - DEBUG(0, - ("winbind %sid range full!\n", isgroup ? "g" : "u")); - return False; - } - - if (id) { - *id = hwm; - } - - hwm++; - - /* Store new high water mark */ - tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm); - - return True; -} - -/* Get a sid from an id */ -static BOOL tdb_get_sid_from_id(int id, DOM_SID * sid, BOOL isgroup) -{ - TDB_DATA key, data; - fstring keystr; - BOOL result = False; - - slprintf(keystr, sizeof(keystr), "%s %d", isgroup ? "GID" : "UID", - id); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(idmap_tdb, key); - - if (data.dptr) { - result = string_to_sid(sid, data.dptr); - SAFE_FREE(data.dptr); - } - - return result; -} - -/* Get an id from a sid */ -static BOOL tdb_get_id_from_sid(DOM_SID * sid, uid_t * id, BOOL isgroup) -{ - TDB_DATA data, key; - fstring keystr; - BOOL result = False; - - /* Check if sid is present in database */ - sid_to_string(keystr, sid); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(idmap_tdb, key); - - if (data.dptr) { - fstring scanstr; - int the_id; - - /* Parse and return existing uid */ - fstrcpy(scanstr, isgroup ? "GID" : "UID"); - fstrcat(scanstr, " %d"); - - if (sscanf(data.dptr, scanstr, &the_id) == 1) { - /* Store uid */ - if (id) { - *id = the_id; - } - - result = True; - } - - SAFE_FREE(data.dptr); - } else { - - /* Allocate a new id for this sid */ - if (id && tdb_allocate_id(id, isgroup)) { - fstring keystr2; - - /* Store new id */ - slprintf(keystr2, sizeof(keystr2), "%s %d", - isgroup ? "GID" : "UID", *id); - - data.dptr = keystr2; - data.dsize = strlen(keystr2) + 1; - - tdb_store(idmap_tdb, key, data, TDB_REPLACE); - tdb_store(idmap_tdb, data, key, TDB_REPLACE); - - result = True; - } - } - - return result; -} - -/***************************************************************************** - Initialise idmap database. -*****************************************************************************/ -static BOOL tdb_idmap_init(void) -{ - SMB_STRUCT_STAT stbuf; - - /* move to the new database on first startup */ - if (!file_exist(lock_path("idmap.tdb"), &stbuf)) { - if (file_exist(lock_path("winbindd_idmap.tdb"), &stbuf)) { - char *cmd = NULL; - - /* lazy file copy */ - if (asprintf(&cmd, "cp -p %s/winbindd_idmap.tdb %s/idmap.tdb", lp_lockdir(), lp_lockdir()) != -1) { - system(cmd); - free(cmd); - } - if (!file_exist(lock_path("idmap.tdb"), &stbuf)) { - DEBUG(0, ("idmap_init: Unable to make a new database copy\n")); - return False; - } - } - } - - /* Open tdb cache */ - if (!(idmap_tdb = tdb_open_log(lock_path("idmap.tdb"), 0, - TDB_DEFAULT, O_RDWR | O_CREAT, - 0600))) { - DEBUG(0, - ("winbindd_idmap_init: Unable to open idmap database\n")); - return False; - } - - /* possibly convert from an earlier version */ - if (!tdb_idmap_convert()) { - DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n")); - return False; - } - - /* Create high water marks for group and user id */ - if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) { - if (tdb_store_int32 - (idmap_tdb, HWM_USER, server_state.uid_low) == -1) { - DEBUG(0, - ("winbindd_idmap_init: Unable to initialise user hwm in idmap database\n")); - return False; - } - } - - if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) { - if (tdb_store_int32 - (idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) { - DEBUG(0, - ("winbindd_idmap_init: Unable to initialise group hwm in idmap database\n")); - return False; - } - } - - return True; -} - -/* Get a sid from a uid */ -static BOOL tdb_get_sid_from_uid(uid_t uid, DOM_SID * sid) -{ - return tdb_get_sid_from_id((int) uid, sid, False); -} - -/* Get a sid from a gid */ -static BOOL tdb_get_sid_from_gid(gid_t gid, DOM_SID * sid) -{ - return tdb_get_sid_from_id((int) gid, sid, True); -} - -/* Get a uid from a sid */ -static BOOL tdb_get_uid_from_sid(DOM_SID * sid, uid_t * uid) -{ - return tdb_get_id_from_sid(sid, uid, False); -} - -/* Get a gid from a group sid */ -static BOOL tdb_get_gid_from_sid(DOM_SID * sid, gid_t * gid) -{ - return tdb_get_id_from_sid(sid, gid, True); -} - -/* Close the tdb */ -static BOOL tdb_idmap_close(void) -{ - if (idmap_tdb) - return (tdb_close(idmap_tdb) == 0); - return True; -} - - -/* Dump status information to log file. Display different stuff based on - the debug level: - - Debug Level Information Displayed - ================================================================= - 0 Percentage of [ug]id range allocated - 0 High water marks (next allocated ids) -*/ - -#define DUMP_INFO 0 - -static void tdb_idmap_status(void) -{ - int user_hwm, group_hwm; - - DEBUG(0, ("winbindd idmap status:\n")); - - /* Get current high water marks */ - - if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) { - DEBUG(DUMP_INFO, - ("\tCould not get userid high water mark!\n")); - } - - if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) { - DEBUG(DUMP_INFO, - ("\tCould not get groupid high water mark!