2 Unix SMB/CIFS implementation.
4 Copyright (C) Simo Sorce 2003
5 Copyright (C) Jeremy Allison 2006
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.*/
22 #include "winbindd_proto.h"
24 #include "idmap_cache.h"
27 #define DBGC_CLASS DBGC_IDMAP
29 /*****************************************************************
30 Returns the SID mapped to the given UID.
31 If mapping is not possible returns an error.
32 *****************************************************************/
34 NTSTATUS
idmap_uid_to_sid(const char *domname
, struct dom_sid
*sid
, uid_t uid
)
40 DEBUG(10,("idmap_uid_to_sid: uid = [%lu], domain = '%s'\n",
41 (unsigned long)uid
, domname
?domname
:"NULL"));
43 if (winbindd_use_idmap_cache()
44 && idmap_cache_find_uid2sid(uid
, sid
, &expired
)) {
45 DEBUG(10, ("idmap_cache_find_uid2sid found %u%s\n",
47 expired
? " (expired)": ""));
48 if (expired
&& idmap_is_online()) {
49 DEBUG(10, ("revalidating expired entry\n"));
52 if (is_null_sid(sid
)) {
53 DEBUG(10, ("Returning negative cache entry\n"));
54 return NT_STATUS_NONE_MAPPED
;
56 DEBUG(10, ("Returning positive cache entry\n"));
62 map
.xid
.type
= ID_TYPE_UID
;
65 ret
= idmap_backends_unixid_to_sid(domname
, &map
);
66 if ( ! NT_STATUS_IS_OK(ret
)) {
67 DEBUG(10, ("error mapping uid [%lu]\n", (unsigned long)uid
));
71 if (map
.status
!= ID_MAPPED
) {
72 if (winbindd_use_idmap_cache()) {
73 struct dom_sid null_sid
;
74 ZERO_STRUCT(null_sid
);
75 idmap_cache_set_sid2uid(&null_sid
, uid
);
77 DEBUG(10, ("uid [%lu] not mapped\n", (unsigned long)uid
));
78 return NT_STATUS_NONE_MAPPED
;
81 if (winbindd_use_idmap_cache()) {
82 idmap_cache_set_sid2uid(sid
, uid
);
88 /*****************************************************************
89 Returns SID mapped to the given GID.
90 If mapping is not possible returns an error.
91 *****************************************************************/
93 NTSTATUS
idmap_gid_to_sid(const char *domname
, struct dom_sid
*sid
, gid_t gid
)
99 DEBUG(10,("idmap_gid_to_sid: gid = [%lu], domain = '%s'\n",
100 (unsigned long)gid
, domname
?domname
:"NULL"));
102 if (winbindd_use_idmap_cache()
103 && idmap_cache_find_gid2sid(gid
, sid
, &expired
)) {
104 DEBUG(10, ("idmap_cache_find_gid2sid found %u%s\n",
106 expired
? " (expired)": ""));
107 if (expired
&& idmap_is_online()) {
108 DEBUG(10, ("revalidating expired entry\n"));
111 if (is_null_sid(sid
)) {
112 DEBUG(10, ("Returning negative cache entry\n"));
113 return NT_STATUS_NONE_MAPPED
;
115 DEBUG(10, ("Returning positive cache entry\n"));
121 map
.xid
.type
= ID_TYPE_GID
;
124 ret
= idmap_backends_unixid_to_sid(domname
, &map
);
125 if ( ! NT_STATUS_IS_OK(ret
)) {
126 DEBUG(10, ("error mapping gid [%lu]\n", (unsigned long)gid
));
130 if (map
.status
!= ID_MAPPED
) {
131 if (winbindd_use_idmap_cache()) {
132 struct dom_sid null_sid
;
133 ZERO_STRUCT(null_sid
);
134 idmap_cache_set_sid2uid(&null_sid
, gid
);
136 DEBUG(10, ("gid [%lu] not mapped\n", (unsigned long)gid
));
137 return NT_STATUS_NONE_MAPPED
;
140 if (winbindd_use_idmap_cache()) {
141 idmap_cache_set_sid2gid(sid
, gid
);
