2 * idmap_autorid_tdb: This file contains common code used by
3 * idmap_autorid and net idmap autorid utilities. The common
4 * code provides functions for performing various operations
7 * Copyright (C) Christian Ambach, 2010-2012
8 * Copyright (C) Atul Kulkarni, 2013
9 * Copyright (C) Michael Adam, 2012-2013
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #include "idmap_autorid_tdb.h"
27 #include "../libcli/security/dom_sid.h"
28 #include "lib/util/string_wrappers.h"
31 * Build the database keystring for getting a range
32 * belonging to a domain sid and a range index.
34 static void idmap_autorid_build_keystr(const char *domsid
,
35 uint32_t domain_range_index
,
38 if (domain_range_index
> 0) {
39 fstr_sprintf(keystr
, "%s#%"PRIu32
,
40 domsid
, domain_range_index
);
42 fstrcpy(keystr
, domsid
);
46 static char *idmap_autorid_build_keystr_talloc(TALLOC_CTX
*mem_ctx
,
48 uint32_t domain_range_index
)
52 if (domain_range_index
> 0) {
53 keystr
= talloc_asprintf(mem_ctx
, "%s#%"PRIu32
, domsid
,
56 keystr
= talloc_strdup(mem_ctx
, domsid
);
63 static bool idmap_autorid_validate_sid(const char *sid
)
65 struct dom_sid ignore
;
70 if (strcmp(sid
, ALLOC_RANGE
) == 0) {
74 return dom_sid_parse(sid
, &ignore
);
77 struct idmap_autorid_addrange_ctx
{
78 struct autorid_range_config
*range
;
82 static NTSTATUS
idmap_autorid_addrange_action(struct db_context
*db
,
85 struct idmap_autorid_addrange_ctx
*ctx
;
86 uint32_t requested_rangenum
, stored_rangenum
;
87 struct autorid_range_config
*range
;
92 struct autorid_global_config globalcfg
= {0};
95 TALLOC_CTX
*mem_ctx
= NULL
;
97 ctx
= (struct idmap_autorid_addrange_ctx
*)private_data
;
99 acquire
= ctx
->acquire
;
100 requested_rangenum
= range
->rangenum
;
103 DEBUG(3, ("Invalid database argument: NULL"));
104 return NT_STATUS_INVALID_PARAMETER
;
108 DEBUG(3, ("Invalid range argument: NULL"));
109 return NT_STATUS_INVALID_PARAMETER
;
112 DEBUG(10, ("Adding new range for domain %s "
113 "(domain_range_index=%"PRIu32
")\n",
114 range
->domsid
, range
->domain_range_index
));
116 if (!idmap_autorid_validate_sid(range
->domsid
)) {
117 DEBUG(3, ("Invalid SID: %s\n", range
->domsid
));
118 return NT_STATUS_INVALID_PARAMETER
;
121 idmap_autorid_build_keystr(range
->domsid
, range
->domain_range_index
,
124 ret
= dbwrap_fetch_uint32_bystring(db
, keystr
, &stored_rangenum
);
126 if (NT_STATUS_IS_OK(ret
)) {
127 /* entry is already present*/
129 DEBUG(10, ("domain range already allocated - "
132 ret
= idmap_autorid_loadconfig(db
, &globalcfg
);
133 if (!NT_STATUS_IS_OK(ret
)) {
134 DEBUG(1, ("Fatal error while fetching "
135 "configuration: %s\n",
140 range
->rangenum
= stored_rangenum
;
141 range
->low_id
= globalcfg
.minvalue
142 + range
->rangenum
* globalcfg
.rangesize
;
144 range
->low_id
+ globalcfg
.rangesize
- 1;
149 if (stored_rangenum
!= requested_rangenum
) {
150 DEBUG(1, ("Error: requested rangenumber (%u) differs "
151 "from stored one (%u).\n",
152 requested_rangenum
, stored_rangenum
));
153 return NT_STATUS_UNSUCCESSFUL
;
156 DEBUG(10, ("Note: stored range agrees with requested "
161 /* fetch the current HWM */
162 ret
= dbwrap_fetch_uint32_bystring(db
, HWM
, &hwm
);
163 if (!NT_STATUS_IS_OK(ret
)) {
164 DEBUG(1, ("Fatal error while fetching current "
165 "HWM value: %s\n", nt_errstr(ret
)));
166 return NT_STATUS_INTERNAL_ERROR
;
169 mem_ctx
= talloc_stackframe();
171 ret
= idmap_autorid_loadconfig(db
, &globalcfg
);
172 if (!NT_STATUS_IS_OK(ret
)) {
173 DEBUG(1, ("Fatal error while fetching configuration: %s\n",
180 * automatically acquire the next range
182 requested_rangenum
= hwm
;
185 if (requested_rangenum
>= globalcfg
.maxranges
) {
186 DEBUG(1, ("Not enough ranges available: New range %u must be "
187 "smaller than configured maximum number of ranges "
189 requested_rangenum
, globalcfg
.maxranges
));
190 ret
= NT_STATUS_NO_MEMORY
;
195 * Check that it is not yet taken.
