/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- convert_fn
- idmap_tdb_upgrade
- idmap_tdb_load_ranges
- idmap_tdb_open_db
- idmap_tdb_alloc_init
- idmap_tdb_allocate_id
- idmap_tdb_get_hwm
- idmap_tdb_set_hwm
- idmap_tdb_alloc_close
- idmap_tdb_db_init
- idmap_tdb_id_to_sid
- idmap_tdb_sid_to_id
- idmap_tdb_unixids_to_sids
- idmap_tdb_sids_to_unixids
- idmap_tdb_set_mapping
- idmap_tdb_remove_mapping
- idmap_tdb_close
- idmap_tdb_dump_one_entry
- idmap_tdb_dump_data
- idmap_alloc_tdb_init
- idmap_tdb_init
1 /*
2 Unix SMB/CIFS implementation.
3
4 idmap TDB backend
5
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
8 Copyright (C) Jeremy Allison 2006
9 Copyright (C) Simo Sorce 2003-2006
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "winbindd.h"
27
28 #undef DBGC_CLASS
29 #define DBGC_CLASS DBGC_IDMAP
30
31 /* idmap version determines auto-conversion - this is the database
32 structure version specifier. */
33
34 #define IDMAP_VERSION 2
35
36 /* High water mark keys */
37 #define HWM_GROUP "GROUP HWM"
38 #define HWM_USER "USER HWM"
39
40 static struct idmap_tdb_state {
41
42 /* User and group id pool */
43 uid_t low_uid, high_uid; /* Range of uids to allocate */
44 gid_t low_gid, high_gid; /* Range of gids to allocate */
45
46 } idmap_tdb_state;
47
48 struct convert_fn_state {
49 struct db_context *db;
50 bool failed;
51 };
52
53 /*****************************************************************************
54 For idmap conversion: convert one record to new format
55 Ancient versions (eg 2.2.3a) of winbindd_idmap.tdb mapped DOMAINNAME/rid
56 instead of the SID.
57 *****************************************************************************/
58 static int convert_fn(struct db_record *rec, void *private_data)
/* [<][>][^][v][top][bottom][index][help] */
59 {
60 struct winbindd_domain *domain;
61 char *p;
62 NTSTATUS status;
63 DOM_SID sid;
64 uint32 rid;
65 fstring keystr;
66 fstring dom_name;
67 TDB_DATA key2;
68 struct convert_fn_state *s = (struct convert_fn_state *)private_data;
69
70 DEBUG(10,("Converting %s\n", (const char *)rec->key.dptr));
71
72 p = strchr((const char *)rec->key.dptr, '/');
73 if (!p)
74 return 0;
75
76 *p = 0;
77 fstrcpy(dom_name, (const char *)rec->key.dptr);
78 *p++ = '/';
79
80 domain = find_domain_from_name(dom_name);
81 if (domain == NULL) {
82 /* We must delete the old record. */
83 DEBUG(0,("Unable to find domain %s\n", dom_name ));
84 DEBUG(0,("deleting record %s\n", (const char *)rec->key.dptr ));
85
86 status = rec->delete_rec(rec);
87 if (!NT_STATUS_IS_OK(status)) {
88 DEBUG(0, ("Unable to delete record %s:%s\n",
89 (const char *)rec->key.dptr,
90 nt_errstr(status)));
91 s->failed = true;
92 return -1;
93 }
94
95 return 0;
96 }
97
98 rid = atoi(p);
99
100 sid_copy(&sid, &domain->sid);
101 sid_append_rid(&sid, rid);
102
103 sid_to_fstring(keystr, &sid);
104 key2 = string_term_tdb_data(keystr);
105
106 status = dbwrap_store(s->db, key2, rec->value, TDB_INSERT);
107 if (!NT_STATUS_IS_OK(status)) {
108 DEBUG(0,("Unable to add record %s:%s\n",
109 (const char *)key2.dptr,
110 nt_errstr(status)));
111 s->failed = true;
112 return -1;
113 }
114
115 status = dbwrap_store(s->db, rec->value, key2, TDB_REPLACE);
116 if (!NT_STATUS_IS_OK(status)) {
117 DEBUG(0,("Unable to update record %s:%s\n",
118 (const char *)rec->value.dptr,
119 nt_errstr(status)));
120 s->failed = true;
121 return -1;
122 }
123
124 status = rec->delete_rec(rec);
125 if (!NT_STATUS_IS_OK(status)) {
126 DEBUG(0,("Unable to delete record %s:%s\n",
127 (const char *)rec->key.dptr,
128 nt_errstr(status)));
129 s->failed = true;
130 return -1;
131 }
132
133 return 0;
134 }
135
136 /*****************************************************************************
137 Convert the idmap database from an older version.
138 *****************************************************************************/
139
140 static bool idmap_tdb_upgrade(struct db_context *db)
/* [<][>][^][v][top][bottom][index][help] */
141 {
142 int32 vers;
143 bool bigendianheader;
144 struct convert_fn_state s;
145
146 DEBUG(0, ("Upgrading winbindd_idmap.tdb from an old version\n"));
147
148 bigendianheader = (db->get_flags(db) & TDB_BIGENDIAN) ? True : False;
149
150 vers = dbwrap_fetch_int32(db, "IDMAP_VERSION");
151
152 if (((vers == -1) && bigendianheader) || (IREV(vers) == IDMAP_VERSION)) {
153 /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */
154 /*
155 * high and low records were created on a
156 * big endian machine and will need byte-reversing.
