search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lib:socket: add linkspeed, capability and if_index to iface_struct
[Samba.git] / source3 / winbindd / idmap_autorid_tdb.c
blob89c3ad7b9a305063849c3b16e23b2ec10f241c09
1 /*
2 * idmap_autorid_tdb: This file contains common code used by
3 * idmap_autorid and net idmap autorid utilities. The common
4 * code provides functions for performing various operations
5 * on autorid.tdb
6 *
7 * Copyright (C) Christian Ambach, 2010-2012
8 * Copyright (C) Atul Kulkarni, 2013
9 * Copyright (C) Michael Adam, 2012-2013
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 *
24 */
25
26 #include "idmap_autorid_tdb.h"
27 #include "../libcli/security/dom_sid.h"
28
29 /**
30 * Build the database keystring for getting a range
31 * belonging to a domain sid and a range index.
32 */
33 static void idmap_autorid_build_keystr(const char *domsid,
34 uint32_t domain_range_index,
35 fstring keystr)
36 {
37 if (domain_range_index > 0) {
38 fstr_sprintf(keystr, "%s#%"PRIu32,
39 domsid, domain_range_index);
40 } else {
41 fstrcpy(keystr, domsid);
42 }
43 }
44
45 static char *idmap_autorid_build_keystr_talloc(TALLOC_CTX *mem_ctx,
46 const char *domsid,
47 uint32_t domain_range_index)
48 {
49 char *keystr;
50
51 if (domain_range_index > 0) {
52 keystr = talloc_asprintf(mem_ctx, "%s#%"PRIu32, domsid,
53 domain_range_index);
54 } else {
55 keystr = talloc_strdup(mem_ctx, domsid);
56 }
57
58 return keystr;
59 }
60
61
62 static bool idmap_autorid_validate_sid(const char *sid)
63 {
64 struct dom_sid ignore;
65 if (sid == NULL) {
66 return false;
67 }
68
69 if (strcmp(sid, ALLOC_RANGE) == 0) {
70 return true;
71 }
72
73 return dom_sid_parse(sid, &ignore);
74 }
75
76 struct idmap_autorid_addrange_ctx {
77 struct autorid_range_config *range;
78 bool acquire;
79 };
80
81 static NTSTATUS idmap_autorid_addrange_action(struct db_context *db,
82 void *private_data)
83 {
84 struct idmap_autorid_addrange_ctx *ctx;
85 uint32_t requested_rangenum, stored_rangenum;
86 struct autorid_range_config *range;
87 bool acquire;
88 NTSTATUS ret;
89 uint32_t hwm;
90 char *numstr;
91 struct autorid_global_config *globalcfg;
92 fstring keystr;
93 uint32_t increment;
94 TALLOC_CTX *mem_ctx = NULL;
95
96 ctx = (struct idmap_autorid_addrange_ctx *)private_data;
97 range = ctx->range;
98 acquire = ctx->acquire;
99 requested_rangenum = range->rangenum;
100
101 if (db == NULL) {
102 DEBUG(3, ("Invalid database argument: NULL"));
103 return NT_STATUS_INVALID_PARAMETER;
104 }
105
106 if (range == NULL) {
107 DEBUG(3, ("Invalid range argument: NULL"));
108 return NT_STATUS_INVALID_PARAMETER;
109 }
110
111 DEBUG(10, ("Adding new range for domain %s "
112 "(domain_range_index=%"PRIu32")\n",
113 range->domsid, range->domain_range_index));
114
115 if (!idmap_autorid_validate_sid(range->domsid)) {
116 DEBUG(3, ("Invalid SID: %s\n", range->domsid));
117 return NT_STATUS_INVALID_PARAMETER;
118 }
119
120 idmap_autorid_build_keystr(range->domsid, range->domain_range_index,
121 keystr);
122
123 ret = dbwrap_fetch_uint32_bystring(db, keystr, &stored_rangenum);
124
125 if (NT_STATUS_IS_OK(ret)) {
126 /* entry is already present*/
127 if (acquire) {
128 DEBUG(10, ("domain range already allocated - "
129 "Not adding!\n"));
130 return NT_STATUS_OK;
131 }
132
133 if (stored_rangenum != requested_rangenum) {
134 DEBUG(1, ("Error: requested rangenumber (%u) differs "
135 "from stored one (%u).\n",
136 requested_rangenum, stored_rangenum));
137 return NT_STATUS_UNSUCCESSFUL;
138 }
139
140 DEBUG(10, ("Note: stored range agrees with requested "
141 "one - ok\n"));
142 return NT_STATUS_OK;
143 }
144
145 /* fetch the current HWM */
146 ret = dbwrap_fetch_uint32_bystring(db, HWM, &hwm);
147 if (!NT_STATUS_IS_OK(ret)) {
148 DEBUG(1, ("Fatal error while fetching current "
149 "HWM value: %s\n", nt_errstr(ret)));
150 return NT_STATUS_INTERNAL_ERROR;
151 }
152
153 mem_ctx = talloc_stackframe();
154
155 ret = idmap_autorid_loadconfig(db, mem_ctx, &globalcfg);
156 if (!NT_STATUS_IS_OK(ret)) {
157 DEBUG(1, ("Fatal error while fetching configuration: %s\n",
158 nt_errstr(ret)));
159 goto error;
160 }
161
162 if (acquire) {
163 /*
164 * automatically acquire the next range
165 */
166 requested_rangenum = hwm;
167 }
168
169 if (requested_rangenum >= globalcfg->maxranges) {
170 DEBUG(1, ("Not enough ranges available: New range %u must be "
171 "smaller than configured maximum number of ranges "
172 "(%u).\n",
173 requested_rangenum, globalcfg->maxranges));
174 ret = NT_STATUS_NO_MEMORY;
175 goto error;
176 }
177
178 /*
179 * Check that it is not yet taken.