196 * If the range is requested and < HWM, we need
197 * to check anyways, and otherwise, we also better
198 * check in order to prevent further corruption
199 * in case the db has been externally modified.
202 numstr
= talloc_asprintf(mem_ctx
, "%u", requested_rangenum
);
204 DEBUG(1, ("Talloc failed!\n"));
205 ret
= NT_STATUS_NO_MEMORY
;
209 if (dbwrap_exists(db
, string_term_tdb_data(numstr
))) {
210 DEBUG(1, ("Requested range '%s' is already in use.\n", numstr
));
212 if (requested_rangenum
< hwm
) {
213 ret
= NT_STATUS_INVALID_PARAMETER
;
215 ret
= NT_STATUS_INTERNAL_DB_CORRUPTION
;
221 if (requested_rangenum
>= hwm
) {
223 * requested or automatic range >= HWM:
227 /* HWM always contains current max range + 1 */
228 increment
= requested_rangenum
+ 1 - hwm
;
230 /* increase the HWM */
231 ret
= dbwrap_change_uint32_atomic_bystring(db
, HWM
, &hwm
,
233 if (!NT_STATUS_IS_OK(ret
)) {
234 DEBUG(1, ("Fatal error while incrementing the HWM "
235 "value in the database: %s\n",
242 * store away the new mapping in both directions
245 ret
= dbwrap_store_uint32_bystring(db
, keystr
, requested_rangenum
);
246 if (!NT_STATUS_IS_OK(ret
)) {
247 DEBUG(1, ("Fatal error while storing new "
248 "domain->range assignment: %s\n", nt_errstr(ret
)));
252 numstr
= talloc_asprintf(mem_ctx
, "%u", requested_rangenum
);
254 ret
= NT_STATUS_NO_MEMORY
;
258 ret
= dbwrap_store_bystring(db
, numstr
,
259 string_term_tdb_data(keystr
), TDB_INSERT
);
261 if (!NT_STATUS_IS_OK(ret
)) {
262 DEBUG(1, ("Fatal error while storing new "
263 "domain->range assignment: %s\n", nt_errstr(ret
)));
267 DEBUG(5, ("%s new range #%d for domain %s "
268 "(domain_range_index=%"PRIu32
")\n",
269 (acquire
?"Acquired":"Stored"),
270 requested_rangenum
, keystr
,
271 range
->domain_range_index
));
273 range
->rangenum
= requested_rangenum
;
275 range
->low_id
= globalcfg
.minvalue
276 + range
->rangenum
* globalcfg
.rangesize
;
277 range
->high_id
= range
->low_id
+ globalcfg
.rangesize
- 1;
282 talloc_free(mem_ctx
);
286 static NTSTATUS
idmap_autorid_addrange(struct db_context
*db
,
287 struct autorid_range_config
*range
,
291 struct idmap_autorid_addrange_ctx ctx
;
293 ctx
.acquire
= acquire
;
296 status
= dbwrap_trans_do(db
, idmap_autorid_addrange_action
, &ctx
);
300 NTSTATUS
idmap_autorid_setrange(struct db_context
*db
,
302 uint32_t domain_range_index
,
306 struct autorid_range_config range
;
309 fstrcpy(range
.domsid
, domsid
);
310 range
.domain_range_index
= domain_range_index
;
311 range
.rangenum
= rangenum
;
313 status
= idmap_autorid_addrange(db
, &range
, false);
317 NTSTATUS
idmap_autorid_acquire_range(struct db_context
*db
,
318 struct autorid_range_config
*range
)
320 return idmap_autorid_addrange(db
, range
, true);
323 static NTSTATUS
idmap_autorid_getrange_int(struct db_context
*db
,
324 struct autorid_range_config
*range
)
326 NTSTATUS status
= NT_STATUS_INVALID_PARAMETER
;
327 struct autorid_global_config globalcfg
= {0};
330 if (db
== NULL
|| range
== NULL
) {
331 DEBUG(3, ("Invalid arguments received\n"));
335 if (!idmap_autorid_validate_sid(range
->domsid
)) {
336 DEBUG(3, ("Invalid SID: '%s'\n", range
->domsid
));
337 status
= NT_STATUS_INVALID_PARAMETER
;
341 idmap_autorid_build_keystr(range
->domsid
, range
->domain_range_index
,
