diff options
Diffstat (limited to 'source4/winbind')
-rw-r--r-- | source4/winbind/idmap.c | 145 | ||||
-rw-r--r-- | source4/winbind/idmap.h | 20 | ||||
-rw-r--r-- | source4/winbind/wb_irpc.c | 70 | ||||
-rw-r--r-- | source4/winbind/wb_xids2sids.c | 4 |
4 files changed, 148 insertions, 91 deletions
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c index de8a43ec02..92ac41f1d2 100644 --- a/source4/winbind/idmap.c +++ b/source4/winbind/idmap.c @@ -210,13 +210,26 @@ NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_NONE_MAPPED; struct ldb_context *ldb = idmap_ctx->ldb_ctx; struct ldb_result *res = NULL; - uint32_t low, high; struct dom_sid *unix_sid, *new_sid; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + const char *id_type; + + switch (unixid->type) { + case ID_TYPE_UID: + id_type = "ID_TYPE_UID"; + break; + case ID_TYPE_GID: + id_type = "ID_TYPE_GID"; + break; + default: + DEBUG(1, ("unixid->type must be type gid or uid\n")); + status = NT_STATUS_NONE_MAPPED; + goto failed; + } ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, - NULL, "(&(objectClass=sidMap)(xidNumber=%u))", - unixid->id); + NULL, "(&(|(type=ID_TYPE_BOTH)(type=%s))" + "(xidNumber=%u))", id_type, unixid->id); if (ret != LDB_SUCCESS) { DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb))); status = NT_STATUS_NONE_MAPPED; @@ -235,40 +248,9 @@ NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } - DEBUG(6, ("xid not found in idmap db, trying to allocate SID.\n")); - - /* Now redo the search to make sure noone added a mapping for that SID - * while we weren't looking.*/ - ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, - NULL, "(&(objectClass=sidMap)(xidNumber=%u))", - unixid->id); - if (ret != LDB_SUCCESS) { - DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb))); - status = NT_STATUS_NONE_MAPPED; - goto failed; - } - - if (res->count > 0) { - DEBUG(1, ("sidMap modified while trying to add a mapping.\n")); - status = NT_STATUS_RETRY; - goto failed; - } - - ret = idmap_get_bounds(idmap_ctx, &low, &high); - if (ret != LDB_SUCCESS) { - DEBUG(1, ("Failed to get id bounds from db: %u\n", ret)); - status = NT_STATUS_NONE_MAPPED; - goto failed; - } - - if (unixid->id >= low && unixid->id <= high) { - /* An existing xid would have been mapped before */ - status = NT_STATUS_NONE_MAPPED; - goto failed; - } + DEBUG(6, ("xid not found in idmap db, create S-1-22- SID.\n")); - /* For local users, we just create a rid = uid +1, so root doesn't end - * up with a 0 rid */ + /* For local users/groups , we just create a rid = uid/gid */ if (unixid->type == ID_TYPE_UID) { unix_sid = dom_sid_parse_talloc(tmp_ctx, "S-1-22-1"); } else { @@ -279,7 +261,7 @@ NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx, goto failed; } - new_sid = dom_sid_add_rid(mem_ctx, unix_sid, unixid->id + 1); + new_sid = dom_sid_add_rid(mem_ctx, unix_sid, unixid->id); if (new_sid == NULL) { status = NT_STATUS_NO_MEMORY; goto failed; @@ -326,42 +308,27 @@ NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx, bool hwm_entry_exists; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, - NULL, "(&(objectClass=sidMap)(objectSid=%s))", - ldap_encode_ndr_dom_sid(tmp_ctx, sid)); - if (ret != LDB_SUCCESS) { - DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb))); - status = NT_STATUS_NONE_MAPPED; - goto failed; - } - - if (res->count == 1) { - new_xid = ldb_msg_find_attr_as_uint(res->msgs[0], "xidNumber", - -1); - if (new_xid == (uint32_t) -1) { - DEBUG(1, ("Invalid xid mapping.