180 * If the range is requested and < HWM, we need
181 * to check anyways, and otherwise, we also better
182 * check in order to prevent further corruption
183 * in case the db has been externally modified.
184 */
185
186 numstr = talloc_asprintf(mem_ctx, "%u", requested_rangenum);
187 if (!numstr) {
188 DEBUG(1, ("Talloc failed!\n"));
189 ret = NT_STATUS_NO_MEMORY;
190 goto error;
191 }
192
193 if (dbwrap_exists(db, string_term_tdb_data(numstr))) {
194 DEBUG(1, ("Requested range '%s' is already in use.\n", numstr));
195
196 if (requested_rangenum < hwm) {
197 ret = NT_STATUS_INVALID_PARAMETER;
198 } else {
199 ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
200 }
201
202 goto error;
203 }
204
205 if (requested_rangenum >= hwm) {
206 /*
207 * requested or automatic range >= HWM:
208 * increment the HWM.
209 */
210
211 /* HWM always contains current max range + 1 */
212 increment = requested_rangenum + 1 - hwm;
213
214 /* increase the HWM */
215 ret = dbwrap_change_uint32_atomic_bystring(db, HWM, &hwm,
216 increment);
217 if (!NT_STATUS_IS_OK(ret)) {
218 DEBUG(1, ("Fatal error while incrementing the HWM "
219 "value in the database: %s\n",
220 nt_errstr(ret)));
221 goto error;
222 }
223 }
224
225 /*
226 * store away the new mapping in both directions
227 */
228
229 ret = dbwrap_store_uint32_bystring(db, keystr, requested_rangenum);
230 if (!NT_STATUS_IS_OK(ret)) {
231 DEBUG(1, ("Fatal error while storing new "
232 "domain->range assignment: %s\n", nt_errstr(ret)));
233 goto error;
234 }
235
236 numstr = talloc_asprintf(mem_ctx, "%u", requested_rangenum);
237 if (!numstr) {
238 ret = NT_STATUS_NO_MEMORY;
239 goto error;
240 }
241
242 ret = dbwrap_store_bystring(db, numstr,
243 string_term_tdb_data(keystr), TDB_INSERT);
244
245 if (!NT_STATUS_IS_OK(ret)) {
246 DEBUG(1, ("Fatal error while storing new "
247 "domain->range assignment: %s\n", nt_errstr(ret)));
248 goto error;
249 }
250
251 DEBUG(5, ("%s new range #%d for domain %s "
252 "(domain_range_index=%"PRIu32")\n",
253 (acquire?"Acquired":"Stored"),
254 requested_rangenum, keystr,
255 range->domain_range_index));
256
257 range->rangenum = requested_rangenum;
258
259 range->low_id = globalcfg->minvalue
260 + range->rangenum * globalcfg->rangesize;
261 range->high_id = range->low_id + globalcfg->rangesize - 1;
262
263 ret = NT_STATUS_OK;
264
265 error:
266 talloc_free(mem_ctx);
267 return ret;
268 }
269
270 static NTSTATUS idmap_autorid_addrange(struct db_context *db,
271 struct autorid_range_config *range,
272 bool acquire)
273 {
274 NTSTATUS status;
275 struct idmap_autorid_addrange_ctx ctx;
276
277 ctx.acquire = acquire;
278 ctx.range = range;
279
280 status = dbwrap_trans_do(db, idmap_autorid_addrange_action, &ctx);
281 return status;
282 }
283
284 NTSTATUS idmap_autorid_setrange(struct db_context *db,
285 const char *domsid,
286 uint32_t domain_range_index,
287 uint32_t rangenum)
288 {
289 NTSTATUS status;
290 struct autorid_range_config range;
291
292 ZERO_STRUCT(range);
293 fstrcpy(range.domsid, domsid);
294 range.domain_range_index = domain_range_index;
295 range.rangenum = rangenum;
296
297 status = idmap_autorid_addrange(db, &range, false);
298 return status;
299 }
300
301 static NTSTATUS idmap_autorid_acquire_range(struct db_context *db,
302 struct autorid_range_config *range)
303 {
304 return idmap_autorid_addrange(db, range, true);
305 }
306
307 static NTSTATUS idmap_autorid_getrange_int(struct db_context *db,
308 struct autorid_range_config *range)
309 {
310 NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
311 struct autorid_global_config *globalcfg = NULL;
312 fstring keystr;
313
314 if (db == NULL || range == NULL) {
315 DEBUG(3, ("Invalid arguments received\n"));
316 goto done;
317 }
318
319 if (!idmap_autorid_validate_sid(range->domsid)) {
320 DEBUG(3, ("Invalid SID: '%s'\n", range->domsid));
321 status = NT_STATUS_INVALID_PARAMETER;
322 goto done;
323 }
324
325 idmap_autorid_build_keystr(range->domsid, range->domain_range_index,
326 keystr);
327
328 DEBUG(10, ("reading domain range for key %s\n", keystr));
