search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: Remove smbd_server_conn from smb1 receive_unlock_msg
[Samba.git] / source3 / winbindd / idmap_util.c
blobd743f8ce23f014f32594dda464c301f1bc27cb92
1 /*
2 Unix SMB/CIFS implementation.
3 ID Mapping
4 Copyright (C) Simo Sorce 2003
5 Copyright (C) Jeremy Allison 2006
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.*/
19
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "winbindd_proto.h"
23 #include "idmap.h"
24 #include "idmap_cache.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_IDMAP
28
29 /*****************************************************************
30 Returns the SID mapped to the given UID.
31 If mapping is not possible returns an error.
32 *****************************************************************/
33
34 NTSTATUS idmap_uid_to_sid(const char *domname, struct dom_sid *sid, uid_t uid)
35 {
36 NTSTATUS ret;
37 struct id_map map;
38 bool expired;
39
40 DEBUG(10,("idmap_uid_to_sid: uid = [%lu], domain = '%s'\n",
41 (unsigned long)uid, domname?domname:"NULL"));
42
43 if (winbindd_use_idmap_cache()
44 && idmap_cache_find_uid2sid(uid, sid, &expired)) {
45 DEBUG(10, ("idmap_cache_find_uid2sid found %u%s\n",
46 (unsigned int)uid,
47 expired ? " (expired)": ""));
48 if (expired && idmap_is_online()) {
49 DEBUG(10, ("revalidating expired entry\n"));
50 goto backend;
51 }
52 if (is_null_sid(sid)) {
53 DEBUG(10, ("Returning negative cache entry\n"));
54 return NT_STATUS_NONE_MAPPED;
55 }
56 DEBUG(10, ("Returning positive cache entry\n"));
57 return NT_STATUS_OK;
58 }
59
60 backend:
61 map.sid = sid;
62 map.xid.type = ID_TYPE_UID;
63 map.xid.id = uid;
64
65 ret = idmap_backends_unixid_to_sid(domname, &map);
66 if ( ! NT_STATUS_IS_OK(ret)) {
67 DEBUG(10, ("error mapping uid [%lu]\n", (unsigned long)uid));
68 return ret;
69 }
70
71 if (map.status != ID_MAPPED) {
72 if (winbindd_use_idmap_cache()) {
73 struct dom_sid null_sid;
74 ZERO_STRUCT(null_sid);
75 idmap_cache_set_sid2uid(&null_sid, uid);
76 }
77 DEBUG(10, ("uid [%lu] not mapped\n", (unsigned long)uid));
78 return NT_STATUS_NONE_MAPPED;
79 }
80
81 if (winbindd_use_idmap_cache()) {
82 idmap_cache_set_sid2uid(sid, uid);
83 }
84
85 return NT_STATUS_OK;
86 }
87
88 /*****************************************************************
89 Returns SID mapped to the given GID.
90 If mapping is not possible returns an error.
91 *****************************************************************/
92
93 NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid)
94 {
95 NTSTATUS ret;
96 struct id_map map;
97 bool expired;
98
99 DEBUG(10,("idmap_gid_to_sid: gid = [%lu], domain = '%s'\n",
100 (unsigned long)gid, domname?domname:"NULL"));
101
102 if (winbindd_use_idmap_cache()
103 && idmap_cache_find_gid2sid(gid, sid, &expired)) {
104 DEBUG(10, ("idmap_cache_find_gid2sid found %u%s\n",
105 (unsigned int)gid,
106 expired ? " (expired)": ""));
107 if (expired && idmap_is_online()) {
108 DEBUG(10, ("revalidating expired entry\n"));
109 goto backend;
110 }
111 if (is_null_sid(sid)) {
112 DEBUG(10, ("Returning negative cache entry\n"));
113 return NT_STATUS_NONE_MAPPED;
114 }
115 DEBUG(10, ("Returning positive cache entry\n"));
116 return NT_STATUS_OK;
117 }
118
119 backend:
120 map.sid = sid;
121 map.xid.type = ID_TYPE_GID;
122 map.xid.id = gid;
123
124 ret = idmap_backends_unixid_to_sid(domname, &map);
125 if ( ! NT_STATUS_IS_OK(ret)) {
126 DEBUG(10, ("error mapping gid [%lu]\n", (unsigned long)gid));
127 return ret;
128 }
129
130 if (map.status != ID_MAPPED) {
131 if (winbindd_use_idmap_cache()) {
132 struct dom_sid null_sid;
133 ZERO_STRUCT(null_sid);
134 idmap_cache_set_sid2uid(&null_sid, gid);
135 }
136 DEBUG(10, ("gid [%lu] not mapped\n", (unsigned long)gid));
137 return NT_STATUS_NONE_MAPPED;
138 }
139
140 if (winbindd_use_idmap_cache()) {
141 idmap_cache_set_sid2gid(sid, gid);
142 }
143
144 return NT_STATUS_OK;
