search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
correctly initiazlize idmap tdb when creationg new
[Samba/ekacnet.git] / source3 / sam / idmap_util.c
blob3086ee21136ba3fc0b2549b688f33b0aa09cf786
1 /*
2 Unix SMB/CIFS implementation.
3 ID Mapping
4 Copyright (C) Simo Sorce 2003
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/
19
20 #include "includes.h"
21
22 #undef DBGC_CLASS
23 #define DBGC_CLASS DBGC_IDMAP
24
25
26 /******************************************************************
27 * Get the free RID base if idmap is configured, otherwise return 0
28 ******************************************************************/
29
30 uint32 idmap_get_free_rid_base(void)
31 {
32 uint32 low, high;
33 if (idmap_get_free_rid_range(&low, &high)) {
34 return low;
35 }
36 return 0;
37 }
38
39 BOOL idmap_check_ugid_is_in_free_range(uint32 id)
40 {
41 uint32 low, high;
42
43 if (!idmap_get_free_ugid_range(&low, &high)) {
44 return False;
45 }
46 if (id < low || id > high) {
47 return False;
48 }
49 return True;
50 }
51
52 BOOL idmap_check_rid_is_in_free_range(uint32 rid)
53 {
54 uint32 low, high;
55
56 if (!idmap_get_free_rid_range(&low, &high)) {
57 return False;
58 }
59 if (rid < low || rid > high) {
60 return False;
61 }
62 return True;
63 }
64
65 /******************************************************************
66 * Get the the non-algorithmic RID range if idmap range are defined
67 ******************************************************************/
68
69 BOOL idmap_get_free_rid_range(uint32 *low, uint32 *high)
70 {
71 uint32 id_low, id_high;
72
73 if (lp_idmap_only()) {
74 *low = BASE_RID;
75 *high = (uint32)-1;
76 }
77
78 if (!idmap_get_free_ugid_range(&id_low, &id_high)) {
79 return False;
80 }
81
82 *low = fallback_pdb_uid_to_user_rid(id_low);
83 if (fallback_pdb_user_rid_to_uid((uint32)-1) < id_high) {
84 *high = (uint32)-1;
85 } else {
86 *high = fallback_pdb_uid_to_user_rid(id_high);
87 }
88
89 return True;
90 }
91
92 BOOL idmap_get_free_ugid_range(uint32 *low, uint32 *high)
93 {
94 uid_t u_low, u_high;
95 gid_t g_low, g_high;
96
97 if (!lp_idmap_uid(&u_low, &u_high) || !lp_idmap_gid(&g_low, &g_high)) {
98 return False;
99 }
100 if (u_low < g_low) {
101 *low = u_low;
102 } else {
103 *low = g_low;
104 }
105 if (u_high < g_high) {
106 *high = g_high;
107 } else {
108 *high = u_high;
109 }
110 return True;
111 }
112
113 /*****************************************************************
114 *THE CANONICAL* convert uid_t to SID function.
115 Tries winbind first - then uses local lookup.
116 Returns SID pointer.
117 *****************************************************************/
118
119 DOM_SID *uid_to_sid(DOM_SID *sid, uid_t uid)
120 {
121 unid_t id;
122
123 DEBUG(10,("uid_to_sid: uid = [%d]\n", uid));
124
125 if (idmap_check_ugid_is_in_free_range(uid)) {
126 id.uid = uid;
127 if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(sid, id, ID_USERID))) {
128 DEBUG(10, ("uid_to_sid: Failed to map sid = [%s]\n", sid_string_static(sid)));
129 return NULL;
130 }
131 } else {
132 sid_copy(sid, get_global_sam_sid());
133 sid_append_rid(sid, fallback_pdb_uid_to_user_rid(uid));
134
135 DEBUG(10,("uid_to_sid: algorithmic %u -> %s\n", (unsigned int)uid, sid_string_static(sid)));
136 }
137 return sid;
138
139 }
140
141 /*****************************************************************
142 *THE CANONICAL* convert gid_t to SID function.