329 status = dbwrap_fetch_uint32_bystring(db, keystr, &(range->rangenum));
330 if (!NT_STATUS_IS_OK(status)) {
331 DEBUG(1, ("Failed to read database record for key '%s': %s\n",
332 keystr, nt_errstr(status)));
333 goto done;
334 }
335
336 status = idmap_autorid_loadconfig(db, talloc_tos(), &globalcfg);
337 if (!NT_STATUS_IS_OK(status)) {
338 DEBUG(1, ("Failed to read global configuration"));
339 goto done;
340 }
341 range->low_id = globalcfg->minvalue
342 + range->rangenum * globalcfg->rangesize;
343 range->high_id = range->low_id + globalcfg->rangesize - 1;
344
345 TALLOC_FREE(globalcfg);
346 done:
347 return status;
348 }
349
350 NTSTATUS idmap_autorid_getrange(struct db_context *db,
351 const char *domsid,
352 uint32_t domain_range_index,
353 uint32_t *rangenum,
354 uint32_t *low_id)
355 {
356 NTSTATUS status;
357 struct autorid_range_config range;
358
359 if (rangenum == NULL) {
360 return NT_STATUS_INVALID_PARAMETER;
361 }
362
363 ZERO_STRUCT(range);
364 fstrcpy(range.domsid, domsid);
365 range.domain_range_index = domain_range_index;
366
367 status = idmap_autorid_getrange_int(db, &range);
368 if (!NT_STATUS_IS_OK(status)) {
369 return status;
370 }
371
372 *rangenum = range.rangenum;
373
374 if (low_id != NULL) {
375 *low_id = range.low_id;
376 }
377
378 return NT_STATUS_OK;
379 }
380
381 NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
382 struct autorid_range_config *range,
383 bool read_only)
384 {
385 NTSTATUS ret;
386
387 ret = idmap_autorid_getrange_int(db, range);
388 if (!NT_STATUS_IS_OK(ret)) {
389 DEBUG(10, ("Failed to read range config for '%s': %s\n",
390 range->domsid, nt_errstr(ret)));
391 if (read_only) {
392 DEBUG(10, ("Not allocating new range for '%s' because "
393 "read-only is enabled.\n", range->domsid));
394 return NT_STATUS_NOT_FOUND;
395 }
396
397 ret = idmap_autorid_acquire_range(db, range);
398 }
399
400 DEBUG(10, ("Using range #%d for domain %s "
401 "(domain_range_index=%"PRIu32", low_id=%"PRIu32")\n",
402 range->rangenum, range->domsid, range->domain_range_index,
403 range->low_id));
404
405 return ret;
406 }
407
408 /* initialize the given HWM to 0 if it does not exist yet */
409 static NTSTATUS idmap_autorid_init_hwm_action(struct db_context *db,
410 void *private_data)
411 {
412 NTSTATUS status;
413 uint32_t hwmval;
414 const char *hwm;
415
416 hwm = (char *)private_data;
417
418 status = dbwrap_fetch_uint32_bystring(db, hwm, &hwmval);
419 if (NT_STATUS_IS_OK(status)) {
420 DEBUG(1, ("HWM (%s) already initialized in autorid database "
421 "(value %"PRIu32").\n", hwm, hwmval));
422 return NT_STATUS_OK;
423 }
424 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
425 DEBUG(0, ("Error fetching HWM (%s) from autorid "
426 "database: %s\n", hwm, nt_errstr(status)));
427 return status;
428 }
429
430 status = dbwrap_trans_store_uint32_bystring(db, hwm, 0);
431 if (!NT_STATUS_IS_OK(status)) {
432 DEBUG(0, ("Error storing HWM (%s) in autorid database: %s\n",
433 hwm, nt_errstr(status)));
434 return status;
435 }
436
437 return NT_STATUS_OK;
438 }
439
440 NTSTATUS idmap_autorid_init_hwm(struct db_context *db, const char *hwm)
441 {
442 NTSTATUS status;
443 uint32_t hwmval;
444
445 status = dbwrap_fetch_uint32_bystring(db, hwm, &hwmval);
446 if (NT_STATUS_IS_OK(status)) {
447 DEBUG(1, ("HWM (%s) already initialized in autorid database "
448 "(value %"PRIu32").\n", hwm, hwmval));
449 return NT_STATUS_OK;
450 }
451 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
452 DEBUG(0, ("unable to fetch HWM (%s) from autorid "
453 "database: %s\n", hwm, nt_errstr(status)));
454 return status;
455 }
456
457 status = dbwrap_trans_do(db, idmap_autorid_init_hwm_action,
458 discard_const(hwm));
459 if (!NT_STATUS_IS_OK(status)) {
460 DEBUG(0, ("Error initializing HWM (%s) in autorid database: "
461 "%s\n", hwm, nt_errstr(status)));
462 return NT_STATUS_INTERNAL_DB_ERROR;
463 }
464
465 DEBUG(1, ("Initialized HWM (%s) in autorid database.\n", hwm));
466
467 return NT_STATUS_OK;
468 }
469
470 /*
471 * Delete a domain#index <-> range mapping from the database.