157 */
158
159 int32 wm;
160
161 wm = dbwrap_fetch_int32(db, HWM_USER);
162
163 if (wm != -1) {
164 wm = IREV(wm);
165 } else {
166 wm = idmap_tdb_state.low_uid;
167 }
168
169 if (dbwrap_store_int32(db, HWM_USER, wm) == -1) {
170 DEBUG(0, ("Unable to byteswap user hwm in idmap database\n"));
171 return False;
172 }
173
174 wm = dbwrap_fetch_int32(db, HWM_GROUP);
175 if (wm != -1) {
176 wm = IREV(wm);
177 } else {
178 wm = idmap_tdb_state.low_gid;
179 }
180
181 if (dbwrap_store_int32(db, HWM_GROUP, wm) == -1) {
182 DEBUG(0, ("Unable to byteswap group hwm in idmap database\n"));
183 return False;
184 }
185 }
186
187 s.db = db;
188 s.failed = false;
189
190 /* the old format stored as DOMAIN/rid - now we store the SID direct */
191 db->traverse(db, convert_fn, &s);
192
193 if (s.failed) {
194 DEBUG(0, ("Problem during conversion\n"));
195 return False;
196 }
197
198 if (dbwrap_store_int32(db, "IDMAP_VERSION", IDMAP_VERSION) == -1) {
199 DEBUG(0, ("Unable to dtore idmap version in databse\n"));
200 return False;
201 }
202
203 return True;
204 }
205
206 static NTSTATUS idmap_tdb_load_ranges(void)
/* [<][>][^][v][top][bottom][index][help] */
207 {
208 uid_t low_uid = 0;
209 uid_t high_uid = 0;
210 gid_t low_gid = 0;
211 gid_t high_gid = 0;
212
213 if (!lp_idmap_uid(&low_uid, &high_uid)) {
214 DEBUG(1, ("idmap uid missing\n"));
215 return NT_STATUS_UNSUCCESSFUL;
216 }
217
218 if (!lp_idmap_gid(&low_gid, &high_gid)) {
219 DEBUG(1, ("idmap gid missing\n"));
220 return NT_STATUS_UNSUCCESSFUL;
221 }
222
223 idmap_tdb_state.low_uid = low_uid;
224 idmap_tdb_state.high_uid = high_uid;
225 idmap_tdb_state.low_gid = low_gid;
226 idmap_tdb_state.high_gid = high_gid;
227
228 if (idmap_tdb_state.high_uid <= idmap_tdb_state.low_uid) {
229 DEBUG(1, ("idmap uid range missing or invalid\n"));
230 return NT_STATUS_UNSUCCESSFUL;
231 }
232
233 if (idmap_tdb_state.high_gid <= idmap_tdb_state.low_gid) {
234 DEBUG(1, ("idmap gid range missing or invalid\n"));
235 return NT_STATUS_UNSUCCESSFUL;
236 }
237
238 return NT_STATUS_OK;
239 }
240
241 static NTSTATUS idmap_tdb_open_db(TALLOC_CTX *memctx,
/* [<][>][^][v][top][bottom][index][help] */
242 bool check_config,
243 struct db_context **dbctx)
244 {
245 NTSTATUS ret;
246 TALLOC_CTX *ctx;
247 char *tdbfile = NULL;
248 struct db_context *db = NULL;
249 int32_t version;
250 bool config_error = false;
251
252 ret = idmap_tdb_load_ranges();
253 if (!NT_STATUS_IS_OK(ret)) {
254 config_error = true;
255 if (check_config) {
256 return ret;
257 }
258 }
259
260 /* use our own context here */
261 ctx = talloc_stackframe();
262
263 /* use the old database if present */
264 tdbfile = state_path("winbindd_idmap.tdb");
265 if (!tdbfile) {
266 DEBUG(0, ("Out of memory!\n"));
267 ret = NT_STATUS_NO_MEMORY;
268 goto done;
269 }
270
271 DEBUG(10,("Opening tdbfile %s\n", tdbfile ));
272
273 /* Open idmap repository */
274 db = db_open(ctx, tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0644);
275 if (!db) {
276 DEBUG(0, ("Unable to open idmap database\n"));
277 ret = NT_STATUS_UNSUCCESSFUL;
278 goto done;
279 }
280
281 /* check against earlier versions */
282 version = dbwrap_fetch_int32(db, "IDMAP_VERSION");
283 if (version != IDMAP_VERSION) {
284 if (config_error) {
285 DEBUG(0,("Upgrade of IDMAP_VERSION from %d to %d is not "
286 "possible with incomplete configuration\n",
287 version, IDMAP_VERSION));
288 ret = NT_STATUS_UNSUCCESSFUL;
289 goto done;
290 }
291 if (db->transaction_start(db) != 0) {
292 DEBUG(0, ("Unable to start upgrade transaction!\n"));
293 ret = NT_STATUS_INTERNAL_DB_ERROR;
294 goto done;
295 }
296
297 if (!idmap_tdb_upgrade(db)) {
298 db->transaction_cancel(db);
299 DEBUG(0, ("Unable to open idmap database, it's in an old formati, and upgrade failed!\n"));
300 ret = NT_STATUS_INTERNAL_DB_ERROR;
301 goto done;
302 }
303
304 if (db->transaction_commit(db) != 0) {
305 DEBUG(0, ("Unable to commit upgrade transaction!\n"));
306 ret = NT_STATUS_INTERNAL_DB_ERROR;
307 goto done;
308 }
309 }
310
311 *dbctx = talloc_move(memctx, &db);
312 ret = NT_STATUS_OK;
313
314 done:
315 talloc_free(ctx);
316 return ret;
317 }
318
319 /**********************************************************************
320 IDMAP ALLOC TDB BACKEND
321 **********************************************************************/
322
323 static struct db_context *idmap_alloc_db;