\n")); - } - - /* Display next ids to allocate */ - - if (user_hwm != -1) { - DEBUG(DUMP_INFO, - ("\tNext userid to allocate is %d\n", user_hwm)); - } - - if (group_hwm != -1) { - DEBUG(DUMP_INFO, - ("\tNext groupid to allocate is %d\n", group_hwm)); - } - - /* Display percentage of id range already allocated. */ - - if (user_hwm != -1) { - int num_users = user_hwm - server_state.uid_low; - int total_users = - server_state.uid_high - server_state.uid_low; - - DEBUG(DUMP_INFO, - ("\tUser id range is %d%% full (%d of %d)\n", - num_users * 100 / total_users, num_users, - total_users)); - } - - if (group_hwm != -1) { - int num_groups = group_hwm - server_state.gid_low; - int total_groups = - server_state.gid_high - server_state.gid_low; - - DEBUG(DUMP_INFO, - ("\tGroup id range is %d%% full (%d of %d)\n", - num_groups * 100 / total_groups, num_groups, - total_groups)); - } - - /* Display complete mapping of users and groups to rids */ -} - -struct winbindd_idmap_methods tdb_idmap_methods = { - tdb_idmap_init, - - tdb_get_sid_from_uid, - tdb_get_sid_from_gid, - - tdb_get_uid_from_sid, - tdb_get_gid_from_sid, - - tdb_idmap_close, - - tdb_idmap_status -}; - -BOOL winbind_idmap_reg_tdb(struct winbindd_idmap_methods **meth) -{ - *meth = &tdb_idmap_methods; - - return True; -} diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index 6ab2eaa646..f01f20bb34 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -122,6 +122,8 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) { DOM_SID sid; + unid_t id; + int id_type; /* Ensure null termination */ state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; @@ -137,11 +139,13 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) } /* Find uid for this sid and return it */ - if (!winbindd_idmap_get_uid_from_sid(&sid, &state->response.data.uid)) { + id_type = ID_USERID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, &sid))) { DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; } + state->response.data.uid = id.uid; return WINBINDD_OK; } @@ -152,6 +156,8 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) { DOM_SID sid; + unid_t id; + int id_type; /* Ensure null termination */ state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; @@ -166,11 +172,13 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) } /* Find gid for this sid and return it */ - if (!winbindd_idmap_get_gid_from_sid(&sid, &state->response.data.gid)) { + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, &sid))) { DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; } + state->response.data.gid = id.gid; return WINBINDD_OK; } @@ -180,6 +188,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state) { DOM_SID sid; + unid_t id; /* Bug out if the uid isn't in the winbind range */ @@ -192,7 +201,8 @@ enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state) state->request.data.uid)); /* Lookup rid for this uid */ - if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, &sid)) { + id.uid = state->request.data.uid; + if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(&sid, id, ID_USERID))) { DEBUG(1, ("Could not convert uid %d to rid\n", state->request.data.uid)); return WINBINDD_ERROR; @@ -209,6 +219,7 @@ enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state) enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state) { DOM_SID sid; + unid_t id; /* Bug out if the gid isn't in the winbind range */ @@ -221,7 +232,8 @@ enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state) state->request.data.gid)); /* Lookup sid for this uid */ - if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &sid)) { + id.gid = state->request.data.gid; + if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(&sid, id, ID_GROUPID))) { DEBUG(1, ("Could not convert gid %d to sid\n", state->request.data.gid)); return WINBINDD_ERROR; diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index d2bd231918..dd66275390 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -36,25 +36,29 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, fstring output_username; pstring homedir; fstring sid_string; + unid_t id; + int id_type; if (!pw || !dom_name || !user_name) return False; /* Resolve the uid number */ - - if (!winbindd_idmap_get_uid_from_sid(user_sid, - &pw->pw_uid)) { + + id_type = ID_USERID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, user_sid))) { DEBUG(1, ("error getting user id for sid %s\n", sid_to_string(sid_string, user_sid))); return False; } + pw->pw_uid = id.uid; /* Resolve the gid number */ - - if (!winbindd_idmap_get_gid_from_sid(group_sid, - &pw->pw_gid)) { + + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, group_sid))) { DEBUG(1, ("error getting group id for sid %s\n", sid_to_string(sid_string, group_sid))); return False; } + pw->pw_gid = id.gid; /* Username */ @@ -178,9 +182,10 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) fstring user_name; enum SID_NAME_USE name_type; WINBIND_USERINFO user_info; - gid_t gid; TALLOC_CTX *mem_ctx; NTSTATUS status; + unid_t