472 * The mapping is specified by the sid and index.
473 * If force == true, invalid mapping records are deleted as far
474 * as possible, otherwise they are left untouched.
475 */
476
477 struct idmap_autorid_delete_range_by_sid_ctx {
478 const char *domsid;
479 uint32_t domain_range_index;
480 bool force;
481 };
482
483 static NTSTATUS idmap_autorid_delete_range_by_sid_action(struct db_context *db,
484 void *private_data)
485 {
486 struct idmap_autorid_delete_range_by_sid_ctx *ctx =
487 (struct idmap_autorid_delete_range_by_sid_ctx *)private_data;
488 const char *domsid;
489 uint32_t domain_range_index;
490 uint32_t rangenum;
491 char *keystr;
492 char *range_keystr;
493 TDB_DATA data;
494 NTSTATUS status;
495 TALLOC_CTX *frame = talloc_stackframe();
496 bool is_valid_range_mapping = true;
497 bool force;
498
499 domsid = ctx->domsid;
500 domain_range_index = ctx->domain_range_index;
501 force = ctx->force;
502
503 keystr = idmap_autorid_build_keystr_talloc(frame, domsid,
504 domain_range_index);
505 if (keystr == NULL) {
506 status = NT_STATUS_NO_MEMORY;
507 goto done;
508 }
509
510 status = dbwrap_fetch_uint32_bystring(db, keystr, &rangenum);
511 if (!NT_STATUS_IS_OK(status)) {
512 goto done;
513 }
514
515 range_keystr = talloc_asprintf(frame, "%"PRIu32, rangenum);
516 if (range_keystr == NULL) {
517 status = NT_STATUS_NO_MEMORY;
518 goto done;
519 }
520
521 status = dbwrap_fetch_bystring(db, frame, range_keystr, &data);
522 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
523 DEBUG(1, ("Incomplete mapping %s -> %s: no backward mapping\n",
524 keystr, range_keystr));
525 is_valid_range_mapping = false;
526 } else if (!NT_STATUS_IS_OK(status)) {
527 DEBUG(1, ("Error fetching reverse mapping for %s -> %s: %s\n",
528 keystr, range_keystr, nt_errstr(status)));
529 goto done;
530 } else if (strncmp((const char *)data.dptr, keystr, strlen(keystr))
531 != 0)
532 {
533 DEBUG(1, ("Invalid mapping: %s -> %s -> %s\n",
534 keystr, range_keystr, (const char *)data.dptr));
535 is_valid_range_mapping = false;
536 }
537
538 if (!is_valid_range_mapping && !force) {
539 DEBUG(10, ("Not deleting invalid mapping, since not in force "
540 "mode.\n"));
541 status = NT_STATUS_FILE_INVALID;
542 goto done;
543 }
544
545 status = dbwrap_delete_bystring(db, keystr);
546 if (!NT_STATUS_IS_OK(status)) {
547 DEBUG(1, ("Deletion of '%s' failed: %s\n",
548 keystr, nt_errstr(status)));
549 goto done;
550 }
551
552 if (!is_valid_range_mapping) {
553 goto done;
554 }
555
556 status = dbwrap_delete_bystring(db, range_keystr);
557 if (!NT_STATUS_IS_OK(status)) {
558 DEBUG(1, ("Deletion of '%s' failed: %s\n",
559 range_keystr, nt_errstr(status)));
560 goto done;
561 }
562
563 DEBUG(10, ("Deleted range mapping %s <--> %s\n", keystr,
564 range_keystr));
565
566 done:
567 TALLOC_FREE(frame);
568 return status;
569 }
570
571 NTSTATUS idmap_autorid_delete_range_by_sid(struct db_context *db,
572 const char *domsid,
573 uint32_t domain_range_index,
574 bool force)
575 {
576 NTSTATUS status;
577 struct idmap_autorid_delete_range_by_sid_ctx ctx;
578
579 ctx.domain_range_index = domain_range_index;
580 ctx.domsid = domsid;
581 ctx.force = force;
582
583 status = dbwrap_trans_do(db, idmap_autorid_delete_range_by_sid_action,
584 &ctx);
585 return status;
586 }
587
588 /*
589 * Delete a domain#index <-> range mapping from the database.
590 * The mapping is specified by the range number.
591 * If force == true, invalid mapping records are deleted as far
592 * as possible, otherwise they are left untouched.
