summaryrefslogtreecommitdiff
path: root/source4/winbind
diff options
context:
space:
mode:
Diffstat (limited to 'source4/winbind')
-rw-r--r--source4/winbind/idmap.c145
-rw-r--r--source4/winbind/idmap.h20
-rw-r--r--source4/winbind/wb_irpc.c70
-rw-r--r--source4/winbind/wb_xids2sids.c4
4 files changed, 148 insertions, 91 deletions
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index de8a43ec02..92ac41f1d2 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -210,13 +210,26 @@ NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
NTSTATUS status = NT_STATUS_NONE_MAPPED;
struct ldb_context *ldb = idmap_ctx->ldb_ctx;
struct ldb_result *res = NULL;
- uint32_t low, high;
struct dom_sid *unix_sid, *new_sid;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ const char *id_type;
+
+ switch (unixid->type) {
+ case ID_TYPE_UID:
+ id_type = "ID_TYPE_UID";
+ break;
+ case ID_TYPE_GID:
+ id_type = "ID_TYPE_GID";
+ break;
+ default:
+ DEBUG(1, ("unixid->type must be type gid or uid\n"));
+ status = NT_STATUS_NONE_MAPPED;
+ goto failed;
+ }
ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
- NULL, "(&(objectClass=sidMap)(xidNumber=%u))",
- unixid->id);
+ NULL, "(&(|(type=ID_TYPE_BOTH)(type=%s))"
+ "(xidNumber=%u))", id_type, unixid->id);
if (ret != LDB_SUCCESS) {
DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
status = NT_STATUS_NONE_MAPPED;
@@ -235,40 +248,9 @@ NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
- DEBUG(6, ("xid not found in idmap db, trying to allocate SID.\n"));
-
- /* Now redo the search to make sure noone added a mapping for that SID
- * while we weren't looking.*/
- ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
- NULL, "(&(objectClass=sidMap)(xidNumber=%u))",
- unixid->id);
- if (ret != LDB_SUCCESS) {
- DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
- status = NT_STATUS_NONE_MAPPED;
- goto failed;
- }
-
- if (res->count > 0) {
- DEBUG(1, ("sidMap modified while trying to add a mapping.\n"));
- status = NT_STATUS_RETRY;
- goto failed;
- }
-
- ret = idmap_get_bounds(idmap_ctx, &low, &high);
- if (ret != LDB_SUCCESS) {
- DEBUG(1, ("Failed to get id bounds from db: %u\n", ret));
- status = NT_STATUS_NONE_MAPPED;
- goto failed;
- }
-
- if (unixid->id >= low && unixid->id <= high) {
- /* An existing xid would have been mapped before */
- status = NT_STATUS_NONE_MAPPED;
- goto failed;
- }
+ DEBUG(6, ("xid not found in idmap db, create S-1-22- SID.\n"));
- /* For local users, we just create a rid = uid +1, so root doesn't end
- * up with a 0 rid */
+ /* For local users/groups , we just create a rid = uid/gid */
if (unixid->type == ID_TYPE_UID) {
unix_sid = dom_sid_parse_talloc(tmp_ctx, "S-1-22-1");
} else {
@@ -279,7 +261,7 @@ NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
goto failed;
}
- new_sid = dom_sid_add_rid(mem_ctx, unix_sid, unixid->id + 1);
+ new_sid = dom_sid_add_rid(mem_ctx, unix_sid, unixid->id);
if (new_sid == NULL) {
status = NT_STATUS_NO_MEMORY;
goto failed;
@@ -326,42 +308,27 @@ NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
bool hwm_entry_exists;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
- NULL, "(&(objectClass=sidMap)(objectSid=%s))",
- ldap_encode_ndr_dom_sid(tmp_ctx, sid));
- if (ret != LDB_SUCCESS) {
- DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
- status = NT_STATUS_NONE_MAPPED;
- goto failed;
- }
-
- if (res->count == 1) {
- new_xid = ldb_msg_find_attr_as_uint(res->msgs[0], "xidNumber",
- -1);
- if (new_xid == (uint32_t) -1) {
- DEBUG(1, ("Invalid xid mapping.\n"));
- status = NT_STATUS_NONE_MAPPED;
- goto failed;
- }