344 DEBUG(10, ("reading domain range for key %s\n", keystr
));
345 status
= dbwrap_fetch_uint32_bystring(db
, keystr
, &(range
->rangenum
));
346 if (!NT_STATUS_IS_OK(status
)) {
347 DEBUG(1, ("Failed to read database record for key '%s': %s\n",
348 keystr
, nt_errstr(status
)));
352 status
= idmap_autorid_loadconfig(db
, &globalcfg
);
353 if (!NT_STATUS_IS_OK(status
)) {
354 DEBUG(1, ("Failed to read global configuration"));
357 range
->low_id
= globalcfg
.minvalue
358 + range
->rangenum
* globalcfg
.rangesize
;
359 range
->high_id
= range
->low_id
+ globalcfg
.rangesize
- 1;
364 NTSTATUS
idmap_autorid_getrange(struct db_context
*db
,
366 uint32_t domain_range_index
,
371 struct autorid_range_config range
;
373 if (rangenum
== NULL
) {
374 return NT_STATUS_INVALID_PARAMETER
;
378 fstrcpy(range
.domsid
, domsid
);
379 range
.domain_range_index
= domain_range_index
;
381 status
= idmap_autorid_getrange_int(db
, &range
);
382 if (!NT_STATUS_IS_OK(status
)) {
386 *rangenum
= range
.rangenum
;
388 if (low_id
!= NULL
) {
389 *low_id
= range
.low_id
;
395 NTSTATUS
idmap_autorid_get_domainrange(struct db_context
*db
,
396 struct autorid_range_config
*range
,
401 ret
= idmap_autorid_getrange_int(db
, range
);
402 if (!NT_STATUS_IS_OK(ret
)) {
403 DEBUG(10, ("Failed to read range config for '%s': %s\n",
404 range
->domsid
, nt_errstr(ret
)));
406 DEBUG(10, ("Not allocating new range for '%s' because "
407 "read-only is enabled.\n", range
->domsid
));
408 return NT_STATUS_NOT_FOUND
;
411 ret
= idmap_autorid_acquire_range(db
, range
);
414 DEBUG(10, ("Using range #%d for domain %s "
415 "(domain_range_index=%"PRIu32
", low_id=%"PRIu32
")\n",
416 range
->rangenum
, range
->domsid
, range
->domain_range_index
,
422 /* initialize the given HWM to 0 if it does not exist yet */
423 static NTSTATUS
idmap_autorid_init_hwm_action(struct db_context
*db
,
430 hwm
= (char *)private_data
;
432 status
= dbwrap_fetch_uint32_bystring(db
, hwm
, &hwmval
);
433 if (NT_STATUS_IS_OK(status
)) {
434 DEBUG(1, ("HWM (%s) already initialized in autorid database "
435 "(value %"PRIu32
").\n", hwm
, hwmval
));
438 if (!NT_STATUS_EQUAL(status
, NT_STATUS_NOT_FOUND
)) {
439 DEBUG(0, ("Error fetching HWM (%s) from autorid "
440 "database: %s\n", hwm
, nt_errstr(status
)));
444 status
= dbwrap_trans_store_uint32_bystring(db
, hwm
, 0);
445 if (!NT_STATUS_IS_OK(status
)) {
446 DEBUG(0, ("Error storing HWM (%s) in autorid database: %s\n",
447 hwm
, nt_errstr(status
)));
454 NTSTATUS
idmap_autorid_init_hwm(struct db_context
*db
, const char *hwm
)
459 status
= dbwrap_fetch_uint32_bystring(db
, hwm
, &hwmval
);
460 if (NT_STATUS_IS_OK(status
)) {
461 DEBUG(1, ("HWM (%s) already initialized in autorid database "
462 "(value %"PRIu32
").\n", hwm
, hwmval
));
465 if (!NT_STATUS_EQUAL(status
, NT_STATUS_NOT_FOUND
)) {
466 DEBUG(0, ("unable to fetch HWM (%s) from autorid "
467 "database: %s\n", hwm
, nt_errstr(status
)));
471 status
= dbwrap_trans_do(db
, idmap_autorid_init_hwm_action
,
473 if (!NT_STATUS_IS_OK(status
)) {
474 DEBUG(0, ("Error initializing HWM (%s) in autorid database: "
475 "%s\n", hwm
, nt_errstr(status
)));
476 return NT_STATUS_INTERNAL_DB_ERROR
;
479 DEBUG(1, ("Initialized HWM (%s) in autorid database.\n", hwm
));
485 * Delete a domain#index <-> range mapping from the database.