593 */
594 struct idmap_autorid_delete_range_by_num_ctx {
595 uint32_t rangenum;
596 bool force;
597 };
598
599 static NTSTATUS idmap_autorid_delete_range_by_num_action(struct db_context *db,
600 void *private_data)
601 {
602 struct idmap_autorid_delete_range_by_num_ctx *ctx =
603 (struct idmap_autorid_delete_range_by_num_ctx *)private_data;
604 uint32_t rangenum;
605 char *keystr;
606 char *range_keystr;
607 TDB_DATA val;
608 NTSTATUS status;
609 TALLOC_CTX *frame = talloc_stackframe();
610 bool is_valid_range_mapping = true;
611 bool force;
612
613 rangenum = ctx->rangenum;
614 force = ctx->force;
615
616 range_keystr = talloc_asprintf(frame, "%"PRIu32, rangenum);
617 if (range_keystr == NULL) {
618 status = NT_STATUS_NO_MEMORY;
619 goto done;
620 }
621
622 ZERO_STRUCT(val);
623
624 status = dbwrap_fetch_bystring(db, frame, range_keystr, &val);
625 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
626 DEBUG(10, ("Did not find range '%s' in database.\n",
627 range_keystr));
628 goto done;
629 } else if (!NT_STATUS_IS_OK(status)) {
630 DEBUG(5, ("Error fetching rang key: %s\n", nt_errstr(status)));
631 goto done;
632 }
633
634 if (val.dptr == NULL) {
635 DEBUG(1, ("Invalid mapping: %s -> empty value\n",
636 range_keystr));
637 is_valid_range_mapping = false;
638 } else {
639 uint32_t reverse_rangenum = 0;
640
641 keystr = (char *)val.dptr;
642
643 status = dbwrap_fetch_uint32_bystring(db, keystr,
644 &reverse_rangenum);
645 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
646 DEBUG(1, ("Incomplete mapping %s -> %s: "
647 "no backward mapping\n",
648 range_keystr, keystr));
649 is_valid_range_mapping = false;
650 } else if (!NT_STATUS_IS_OK(status)) {
651 DEBUG(1, ("Error fetching reverse mapping for "
652 "%s -> %s: %s\n",
653 range_keystr, keystr, nt_errstr(status)));
654 goto done;
655 } else if (rangenum != reverse_rangenum) {
656 is_valid_range_mapping = false;
657 }
658 }
659
660 if (!is_valid_range_mapping && !force) {
661 DEBUG(10, ("Not deleting invalid mapping, since not in force "
662 "mode.\n"));
663 status = NT_STATUS_FILE_INVALID;
664 goto done;
665 }
666
667 status = dbwrap_delete_bystring(db, range_keystr);
668 if (!NT_STATUS_IS_OK(status)) {
669 DEBUG(1, ("Deletion of '%s' failed: %s\n",
670 range_keystr, nt_errstr(status)));
671 goto done;
672 }
673
674 if (!is_valid_range_mapping) {
675 goto done;
676 }
677
678 status = dbwrap_delete_bystring(db, keystr);
679 if (!NT_STATUS_IS_OK(status)) {
680 DEBUG(1, ("Deletion of '%s' failed: %s\n",
681 keystr, nt_errstr(status)));
682 goto done;
683 }
684
685 DEBUG(10, ("Deleted range mapping %s <--> %s\n", range_keystr,
686 keystr));
687
688 done:
689 talloc_free(frame);
690 return status;
691 }
692
693 NTSTATUS idmap_autorid_delete_range_by_num(struct db_context *db,
694 uint32_t rangenum,
695 bool force)
696 {
697 NTSTATUS status;
698 struct idmap_autorid_delete_range_by_num_ctx ctx;
699
700 ctx.rangenum = rangenum;
701 ctx.force = force;
702
703 status = dbwrap_trans_do(db, idmap_autorid_delete_range_by_num_action,
704 &ctx);
705 return status;
706 }
707
708 /**
709 * Open and possibly create the database.
710 */
711 NTSTATUS idmap_autorid_db_open(const char *path,
712 TALLOC_CTX *mem_ctx,
713 struct db_context **db)
714 {
715 if (*db != NULL) {
716 /* its already open */
717 return NT_STATUS_OK;
718 }
719
720 /* Open idmap repository */
721 *db = db_open(mem_ctx, path, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0644,
722 DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
723
724 if (*db == NULL) {
725 DEBUG(0, ("Unable to open idmap_autorid database '%s'\n", path));
726 return NT_STATUS_UNSUCCESSFUL;
727 }
728
729 return NT_STATUS_OK;
730 }
731
732 /**
733 * Initialize the high watermark records in the database.