145 }
146
147 /*****************************************************************
148 Returns the UID mapped to the given SID.
149 If mapping is not possible or SID maps to a GID returns an error.
150 *****************************************************************/
151
152 NTSTATUS idmap_sid_to_uid(const char *dom_name, struct dom_sid *sid, uid_t *uid)
153 {
154 NTSTATUS ret;
155 struct id_map map;
156 bool expired;
157
158 DEBUG(10,("idmap_sid_to_uid: sid = [%s], domain = '%s'\n",
159 sid_string_dbg(sid), dom_name));
160
161 if (winbindd_use_idmap_cache()
162 && idmap_cache_find_sid2uid(sid, uid, &expired)) {
163 DEBUG(10, ("idmap_cache_find_sid2uid found %d%s\n",
164 (int)(*uid), expired ? " (expired)": ""));
165 if (expired && idmap_is_online()) {
166 DEBUG(10, ("revalidating expired entry\n"));
167 goto backend;
168 }
169 if ((*uid) == -1) {
170 DEBUG(10, ("Returning negative cache entry\n"));
171 return NT_STATUS_NONE_MAPPED;
172 }
173 DEBUG(10, ("Returning positive cache entry\n"));
174 return NT_STATUS_OK;
175 }
176
177 backend:
178 map.sid = sid;
179 map.xid.type = ID_TYPE_UID;
180
181 ret = idmap_backends_sid_to_unixid(dom_name, &map);
182
183 if (!NT_STATUS_IS_OK(ret)) {
184 DEBUG(10, ("idmap_backends_sid_to_unixid failed: %s\n",
185 nt_errstr(ret)));
186 if (winbindd_use_idmap_cache()) {
187 idmap_cache_set_sid2uid(sid, -1);
188 }
189 return ret;
190 }
191
192 if (map.status != ID_MAPPED) {
193 DEBUG(10, ("sid [%s] is not mapped\n", sid_string_dbg(sid)));
194 if (winbindd_use_idmap_cache()) {
195 idmap_cache_set_sid2uid(sid, -1);
196 }
197 return NT_STATUS_NONE_MAPPED;
198 }
199
200 if (map.xid.type != ID_TYPE_UID) {
201 DEBUG(10, ("sid [%s] not mapped to a uid "
202 "[%u,%u,%u]\n",
203 sid_string_dbg(sid),
204 map.status,
205 map.xid.type,
206 map.xid.id));
207 if (winbindd_use_idmap_cache()) {
208 idmap_cache_set_sid2uid(sid, -1);
209 }
210 return NT_STATUS_NONE_MAPPED;
211 }
212
213 *uid = (uid_t)map.xid.id;
214 if (winbindd_use_idmap_cache()) {
215 idmap_cache_set_sid2uid(sid, *uid);
216 }
217 return NT_STATUS_OK;
218 }
219
220 /*****************************************************************
221 Returns the GID mapped to the given SID.
222 If mapping is not possible or SID maps to a UID returns an error.
223 *****************************************************************/
224
225 NTSTATUS idmap_sid_to_gid(const char *domname, struct dom_sid *sid, gid_t *gid)
226 {
227 NTSTATUS ret;
228 struct id_map map;
229 bool expired;
230
231 DEBUG(10,("idmap_sid_to_gid: sid = [%s], domain = '%s'\n",
232 sid_string_dbg(sid), domname));
233
234 if (winbindd_use_idmap_cache()
235 && idmap_cache_find_sid2gid(sid, gid, &expired)) {
236 DEBUG(10, ("idmap_cache_find_sid2gid found %d%s\n",
237 (int)(*gid), expired ? " (expired)": ""));
238 if (expired && idmap_is_online()) {
239 DEBUG(10, ("revalidating expired entry\n"));
240 goto backend;
241 }
242 if ((*gid) == -1) {
243 DEBUG(10, ("Returning negative cache entry\n"));
244 return NT_STATUS_NONE_MAPPED;
245 }
246 DEBUG(10, ("Returning positive cache entry\n"));
247 return NT_STATUS_OK;
248 }
249
250 backend:
251 map.sid = sid;
252 map.xid.type = ID_TYPE_GID;
253
254 ret = idmap_backends_sid_to_unixid(domname, &map);
255
256 if (!NT_STATUS_IS_OK(ret)) {
257 DEBUG(10, ("idmap_backends_sid_to_unixid failed: %s\n",
258 nt_errstr(ret)));
259 if (winbindd_use_idmap_cache()) {
260 idmap_cache_set_sid2uid(sid, -1);
261 }
262 return ret;
263 }
264
265 if (map.status != ID_MAPPED) {
266 DEBUG(10, ("sid [%s] is not mapped\n", sid_string_dbg(sid)));
267 if (winbindd_use_idmap_cache()) {
268 idmap_cache_set_sid2uid(sid, -1);
269 }
270 return NT_STATUS_NONE_MAPPED;
271 }
272
273 if (map.xid.type != ID_TYPE_GID) {
274 DEBUG(10, ("sid [%s] not mapped to a gid "
275 "[%u,%u,%u]\n",
276 sid_string_dbg(sid),
277 map.status,
278 map.xid.type,
279 map.xid.id));
280 if (winbindd_use_idmap_cache()) {
281 idmap_cache_set_sid2gid(sid, -1);
282 }
283 return NT_STATUS_NONE_MAPPED;
284 }
285
286 *gid = map.xid.id;
287 if (winbindd_use_idmap_cache()) {
288 idmap_cache_set_sid2gid(sid, *gid);
289 }
290 return NT_STATUS_OK;
291 }
292
293 /**
294 * check whether a given unix id is inside the filter range of an idmap domain
295 */
296 bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom)
297 {
298 if (id == 0) {
299 /* 0 is not an allowed unix id for id mapping */
300 return false;
301 }
302
303 if ((dom->low_id && (id < dom->low_id)) ||
304 (dom->high_id && (id > dom->high_id)))
305 {
306 return false;
307 }
308
309 return true;
310 }
Samba GIT mirror