486 * The mapping is specified by the sid and index.
487 * If force == true, invalid mapping records are deleted as far
488 * as possible, otherwise they are left untouched.
491 struct idmap_autorid_delete_range_by_sid_ctx
{
493 uint32_t domain_range_index
;
497 static NTSTATUS
idmap_autorid_delete_range_by_sid_action(struct db_context
*db
,
500 struct idmap_autorid_delete_range_by_sid_ctx
*ctx
=
501 (struct idmap_autorid_delete_range_by_sid_ctx
*)private_data
;
503 uint32_t domain_range_index
;
509 TALLOC_CTX
*frame
= talloc_stackframe();
510 bool is_valid_range_mapping
= true;
513 domsid
= ctx
->domsid
;
514 domain_range_index
= ctx
->domain_range_index
;
517 keystr
= idmap_autorid_build_keystr_talloc(frame
, domsid
,
519 if (keystr
== NULL
) {
520 status
= NT_STATUS_NO_MEMORY
;
524 status
= dbwrap_fetch_uint32_bystring(db
, keystr
, &rangenum
);
525 if (!NT_STATUS_IS_OK(status
)) {
529 range_keystr
= talloc_asprintf(frame
, "%"PRIu32
, rangenum
);
530 if (range_keystr
== NULL
) {
531 status
= NT_STATUS_NO_MEMORY
;
535 status
= dbwrap_fetch_bystring(db
, frame
, range_keystr
, &data
);
536 if (NT_STATUS_EQUAL(status
, NT_STATUS_NOT_FOUND
)) {
537 DEBUG(1, ("Incomplete mapping %s -> %s: no backward mapping\n",
538 keystr
, range_keystr
));
539 is_valid_range_mapping
= false;
540 } else if (!NT_STATUS_IS_OK(status
)) {
541 DEBUG(1, ("Error fetching reverse mapping for %s -> %s: %s\n",
542 keystr
, range_keystr
, nt_errstr(status
)));
544 } else if (strncmp((const char *)data
.dptr
, keystr
, strlen(keystr
))
547 DEBUG(1, ("Invalid mapping: %s -> %s -> %s\n",
548 keystr
, range_keystr
, (const char *)data
.dptr
));
549 is_valid_range_mapping
= false;
552 if (!is_valid_range_mapping
&& !force
) {
553 DEBUG(10, ("Not deleting invalid mapping, since not in force "
555 status
= NT_STATUS_FILE_INVALID
;
559 status
= dbwrap_delete_bystring(db
, keystr
);
560 if (!NT_STATUS_IS_OK(status
)) {
561 DEBUG(1, ("Deletion of '%s' failed: %s\n",
562 keystr
, nt_errstr(status
)));
566 if (!is_valid_range_mapping
) {
570 status
= dbwrap_delete_bystring(db
, range_keystr
);
571 if (!NT_STATUS_IS_OK(status
)) {
572 DEBUG(1, ("Deletion of '%s' failed: %s\n",
573 range_keystr
, nt_errstr(status
)));
577 DEBUG(10, ("Deleted range mapping %s <--> %s\n", keystr
,
585 NTSTATUS
idmap_autorid_delete_range_by_sid(struct db_context
*db
,
587 uint32_t domain_range_index
,
591 struct idmap_autorid_delete_range_by_sid_ctx ctx
;
593 ctx
.domain_range_index
= domain_range_index
;
597 status
= dbwrap_trans_do(db
, idmap_autorid_delete_range_by_sid_action
,
603 * Delete a domain#index <-> range mapping from the database.