734 */
735 NTSTATUS idmap_autorid_init_hwms(struct db_context *db)
736 {
737 NTSTATUS status;
738
739 status = idmap_autorid_init_hwm(db, HWM);
740 if (!NT_STATUS_IS_OK(status)) {
741 return status;
742 }
743
744 status = idmap_autorid_init_hwm(db, ALLOC_HWM_UID);
745 if (!NT_STATUS_IS_OK(status)) {
746 return status;
747 }
748
749 status = idmap_autorid_init_hwm(db, ALLOC_HWM_GID);
750
751 return status;
752 }
753
754 NTSTATUS idmap_autorid_db_init(const char *path,
755 TALLOC_CTX *mem_ctx,
756 struct db_context **db)
757 {
758 NTSTATUS status;
759
760 status = idmap_autorid_db_open(path, mem_ctx, db);
761 if (!NT_STATUS_IS_OK(status)) {
762 return status;
763 }
764
765 status = idmap_autorid_init_hwms(*db);
766 return status;
767 }
768
769
770
771 struct idmap_autorid_fetch_config_state {
772 TALLOC_CTX *mem_ctx;
773 char *configstr;
774 };
775
776 static void idmap_autorid_config_parser(TDB_DATA key, TDB_DATA value,
777 void *private_data)
778 {
779 struct idmap_autorid_fetch_config_state *state;
780
781 state = (struct idmap_autorid_fetch_config_state *)private_data;
782
783 /*
784 * strndup because we have non-nullterminated strings in the db
785 */
786 state->configstr = talloc_strndup(
787 state->mem_ctx, (const char *)value.dptr, value.dsize);
788 }
789
790 NTSTATUS idmap_autorid_getconfigstr(struct db_context *db, TALLOC_CTX *mem_ctx,
791 char **result)
792 {
793 TDB_DATA key;
794 NTSTATUS status;
795 struct idmap_autorid_fetch_config_state state;
796
797 if (result == NULL) {
798 return NT_STATUS_INVALID_PARAMETER;
799 }
800
801 key = string_term_tdb_data(CONFIGKEY);
802
803 state.mem_ctx = mem_ctx;
804 state.configstr = NULL;
805
806 status = dbwrap_parse_record(db, key, idmap_autorid_config_parser,
807 &state);
808 if (!NT_STATUS_IS_OK(status)) {
809 DEBUG(1, ("Error while retrieving config: %s\n",
810 nt_errstr(status)));
811 return status;
812 }
813
814 if (state.configstr == NULL) {
815 DEBUG(1, ("Error while retrieving config\n"));
816 return NT_STATUS_NO_MEMORY;
817 }
818
819 DEBUG(5, ("found CONFIG: %s\n", state.configstr));
820
821 *result = state.configstr;
822 return NT_STATUS_OK;
823 }
824
825 bool idmap_autorid_parse_configstr(const char *configstr,
826 struct autorid_global_config *cfg)
827 {
828 unsigned long minvalue, rangesize, maxranges;
829
830 if (sscanf(configstr,
831 "minvalue:%lu rangesize:%lu maxranges:%lu",
832 &minvalue, &rangesize, &maxranges) != 3) {
833 DEBUG(1,
834 ("Found invalid configuration data. "
835 "Creating new config\n"));
836 return false;
837 }
838
839 cfg->minvalue = minvalue;
840 cfg->rangesize = rangesize;
841 cfg->maxranges = maxranges;
842
843 return true;
844 }
845
846 NTSTATUS idmap_autorid_loadconfig(struct db_context *db,
847 TALLOC_CTX *mem_ctx,
848 struct autorid_global_config **result)
849 {
850 struct autorid_global_config *cfg;
851 NTSTATUS status;
852 bool ok;
853 char *configstr = NULL;
854
855 if (result == NULL) {
856 return NT_STATUS_INVALID_PARAMETER;
857 }
858
859 status = idmap_autorid_getconfigstr(db, mem_ctx, &configstr);
860 if (!NT_STATUS_IS_OK(status)) {
861 return status;
862 }
863
864 cfg = talloc_zero(mem_ctx, struct autorid_global_config);
865 if (cfg == NULL) {
866 return NT_STATUS_NO_MEMORY;
867 }
868
869 ok = idmap_autorid_parse_configstr(configstr, cfg);
870 if (!ok) {
871 talloc_free(cfg);
872 return NT_STATUS_INVALID_PARAMETER;
873 }
874
875 DEBUG(10, ("Loaded previously stored configuration "
876 "minvalue:%d rangesize:%d\n",
877 cfg->minvalue, cfg->rangesize));
878
879 *result = cfg;
880
881 return NT_STATUS_OK;
882 }
883
884 NTSTATUS idmap_autorid_saveconfig(struct db_context *db,
885 struct autorid_global_config *cfg)
886 {
887
888 struct autorid_global_config *storedconfig = NULL;
889 NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
890 TDB_DATA data;
891 char *cfgstr;
892 uint32_t hwm;
893 TALLOC_CTX *frame = talloc_stackframe();
894
895 DEBUG(10, ("New configuration provided for storing is "
896 "minvalue:%d rangesize:%d maxranges:%d\n",
897 cfg->minvalue, cfg->rangesize, cfg->maxranges));
898
899 if (cfg->rangesize < 2000) {
900 DEBUG(1, ("autorid rangesize must be at least 2000\n"));
901 goto done;
902 }
903
904 if (cfg->maxranges == 0) {
905 DEBUG(1, ("An autorid maxranges value of 0 is invalid. "
906 "Must have at least one range available.\n"));
907 goto done;
908 }
909
910 status = idmap_autorid_loadconfig(db, frame, &storedconfig);
911 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
912 DEBUG(5, ("No configuration found. Storing initial "
913 "configuration.\n"));
914 } else if (!NT_STATUS_IS_OK(status)) {
915 DEBUG(1, ("Error loading configuration: %s\n",
916 nt_errstr(status)));
917 goto done;
918 }
919
920 /* did the minimum value or rangesize change? */
921 if (storedconfig &&
922 ((storedconfig->minvalue != cfg->minvalue) ||
923 (storedconfig->rangesize != cfg->rangesize)))
924 {
925 DEBUG(1, ("New configuration values for rangesize or "
926 "minimum uid value conflict with previously "
927 "used values! Not storing new config.\n"));
928 status = NT_STATUS_INVALID_PARAMETER;
929 goto done;
930 }
931
932 status = dbwrap_fetch_uint32_bystring(db, HWM, &hwm);
933 if (!NT_STATUS_IS_OK(status)) {
934 DEBUG(1, ("Fatal error while fetching current "
935 "HWM value: %s\n", nt_errstr(status)));
936 status = NT_STATUS_INTERNAL_ERROR;
937 goto done;
938 }
939
940 /*
941 * has the highest uid value been reduced to setting that is not
942 * sufficient any more for already existing ranges?
