source/sam/idmap.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    ID Mapping
   4    Copyright (C) Tim Potter 2000
   5    Copyright (C) Jim McDonough <jmcd@us.ibm.com>        2003
   6    Copyright (C) Simo Sorce 2003
   7    Copyright (C) Jeremy Allison 2003.
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/
  22
  23 #include "includes.h"
  24
  25 #undef DBGC_CLASS
  26 #define DBGC_CLASS DBGC_IDMAP
  27
  28 struct idmap_function_entry {
  29         const char *name;
  30         struct idmap_methods *methods;
  31         struct idmap_function_entry *prev,*next;
  32 };
  33
  34 static struct idmap_function_entry *backends = NULL;
  35
  36 static struct idmap_methods *cache_map;
  37 static struct idmap_methods *remote_map;
  38
  39 static BOOL proxyonly = False;
  40
  41 /**********************************************************************
  42  Get idmap methods. Don't allow tdb to be a remote method.
  43 **********************************************************************/
  44
  45 static struct idmap_methods *get_methods(const char *name, BOOL cache_method)
  46 {
  47         struct idmap_function_entry *entry = backends;
  48
  49         for(entry = backends; entry; entry = entry->next) {
  50                 if (!cache_method && strequal(entry->name, "tdb"))
  51                         continue; /* tdb is only cache method. */
  52                 if (strequal(entry->name, name))
  53                         return entry->methods;
  54         }
  55
  56         return NULL;
  57 }
  58
  59 /**********************************************************************
  60  Allow a module to register itself as a method.
  61 **********************************************************************/
  62
  63 NTSTATUS smb_register_idmap(int version, const char *name, struct idmap_methods *methods)
  64 {
  65         struct idmap_function_entry *entry;
  66
  67         if ((version != SMB_IDMAP_INTERFACE_VERSION)) {
  68                 DEBUG(0, ("smb_register_idmap: Failed to register idmap module.\n"
  69                           "The module was compiled against SMB_IDMAP_INTERFACE_VERSION %d,\n"
  70                           "current SMB_IDMAP_INTERFACE_VERSION is %d.\n"
  71                           "Please recompile against the current version of samba!\n",
  72                           version, SMB_IDMAP_INTERFACE_VERSION));
  73                 return NT_STATUS_OBJECT_TYPE_MISMATCH;
  74         }
  75
  76         if (!name || !name[0] || !methods) {
  77                 DEBUG(0,("smb_register_idmap: called with NULL pointer or empty name!\n"));
  78                 return NT_STATUS_INVALID_PARAMETER;
  79         }
  80
  81         if (get_methods(name, False)) {
  82                 DEBUG(0,("smb_register_idmap: idmap module %s already registered!\n", name));
  83                 return NT_STATUS_OBJECT_NAME_COLLISION;
  84         }
  85
  86         entry = smb_xmalloc(sizeof(struct idmap_function_entry));
  87         entry->name = smb_xstrdup(name);
  88         entry->methods = methods;
  89
  90         DLIST_ADD(backends, entry);
  91         DEBUG(5, ("smb_register_idmap: Successfully added idmap backend '%s'\n", name));
  92         return NT_STATUS_OK;