604 * The mapping is specified by the range number.
605 * If force == true, invalid mapping records are deleted as far
606 * as possible, otherwise they are left untouched.
608 struct idmap_autorid_delete_range_by_num_ctx
{
613 static NTSTATUS
idmap_autorid_delete_range_by_num_action(struct db_context
*db
,
616 struct idmap_autorid_delete_range_by_num_ctx
*ctx
=
617 (struct idmap_autorid_delete_range_by_num_ctx
*)private_data
;
623 TALLOC_CTX
*frame
= talloc_stackframe();
624 bool is_valid_range_mapping
= true;
627 rangenum
= ctx
->rangenum
;
630 range_keystr
= talloc_asprintf(frame
, "%"PRIu32
, rangenum
);
631 if (range_keystr
== NULL
) {
632 status
= NT_STATUS_NO_MEMORY
;
638 status
= dbwrap_fetch_bystring(db
, frame
, range_keystr
, &val
);
639 if (NT_STATUS_EQUAL(status
, NT_STATUS_NOT_FOUND
)) {
640 DEBUG(10, ("Did not find range '%s' in database.\n",
643 } else if (!NT_STATUS_IS_OK(status
)) {
644 DEBUG(5, ("Error fetching rang key: %s\n", nt_errstr(status
)));
648 if (val
.dptr
== NULL
) {
649 DEBUG(1, ("Invalid mapping: %s -> empty value\n",
651 is_valid_range_mapping
= false;
653 uint32_t reverse_rangenum
= 0;
655 keystr
= (char *)val
.dptr
;
657 status
= dbwrap_fetch_uint32_bystring(db
, keystr
,
659 if (NT_STATUS_EQUAL(status
, NT_STATUS_NOT_FOUND
)) {
660 DEBUG(1, ("Incomplete mapping %s -> %s: "
661 "no backward mapping\n",
662 range_keystr
, keystr
));
663 is_valid_range_mapping
= false;
664 } else if (!NT_STATUS_IS_OK(status
)) {
665 DEBUG(1, ("Error fetching reverse mapping for "
667 range_keystr
, keystr
, nt_errstr(status
)));
669 } else if (rangenum
!= reverse_rangenum
) {
670 is_valid_range_mapping
= false;
674 if (!is_valid_range_mapping
&& !force
) {
675 DEBUG(10, ("Not deleting invalid mapping, since not in force "
677 status
= NT_STATUS_FILE_INVALID
;
681 status
= dbwrap_delete_bystring(db
, range_keystr
);
682 if (!NT_STATUS_IS_OK(status
)) {
683 DEBUG(1, ("Deletion of '%s' failed: %s\n",
684 range_keystr
, nt_errstr(status
)));
688 if (!is_valid_range_mapping
) {
692 status
= dbwrap_delete_bystring(db
, keystr
);
693 if (!NT_STATUS_IS_OK(status
)) {
694 DEBUG(1, ("Deletion of '%s' failed: %s\n",
695 keystr
, nt_errstr(status
)));
699 DEBUG(10, ("Deleted range mapping %s <--> %s\n", range_keystr
,
707 NTSTATUS
idmap_autorid_delete_range_by_num(struct db_context
*db
,
712 struct idmap_autorid_delete_range_by_num_ctx ctx
;
714 ctx
.rangenum
= rangenum
;
717 status
= dbwrap_trans_do(db
, idmap_autorid_delete_range_by_num_action
,
723 * Open and possibly create the database.
725 NTSTATUS
idmap_autorid_db_open(const char *path
,
727 struct db_context
**db
)
730 /* its already open */
734 /* Open idmap repository */
735 *db
= db_open(mem_ctx
, path
, 0, TDB_DEFAULT
, O_RDWR
| O_CREAT
, 0644,
736 DBWRAP_LOCK_ORDER_1
, DBWRAP_FLAG_NONE
);
739 DEBUG(0, ("Unable to open idmap_autorid database '%s'\n", path
));
740 return NT_STATUS_UNSUCCESSFUL
;
747 * Initialize the high watermark records in the database.