943 */
944 if (hwm > cfg->maxranges) {
945 DEBUG(1, ("New upper uid limit is too low to cover "
946 "existing mappings! Not storing new config.\n"));
947 status = NT_STATUS_INVALID_PARAMETER;
948 goto done;
949 }
950
951 cfgstr =
952 talloc_asprintf(frame,
953 "minvalue:%u rangesize:%u maxranges:%u",
954 cfg->minvalue, cfg->rangesize, cfg->maxranges);
955
956 if (cfgstr == NULL) {
957 status = NT_STATUS_NO_MEMORY;
958 goto done;
959 }
960
961 data = string_tdb_data(cfgstr);
962
963 status = dbwrap_trans_store_bystring(db, CONFIGKEY, data, TDB_REPLACE);
964
965 done:
966 TALLOC_FREE(frame);
967 return status;
968 }
969
970 NTSTATUS idmap_autorid_saveconfigstr(struct db_context *db,
971 const char *configstr)
972 {
973 bool ok;
974 NTSTATUS status;
975 struct autorid_global_config cfg;
976
977 ok = idmap_autorid_parse_configstr(configstr, &cfg);
978 if (!ok) {
979 return NT_STATUS_INVALID_PARAMETER;
980 }
981
982 status = idmap_autorid_saveconfig(db, &cfg);
983 return status;
984 }
985
986
987 /*
988 * iteration: Work on all range mappings for a given domain
989 */
990
991 struct domain_range_visitor_ctx {
992 const char *domsid;
993 NTSTATUS (*fn)(struct db_context *db,
994 const char *domsid,
995 uint32_t index,
996 uint32_t rangenum,
997 void *private_data);
998 void *private_data;
999 int count; /* number of records worked on */
1000 };
1001
1002 static int idmap_autorid_visit_domain_range(struct db_record *rec,
1003 void *private_data)
1004 {
1005 struct domain_range_visitor_ctx *vi;
1006 char *domsid;
1007 char *sep;
1008 uint32_t range_index = 0;
1009 uint32_t rangenum = 0;
1010 TDB_DATA key, value;
1011 NTSTATUS status;
1012 int ret = 0;
1013 struct db_context *db;
1014
1015 vi = talloc_get_type_abort(private_data,
1016 struct domain_range_visitor_ctx);
1017
1018 key = dbwrap_record_get_key(rec);
1019
1020 /*
1021 * split string "<sid>[#<index>]" into sid string and index number
1022 */
1023
1024 domsid = (char *)key.dptr;
1025
1026 DEBUG(10, ("idmap_autorid_visit_domain_range: visiting key '%s'\n",
1027 domsid));
1028
1029 sep = strrchr(domsid, '#');
1030 if (sep != NULL) {
1031 char *index_str;
1032 *sep = '\0';
1033 index_str = sep+1;
1034 if (sscanf(index_str, "%"SCNu32, &range_index) != 1) {
1035 DEBUG(10, ("Found separator '#' but '%s' is not a "
1036 "valid range index. Skipping record\n",
1037 index_str));
1038 goto done;
1039 }
1040 }
1041
1042 if (!idmap_autorid_validate_sid(domsid)) {
1043 DEBUG(10, ("String '%s' is not a valid sid. "
1044 "Skipping record.\n", domsid));
1045 goto done;
1046 }
1047
1048 if ((vi->domsid != NULL) && (strcmp(domsid, vi->domsid) != 0)) {
1049 DEBUG(10, ("key sid '%s' does not match requested sid '%s'.\n",
1050 domsid, vi->domsid));
1051 goto done;
1052 }
1053
1054 value = dbwrap_record_get_value(rec);
1055
1056 if (value.dsize != sizeof(uint32_t)) {
1057 /* it might be a mapping of a well known sid */
1058 DEBUG(10, ("value size %u != sizeof(uint32_t) for sid '%s', "
1059 "skipping.\n", (unsigned)value.dsize, vi->domsid));
1060 goto done;
1061 }
1062
1063 rangenum = IVAL(value.dptr, 0);
1064
1065 db = dbwrap_record_get_db(rec);
1066
1067 status = vi->fn(db, domsid, range_index, rangenum, vi->private_data);
1068 if (!NT_STATUS_IS_OK(status)) {
1069 ret = -1;
1070 goto done;
1071 }
1072
1073 vi->count++;
1074 ret = 0;
1075
1076 done:
1077 return ret;
1078 }
1079
1080 static NTSTATUS idmap_autorid_iterate_domain_ranges_int(struct db_context *db,
1081 const char *domsid,
1082 NTSTATUS (*fn)(struct db_context *db,
1083 const char *domsid,
1084 uint32_t index,
1085 uint32_t rangnum,
1086 void *private_data),
1087 void *private_data,
1088 int *count,
1089 NTSTATUS (*traverse)(struct db_context *db,
1090 int (*f)(struct db_record *, void *),
1091 void *private_data,
1092 int *count))
1093 {
1094 NTSTATUS status;
1095 struct domain_range_visitor_ctx *vi;