324
325 /**********************************
326 Initialise idmap alloc database.
327 **********************************/
328
329 static NTSTATUS idmap_tdb_alloc_init( const char *params )
/* [<][>][^][v][top][bottom][index][help] */
330 {
331 int ret;
332 NTSTATUS status;
333 uint32_t low_uid;
334 uint32_t low_gid;
335 bool update_uid = false;
336 bool update_gid = false;
337
338 status = idmap_tdb_open_db(NULL, true, &idmap_alloc_db);
339 if (!NT_STATUS_IS_OK(status)) {
340 DEBUG(0, ("idmap will be unable to map foreign SIDs: %s\n",
341 nt_errstr(status)));
342 return status;
343 }
344
345 low_uid = dbwrap_fetch_int32(idmap_alloc_db, HWM_USER);
346 if (low_uid == -1 || low_uid < idmap_tdb_state.low_uid) {
347 update_uid = true;
348 }
349
350 low_gid = dbwrap_fetch_int32(idmap_alloc_db, HWM_GROUP);
351 if (low_gid == -1 || low_gid < idmap_tdb_state.low_gid) {
352 update_gid = true;
353 }
354
355 if (!update_uid && !update_gid) {
356 return NT_STATUS_OK;
357 }
358
359 if (idmap_alloc_db->transaction_start(idmap_alloc_db) != 0) {
360 TALLOC_FREE(idmap_alloc_db);
361 DEBUG(0, ("Unable to start upgrade transaction!\n"));
362 return NT_STATUS_INTERNAL_DB_ERROR;
363 }
364
365 if (update_uid) {
366 ret = dbwrap_store_int32(idmap_alloc_db, HWM_USER,
367 idmap_tdb_state.low_uid);
368 if (ret == -1) {
369 idmap_alloc_db->transaction_cancel(idmap_alloc_db);
370 TALLOC_FREE(idmap_alloc_db);
371 DEBUG(0, ("Unable to initialise user hwm in idmap "
372 "database\n"));
373 return NT_STATUS_INTERNAL_DB_ERROR;
374 }
375 }
376
377 if (update_gid) {
378 ret = dbwrap_store_int32(idmap_alloc_db, HWM_GROUP,
379 idmap_tdb_state.low_gid);
380 if (ret == -1) {
381 idmap_alloc_db->transaction_cancel(idmap_alloc_db);
382 TALLOC_FREE(idmap_alloc_db);
383 DEBUG(0, ("Unable to initialise group hwm in idmap "
384 "database\n"));
385 return NT_STATUS_INTERNAL_DB_ERROR;
386 }
387 }
388
389 if (idmap_alloc_db->transaction_commit(idmap_alloc_db) != 0) {
390 TALLOC_FREE(idmap_alloc_db);
391 DEBUG(0, ("Unable to commit upgrade transaction!\n"));
392 return NT_STATUS_INTERNAL_DB_ERROR;
393 }
394
395 return NT_STATUS_OK;
396 }
397
398 /**********************************
399 Allocate a new id.
400 **********************************/
401
402 static NTSTATUS idmap_tdb_allocate_id(struct unixid *xid)
/* [<][>][^][v][top][bottom][index][help] */
403 {
404 bool ret;
405 const char *hwmkey;
406 const char *hwmtype;
407 uint32_t high_hwm;
408 uint32_t hwm;
409 int res;
410
411 /* Get current high water mark */
412 switch (xid->type) {
413
414 case ID_TYPE_UID:
415 hwmkey = HWM_USER;
416 hwmtype = "UID";
417 high_hwm = idmap_tdb_state.high_uid;
418 break;
419
420 case ID_TYPE_GID:
421 hwmkey = HWM_GROUP;
422 hwmtype = "GID";
423 high_hwm = idmap_tdb_state.high_gid;
424 break;
425
426 default:
427 DEBUG(2, ("Invalid ID type (0x%x)\n", xid->type));
428 return NT_STATUS_INVALID_PARAMETER;
429 }
430
431 res = idmap_alloc_db->transaction_start(idmap_alloc_db);
432 if (res != 0) {
433 DEBUG(1, (__location__ " Failed to start transaction.\n"));
434 return NT_STATUS_UNSUCCESSFUL;
435 }
436
437 if ((hwm = dbwrap_fetch_int32(idmap_alloc_db, hwmkey)) == -1) {
438 idmap_alloc_db->transaction_cancel(idmap_alloc_db);
439 return NT_STATUS_INTERNAL_DB_ERROR;
440 }
441
442 /* check it is in the range */
443 if (hwm > high_hwm) {
444 DEBUG(1, ("Fatal Error: %s range full!! (max: %lu)\n",
445 hwmtype, (unsigned long)high_hwm));
446 idmap_alloc_db->transaction_cancel(idmap_alloc_db);
447 return NT_STATUS_UNSUCCESSFUL;
448 }
449
450 /* fetch a new id and increment it */
451 ret = dbwrap_change_uint32_atomic(idmap_alloc_db, hwmkey, &hwm, 1);
452 if (ret != 0) {
453 DEBUG(0, ("Fatal error while fetching a new %s value\n!", hwmtype));
454 idmap_alloc_db->transaction_cancel(idmap_alloc_db);
455 return NT_STATUS_UNSUCCESSFUL;
456 }
457
458 /* recheck it is in the range */
459 if (hwm > high_hwm) {
460 DEBUG(1, ("Fatal Error: %s range full!! (max: %lu)\n",
461 hwmtype, (unsigned long)high_hwm));
462 idmap_alloc_db->transaction_cancel(idmap_alloc_db);
463 return NT_STATUS_UNSUCCESSFUL;
464 }
465
466 res = idmap_alloc_db->transaction_commit(idmap_alloc_db);
467 if (res != 0) {
468 DEBUG(1, (__location__ " Failed to commit transaction.\n"));
469 return NT_STATUS_UNSUCCESSFUL;
470 }
471
472 xid->id = hwm;
473 DEBUG(10,("New %s = %d\n", hwmtype, hwm));
474
475 return NT_STATUS_OK;
