summaryrefslogtreecommitdiff
path: root/source4/winbind/idmap.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/winbind/idmap.c')
-rw-r--r--source4/winbind/idmap.c145
1 files changed, 74 insertions, 71 deletions
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index de8a43ec02..92ac41f1d2 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -210,13 +210,26 @@ NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
NTSTATUS status = NT_STATUS_NONE_MAPPED;
struct ldb_context *ldb = idmap_ctx->ldb_ctx;
struct ldb_result *res = NULL;
- uint32_t low, high;
struct dom_sid *unix_sid, *new_sid;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ const char *id_type;
+
+ switch (unixid->type) {
+ case ID_TYPE_UID:
+ id_type = "ID_TYPE_UID";
+ break;
+ case ID_TYPE_GID:
+ id_type = "ID_TYPE_GID";
+ break;
+ default:
+ DEBUG(1, ("unixid->type must be type gid or uid\n"));
+ status = NT_STATUS_NONE_MAPPED;
+ goto failed;
+ }
ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
- NULL, "(&(objectClass=sidMap)(xidNumber=%u))",
- unixid->id);
+ NULL, "(&(|(type=ID_TYPE_BOTH)(type=%s))"
+ "(xidNumber=%u))", id_type, unixid->id);
if (ret != LDB_SUCCESS) {
DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
status = NT_STATUS_NONE_MAPPED;
@@ -235,40 +248,9 @@ NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
- DEBUG(6, ("xid not found in idmap db, trying to allocate SID.\n"));
-
- /* Now redo the search to make sure noone added a mapping for that SID
- * while we weren't looking.*/
- ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
- NULL, "(&(objectClass=sidMap)(xidNumber=%u))",
- unixid->id);
- if (ret != LDB_SUCCESS) {
- DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
- status = NT_STATUS_NONE_MAPPED;
- goto failed;
- }
-
- if (res->count > 0) {
- DEBUG(1, ("sidMap modified while trying to add a mapping.\n"));
- status = NT_STATUS_RETRY;
- goto failed;
- }
-
- ret = idmap_get_bounds(idmap_ctx, &low, &high);
- if (ret != LDB_SUCCESS) {
- DEBUG(1, ("Failed to get id bounds from db: %u\n", ret));
- status = NT_STATUS_NONE_MAPPED;
- goto failed;
- }
-
- if (unixid->id >= low && unixid->id <= high) {
- /* An existing xid would have been mapped before */
- status = NT_STATUS_NONE_MAPPED;
- goto failed;
- }
+ DEBUG(6, ("xid not found in idmap db, create S-1-22- SID.\n"));
- /* For local users, we just create a rid = uid +1, so root doesn't end
- * up with a 0 rid */
+ /* For local users/groups , we just create a rid = uid/gid */
if (unixid->type == ID_TYPE_UID) {
unix_sid = dom_sid_parse_talloc(tmp_ctx, "S-1-22-1");
} else {
@@ -279,7 +261,7 @@ NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
goto failed;
}
- new_sid = dom_sid_add_rid(mem_ctx, unix_sid, unixid->id + 1);
+ new_sid = dom_sid_add_rid(mem_ctx, unix_sid, unixid->id);
if (new_sid == NULL) {
status = NT_STATUS_NO_MEMORY;
goto failed;
@@ -326,42 +308,27 @@ NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
bool hwm_entry_exists;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
- NULL, "(&(objectClass=sidMap)(objectSid=%s))",
- ldap_encode_ndr_dom_sid(tmp_ctx, sid));
- if (ret != LDB_SUCCESS) {
- DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
- status = NT_STATUS_NONE_MAPPED;
- goto failed;
- }
-
- if (res->count == 1) {
- new_xid = ldb_msg_find_attr_as_uint(res->msgs[0], "xidNumber",
- -1);