143 Tries winbind first - then uses local lookup.
144 Returns SID pointer.
145 *****************************************************************/
146
147 DOM_SID *gid_to_sid(DOM_SID *sid, gid_t gid)
148 {
149 GROUP_MAP map;
150 unid_t id;
151
152 DEBUG(10,("gid_to_sid: gid = [%d]\n", gid));
153
154 if (idmap_check_ugid_is_in_free_range(gid)) {
155 id.gid = gid;
156 if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(sid, id, ID_GROUPID))) {
157 DEBUG(10, ("gid_to_sid: Failed to map sid = [%s]\n", sid_string_static(sid)));
158 return NULL;
159 }
160 } else {
161 if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
162 sid_copy(sid, &map.sid);
163 } else {
164 sid_copy(sid, get_global_sam_sid());
165 sid_append_rid(sid, pdb_gid_to_group_rid(gid));
166 }
167
168 DEBUG(10,("gid_to_sid: algorithmic %u -> %s\n", (unsigned int)gid, sid_string_static(sid)));
169 }
170
171 return sid;
172 }
173
174 /*****************************************************************
175 *THE CANONICAL* convert SID to uid function.
176 Tries winbind first - then uses local lookup.
177 Returns True if this name is a user sid and the conversion
178 was done correctly, False if not. sidtype is set by this function.
179 *****************************************************************/
180
181 BOOL sid_to_uid(const DOM_SID *sid, uid_t *uid)
182 {
183 uint32 rid;
184 unid_t id;
185 int type;
186
187 DEBUG(10,("sid_to_uid: sid = [%s]\n", sid_string_static(sid)));
188
189 if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
190 if (!idmap_check_rid_is_in_free_range(rid)) {
191 if (!fallback_pdb_rid_is_user(rid)) {
192 DEBUG(3, ("sid_to_uid: RID %u is *NOT* a user\n", (unsigned)rid));
193 return False;
194 }
195 *uid = fallback_pdb_user_rid_to_uid(rid);
196 return True;
197 }
198 }
199
200 type = ID_USERID;
201 if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &type, sid))) {
202 DEBUG(10,("sid_to_uid: uid = [%d]\n", id.uid));
203 *uid = id.uid;
204 return True;
205 }
206
207 return False;
208 }
209
210 /*****************************************************************
211 *THE CANONICAL* convert SID to gid function.
212 Tries winbind first - then uses local lookup.
213 Returns True if this name is a user sid and the conversion
214 was done correctly, False if not.
215 *****************************************************************/
216
217 BOOL sid_to_gid(const DOM_SID *sid, gid_t *gid)
218 {
219 uint32 rid;
220 unid_t id;
221 int type;
222
223 DEBUG(10,("sid_to_gid: sid = [%s]\n", sid_string_static(sid)));
224
225 if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
226 GROUP_MAP map;
227 BOOL result;
228
229 if (pdb_getgrsid(&map, *sid, MAPPING_WITHOUT_PRIV)) {
230 /* the SID is in the mapping table but not mapped */
231 if (map.gid==(gid_t)-1)
232 return False;
233
234 *gid = map.gid;
235 return True;
236 } else {
237 if (!idmap_check_rid_is_in_free_range(rid)) {
238 if (fallback_pdb_rid_is_user(rid)) {
239 DEBUG(3, ("sid_to_gid: RID %u is *NOT* a group\n", (unsigned)rid));
240 return False;
241 }
242 *gid = pdb_group_rid_to_gid(rid);
243 return True;
244 }
245 }
246 }
247
248 type = ID_GROUPID;
249 if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &type, sid))) {
250 DEBUG(10,("sid_to_gid: gid = [%d]\n", id.gid));
251 *gid = id.gid;
252 return True;
253 }
254
255 return False;
256 }
257