476 }
477
478 /**********************************
479 Get current highest id.
480 **********************************/
481
482 static NTSTATUS idmap_tdb_get_hwm(struct unixid *xid)
/* [<][>][^][v][top][bottom][index][help] */
483 {
484 const char *hwmkey;
485 const char *hwmtype;
486 uint32_t hwm;
487 uint32_t high_hwm;
488
489 /* Get current high water mark */
490 switch (xid->type) {
491
492 case ID_TYPE_UID:
493 hwmkey = HWM_USER;
494 hwmtype = "UID";
495 high_hwm = idmap_tdb_state.high_uid;
496 break;
497
498 case ID_TYPE_GID:
499 hwmkey = HWM_GROUP;
500 hwmtype = "GID";
501 high_hwm = idmap_tdb_state.high_gid;
502 break;
503
504 default:
505 return NT_STATUS_INVALID_PARAMETER;
506 }
507
508 if ((hwm = dbwrap_fetch_int32(idmap_alloc_db, hwmkey)) == -1) {
509 return NT_STATUS_INTERNAL_DB_ERROR;
510 }
511
512 xid->id = hwm;
513
514 /* Warn if it is out of range */
515 if (hwm >= high_hwm) {
516 DEBUG(0, ("Warning: %s range full!! (max: %lu)\n",
517 hwmtype, (unsigned long)high_hwm));
518 }
519
520 return NT_STATUS_OK;
521 }
522
523 /**********************************
524 Set high id.
525 **********************************/
526
527 static NTSTATUS idmap_tdb_set_hwm(struct unixid *xid)
/* [<][>][^][v][top][bottom][index][help] */
528 {
529 const char *hwmkey;
530 const char *hwmtype;
531 uint32_t hwm;
532 uint32_t high_hwm;
533
534 /* Get current high water mark */
535 switch (xid->type) {
536
537 case ID_TYPE_UID:
538 hwmkey = HWM_USER;
539 hwmtype = "UID";
540 high_hwm = idmap_tdb_state.high_uid;
541 break;
542
543 case ID_TYPE_GID:
544 hwmkey = HWM_GROUP;
545 hwmtype = "GID";
546 high_hwm = idmap_tdb_state.high_gid;
547 break;
548
549 default:
550 return NT_STATUS_INVALID_PARAMETER;
551 }
552
553 hwm = xid->id;
554
555 if ((hwm = dbwrap_store_uint32(idmap_alloc_db, hwmkey, hwm)) == -1) {
556 return NT_STATUS_INTERNAL_DB_ERROR;
557 }
558
559 /* Warn if it is out of range */
560 if (hwm >= high_hwm) {
561 DEBUG(0, ("Warning: %s range full!! (max: %lu)\n",
562 hwmtype, (unsigned long)high_hwm));
563 }
564
565 return NT_STATUS_OK;
566 }
567
568 /**********************************
569 Close the alloc tdb
570 **********************************/
571
572 static NTSTATUS idmap_tdb_alloc_close(void)
/* [<][>][^][v][top][bottom][index][help] */
573 {
574 TALLOC_FREE(idmap_alloc_db);
575 return NT_STATUS_OK;
576 }
577
578 /**********************************************************************
579 IDMAP MAPPING TDB BACKEND
580 **********************************************************************/
581
582 struct idmap_tdb_context {
583 struct db_context *db;
584 uint32_t filter_low_id;
585 uint32_t filter_high_id;
586 };
587
588 /*****************************
589 Initialise idmap database.
590 *****************************/
591
592 static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom, const char *params)
/* [<][>][^][v][top][bottom][index][help] */
593 {
594 NTSTATUS ret;
595 struct idmap_tdb_context *ctx;
596
597 ctx = talloc(dom, struct idmap_tdb_context);
598 if ( ! ctx) {
599 DEBUG(0, ("Out of memory!\n"));
600 return NT_STATUS_NO_MEMORY;
601 }
602
603 if (strequal(dom->name, "*")) {
604 uid_t low_uid = 0;
605 uid_t high_uid = 0;
606 gid_t low_gid = 0;
607 gid_t high_gid = 0;
608
609 ctx->filter_low_id = 0;
610 ctx->filter_high_id = 0;
611
612 if (lp_idmap_uid(&low_uid, &high_uid)) {
613 ctx->filter_low_id = low_uid;
614 ctx->filter_high_id = high_uid;
615 } else {
616 DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
617 }
618
619 if (lp_idmap_gid(&low_gid, &high_gid)) {
620 if ((low_gid != low_uid) || (high_gid != high_uid)) {
621 DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
622 " ranges do not agree -- building "
623 "intersection\n"));
624 ctx->filter_low_id = MAX(ctx->filter_low_id,
625 low_gid);
626 ctx->filter_high_id = MIN(ctx->filter_high_id,
627 high_gid);
628 }
629 } else {
630 DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
631 }
632 } else {
633 char *config_option = NULL;
634 const char *range;
635
636 config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
637 if ( ! config_option) {
638 DEBUG(0, ("Out of memory!\n"));
639 ret = NT_STATUS_NO_MEMORY;
640 goto failed;
641 }
642
643 range = lp_parm_const_string(-1, config_option, "range", NULL);
644 if (( ! range) ||
645 (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2))
646 {
647 ctx->filter_low_id = 0;
648 ctx->filter_high_id = 0;
649 }
650
651 talloc_free(config_option);
652 }
653
654 if (ctx->filter_low_id > ctx->filter_high_id) {
655 ctx->filter_low_id = 0;
656 ctx->filter_high_id = 0;
657 }
658
659 DEBUG(10, ("idmap_tdb_db_init: filter range %u-%u loaded for domain "
660 "'%s'\n", ctx->filter_low_id, ctx->filter_high_id, dom->name));
661
662 ret = idmap_tdb_open_db(ctx, false, &ctx->db);
663 if ( ! NT_STATUS_IS_OK(ret)) {
664 goto failed;
665 }
666
667 dom->private_data = ctx;
668
669 return NT_STATUS_OK;
670
671 failed:
672 talloc_free(ctx);
673 return ret;