- if (new_xid == (uint32_t) -1) {
- DEBUG(1, ("Invalid xid mapping.\n"));
- status = NT_STATUS_NONE_MAPPED;
- goto failed;
- }
+ if (dom_sid_in_domain(idmap_ctx->unix_users_sid, sid)) {
+ uint32_t rid;
+ DEBUG(6, ("This is a local unix uid, just calculate that.\n"));
+ status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
+ if (!NT_STATUS_IS_OK(status)) goto failed;
*unixid = talloc(mem_ctx, struct unixid);
if (*unixid == NULL) {
status = NT_STATUS_NO_MEMORY;
goto failed;
}
-
- (*unixid)->id = new_xid;
- (*unixid)->type = ID_TYPE_BOTH;
+ (*unixid)->id = rid;
+ (*unixid)->type = ID_TYPE_UID;
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
- DEBUG(6, ("No existing mapping found, attempting to create one.\n"));
-
- if (dom_sid_in_domain(idmap_ctx->unix_users_sid, sid)) {
+ if (dom_sid_in_domain(idmap_ctx->unix_groups_sid, sid)) {
uint32_t rid;
- DEBUG(6, ("This is a local unix uid, just calculate that.\n"));
+ DEBUG(6, ("This is a local unix gid, just calculate that.\n"));
status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
if (!NT_STATUS_IS_OK(status)) goto failed;
@@ -370,30 +337,60 @@ NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
status = NT_STATUS_NO_MEMORY;
goto failed;
}
- (*unixid)->id = rid - 1;
- (*unixid)->type = ID_TYPE_UID;
+ (*unixid)->id = rid;
+ (*unixid)->type = ID_TYPE_GID;
talloc_free(tmp_ctx);
return NT_STATUS_OK;
+ }
+
+ ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
+ NULL, "(&(objectClass=sidMap)(objectSid=%s))",
+ ldap_encode_ndr_dom_sid(tmp_ctx, sid));
+ if (ret != LDB_SUCCESS) {
+ DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
+ status = NT_STATUS_NONE_MAPPED;
+ goto failed;
}
- if (dom_sid_in_domain(idmap_ctx->unix_groups_sid, sid)) {
- uint32_t rid;
- DEBUG(6, ("This is a local unix gid, just calculate that.\n"));
- status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
- if (!NT_STATUS_IS_OK(status)) goto failed;
+ if (res->count == 1) {
+ const char *type = ldb_msg_find_attr_as_string(res->msgs[0],
+ "type", NULL);
+ new_xid = ldb_msg_find_attr_as_uint(res->msgs[0], "xidNumber",
+ -1);
+ if (new_xid == (uint32_t) -1) {
+ DEBUG(1, ("Invalid xid mapping.\n"));
+ status = NT_STATUS_NONE_MAPPED;
+ goto failed;
+ }
+
+ if (type == NULL) {
+ DEBUG(1, ("Invalid type for mapping entry.\n"));
+ status = NT_STATUS_NONE_MAPPED;
+ goto failed;
+ }
*unixid = talloc(mem_ctx, struct unixid);
if (*unixid == NULL) {
status = NT_STATUS_NO_MEMORY;
goto failed;
}
- (*unixid)->id = rid - 1;
- (*unixid)->type = ID_TYPE_GID;
+
+ (*unixid)->id = new_xid;
+
+ if (strcmp(type, "ID_TYPE_BOTH") == 0) {
+ (*unixid)->type = ID_TYPE_BOTH;
+ } else if (strcmp(type, "ID_TYPE_UID") == 0) {
+ (*unixid)->type = ID_TYPE_UID;
+ } else {
+ (*unixid)->type = ID_TYPE_GID;
+ }
talloc_free(tmp_ctx);
return NT_STATUS_OK;
- }
+ }
+
+ DEBUG(6, ("No existing mapping found, attempting to create one.\n"));
trans = ldb_transaction_start(ldb);
if (trans != LDB_SUCCESS) {
@@ -585,6 +582,12 @@ NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
goto failed;
}
+ ret = ldb_msg_add_string(map_msg, "type", "ID_TYPE_BOTH");
+ if (ret != LDB_SUCCESS) {
+ status = NT_STATUS_NONE_MAPPED;
+ goto failed;
+ }
+
ret = ldb_msg_add_string(map_msg, "cn", sid_string);
if (ret != LDB_SUCCESS) {
status = NT_STATUS_NONE_MAPPED;
generated by cgit (git 2.34.1) at 2024-07-01 23:24:39 +0000