749 NTSTATUS
idmap_autorid_init_hwms(struct db_context
*db
)
753 status
= idmap_autorid_init_hwm(db
, HWM
);
754 if (!NT_STATUS_IS_OK(status
)) {
758 status
= idmap_autorid_init_hwm(db
, ALLOC_HWM_UID
);
759 if (!NT_STATUS_IS_OK(status
)) {
763 status
= idmap_autorid_init_hwm(db
, ALLOC_HWM_GID
);
768 NTSTATUS
idmap_autorid_db_init(const char *path
,
770 struct db_context
**db
)
774 status
= idmap_autorid_db_open(path
, mem_ctx
, db
);
775 if (!NT_STATUS_IS_OK(status
)) {
779 status
= idmap_autorid_init_hwms(*db
);
785 struct idmap_autorid_fetch_config_state
{
790 static void idmap_autorid_config_parser(TDB_DATA key
, TDB_DATA value
,
793 struct idmap_autorid_fetch_config_state
*state
;
795 state
= (struct idmap_autorid_fetch_config_state
*)private_data
;
798 * strndup because we have non-nullterminated strings in the db
800 state
->configstr
= talloc_strndup(
801 state
->mem_ctx
, (const char *)value
.dptr
, value
.dsize
);
804 NTSTATUS
idmap_autorid_getconfigstr(struct db_context
*db
, TALLOC_CTX
*mem_ctx
,
809 struct idmap_autorid_fetch_config_state state
;
811 if (result
== NULL
) {
812 return NT_STATUS_INVALID_PARAMETER
;
815 key
= string_term_tdb_data(CONFIGKEY
);
817 state
.mem_ctx
= mem_ctx
;
818 state
.configstr
= NULL
;
820 status
= dbwrap_parse_record(db
, key
, idmap_autorid_config_parser
,
822 if (!NT_STATUS_IS_OK(status
)) {
823 DEBUG(1, ("Error while retrieving config: %s\n",
828 if (state
.configstr
== NULL
) {
829 DEBUG(1, ("Error while retrieving config\n"));
830 return NT_STATUS_NO_MEMORY
;
833 DEBUG(5, ("found CONFIG: %s\n", state
.configstr
));
835 *result
= state
.configstr
;
839 bool idmap_autorid_parse_configstr(const char *configstr
,
840 struct autorid_global_config
*cfg
)
842 unsigned long minvalue
, rangesize
, maxranges
;
844 if (sscanf(configstr
,
845 "minvalue:%lu rangesize:%lu maxranges:%lu",
846 &minvalue
, &rangesize
, &maxranges
) != 3) {
848 ("Found invalid configuration data. "
849 "Creating new config\n"));
853 cfg
->minvalue
= minvalue
;
854 cfg
->rangesize
= rangesize
;
855 cfg
->maxranges
= maxranges
;
860 NTSTATUS
idmap_autorid_loadconfig(struct db_context
*db
,
861 struct autorid_global_config
*result
)
863 struct autorid_global_config cfg
= {0};
866 char *configstr
= NULL
;
868 if (result
== NULL
) {
869 return NT_STATUS_INVALID_PARAMETER
;
872 status
= idmap_autorid_getconfigstr(db
, db
, &configstr
);
873 if (!NT_STATUS_IS_OK(status
)) {
877 ok
= idmap_autorid_parse_configstr(configstr
, &cfg
);
878 TALLOC_FREE(configstr
);
880 return NT_STATUS_INVALID_PARAMETER
;
883 DEBUG(10, ("Loaded previously stored configuration "
884 "minvalue:%d rangesize:%d\n",
885 cfg
.minvalue
, cfg
.rangesize
));
892 NTSTATUS
idmap_autorid_saveconfig(struct db_context
*db
,
893 struct autorid_global_config
*cfg
)
896 struct autorid_global_config storedconfig
= {0};
897 NTSTATUS status
= NT_STATUS_INVALID_PARAMETER
;
901 TALLOC_CTX
*frame
= talloc_stackframe();
903 DEBUG(10, ("New configuration provided for storing is "
904 "minvalue:%d rangesize:%d maxranges:%d\n",
905 cfg
->minvalue
, cfg
->rangesize
, cfg
->maxranges
));
907 if (cfg
->rangesize
< 2000) {
908 DEBUG(1, ("autorid rangesize must be at least 2000\n"));