674 }
675
676 /**********************************
677 Single id to sid lookup function.
678 **********************************/
679
680 static NTSTATUS idmap_tdb_id_to_sid(struct idmap_tdb_context *ctx, struct id_map *map)
/* [<][>][^][v][top][bottom][index][help] */
681 {
682 NTSTATUS ret;
683 TDB_DATA data;
684 char *keystr;
685
686 if (!ctx || !map) {
687 return NT_STATUS_INVALID_PARAMETER;
688 }
689
690 /* apply filters before checking */
691 if ((ctx->filter_low_id && (map->xid.id < ctx->filter_low_id)) ||
692 (ctx->filter_high_id && (map->xid.id > ctx->filter_high_id))) {
693 DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
694 map->xid.id, ctx->filter_low_id, ctx->filter_high_id));
695 return NT_STATUS_NONE_MAPPED;
696 }
697
698 switch (map->xid.type) {
699
700 case ID_TYPE_UID:
701 keystr = talloc_asprintf(ctx, "UID %lu", (unsigned long)map->xid.id);
702 break;
703
704 case ID_TYPE_GID:
705 keystr = talloc_asprintf(ctx, "GID %lu", (unsigned long)map->xid.id);
706 break;
707
708 default:
709 DEBUG(2, ("INVALID unix ID type: 0x02%x\n", map->xid.type));
710 return NT_STATUS_INVALID_PARAMETER;
711 }
712
713 /* final SAFE_FREE safe */
714 data.dptr = NULL;
715
716 if (keystr == NULL) {
717 DEBUG(0, ("Out of memory!\n"));
718 ret = NT_STATUS_NO_MEMORY;
719 goto done;
720 }
721
722 DEBUG(10,("Fetching record %s\n", keystr));
723
724 /* Check if the mapping exists */
725 data = dbwrap_fetch_bystring(ctx->db, NULL, keystr);
726
727 if (!data.dptr) {
728 DEBUG(10,("Record %s not found\n", keystr));
729 ret = NT_STATUS_NONE_MAPPED;
730 goto done;
731 }
732
733 if (!string_to_sid(map->sid, (const char *)data.dptr)) {
734 DEBUG(10,("INVALID SID (%s) in record %s\n",
735 (const char *)data.dptr, keystr));
736 ret = NT_STATUS_INTERNAL_DB_ERROR;
737 goto done;
738 }
739
740 DEBUG(10,("Found record %s -> %s\n", keystr, (const char *)data.dptr));
741 ret = NT_STATUS_OK;
742
743 done:
744 talloc_free(data.dptr);
745 talloc_free(keystr);
746 return ret;
747 }
748
749 /**********************************
750 Single sid to id lookup function.
751 **********************************/
752
753 static NTSTATUS idmap_tdb_sid_to_id(struct idmap_tdb_context *ctx, struct id_map *map)
/* [<][>][^][v][top][bottom][index][help] */
754 {
755 NTSTATUS ret;
756 TDB_DATA data;
757 char *keystr;
758 unsigned long rec_id = 0;
759 TALLOC_CTX *tmp_ctx = talloc_stackframe();
760
761 keystr = sid_string_talloc(tmp_ctx, map->sid);
762 if (keystr == NULL) {
763 DEBUG(0, ("Out of memory!\n"));
764 ret = NT_STATUS_NO_MEMORY;
765 goto done;
766 }
767
768 DEBUG(10,("Fetching record %s\n", keystr));
769
770 /* Check if sid is present in database */
771 data = dbwrap_fetch_bystring(ctx->db, tmp_ctx, keystr);
772 if (!data.dptr) {
773 DEBUG(10,("Record %s not found\n", keystr));
774 ret = NT_STATUS_NONE_MAPPED;
775 goto done;
776 }
777
778 /* What type of record is this ? */
779 if (sscanf((const char *)data.dptr, "UID %lu", &rec_id) == 1) { /* Try a UID record. */
780 map->xid.id = rec_id;
781 map->xid.type = ID_TYPE_UID;
782 DEBUG(10,("Found uid record %s -> %s \n", keystr, (const char *)data.dptr ));
783 ret = NT_STATUS_OK;
784
785 } else if (sscanf((const char *)data.dptr, "GID %lu", &rec_id) == 1) { /* Try a GID record. */
786 map->xid.id = rec_id;
787 map->xid.type = ID_TYPE_GID;
788 DEBUG(10,("Found gid record %s -> %s \n", keystr, (const char *)data.dptr ));
789 ret = NT_STATUS_OK;
790
791 } else { /* Unknown record type ! */
792 DEBUG(2, ("Found INVALID record %s -> %s\n", keystr, (const char *)data.dptr));
793 ret = NT_STATUS_INTERNAL_DB_ERROR;
794 }
795
796 /* apply filters before returning result */
797 if ((ctx->filter_low_id && (map->xid.id < ctx->filter_low_id)) ||
798 (ctx->filter_high_id && (map->xid.id > ctx->filter_high_id))) {
799 DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
800 map->xid.id, ctx->filter_low_id, ctx->filter_high_id));
801 ret = NT_STATUS_NONE_MAPPED;
802 }
803
804 done:
805 talloc_free(tmp_ctx);
806 return ret;
807 }
808
809 /**********************************
810 lookup a set of unix ids.
