root/source3/winbindd/idmap_rid.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. idmap_rid_initialize
  2. idmap_rid_id_to_sid
  3. idmap_rid_sid_to_id
  4. idmap_rid_unixids_to_sids
  5. idmap_rid_sids_to_unixids
  6. idmap_rid_close
  7. idmap_rid_init

   1 /*
   2  *  idmap_rid: static map between Active Directory/NT RIDs and RFC 2307 accounts
   3  *  Copyright (C) Guenther Deschner, 2004
   4  *  Copyright (C) Sumit Bose, 2004
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20 
  21 #include "includes.h"
  22 #include "winbindd.h"
  23 
  24 #undef DBGC_CLASS
  25 #define DBGC_CLASS DBGC_IDMAP
  26 
  27 struct idmap_rid_context {
  28         const char *domain_name;
  29         uint32_t low_id;
  30         uint32_t high_id;
  31         uint32_t base_rid;
  32 };
  33 
  34 /******************************************************************************
  35   compat params can't be used because of the completely different way
  36   we support multiple domains in the new idmap
  37  *****************************************************************************/
  38 
  39 static NTSTATUS idmap_rid_initialize(struct idmap_domain *dom,
     /* [<][>][^][v][top][bottom][index][help] */
  40                                      const char *params)
  41 {
  42         NTSTATUS ret;
  43         struct idmap_rid_context *ctx;
  44         char *config_option = NULL;
  45         const char *range;
  46         uid_t low_uid = 0;
  47         uid_t high_uid = 0;
  48         gid_t low_gid = 0;
  49         gid_t high_gid = 0;
  50 
  51         if ( (ctx = TALLOC_ZERO_P(dom, struct idmap_rid_context)) == NULL ) {
  52                 DEBUG(0, ("Out of memory!\n"));
  53                 return NT_STATUS_NO_MEMORY;
  54         }
  55 
  56         config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
  57         if ( ! config_option) {
  58                 DEBUG(0, ("Out of memory!\n"));
  59                 ret = NT_STATUS_NO_MEMORY;
  60                 goto failed;
  61         }
  62 
  63         range = lp_parm_const_string(-1, config_option, "range", NULL);
  64         if ( !range ||
  65             (sscanf(range, "%u - %u", &ctx->low_id, &ctx->high_id) != 2) ||
  66             (ctx->low_id > ctx->high_id)) 
  67         {
  68                 ctx->low_id = 0;
  69                 ctx->high_id = 0;
  70         }
  71 
  72         /* lets see if the range is defined by the old idmap uid/idmap gid */
  73         if (!ctx->low_id && !ctx->high_id) {
  74                 if (lp_idmap_uid(&low_uid, &high_uid)) {
  75                         ctx->low_id = low_uid;
  76                         ctx->high_id = high_uid;
  77                 }
  78 
  79                 if (lp_idmap_gid(&low_gid, &high_gid)) {
  80                         if ((ctx->low_id != low_gid) ||
  81                             (ctx->high_id != high_uid)) {
  82                                 DEBUG(1, ("ERROR: idmap uid range must match idmap gid range\n"));
  83                                 ret = NT_STATUS_UNSUCCESSFUL;
  84                                 goto failed;
  85                         }
  86                 }
  87         }
  88 
  89         if (!ctx->low_id || !ctx->high_id) {
  90                 DEBUG(1, ("ERROR: Invalid configuration, ID range missing or invalid\n"));
  91                 ret = NT_STATUS_UNSUCCESSFUL;
  92                 goto failed;
  93         }
  94 
  95         ctx->base_rid = lp_parm_int(-1, config_option, "base_rid", 0);
  96         ctx->domain_name = talloc_strdup( ctx, dom->name );
  97         
  98         dom->private_data = ctx;
  99 
 100         talloc_free(config_option);
 101         return NT_STATUS_OK;
 102 
 103 failed:
 104         talloc_free(ctx);
 105         return ret;
 106 }
 107 
 108 static NTSTATUS idmap_rid_id_to_sid(TALLOC_CTX *memctx, struct idmap_rid_context *ctx, struct id_map *map)
     /* [<][>][^][v][top][bottom][index][help] */
 109 {
 110         struct winbindd_domain *domain; 
 111 
 112         /* apply filters before checking */
 113         if ((map->xid.id < ctx->low_id) || (map->xid.id > ctx->high_id)) {
 114                 DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
 115                                 map->xid.id, ctx->low_id, ctx->high_id));
 116                 return NT_STATUS_NONE_MAPPED;
 117         }
 118 
 119         if ( (domain = find_domain_from_name_noinit(ctx->domain_name)) == NULL ) {
 120                 return NT_STATUS_NO_SUCH_DOMAIN;
 121         }
 122         
 123         sid_compose(map->sid, &domain->sid, map->xid.id - ctx->low_id + ctx->base_rid);
 124 
 125         /* We **really** should have some way of validating 
 126            the SID exists and is the correct type here.  But 
 127            that is a deficiency in the idmap_rid design. */
 128 
 129         map->status = ID_MAPPED;
 130 
 131         return NT_STATUS_OK;