912 if (cfg
->maxranges
== 0) {
913 DEBUG(1, ("An autorid maxranges value of 0 is invalid. "
914 "Must have at least one range available.\n"));
918 status
= idmap_autorid_loadconfig(db
, &storedconfig
);
919 if (NT_STATUS_EQUAL(status
, NT_STATUS_NOT_FOUND
)) {
920 DEBUG(5, ("No configuration found. Storing initial "
921 "configuration.\n"));
923 } else if (!NT_STATUS_IS_OK(status
)) {
924 DEBUG(1, ("Error loading configuration: %s\n",
929 /* did the minimum value or rangesize change? */
930 if ((storedconfig
.minvalue
!= cfg
->minvalue
) ||
931 (storedconfig
.rangesize
!= cfg
->rangesize
))
933 DEBUG(1, ("New configuration values for rangesize or "
934 "minimum uid value conflict with previously "
935 "used values! Not storing new config.\n"));
936 status
= NT_STATUS_INVALID_PARAMETER
;
940 status
= dbwrap_fetch_uint32_bystring(db
, HWM
, &hwm
);
941 if (!NT_STATUS_IS_OK(status
)) {
942 DEBUG(1, ("Fatal error while fetching current "
943 "HWM value: %s\n", nt_errstr(status
)));
944 status
= NT_STATUS_INTERNAL_ERROR
;
949 * has the highest uid value been reduced to setting that is not
950 * sufficient any more for already existing ranges?
952 if (hwm
> cfg
->maxranges
) {
953 DEBUG(1, ("New upper uid limit is too low to cover "
954 "existing mappings! Not storing new config.\n"));
955 status
= NT_STATUS_INVALID_PARAMETER
;
960 talloc_asprintf(frame
,
961 "minvalue:%u rangesize:%u maxranges:%u",
962 cfg
->minvalue
, cfg
->rangesize
, cfg
->maxranges
);
964 if (cfgstr
== NULL
) {
965 status
= NT_STATUS_NO_MEMORY
;
969 data
= string_tdb_data(cfgstr
);
971 status
= dbwrap_trans_store_bystring(db
, CONFIGKEY
, data
, TDB_REPLACE
);
978 NTSTATUS
idmap_autorid_saveconfigstr(struct db_context
*db
,
979 const char *configstr
)
983 struct autorid_global_config cfg
;
985 ok
= idmap_autorid_parse_configstr(configstr
, &cfg
);
987 return NT_STATUS_INVALID_PARAMETER
;
990 status
= idmap_autorid_saveconfig(db
, &cfg
);
996 * iteration: Work on all range mappings for a given domain
999 struct domain_range_visitor_ctx
{
1001 NTSTATUS (*fn
)(struct db_context
*db
,
1005 void *private_data
);
1007 int count
; /* number of records worked on */
1010 static int idmap_autorid_visit_domain_range(struct db_record
*rec
,
1013 struct domain_range_visitor_ctx
*vi
;
1016 uint32_t range_index
= 0;
1017 uint32_t rangenum
= 0;
1018 TDB_DATA key
, value
;
1021 struct db_context
*db
;
1023 vi
= talloc_get_type_abort(private_data
,
1024 struct domain_range_visitor_ctx
);
1026 key
= dbwrap_record_get_key(rec
);
1029 * split string "<sid>[#<index>]" into sid string and index number
1032 domsid
= (char *)key
.dptr
;
1034 DEBUG(10, ("idmap_autorid_visit_domain_range: visiting key '%s'\n",
1037 sep
= strrchr(domsid
, '#');
1042 if (sscanf(index_str
, "%"SCNu32
, &range_index
) != 1) {
1043 DEBUG(10, ("Found separator '#' but '%s' is not a "
1044 "valid range index. Skipping record\n",
1050 if (!idmap_autorid_validate_sid(domsid
)) {
1051 DEBUG(10, ("String '%s' is not a valid sid. "
1052 "Skipping record.\n", domsid
));
1056 if ((vi
->domsid
!= NULL
) && (strcmp(domsid
, vi
->domsid
) != 0)) {
1057 DEBUG(10, ("key sid '%s' does not match requested sid '%s'.\n",