811 **********************************/
812
813 static NTSTATUS idmap_tdb_unixids_to_sids(struct idmap_domain *dom, struct id_map **ids)
/* [<][>][^][v][top][bottom][index][help] */
814 {
815 struct idmap_tdb_context *ctx;
816 NTSTATUS ret;
817 int i;
818
819 /* initialize the status to avoid suprise */
820 for (i = 0; ids[i]; i++) {
821 ids[i]->status = ID_UNKNOWN;
822 }
823
824 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
825
826 for (i = 0; ids[i]; i++) {
827 ret = idmap_tdb_id_to_sid(ctx, ids[i]);
828 if ( ! NT_STATUS_IS_OK(ret)) {
829
830 /* if it is just a failed mapping continue */
831 if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
832
833 /* make sure it is marked as unmapped */
834 ids[i]->status = ID_UNMAPPED;
835 continue;
836 }
837
838 /* some fatal error occurred, return immediately */
839 goto done;
840 }
841
842 /* all ok, id is mapped */
843 ids[i]->status = ID_MAPPED;
844 }
845
846 ret = NT_STATUS_OK;
847
848 done:
849 return ret;
850 }
851
852 /**********************************
853 lookup a set of sids.
854 **********************************/
855
856 static NTSTATUS idmap_tdb_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids)
/* [<][>][^][v][top][bottom][index][help] */
857 {
858 struct idmap_tdb_context *ctx;
859 NTSTATUS ret;
860 int i;
861
862 /* initialize the status to avoid suprise */
863 for (i = 0; ids[i]; i++) {
864 ids[i]->status = ID_UNKNOWN;
865 }
866
867 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
868
869 for (i = 0; ids[i]; i++) {
870 ret = idmap_tdb_sid_to_id(ctx, ids[i]);
871 if ( ! NT_STATUS_IS_OK(ret)) {
872
873 /* if it is just a failed mapping continue */
874 if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
875
876 /* make sure it is marked as unmapped */
877 ids[i]->status = ID_UNMAPPED;
878 continue;
879 }
880
881 /* some fatal error occurred, return immediately */
882 goto done;
883 }
884
885 /* all ok, id is mapped */
886 ids[i]->status = ID_MAPPED;
887 }
888
889 ret = NT_STATUS_OK;
890
891 done:
892 return ret;
893 }
894
895 /**********************************
896 set a mapping.
897 **********************************/
898
899 static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom,
/* [<][>][^][v][top][bottom][index][help] */
900 const struct id_map *map)
901 {
902 struct idmap_tdb_context *ctx;
903 NTSTATUS ret;
904 TDB_DATA ksid, kid;
905 char *ksidstr, *kidstr;
906 fstring tmp;
907
908 if (!map || !map->sid) {
909 return NT_STATUS_INVALID_PARAMETER;
910 }
911
912 ksidstr = kidstr = NULL;
913
914 /* TODO: should we filter a set_mapping using low/high filters ? */
915
916 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
917
918 switch (map->xid.type) {
919
920 case ID_TYPE_UID:
921 kidstr = talloc_asprintf(ctx, "UID %lu",
922 (unsigned long)map->xid.id);
923 break;
924
925 case ID_TYPE_GID:
926 kidstr = talloc_asprintf(ctx, "GID %lu",
927 (unsigned long)map->xid.id);
928 break;
929
930 default:
931 DEBUG(2, ("INVALID unix ID type: 0x02%x\n", map->xid.type));
932 return NT_STATUS_INVALID_PARAMETER;
933 }
934
935 if (kidstr == NULL) {
936 DEBUG(0, ("ERROR: Out of memory!\n"));
937 ret = NT_STATUS_NO_MEMORY;
938 goto done;
939 }
940
941 if ((ksidstr = talloc_asprintf(
942 ctx, "%s", sid_to_fstring(tmp, map->sid))) == NULL) {
943 DEBUG(0, ("Out of memory!\n"));
944 ret = NT_STATUS_NO_MEMORY;
945 goto done;
946 }
947
948 DEBUG(10, ("Storing %s <-> %s map\n", ksidstr, kidstr));
949 kid = string_term_tdb_data(kidstr);
950 ksid = string_term_tdb_data(ksidstr);
951
952 if (ctx->db->transaction_start(ctx->db) != 0) {
953 DEBUG(0, ("Failed to start transaction for %s\n",
954 ksidstr));
955 ret = NT_STATUS_INTERNAL_DB_ERROR;
956 goto done;
957 }
958
959 ret = dbwrap_store(ctx->db, ksid, kid, TDB_REPLACE);
960 if (!NT_STATUS_IS_OK(ret)) {
961 ctx->db->transaction_cancel(ctx->db);
962 DEBUG(0, ("Error storing SID -> ID (%s -> %s): %s\n",
963 ksidstr, kidstr, nt_errstr(ret)));
964 goto done;
965 }
966 ret = dbwrap_store(ctx->db, kid, ksid, TDB_REPLACE);
967 if (!NT_STATUS_IS_OK(ret)) {
968 ctx->db->transaction_cancel(ctx->db);
969 DEBUG(0, ("Error storing ID -> SID (%s -> %s): %s\n",
970 kidstr, ksidstr, nt_errstr(ret)));
971 goto done;
972 }
973
974 if (ctx->db->transaction_commit(ctx->db) != 0) {
975 DEBUG(0, ("Failed to commit transaction for (%s -> %s)\n",
976 ksidstr, kidstr));
977 ret = NT_STATUS_INTERNAL_DB_ERROR;
978 goto done;
979 }
980
981 DEBUG(10,("Stored %s <-> %s\n", ksidstr, kidstr));
982 ret = NT_STATUS_OK;
983
984 done:
985 talloc_free(ksidstr);
986 talloc_free(kidstr);
987 return ret;
988 }
989
990 /**********************************
991 remove a mapping.