 132 }
 133 
 134 /**********************************
 135  Single sid to id lookup function. 
 136 **********************************/
 137 
 138 static NTSTATUS idmap_rid_sid_to_id(TALLOC_CTX *memctx, struct idmap_rid_context *ctx, struct id_map *map)
     /* [<][>][^][v][top][bottom][index][help] */
 139 {
 140         uint32_t rid;
 141 
 142         sid_peek_rid(map->sid, &rid);
 143         map->xid.id = rid - ctx->base_rid + ctx->low_id;
 144 
 145         /* apply filters before returning result */
 146 
 147         if ((map->xid.id < ctx->low_id) || (map->xid.id > ctx->high_id)) {
 148                 DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
 149                                 map->xid.id, ctx->low_id, ctx->high_id));
 150                 map->status = ID_UNMAPPED;
 151                 return NT_STATUS_NONE_MAPPED;
 152         }
 153 
 154         /* We **really** should have some way of validating 
 155            the SID exists and is the correct type here.  But 
 156            that is a deficiency in the idmap_rid design. */
 157 
 158         map->status = ID_MAPPED;
 159 
 160         return NT_STATUS_OK;
 161 }
 162 
 163 /**********************************
 164  lookup a set of unix ids. 
 165 **********************************/
 166 
 167 static NTSTATUS idmap_rid_unixids_to_sids(struct idmap_domain *dom, struct id_map **ids)
     /* [<][>][^][v][top][bottom][index][help] */
 168 {
 169         struct idmap_rid_context *ridctx;
 170         TALLOC_CTX *ctx;
 171         NTSTATUS ret;
 172         int i;
 173 
 174         /* initialize the status to avoid suprise */
 175         for (i = 0; ids[i]; i++) {
 176                 ids[i]->status = ID_UNKNOWN;
 177         }
 178         
 179         ridctx = talloc_get_type(dom->private_data, struct idmap_rid_context);
 180 
 181         ctx = talloc_new(dom);
 182         if ( ! ctx) {
 183                 DEBUG(0, ("Out of memory!\n"));
 184                 return NT_STATUS_NO_MEMORY;
 185         }
 186 
 187         for (i = 0; ids[i]; i++) {
 188 
 189                 ret = idmap_rid_id_to_sid(ctx, ridctx, ids[i]);
 190 
 191                 if (( ! NT_STATUS_IS_OK(ret)) &&
 192                     ( ! NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED))) {
 193                         /* some fatal error occurred, log it */
 194                         DEBUG(3, ("Unexpected error resolving an ID (%d)\n", ids[i]->xid.id));
 195                 }
 196         }
 197 
 198         talloc_free(ctx);
 199         return NT_STATUS_OK;
 200 }
 201 
 202 /**********************************
 203  lookup a set of sids. 
 204 **********************************/
 205 
 206 static NTSTATUS idmap_rid_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids)
     /* [<][>][^][v][top][bottom][index][help] */
 207 {
 208         struct idmap_rid_context *ridctx;
 209         TALLOC_CTX *ctx;
 210         NTSTATUS ret;
 211         int i;
 212 
 213         /* initialize the status to avoid suprise */
 214         for (i = 0; ids[i]; i++) {
 215                 ids[i]->status = ID_UNKNOWN;
 216         }
 217         
 218         ridctx = talloc_get_type(dom->private_data, struct idmap_rid_context);
 219 
 220         ctx = talloc_new(dom);
 221         if ( ! ctx) {
 222                 DEBUG(0, ("Out of memory!\n"));
 223                 return NT_STATUS_NO_MEMORY;
 224         }
 225 
 226         for (i = 0; ids[i]; i++) {
 227 
 228                 ret = idmap_rid_sid_to_id(ctx, ridctx, ids[i]);
 229 
 230                 if (( ! NT_STATUS_IS_OK(ret)) &&
 231                     ( ! NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED))) {
 232                         /* some fatal error occurred, log it */
 233                         DEBUG(3, ("Unexpected error resolving a SID (%s)\n",
 234                                   sid_string_dbg(ids[i]->sid)));
 235                 }
 236         }
 237 
 238         talloc_free(ctx);
 239         return NT_STATUS_OK;
 240 }
 241 
 242 static NTSTATUS idmap_rid_close(struct idmap_domain *dom)
     /* [<][>][^][v][top][bottom][index][help] */
 243 {
 244         if (dom->private_data) {
 245                 TALLOC_FREE(dom->private_data);
 246         }
 247         return NT_STATUS_OK;
 248 }
 249 
 250 static struct idmap_methods rid_methods = {
 251         .init = idmap_rid_initialize,
 252         .unixids_to_sids = idmap_rid_unixids_to_sids,
 253         .sids_to_unixids = idmap_rid_sids_to_unixids,
 254         .close_fn = idmap_rid_close
 255 };
 256 
 257 NTSTATUS idmap_rid_init(void)
     /* [<][>][^][v][top][bottom][index][help] */
 258 {
 259         return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "rid", &rid_methods);
 260 }
 261 

/* [<][>][^][v][top][bottom][index][help] */