  93 }
  94
  95 /**********************************************************************
  96  Initialise idmap cache and a remote backend (if configured).
  97 **********************************************************************/
  98
  99 BOOL idmap_init(const char *remote_backend)
 100 {
 101         if (!backends)
 102                 static_init_idmap;
 103
 104         if (!cache_map) {
 105                 cache_map = get_methods("tdb", True);
 106
 107                 if (!cache_map) {
 108                         DEBUG(0, ("idmap_init: could not find tdb cache backend!\n"));
 109                         return False;
 110                 }
 111
 112                 if (!NT_STATUS_IS_OK(cache_map->init( NULL ))) {
 113                         DEBUG(0, ("idmap_init: could not initialise tdb cache backend!\n"));
 114                         return False;
 115                 }
 116         }
 117
 118         if (!remote_map && remote_backend && *remote_backend != 0) {
 119                 char *rem_backend = smb_xstrdup(remote_backend);
 120                 fstring params = "";
 121                 char *pparams;
 122
 123                 /* get any mode parameters passed in */
 124
 125                 if ( (pparams = strchr( rem_backend, ':' )) != NULL ) {
 126                         *pparams = '\0';
 127                         pparams++;
 128                         fstrcpy( params, pparams );
 129                 }
 130
 131                 DEBUG(3, ("idmap_init: using '%s' as remote backend\n", rem_backend));
 132
 133                 if((remote_map = get_methods(rem_backend, False)) ||
 134                     (NT_STATUS_IS_OK(smb_probe_module("idmap", rem_backend)) &&
 135                     (remote_map = get_methods(rem_backend, False)))) {
 136                         remote_map->init(params);
 137                 } else {
 138                         DEBUG(0, ("idmap_init: could not load remote backend '%s'\n", rem_backend));
 139                         SAFE_FREE(rem_backend);
 140                         return False;
 141                 }
 142                 SAFE_FREE(rem_backend);
 143         }
 144
 145         return True;
 146 }
 147
 148 /**************************************************************************
 149  Don't do id mapping. This is used to make winbind a netlogon proxy only.
 150 **************************************************************************/
 151
 152 void idmap_proxyonly(void)
 153 {
 154         proxyonly = True;
 155 }
 156
 157 /**************************************************************************
 158  This is a rare operation, designed to allow an explicit mapping to be
 159  set up for a sid to a POSIX id.
 160 **************************************************************************/
 161
 162 NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
 163 {
 164         struct idmap_methods *map = remote_map;
 165         DOM_SID tmp_sid;
 166
 167         if (proxyonly)
 168                 return NT_STATUS_UNSUCCESSFUL;
 169
 170         DEBUG(10, ("idmap_set_mapping: Set %s to %s %lu\n",
 171                    sid_string_static(sid),
 172                    ((id_type & ID_TYPEMASK) == ID_USERID) ? "UID" : "GID",
 173                    ((id_type & ID_TYPEMASK) == ID_USERID) ? (unsigned long)id.uid :
 174                    (unsigned long)id.gid));
 175
 176         if ( (NT_STATUS_IS_OK(cache_map->
 177                               get_sid_from_id(&tmp_sid, id,
 178                                               id_type | ID_QUERY_ONLY))) &&
 179              sid_equal(sid, &tmp_sid) ) {
 180                 /* Nothing to do, we already have that mapping */
 181                 DEBUG(10, ("idmap_set_mapping: Mapping already there\n"));
 182                 return NT_STATUS_OK;
 183         }
 184
 185         if (map == NULL) {
 186                 /* Ok, we don't have a authoritative remote
 187                         mapping. So update our local cache only. */
 188                 map = cache_map;
 189         }
 190
 191         return map->set_mapping(sid, id, id_type);
 192 }
 193
 194 /**************************************************************************
 195  Get ID from SID. This can create a mapping for a SID to a POSIX id.
 196 **************************************************************************/
 197
 198 NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
 199 {
 200         NTSTATUS ret;
 201         int loc_type;
 202
 203         if (proxyonly)
 204                 return NT_STATUS_UNSUCCESSFUL;
 205
 206         loc_type = *id_type;
 207
 208         if (remote_map) {
 209                 /* We have a central remote idmap so only look in
 210                    cache, don't allocate */
 211                 loc_type |= ID_QUERY_ONLY;
 212         }
 213
 214         ret = cache_map->get_id_from_sid(id, &loc_type, sid);
 215
 216         if (NT_STATUS_IS_OK(ret)) {
 217                 *id_type = loc_type & ID_TYPEMASK;
 218                 return NT_STATUS_OK;
 219         }
 220
 221         if (remote_map == NULL) {
 222                 return ret;
 223         }
 224
 225         /* Ok, the mapping was not in the cache, give the remote map a
 226            second try. */
 227
 228         ret = remote_map->get_id_from_sid(id, id_type, sid);
 229
 230         if (NT_STATUS_IS_OK(ret)) {
 231                 /* The remote backend gave us a valid mapping, cache it. */
 232                 ret = cache_map->set_mapping(sid, *id, *id_type);
 233         }
 234
 235         return ret;