992 **********************************/
993
994 static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom,
/* [<][>][^][v][top][bottom][index][help] */
995 const struct id_map *map)
996 {
997 struct idmap_tdb_context *ctx;
998 NTSTATUS ret;
999 TDB_DATA ksid, kid, data;
1000 char *ksidstr, *kidstr;
1001 fstring tmp;
1002
1003 if (!map || !map->sid) {
1004 return NT_STATUS_INVALID_PARAMETER;
1005 }
1006
1007 ksidstr = kidstr = NULL;
1008 data.dptr = NULL;
1009
1010 /* TODO: should we filter a remove_mapping using low/high filters ? */
1011
1012 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
1013
1014 switch (map->xid.type) {
1015
1016 case ID_TYPE_UID:
1017 kidstr = talloc_asprintf(ctx, "UID %lu",
1018 (unsigned long)map->xid.id);
1019 break;
1020
1021 case ID_TYPE_GID:
1022 kidstr = talloc_asprintf(ctx, "GID %lu",
1023 (unsigned long)map->xid.id);
1024 break;
1025
1026 default:
1027 DEBUG(2, ("INVALID unix ID type: 0x02%x\n", map->xid.type));
1028 return NT_STATUS_INVALID_PARAMETER;
1029 }
1030
1031 if (kidstr == NULL) {
1032 DEBUG(0, ("ERROR: Out of memory!\n"));
1033 ret = NT_STATUS_NO_MEMORY;
1034 goto done;
1035 }
1036
1037 if ((ksidstr = talloc_asprintf(
1038 ctx, "%s", sid_to_fstring(tmp, map->sid))) == NULL) {
1039 DEBUG(0, ("Out of memory!\n"));
1040 ret = NT_STATUS_NO_MEMORY;
1041 goto done;
1042 }
1043
1044 DEBUG(10, ("Checking %s <-> %s map\n", ksidstr, kidstr));
1045 ksid = string_term_tdb_data(ksidstr);
1046 kid = string_term_tdb_data(kidstr);
1047
1048 if (ctx->db->transaction_start(ctx->db) != 0) {
1049 DEBUG(0, ("Failed to start transaction for %s\n",
1050 ksidstr));
1051 return NT_STATUS_INTERNAL_DB_ERROR;
1052 }
1053
1054 /* Check if sid is present in database */
1055 data = dbwrap_fetch(ctx->db, NULL, ksid);
1056 if (!data.dptr) {
1057 ctx->db->transaction_cancel(ctx->db);
1058 DEBUG(10,("Record %s not found\n", ksidstr));
1059 ret = NT_STATUS_NONE_MAPPED;
1060 goto done;
1061 }
1062
1063 /* Check if sid is mapped to the specified ID */
1064 if ((data.dsize != kid.dsize) ||
1065 (memcmp(data.dptr, kid.dptr, data.dsize) != 0)) {
1066 ctx->db->transaction_cancel(ctx->db);
1067 DEBUG(10,("Specified SID does not map to specified ID\n"));
1068 DEBUGADD(10,("Actual mapping is %s -> %s\n", ksidstr,
1069 (const char *)data.dptr));
1070 ret = NT_STATUS_NONE_MAPPED;
1071 goto done;
1072 }
1073
1074 DEBUG(10, ("Removing %s <-> %s map\n", ksidstr, kidstr));
1075
1076 /* Delete previous mappings. */
1077
1078 DEBUG(10, ("Deleting existing mapping %s -> %s\n", ksidstr, kidstr ));
1079 ret = dbwrap_delete(ctx->db, ksid);
1080 if (!NT_STATUS_IS_OK(ret)) {
1081 DEBUG(0,("Warning: Failed to delete %s: %s\n",
1082 ksidstr, nt_errstr(ret)));
1083 }
1084
1085 DEBUG(10,("Deleting existing mapping %s -> %s\n", kidstr, ksidstr ));
1086 ret = dbwrap_delete(ctx->db, kid);
1087 if (!NT_STATUS_IS_OK(ret)) {
1088 DEBUG(0,("Warning: Failed to delete %s: %s\n",
1089 kidstr, nt_errstr(ret)));
1090 }
1091
1092 if (ctx->db->transaction_commit(ctx->db) != 0) {
1093 DEBUG(0, ("Failed to commit transaction for (%s -> %s)\n",
1094 ksidstr, kidstr));
1095 ret = NT_STATUS_INTERNAL_DB_ERROR;
1096 goto done;
1097 }
1098
1099 ret = NT_STATUS_OK;
1100
1101 done:
1102 talloc_free(ksidstr);
1103 talloc_free(kidstr);
1104 talloc_free(data.dptr);
1105 return ret;
1106 }
1107
1108 /**********************************
1109 Close the idmap tdb instance
1110 **********************************/
1111
1112 static NTSTATUS idmap_tdb_close(struct idmap_domain *dom)
/* [<][>][^][v][top][bottom][index][help] */
1113 {
1114 struct idmap_tdb_context *ctx;
1115
1116 if (dom->private_data) {
1117 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
1118
1119 TALLOC_FREE(ctx->db);
1120 }
1121 return NT_STATUS_OK;
1122 }
1123
1124 struct dump_data {
1125 TALLOC_CTX *memctx;
1126 struct id_map **maps;
1127 int *num_maps;
1128 NTSTATUS ret;
1129 };
1130
1131 static int idmap_tdb_dump_one_entry(struct db_record *rec, void *pdata)