id; + int id_type; /* Bug out if the uid isn't in the winbind range */ @@ -193,8 +198,8 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) /* Get rid from uid */ - if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, - &user_sid)) { + id.uid = state->request.data.uid; + if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(&user_sid, id, ID_USERID))) { DEBUG(1, ("could not convert uid %d to SID\n", state->request.data.uid)); return WINBINDD_ERROR; @@ -236,9 +241,10 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - /* Resolve gid number */ + /* Check group has a gid number */ - if (!winbindd_idmap_get_gid_from_sid(user_info.group_sid, &gid)) { + id_type = ID_GROUPID; + if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &id_type, user_info.group_sid))) { DEBUG(1, ("error getting group id for user %s\n", user_name)); talloc_destroy(mem_ctx); return WINBINDD_ERROR; diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c index c2b966cfbe..45a1d324b1 100644 --- a/source3/sam/idmap.c +++ b/source3/sam/idmap.c @@ -32,10 +32,7 @@ static struct { struct idmap_methods *methods; } remote_idmap_functions[] = { - - { "winbind", idmap_reg_winbind, NULL }, { NULL, NULL, NULL } - }; static struct idmap_methods *local_map; @@ -63,8 +60,10 @@ static struct idmap_methods *get_methods(const char *name) } /* Initialize backend */ -BOOL idmap_init(const char *remote_backend) +BOOL idmap_init(void) { + const char *remote_backend = lp_idmap_backend(); + if (!local_map) { idmap_reg_tdb(&local_map); if (NT_STATUS_IS_ERR(local_map->init())) { diff --git a/source3/sam/idmap_winbind.c b/source3/sam/idmap_winbind.c deleted file mode 100644 index d89c9e7bac..0000000000 --- a/source3/sam/idmap_winbind.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - idmap Winbind backend - - Copyright (C) Simo Sorce 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "nsswitch/winbind_nss.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_IDMAP - -extern DOM_SID global_sid_NULL; /* NULL sid */ - -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response); - -/* Get a sid from an id */ -static NTSTATUS db_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type) -{ - struct winbindd_request request; - struct winbindd_response response; - int result, operation; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - switch (id_type & ID_TYPEMASK) { - case ID_USERID: - request.data.uid = id.uid; - operation = WINBINDD_UID_TO_SID; - break; - case ID_GROUPID: - request.data.gid = id.gid; - operation = WINBINDD_GID_TO_SID; - break; - default: - return NT_STATUS_INVALID_PARAMETER; - } - - /* Make The Request */ - result = winbindd_request(operation, &request, &response); - if (result == NSS_STATUS_SUCCESS) { - if (!string_to_sid(sid, response.data.sid.sid)) { - return NT_STATUS_INVALID_SID; - } - return NT_STATUS_OK; - } else { - sid_copy(sid, &global_sid_NULL); - } - - return NT_STATUS_UNSUCCESSFUL; -} - -/* Get an id from a sid */ -static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) -{ - struct winbindd_request request; - struct winbindd_response response; - int result, operation; - fstring sid_str; - - if (!id || !id_type) { - return NT_STATUS_INVALID_PARAMETER; - } - - /* setup request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - switch (*id_type & ID_TYPEMASK) { - case ID_USERID: - operation = WINBINDD_SID_TO_UID; - break; - case ID_GROUPID: - operation = WINBINDD_SID_TO_GID; - break; - default: - return NT_STATUS_INVALID_PARAMETER; - } - - sid_to_string(sid_str, sid); - fstrcpy(request.data.sid, sid_str); - - /* Make The Request */ - result = winbindd_request(operation, &request, &response); - - if (result == NSS_STATUS_SUCCESS) { - if (operation == WINBINDD_SID_TO_UID) { - (*id).uid = response.data.uid; - } else { - (*id).gid = response.data.gid; - } - return NT_STATUS_OK; - } - - return NT_STATUS_UNSUCCESSFUL; -} - -static NTSTATUS db_set_mapping(DOM_SID *sid, unid_t id, int id_type) { - return NT_STATUS_UNSUCCESSFUL; -} - -/***************************************************************************** - Initialise idmap database. -*****************************************************************************/ -static NTSTATUS db_init(void) { - return NT_STATUS_OK; -} - -/* Close the tdb */ -static NTSTATUS db_close(void) { - return NT_STATUS_OK; -} - -static void db_status(void) { - return; -} - -struct idmap_methods winbind_methods = { - - db_init, - db_get_sid_from_id, - db_get_id_from_sid, - db_set_mapping, - db_close, - db_status - -}; - -NTSTATUS idmap_reg_winbind(struct idmap_methods **meth) -{ - *meth = &winbind_methods; - - return NT_STATUS_OK; -} - diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 8ce20c87a4..b1b9192c09 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -833,7 +833,7 @@ static BOOL init_structs(void ) if (!init_registry()) exit(1); - if (!idmap_init(lp_idmap_backend())) + if (!idmap_init()) exit(1); if(!initialize_password_db(False)) |