 236 }
 237
 238 /**************************************************************************
 239  Get SID from ID. This must have been created before.
 240 **************************************************************************/
 241
 242 NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
 243 {
 244         NTSTATUS ret;
 245         int loc_type;
 246
 247         if (proxyonly)
 248                 return NT_STATUS_UNSUCCESSFUL;
 249
 250         loc_type = id_type;
 251         if (remote_map) {
 252                 loc_type = id_type | ID_QUERY_ONLY;
 253         }
 254
 255         ret = cache_map->get_sid_from_id(sid, id, loc_type);
 256
 257         if (NT_STATUS_IS_OK(ret))
 258                 return ret;
 259
 260         if (remote_map == NULL)
 261                 return ret;
 262
 263         /* We have a second chance, ask our authoritative backend */
 264
 265         ret = remote_map->get_sid_from_id(sid, id, id_type);
 266
 267         if (NT_STATUS_IS_OK(ret)) {
 268                 /* The remote backend gave us a valid mapping, cache it. */
 269                 ret = cache_map->set_mapping(sid, id, id_type);
 270         }
 271
 272         return ret;
 273 }
 274
 275 /**************************************************************************
 276  Alloocate a new UNIX uid/gid
 277 **************************************************************************/
 278
 279 NTSTATUS idmap_allocate_id(unid_t *id, int id_type)
 280 {
 281         /* we have to allocate from the authoritative backend */
 282
 283         if (proxyonly)
 284                 return NT_STATUS_UNSUCCESSFUL;
 285
 286         if ( remote_map )
 287                 return remote_map->allocate_id( id, id_type );
 288
 289         return cache_map->allocate_id( id, id_type );
 290 }
 291
 292 /**************************************************************************
 293  Alloocate a new RID
 294 **************************************************************************/
 295
 296 NTSTATUS idmap_allocate_rid(uint32 *rid, int type)
 297 {
 298         /* we have to allocate from the authoritative backend */
 299
 300         if (proxyonly)
 301                 return NT_STATUS_UNSUCCESSFUL;
 302
 303         if ( remote_map )
 304                 return remote_map->allocate_rid( rid, type );
 305
 306         return cache_map->allocate_rid( rid, type );
 307 }
 308
 309 /**************************************************************************
 310  Shutdown maps.
 311 **************************************************************************/
 312
 313 NTSTATUS idmap_close(void)
 314 {
 315         NTSTATUS ret;
 316
 317         if (proxyonly)
 318                 return NT_STATUS_OK;
 319
 320         ret = cache_map->close();
 321         if (!NT_STATUS_IS_OK(ret)) {
 322                 DEBUG(3, ("idmap_close: failed to close local tdb cache!\n"));
 323         }
 324         cache_map = NULL;
 325
 326         if (remote_map) {
 327                 ret = remote_map->close();
 328                 if (!NT_STATUS_IS_OK(ret)) {
 329                         DEBUG(3, ("idmap_close: failed to close remote idmap repository!\n"));
 330                 }
 331                 remote_map = NULL;
 332         }
 333
 334         return ret;
 335 }
 336
 337 /**************************************************************************
 338  Dump backend status.
 339 **************************************************************************/
 340
 341 void idmap_status(void)
 342 {
 343         cache_map->status();
 344         if (remote_map)
 345                 remote_map->status();
 346 }