+ if (dom_sid_in_domain(idmap_ctx->unix_users_sid, sid)) {
+ uint32_t rid;
+ DEBUG(6, ("This is a local unix uid, just calculate that.\n"));
+ status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
+ if (!NT_STATUS_IS_OK(status)) goto failed;
*unixid = talloc(mem_ctx, struct unixid);
if (*unixid == NULL) {
status = NT_STATUS_NO_MEMORY;
goto failed;
}
-
- (*unixid)->id = new_xid;
- (*unixid)->type = ID_TYPE_BOTH;
+ (*unixid)->id = rid;
+ (*unixid)->type = ID_TYPE_UID;
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
- DEBUG(6, ("No existing mapping found, attempting to create one.\n"));
-
- if (dom_sid_in_domain(idmap_ctx->unix_users_sid, sid)) {
+ if (dom_sid_in_domain(idmap_ctx->unix_groups_sid, sid)) {
uint32_t rid;
- DEBUG(6, ("This is a local unix uid, just calculate that.\n"));
+ DEBUG(6, ("This is a local unix gid, just calculate that.\n"));
status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
if (!NT_STATUS_IS_OK(status)) goto failed;
@@ -370,30 +337,60 @@ NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
status = NT_STATUS_NO_MEMORY;
goto failed;
}
- (*unixid)->id = rid - 1;
- (*unixid)->type = ID_TYPE_UID;
+ (*unixid)->id = rid;
+ (*unixid)->type = ID_TYPE_GID;
talloc_free(tmp_ctx);
return NT_STATUS_OK;
+ }
+
+ ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
+ NULL, "(&(objectClass=sidMap)(objectSid=%s))",
+ ldap_encode_ndr_dom_sid(tmp_ctx, sid));
+ if (ret != LDB_SUCCESS) {
+ DEBUG(1, ("Search failed: %s\n", ldb_errstring(ldb)));
+ status = NT_STATUS_NONE_MAPPED;
+ goto failed;
}
- if (dom_sid_in_domain(idmap_ctx->unix_groups_sid, sid)) {
- uint32_t rid;
- DEBUG(6, ("This is a local unix gid, just calculate that.\n"));
- status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
- if (!NT_STATUS_IS_OK(status)) goto failed;
+ if (res->count == 1) {
+ const char *type = ldb_msg_find_attr_as_string(res->msgs[0],
+ "type", NULL);
+ new_xid = ldb_msg_find_attr_as_uint(res->msgs[0], "xidNumber",
+ -1);
+ if (new_xid == (uint32_t) -1) {
+ DEBUG(1, ("Invalid xid mapping.\n"));
+ status = NT_STATUS_NONE_MAPPED;
+ goto failed;
+ }
+
+ if (type == NULL) {
+ DEBUG(1, ("Invalid type for mapping entry.\n"));
+ status = NT_STATUS_NONE_MAPPED;
+ goto failed;
+ }
*unixid = talloc(mem_ctx, struct unixid);
if (*unixid == NULL) {
status = NT_STATUS_NO_MEMORY;
goto failed;
}
- (*unixid)->id = rid - 1;
- (*unixid)->type = ID_TYPE_GID;
+
+ (*unixid)->id = new_xid;
+
+ if (strcmp(type, "ID_TYPE_BOTH") == 0) {
+ (*unixid)->type = ID_TYPE_BOTH;
+ } else if (strcmp(type, "ID_TYPE_UID") == 0) {
+ (*unixid)->type = ID_TYPE_UID;
+ } else {
+ (*unixid)->type = ID_TYPE_GID;
+ }
talloc_free(tmp_ctx);
return NT_STATUS_OK;
- }
+ }
+
+ DEBUG(6, ("No existing mapping found, attempting to create one.\n"));
trans = ldb_transaction_start(ldb);
if (trans != LDB_SUCCESS) {
@@ -585,6 +582,12 @@ NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, TALLOC_CTX *mem_ctx,
goto failed;
}
+ ret = ldb_msg_add_string(map_msg, "type", "ID_TYPE_BOTH");
+ if (ret != LDB_SUCCESS) {
+ status = NT_STATUS_NONE_MAPPED;
+ goto failed;
+ }
+
ret = ldb_msg_add_string(map_msg, "cn", sid_string);
if (ret != LDB_SUCCESS) {
status = NT_STATUS_NONE_MAPPED;
diff --git a/source4/winbind/idmap.h b/source4/winbind/idmap.h
index 045d50c568..6eae92cc68 100644
--- a/source4/winbind/idmap.h
+++ b/source4/winbind/idmap.h
@@ -22,6 +22,8 @@
#ifndef _IDMAP_H_
#define _IDMAP_H_
+#include "librpc/gen_ndr/winbind.h"
+
struct idmap_context {
struct loadparm_context *lp_ctx;
struct ldb_context *ldb_ctx;
@@ -29,24 +31,6 @@ struct idmap_context {
struct dom_sid *unix_users_sid;
};