/* [<][>][^][v][top][bottom][index][help] */
1132 {
1133 struct dump_data *data = talloc_get_type(pdata, struct dump_data);
1134 struct id_map *maps;
1135 int num_maps = *data->num_maps;
1136
1137 /* ignore any record but the ones with a SID as key */
1138 if (strncmp((const char *)rec->key.dptr, "S-", 2) == 0) {
1139
1140 maps = talloc_realloc(NULL, *data->maps, struct id_map, num_maps+1);
1141 if ( ! maps) {
1142 DEBUG(0, ("Out of memory!\n"));
1143 data->ret = NT_STATUS_NO_MEMORY;
1144 return -1;
1145 }
1146 *data->maps = maps;
1147 maps[num_maps].sid = talloc(maps, DOM_SID);
1148 if ( ! maps[num_maps].sid) {
1149 DEBUG(0, ("Out of memory!\n"));
1150 data->ret = NT_STATUS_NO_MEMORY;
1151 return -1;
1152 }
1153
1154 if (!string_to_sid(maps[num_maps].sid, (const char *)rec->key.dptr)) {
1155 DEBUG(10,("INVALID record %s\n", (const char *)rec->key.dptr));
1156 /* continue even with errors */
1157 return 0;
1158 }
1159
1160 /* Try a UID record. */
1161 if (sscanf((const char *)rec->value.dptr, "UID %u", &(maps[num_maps].xid.id)) == 1) {
1162 maps[num_maps].xid.type = ID_TYPE_UID;
1163 maps[num_maps].status = ID_MAPPED;
1164 *data->num_maps = num_maps + 1;
1165
1166 /* Try a GID record. */
1167 } else
1168 if (sscanf((const char *)rec->value.dptr, "GID %u", &(maps[num_maps].xid.id)) == 1) {
1169 maps[num_maps].xid.type = ID_TYPE_GID;
1170 maps[num_maps].status = ID_MAPPED;
1171 *data->num_maps = num_maps + 1;
1172
1173 /* Unknown record type ! */
1174 } else {
1175 maps[num_maps].status = ID_UNKNOWN;
1176 DEBUG(2, ("Found INVALID record %s -> %s\n",
1177 (const char *)rec->key.dptr,
1178 (const char *)rec->value.dptr));
1179 /* do not increment num_maps */
1180 }
1181 }
1182
1183 return 0;
1184 }
1185
1186 /**********************************
1187 Dump all mappings out
1188 **********************************/
1189
1190 static NTSTATUS idmap_tdb_dump_data(struct idmap_domain *dom, struct id_map **maps, int *num_maps)
/* [<][>][^][v][top][bottom][index][help] */
1191 {
1192 struct idmap_tdb_context *ctx;
1193 struct dump_data *data;
1194 NTSTATUS ret = NT_STATUS_OK;
1195
1196 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
1197
1198 data = TALLOC_ZERO_P(ctx, struct dump_data);
1199 if ( ! data) {
1200 DEBUG(0, ("Out of memory!\n"));
1201 return NT_STATUS_NO_MEMORY;
1202 }
1203 data->maps = maps;
1204 data->num_maps = num_maps;
1205 data->ret = NT_STATUS_OK;
1206
1207 ctx->db->traverse_read(ctx->db, idmap_tdb_dump_one_entry, data);
1208
1209 if ( ! NT_STATUS_IS_OK(data->ret)) {
1210 ret = data->ret;
1211 }
1212
1213 talloc_free(data);
1214 return ret;
1215 }
1216
1217 static struct idmap_methods db_methods = {
1218
1219 .init = idmap_tdb_db_init,
1220 .unixids_to_sids = idmap_tdb_unixids_to_sids,
1221 .sids_to_unixids = idmap_tdb_sids_to_unixids,
1222 .set_mapping = idmap_tdb_set_mapping,
1223 .remove_mapping = idmap_tdb_remove_mapping,
1224 .dump_data = idmap_tdb_dump_data,
1225 .close_fn = idmap_tdb_close
1226 };
1227
1228 static struct idmap_alloc_methods db_alloc_methods = {
1229
1230 .init = idmap_tdb_alloc_init,
1231 .allocate_id = idmap_tdb_allocate_id,
1232 .get_id_hwm = idmap_tdb_get_hwm,
1233 .set_id_hwm = idmap_tdb_set_hwm,
1234 .close_fn = idmap_tdb_alloc_close
1235 };
1236
1237 NTSTATUS idmap_alloc_tdb_init(void)
/* [<][>][^][v][top][bottom][index][help] */
1238 {
1239 return smb_register_idmap_alloc(SMB_IDMAP_INTERFACE_VERSION, "tdb", &db_alloc_methods);
1240 }
1241
1242 NTSTATUS idmap_tdb_init(void)
/* [<][>][^][v][top][bottom][index][help] */
1243 {
1244 NTSTATUS ret;
1245
1246 DEBUG(10, ("calling idmap_tdb_init\n"));
1247
1248 /* FIXME: bad hack to actually register also the alloc_tdb module without changining configure.in */
1249 ret = idmap_alloc_tdb_init();
1250 if (! NT_STATUS_IS_OK(ret)) {
1251 return ret;
1252 }
1253 return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "tdb", &db_methods);
1254 }