\n")); - status = NT_STATUS_NONE_MAPPED; - goto failed; - } + if (dom_sid_in_domain(idmap_ctx->unix_users_sid, sid)) { + uint32_t rid; + DEBUG(6, ("This is a local unix uid, just calculate that.\n")); + status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid); + if (!NT_STATUS_IS_OK(status)) goto failed; *unixid = talloc(mem_ctx, struct unixid); if (*unixid == NULL) { status = NT_STATUS_NO_MEMORY; goto failed; } - - (*unixid)->id = new_xid; - (*unixid)->type = ID_TYPE_BOTH; + (*unixid)->id = rid; + (*unixid)->type = ID_TYPE_UID; talloc_free(tmp_ctx); return NT_STATUS_OK; } - DEBUG(6, ("No existing mapping found, attempting to create one.\n")); - - if (dom_sid_in_domain(idmap_ctx->unix_users_sid, sid)) { + if (dom_sid_in_domain(idmap_ctx->unix_groups_sid, sid)) { uint32_t rid; - DEBUG(6, ("This is a local unix uid, just calculate that.\n")); + DEBUG(6, ("This is a local unix gid, just calculate that.\n")); status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid); if (!NT_STATUS_IS_OK(status)) goto failed; @@ -370,30 +337,60 @@ NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx, status = NT_STATUS_NO_MEMORY; goto failed; } - (*unixid)->id = rid - 1; - (*unixid)->type = ID_TYPE_UID; + (*unixid)->id = rid; + (*unixid)->type = ID_TYPE_GID; talloc_free(tmp_ctx); return NT_STATUS_OK; + } + + ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, + NULL, "(&(objectClass=sidMap)(objectSid=%s))", + ldap_encode_ndr_dom_sid(tmp_ctx, sid)); + if (ret != LDB_SUCCESS) { + DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb))); + status = NT_STATUS_NONE_MAPPED; + goto failed; } - if (dom_sid_in_domain(idmap_ctx->unix_groups_sid, sid)) { - uint32_t rid; - DEBUG(6, ("This is a local unix gid, just calculate that.\n")); - status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid); - if (!NT_STATUS_IS_OK(status)) goto failed; + if (res->count == 1) { + const char *type = ldb_msg_find_attr_as_string(res->msgs[0], + "type", NULL); + new_xid = ldb_msg_find_attr_as_uint(res->msgs[0], "xidNumber", + -1); + if (new_xid == (uint32_t) -1) { + DEBUG(1, ("Invalid xid mapping.\n")); + status = NT_STATUS_NONE_MAPPED; + goto failed; + } + + if (type == NULL) { + DEBUG(1, ("Invalid type for mapping entry.\n")); + status = NT_STATUS_NONE_MAPPED; + goto failed; + } *unixid = talloc(mem_ctx, struct unixid); if (*unixid == NULL) { status = NT_STATUS_NO_MEMORY; goto failed; } - (*unixid)->id = rid - 1; - (*unixid)->type = ID_TYPE_GID; + + (*unixid)->id = new_xid; + + if (strcmp(type, "ID_TYPE_BOTH") == 0) { + (*unixid)->type = ID_TYPE_BOTH; + } else if (strcmp(type, "ID_TYPE_UID") == 0) { + (*unixid)->type = ID_TYPE_UID; + } else { + (*unixid)->type = ID_TYPE_GID; + } talloc_free(tmp_ctx); return NT_STATUS_OK; - } + } + + DEBUG(6, ("No existing mapping found, attempting to create one.\n")); trans = ldb_transaction_start(ldb); if (trans != LDB_SUCCESS) { @@ -585,6 +582,12 @@ NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx, goto failed; } + ret = ldb_msg_add_string(map_msg, "type", "ID_TYPE_BOTH"); + if (ret != LDB_SUCCESS) { + status = NT_STATUS_NONE_MAPPED; + goto failed; + } + ret = ldb_msg_add_string(map_msg, "cn", sid_string); if (ret != LDB_SUCCESS) { status = NT_STATUS_NONE_MAPPED; diff --git a/source4/winbind/idmap.h b/source4/winbind/idmap.h index 045d50c568..6eae92cc68 100644 --- a/source4/winbind/idmap.h +++ b/source4/winbind/idmap.h @@ -22,6 +22,8 @@ #ifndef _IDMAP_H_ #define _IDMAP_H_ +#include "librpc/gen_ndr/winbind.h" + struct idmap_context { struct loadparm_context *lp_ctx; struct ldb_context *ldb_ctx; @@ -29,24 +31,6 @@ struct idmap_context { struct dom_sid *unix_users_sid; }; -enum