search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r7415: * big change -- volker's new async winbindd from trunk
[Samba/gbeck.git] / source / sam / idmap.c
blob91fe97e23a44610c689138d64ee608c3519f8160
1 /*
2 Unix SMB/CIFS implementation.
3 ID Mapping
4 Copyright (C) Tim Potter 2000
5 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
6 Copyright (C) Simo Sorce 2003
7 Copyright (C) Jeremy Allison 2003.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/
22
23 #include "includes.h"
24
25 #undef DBGC_CLASS
26 #define DBGC_CLASS DBGC_IDMAP
27
28 struct idmap_function_entry {
29 const char *name;
30 struct idmap_methods *methods;
31 struct idmap_function_entry *prev,*next;
32 };
33
34 static struct idmap_function_entry *backends = NULL;
35
36 static struct idmap_methods *cache_map;
37 static struct idmap_methods *remote_map;
38
39 static BOOL proxyonly = False;
40
41 /**********************************************************************
42 Get idmap methods. Don't allow tdb to be a remote method.
43 **********************************************************************/
44
45 static struct idmap_methods *get_methods(const char *name, BOOL cache_method)
46 {
47 struct idmap_function_entry *entry = backends;
48
49 for(entry = backends; entry; entry = entry->next) {
50 if (!cache_method && strequal(entry->name, "tdb"))
51 continue; /* tdb is only cache method. */
52 if (strequal(entry->name, name))
53 return entry->methods;
54 }
55
56 return NULL;
57 }
58
59 /**********************************************************************
60 Allow a module to register itself as a method.
61 **********************************************************************/
62
63 NTSTATUS smb_register_idmap(int version, const char *name, struct idmap_methods *methods)
64 {
65 struct idmap_function_entry *entry;
66
67 if ((version != SMB_IDMAP_INTERFACE_VERSION)) {
68 DEBUG(0, ("smb_register_idmap: Failed to register idmap module.\n"
69 "The module was compiled against SMB_IDMAP_INTERFACE_VERSION %d,\n"
70 "current SMB_IDMAP_INTERFACE_VERSION is %d.\n"
71 "Please recompile against the current version of samba!\n",
72 version, SMB_IDMAP_INTERFACE_VERSION));
73 return NT_STATUS_OBJECT_TYPE_MISMATCH;
74 }
75
76 if (!name || !name[0] || !methods) {
77 DEBUG(0,("smb_register_idmap: called with NULL pointer or empty name!\n"));
78 return NT_STATUS_INVALID_PARAMETER;
79 }
80
81 if (get_methods(name, False)) {
82 DEBUG(0,("smb_register_idmap: idmap module %s already registered!\n", name));
83 return NT_STATUS_OBJECT_NAME_COLLISION;
84 }
85
86 entry = SMB_XMALLOC_P(struct idmap_function_entry);
87 entry->name = smb_xstrdup(name);
88 entry->methods = methods;
89
90 DLIST_ADD(backends, entry);
91 DEBUG(5, ("smb_register_idmap: Successfully added idmap backend '%s'\n", name));
92 return NT_STATUS_OK;