-enum id_type {
- ID_TYPE_NOT_SPECIFIED = 0,
- ID_TYPE_UID,
- ID_TYPE_GID,
- ID_TYPE_BOTH
-};
-
-struct unixid {
- uint32_t id;
- enum id_type type;
-};
-
-struct id_mapping {
- struct unixid *unixid;
- struct dom_sid *sid;
- NTSTATUS status;
-};
-
#include "winbind/idmap_proto.h"
#endif
diff --git a/source4/winbind/wb_irpc.c b/source4/winbind/wb_irpc.c
index 5d7f7fd7a6..0535045adb 100644
--- a/source4/winbind/wb_irpc.c
+++ b/source4/winbind/wb_irpc.c
@@ -22,6 +22,7 @@
#include "winbind/wb_server.h"
#include "lib/messaging/irpc.h"
#include "libcli/composite/composite.h"
+#include "libcli/security/proto.h"
#include "librpc/gen_ndr/ndr_winbind.h"
#include "smbd/service_task.h"
@@ -71,6 +72,71 @@ static void wb_irpc_SamLogon_callback(struct composite_context *ctx)
irpc_send_reply(s->msg, status);
}
+struct wb_irpc_get_idmap_state {
+ struct irpc_message *msg;
+ struct winbind_get_idmap *req;
+ int level;
+};
+
+static void wb_irpc_get_idmap_callback(struct composite_context *ctx);
+
+static NTSTATUS wb_irpc_get_idmap(struct irpc_message *msg,
+ struct winbind_get_idmap *req)
+{
+ struct wbsrv_service *service = talloc_get_type(msg->private,
+ struct wbsrv_service);
+ struct wb_irpc_get_idmap_state *s;
+ struct composite_context *ctx;
+
+ DEBUG(5, ("wb_irpc_get_idmap called\n"));
+
+ s = talloc(msg, struct wb_irpc_get_idmap_state);
+ NT_STATUS_HAVE_NO_MEMORY(s);
+
+ s->msg = msg;
+ s->req = req;
+ s->level = req->in.level;
+
+ switch(s->level) {
+ case WINBIND_IDMAP_LEVEL_SIDS_TO_XIDS:
+ ctx = wb_sids2xids_send(msg, service, req->in.count,
+ req->in.ids);
+ break;
+ case WINBIND_IDMAP_LEVEL_XIDS_TO_SIDS:
+ ctx = wb_xids2sids_send(msg, service, req->in.count,
+ req->in.ids);
+ break;
+ }
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ composite_continue(ctx, ctx, wb_irpc_get_idmap_callback, s);
+ msg->defer_reply = true;
+
+ return NT_STATUS_OK;
+}
+
+static void wb_irpc_get_idmap_callback(struct composite_context *ctx)
+{
+ struct wb_irpc_get_idmap_state *s;
+ NTSTATUS status;
+
+ DEBUG(5, ("wb_irpc_get_idmap_callback called\n"));
+
+ s = talloc_get_type(ctx->async.private_data,
+ struct wb_irpc_get_idmap_state);
+
+ switch(s->level) {
+ case WINBIND_IDMAP_LEVEL_SIDS_TO_XIDS:
+ status = wb_sids2xids_recv(ctx, &s->req->out.ids);
+ break;
+ case WINBIND_IDMAP_LEVEL_XIDS_TO_SIDS:
+ status = wb_xids2sids_recv(ctx, &s->req->out.ids);
+ break;
+ }
+
+ irpc_send_reply(s->msg, status);
+}
+
NTSTATUS wbsrv_init_irpc(struct wbsrv_service *service)
{
NTSTATUS status;
@@ -81,5 +147,9 @@ NTSTATUS wbsrv_init_irpc(struct wbsrv_service *service)
wb_irpc_SamLogon, service);
NT_STATUS_NOT_OK_RETURN(status);
+ status = IRPC_REGISTER(service->task->msg_ctx, winbind, WINBIND_GET_IDMAP,
+ wb_irpc_get_idmap, service);
+ NT_STATUS_NOT_OK_RETURN(status);
+
return NT_STATUS_OK;
}
diff --git a/source4/winbind/wb_xids2sids.c b/source4/winbind/wb_xids2sids.c
index 843d292c07..1be394d276 100644
--- a/source4/winbind/wb_xids2sids.c
+++ b/source4/winbind/wb_xids2sids.c
@@ -41,7 +41,7 @@ struct composite_context *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
struct composite_context *result;
struct xids2sids_state *state;
- DEBUG(0, ("wb_xids2sids_send called\n"));
+ DEBUG(5, ("wb_xids2sids_send called\n"));
result = composite_create(mem_ctx, service->task->event_ctx);
if (!result) return NULL;
@@ -68,7 +68,7 @@ NTSTATUS wb_xids2sids_recv(struct composite_context *ctx,
{
NTSTATUS status = composite_wait(ctx);
- DEBUG(0, ("wb_xids2sids_recv called.\n"));
+ DEBUG(5, ("wb_xids2sids_recv called.\n"));
if (NT_STATUS_IS_OK(status)) {
struct xids2sids_state *state =