1058 domsid
, vi
->domsid
));
1062 value
= dbwrap_record_get_value(rec
);
1064 if (value
.dsize
!= sizeof(uint32_t)) {
1065 /* it might be a mapping of a well known sid */
1066 DEBUG(10, ("value size %u != sizeof(uint32_t) for sid '%s', "
1067 "skipping.\n", (unsigned)value
.dsize
, vi
->domsid
));
1071 rangenum
= IVAL(value
.dptr
, 0);
1073 db
= dbwrap_record_get_db(rec
);
1075 status
= vi
->fn(db
, domsid
, range_index
, rangenum
, vi
->private_data
);
1076 if (!NT_STATUS_IS_OK(status
)) {
1088 static NTSTATUS
idmap_autorid_iterate_domain_ranges_int(struct db_context
*db
,
1090 NTSTATUS (*fn
)(struct db_context
*db
,
1094 void *private_data
),
1097 NTSTATUS (*traverse
)(struct db_context
*db
,
1098 int (*f
)(struct db_record
*, void *),
1103 struct domain_range_visitor_ctx
*vi
;
1104 TALLOC_CTX
*frame
= talloc_stackframe();
1106 if (domsid
== NULL
) {
1107 DEBUG(10, ("No sid provided, operating on all ranges\n"));
1111 DEBUG(1, ("Error: missing visitor callback\n"));
1112 status
= NT_STATUS_INVALID_PARAMETER
;
1116 vi
= talloc_zero(frame
, struct domain_range_visitor_ctx
);
1118 status
= NT_STATUS_NO_MEMORY
;
1122 vi
->domsid
= domsid
;
1124 vi
->private_data
= private_data
;
1126 status
= traverse(db
, idmap_autorid_visit_domain_range
, vi
, NULL
);
1127 if (!NT_STATUS_IS_OK(status
)) {
1131 if (count
!= NULL
) {
1140 NTSTATUS
idmap_autorid_iterate_domain_ranges(struct db_context
*db
,
1142 NTSTATUS (*fn
)(struct db_context
*db
,
1146 void *private_data
),
1152 status
= idmap_autorid_iterate_domain_ranges_int(db
,
1163 NTSTATUS
idmap_autorid_iterate_domain_ranges_read(struct db_context
*db
,
1165 NTSTATUS (*fn
)(struct db_context
*db
,
1175 status
= idmap_autorid_iterate_domain_ranges_int(db
,
1180 dbwrap_traverse_read
);
1187 * Delete all ranges configured for a given domain
1190 struct delete_domain_ranges_visitor_ctx
{
1194 static NTSTATUS
idmap_autorid_delete_domain_ranges_visitor(
1195 struct db_context
*db
,
1197 uint32_t domain_range_index
,
1201 struct delete_domain_ranges_visitor_ctx
*ctx
;
1204 ctx
= (struct delete_domain_ranges_visitor_ctx
*)private_data
;
1206 status
= idmap_autorid_delete_range_by_sid(
1207 db
, domsid
, domain_range_index
, ctx
->force
);
1211 struct idmap_autorid_delete_domain_ranges_ctx
{
1214 int count
; /* output: count records operated on */
1217 static NTSTATUS
idmap_autorid_delete_domain_ranges_action(struct db_context
*db
,
1220 struct idmap_autorid_delete_domain_ranges_ctx
*ctx
;
1221 struct delete_domain_ranges_visitor_ctx visitor_ctx
;
1225 ctx
= (struct idmap_autorid_delete_domain_ranges_ctx
*)private_data
;
1227 ZERO_STRUCT(visitor_ctx
);
1228 visitor_ctx
.force
= ctx
->force
;
1230 status
= idmap_autorid_iterate_domain_ranges(db
,
1232 idmap_autorid_delete_domain_ranges_visitor
,
1235 if (!NT_STATUS_IS_OK(status
)) {
1241 return NT_STATUS_OK
;
1244 NTSTATUS
idmap_autorid_delete_domain_ranges(struct db_context
*db
,
1250 struct idmap_autorid_delete_domain_ranges_ctx ctx
;
1253 ctx
.domsid
= domsid
;
1256 status
= dbwrap_trans_do(db
, idmap_autorid_delete_domain_ranges_action
,
1258 if (!NT_STATUS_IS_OK(status
)) {
1264 return NT_STATUS_OK
;