id_type { - ID_TYPE_NOT_SPECIFIED = 0, - ID_TYPE_UID, - ID_TYPE_GID, - ID_TYPE_BOTH -}; - -struct unixid { - uint32_t id; - enum id_type type; -}; - -struct id_mapping { - struct unixid *unixid; - struct dom_sid *sid; - NTSTATUS status; -}; - #include "winbind/idmap_proto.h" #endif diff --git a/source4/winbind/wb_irpc.c b/source4/winbind/wb_irpc.c index 5d7f7fd7a6..0535045adb 100644 --- a/source4/winbind/wb_irpc.c +++ b/source4/winbind/wb_irpc.c @@ -22,6 +22,7 @@ #include "winbind/wb_server.h" #include "lib/messaging/irpc.h" #include "libcli/composite/composite.h" +#include "libcli/security/proto.h" #include "librpc/gen_ndr/ndr_winbind.h" #include "smbd/service_task.h" @@ -71,6 +72,71 @@ static void wb_irpc_SamLogon_callback(struct composite_context *ctx) irpc_send_reply(s->msg, status); } +struct wb_irpc_get_idmap_state { + struct irpc_message *msg; + struct winbind_get_idmap *req; + int level; +}; + +static void wb_irpc_get_idmap_callback(struct composite_context *ctx); + +static NTSTATUS wb_irpc_get_idmap(struct irpc_message *msg, + struct winbind_get_idmap *req) +{ + struct wbsrv_service *service = talloc_get_type(msg->private, + struct wbsrv_service); + struct wb_irpc_get_idmap_state *s; + struct composite_context *ctx; + + DEBUG(5, ("wb_irpc_get_idmap called\n")); + + s = talloc(msg, struct wb_irpc_get_idmap_state); + NT_STATUS_HAVE_NO_MEMORY(s); + + s->msg = msg; + s->req = req; + s->level = req->in.level; + + switch(s->level) { + case WINBIND_IDMAP_LEVEL_SIDS_TO_XIDS: + ctx = wb_sids2xids_send(msg, service, req->in.count, + req->in.ids); + break; + case WINBIND_IDMAP_LEVEL_XIDS_TO_SIDS: + ctx = wb_xids2sids_send(msg, service, req->in.count, + req->in.ids); + break; + } + NT_STATUS_HAVE_NO_MEMORY(ctx); + + composite_continue(ctx, ctx, wb_irpc_get_idmap_callback, s); + msg->defer_reply = true; + + return NT_STATUS_OK; +} + +static void wb_irpc_get_idmap_callback(struct composite_context *ctx) +{ + struct wb_irpc_get_idmap_state *s; + NTSTATUS status; + + DEBUG(5, ("wb_irpc_get_idmap_callback called\n")); + + s = talloc_get_type(ctx->async.private_data, + struct wb_irpc_get_idmap_state); + + switch(s->level) { + case WINBIND_IDMAP_LEVEL_SIDS_TO_XIDS: + status = wb_sids2xids_recv(ctx, &s->req->out.ids); + break; + case WINBIND_IDMAP_LEVEL_XIDS_TO_SIDS: + status = wb_xids2sids_recv(ctx, &s->req->out.ids); + break; + } + + irpc_send_reply(s->msg, status); +} + NTSTATUS wbsrv_init_irpc(struct wbsrv_service *service) { NTSTATUS status; @@ -81,5 +147,9 @@ NTSTATUS wbsrv_init_irpc(struct wbsrv_service *service) wb_irpc_SamLogon, service); NT_STATUS_NOT_OK_RETURN(status); + status = IRPC_REGISTER(service->task->msg_ctx, winbind, WINBIND_GET_IDMAP, + wb_irpc_get_idmap, service); + NT_STATUS_NOT_OK_RETURN(status); + return NT_STATUS_OK; } diff --git a/source4/winbind/wb_xids2sids.c b/source4/winbind/wb_xids2sids.c index 843d292c07..1be394d276 100644 --- a/source4/winbind/wb_xids2sids.c +++ b/source4/winbind/wb_xids2sids.c @@ -41,7 +41,7 @@ struct composite_context *wb_xids2sids_send(TALLOC_CTX *mem_ctx, struct composite_context *result; struct xids2sids_state *state; - DEBUG(0, ("wb_xids2sids_send called\n")); + DEBUG(5, ("wb_xids2sids_send called\n")); result = composite_create(mem_ctx, service->task->event_ctx); if (!result) return NULL; @@ -68,7 +68,7 @@ NTSTATUS wb_xids2sids_recv(struct composite_context *ctx, { NTSTATUS status = composite_wait(ctx); - DEBUG(0, ("wb_xids2sids_recv called.\n")); + DEBUG(5, ("wb_xids2sids_recv called.\n")); if (NT_STATUS_IS_OK(status)) { struct xids2sids_state *state = |