147 /*****************************************************************
148 Returns the UID mapped to the given SID.
149 If mapping is not possible or SID maps to a GID returns an error.
150 *****************************************************************/
152 NTSTATUS
idmap_sid_to_uid(const char *dom_name
, struct dom_sid
*sid
, uid_t
*uid
)
158 DEBUG(10,("idmap_sid_to_uid: sid = [%s], domain = '%s'\n",
159 sid_string_dbg(sid
), dom_name
));
161 if (winbindd_use_idmap_cache()
162 && idmap_cache_find_sid2uid(sid
, uid
, &expired
)) {
163 DEBUG(10, ("idmap_cache_find_sid2uid found %d%s\n",
164 (int)(*uid
), expired
? " (expired)": ""));
165 if (expired
&& idmap_is_online()) {
166 DEBUG(10, ("revalidating expired entry\n"));
170 DEBUG(10, ("Returning negative cache entry\n"));
171 return NT_STATUS_NONE_MAPPED
;
173 DEBUG(10, ("Returning positive cache entry\n"));
179 map
.xid
.type
= ID_TYPE_UID
;
181 ret
= idmap_backends_sid_to_unixid(dom_name
, &map
);
183 if (!NT_STATUS_IS_OK(ret
)) {
184 DEBUG(10, ("idmap_backends_sid_to_unixid failed: %s\n",
186 if (winbindd_use_idmap_cache()) {
187 idmap_cache_set_sid2uid(sid
, -1);
192 if (map
.status
!= ID_MAPPED
) {
193 DEBUG(10, ("sid [%s] is not mapped\n", sid_string_dbg(sid
)));
194 if (winbindd_use_idmap_cache()) {
195 idmap_cache_set_sid2uid(sid
, -1);
197 return NT_STATUS_NONE_MAPPED
;
200 if (map
.xid
.type
!= ID_TYPE_UID
) {
201 DEBUG(10, ("sid [%s] not mapped to a uid "
207 if (winbindd_use_idmap_cache()) {
208 idmap_cache_set_sid2uid(sid
, -1);
210 return NT_STATUS_NONE_MAPPED
;
213 *uid
= (uid_t
)map
.xid
.id
;
214 if (winbindd_use_idmap_cache()) {
215 idmap_cache_set_sid2uid(sid
, *uid
);
220 /*****************************************************************
221 Returns the GID mapped to the given SID.
222 If mapping is not possible or SID maps to a UID returns an error.
223 *****************************************************************/
225 NTSTATUS
idmap_sid_to_gid(const char *domname
, struct dom_sid
*sid
, gid_t
*gid
)
231 DEBUG(10,("idmap_sid_to_gid: sid = [%s], domain = '%s'\n",
232 sid_string_dbg(sid
), domname
));
234 if (winbindd_use_idmap_cache()
235 && idmap_cache_find_sid2gid(sid
, gid
, &expired
)) {
236 DEBUG(10, ("idmap_cache_find_sid2gid found %d%s\n",
237 (int)(*gid
), expired
? " (expired)": ""));
238 if (expired
&& idmap_is_online()) {
239 DEBUG(10, ("revalidating expired entry\n"));
243 DEBUG(10, ("Returning negative cache entry\n"));
244 return NT_STATUS_NONE_MAPPED
;
246 DEBUG(10, ("Returning positive cache entry\n"));
252 map
.xid
.type
= ID_TYPE_GID
;
254 ret
= idmap_backends_sid_to_unixid(domname
, &map
);
256 if (!NT_STATUS_IS_OK(ret
)) {
257 DEBUG(10, ("idmap_backends_sid_to_unixid failed: %s\n",
259 if (winbindd_use_idmap_cache()) {
260 idmap_cache_set_sid2uid(sid
, -1);
265 if (map
.status
!= ID_MAPPED
) {
266 DEBUG(10, ("sid [%s] is not mapped\n", sid_string_dbg(sid
)));
267 if (winbindd_use_idmap_cache()) {
268 idmap_cache_set_sid2uid(sid
, -1);
270 return NT_STATUS_NONE_MAPPED
;
273 if (map
.xid
.type
!= ID_TYPE_GID
) {
274 DEBUG(10, ("sid [%s] not mapped to a gid "
280 if (winbindd_use_idmap_cache()) {
281 idmap_cache_set_sid2gid(sid
, -1);
283 return NT_STATUS_NONE_MAPPED
;
287 if (winbindd_use_idmap_cache()) {
288 idmap_cache_set_sid2gid(sid
, *gid
);
294 * check whether a given unix id is inside the filter range of an idmap domain
296 bool idmap_unix_id_is_in_range(uint32_t id
, struct idmap_domain
*dom
)
299 /* 0 is not an allowed unix id for id mapping */
303 if ((dom
->low_id
&& (id
< dom
->low_id
)) ||
304 (dom
->high_id
&& (id
> dom
->high_id
)))