1096 TALLOC_CTX *frame = talloc_stackframe();
1097
1098 if (domsid == NULL) {
1099 DEBUG(10, ("No sid provided, operating on all ranges\n"));
1100 }
1101
1102 if (fn == NULL) {
1103 DEBUG(1, ("Error: missing visitor callback\n"));
1104 status = NT_STATUS_INVALID_PARAMETER;
1105 goto done;
1106 }
1107
1108 vi = talloc_zero(frame, struct domain_range_visitor_ctx);
1109 if (vi == NULL) {
1110 status = NT_STATUS_NO_MEMORY;
1111 goto done;
1112 }
1113
1114 vi->domsid = domsid;
1115 vi->fn = fn;
1116 vi->private_data = private_data;
1117
1118 status = traverse(db, idmap_autorid_visit_domain_range, vi, NULL);
1119 if (!NT_STATUS_IS_OK(status)) {
1120 goto done;
1121 }
1122
1123 if (count != NULL) {
1124 *count = vi->count;
1125 }
1126
1127 done:
1128 talloc_free(frame);
1129 return status;
1130 }
1131
1132 NTSTATUS idmap_autorid_iterate_domain_ranges(struct db_context *db,
1133 const char *domsid,
1134 NTSTATUS (*fn)(struct db_context *db,
1135 const char *domsid,
1136 uint32_t index,
1137 uint32_t rangenum,
1138 void *private_data),
1139 void *private_data,
1140 int *count)
1141 {
1142 NTSTATUS status;
1143
1144 status = idmap_autorid_iterate_domain_ranges_int(db,
1145 domsid,
1146 fn,
1147 private_data,
1148 count,
1149 dbwrap_traverse);
1150
1151 return status;
1152 }
1153
1154
1155 NTSTATUS idmap_autorid_iterate_domain_ranges_read(struct db_context *db,
1156 const char *domsid,
1157 NTSTATUS (*fn)(struct db_context *db,
1158 const char *domsid,
1159 uint32_t index,
1160 uint32_t rangenum,
1161 void *count),
1162 void *private_data,
1163 int *count)
1164 {
1165 NTSTATUS status;
1166
1167 status = idmap_autorid_iterate_domain_ranges_int(db,
1168 domsid,
1169 fn,
1170 private_data,
1171 count,
1172 dbwrap_traverse_read);
1173
1174 return status;
1175 }
1176
1177
1178 /*
1179 * Delete all ranges configured for a given domain
1180 */
1181
1182 struct delete_domain_ranges_visitor_ctx {
1183 bool force;
1184 };
1185
1186 static NTSTATUS idmap_autorid_delete_domain_ranges_visitor(
1187 struct db_context *db,
1188 const char *domsid,
1189 uint32_t domain_range_index,
1190 uint32_t rangenum,
1191 void *private_data)
1192 {
1193 struct delete_domain_ranges_visitor_ctx *ctx;
1194 NTSTATUS status;
1195
1196 ctx = (struct delete_domain_ranges_visitor_ctx *)private_data;
1197
1198 status = idmap_autorid_delete_range_by_sid(
1199 db, domsid, domain_range_index, ctx->force);
1200 return status;
1201 }
1202
1203 struct idmap_autorid_delete_domain_ranges_ctx {
1204 const char *domsid;
1205 bool force;
1206 int count; /* output: count records operated on */
1207 };
1208
1209 static NTSTATUS idmap_autorid_delete_domain_ranges_action(struct db_context *db,
1210 void *private_data)
1211 {
1212 struct idmap_autorid_delete_domain_ranges_ctx *ctx;
1213 struct delete_domain_ranges_visitor_ctx visitor_ctx;
1214 int count;
1215 NTSTATUS status;
1216
1217 ctx = (struct idmap_autorid_delete_domain_ranges_ctx *)private_data;
1218
1219 ZERO_STRUCT(visitor_ctx);
1220 visitor_ctx.force = ctx->force;
1221
1222 status = idmap_autorid_iterate_domain_ranges(db,
1223 ctx->domsid,
1224 idmap_autorid_delete_domain_ranges_visitor,
1225 &visitor_ctx,
1226 &count);
1227 if (!NT_STATUS_IS_OK(status)) {
1228 return status;
1229 }
1230
1231 ctx->count = count;
1232
1233 return NT_STATUS_OK;
1234 }
1235
1236 NTSTATUS idmap_autorid_delete_domain_ranges(struct db_context *db,
1237 const char *domsid,
1238 bool force,
1239 int *count)
1240 {
1241 NTSTATUS status;
1242 struct idmap_autorid_delete_domain_ranges_ctx ctx;
1243
1244 ZERO_STRUCT(ctx);
1245 ctx.domsid = domsid;
1246 ctx.force = force;
1247
1248 status = dbwrap_trans_do(db, idmap_autorid_delete_domain_ranges_action,
1249 &ctx);
1250 if (!NT_STATUS_IS_OK(status)) {
1251 return status;
1252 }
1253
1254 *count = ctx.count;
1255
1256 return NT_STATUS_OK;
1257 }
Samba GIT mirror