93 }
94
95 /**********************************************************************
96 Initialise idmap cache and a remote backend (if configured).
97 **********************************************************************/
98
99 BOOL idmap_init(const char **remote_backend)
100 {
101 if (!backends)
102 static_init_idmap;
103
104 if (!cache_map) {
105 cache_map = get_methods("tdb", True);
106
107 if (!cache_map) {
108 DEBUG(0, ("idmap_init: could not find tdb cache backend!\n"));
109 return False;
110 }
111
112 if (!NT_STATUS_IS_OK(cache_map->init( NULL ))) {
113 DEBUG(0, ("idmap_init: could not initialise tdb cache backend!\n"));
114 return False;
115 }
116 }
117
118 if ((remote_map == NULL) && (remote_backend != NULL) &&
119 (*remote_backend != NULL) && (**remote_backend != '\0')) {
120 char *rem_backend = smb_xstrdup(*remote_backend);
121 fstring params = "";
122 char *pparams;
123
124 /* get any mode parameters passed in */
125
126 if ( (pparams = strchr( rem_backend, ':' )) != NULL ) {
127 *pparams = '\0';
128 pparams++;
129 fstrcpy( params, pparams );
130 }
131
132 DEBUG(3, ("idmap_init: using '%s' as remote backend\n", rem_backend));
133
134 if((remote_map = get_methods(rem_backend, False)) ||
135 (NT_STATUS_IS_OK(smb_probe_module("idmap", rem_backend)) &&
136 (remote_map = get_methods(rem_backend, False)))) {
137 if (!NT_STATUS_IS_OK(remote_map->init(params))) {
138 DEBUG(0, ("idmap_init: failed to initialize remote backend!\n"));
139 return False;
140 }
141 } else {
142 DEBUG(0, ("idmap_init: could not load remote backend '%s'\n", rem_backend));
143 SAFE_FREE(rem_backend);
144 return False;
145 }
146 SAFE_FREE(rem_backend);
147 }
148
149 return True;
150 }
151
152 /**************************************************************************
153 Don't do id mapping. This is used to make winbind a netlogon proxy only.
154 **************************************************************************/
155
156 void idmap_set_proxyonly(void)
157 {
158 proxyonly = True;
159 }
160
161 BOOL idmap_proxyonly(void)
162 {
163 return proxyonly;
164 }
165
166 /**************************************************************************
167 This is a rare operation, designed to allow an explicit mapping to be
168 set up for a sid to a POSIX id.
169 **************************************************************************/
170
171 NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
172 {
173 struct idmap_methods *map = remote_map;
174 DOM_SID tmp_sid;
175
176 if (proxyonly)
177 return NT_STATUS_UNSUCCESSFUL;
178
179 DEBUG(10, ("idmap_set_mapping: Set %s to %s %lu\n",
180 sid_string_static(sid),
181 ((id_type & ID_TYPEMASK) == ID_USERID) ? "UID" : "GID",
182 ((id_type & ID_TYPEMASK) == ID_USERID) ? (unsigned long)id.uid :
183 (unsigned long)id.gid));
184
185 if ( (NT_STATUS_IS_OK(cache_map->
186 get_sid_from_id(&tmp_sid, id,
187 id_type | ID_QUERY_ONLY))) &&
188 sid_equal(sid, &tmp_sid) ) {
189 /* Nothing to do, we already have that mapping */
190 DEBUG(10, ("idmap_set_mapping: Mapping already there\n"));
191 return NT_STATUS_OK;
192 }
193
194 if (map == NULL) {
195 /* Ok, we don't have a authoritative remote
196 mapping. So update our local cache only. */
197 map = cache_map;
198 }
199
200 return map->set_mapping(sid, id, id_type);
201 }
202
203 /**************************************************************************
204 Get ID from SID. This can create a mapping for a SID to a POSIX id.
205 **************************************************************************/
206
207 NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
208 {
209 NTSTATUS ret;
210 int loc_type;
211 unid_t loc_id;
212
213 if (proxyonly)
214 return NT_STATUS_UNSUCCESSFUL;
215
216 loc_type = *id_type;
217
218 if (remote_map) {
219 /* We have a central remote idmap so only look in
220 cache, don't allocate */
221 loc_type |= ID_QUERY_ONLY;
222 }
223
224 ret = cache_map->get_id_from_sid(id, &loc_type, sid);
225
226 if (NT_STATUS_IS_OK(ret)) {
227 *id_type = loc_type & ID_TYPEMASK;
228 return NT_STATUS_OK;
229 }
230
231 if ((remote_map == NULL) || (loc_type & ID_CACHE_ONLY)) {
232 return ret;
233 }
234
235 /* Before forking out to the possibly slow remote map, lets see if we
236 * already have the sid as uid when asking for a gid or vice versa. */
237
238 loc_type = *id_type & ID_TYPEMASK;
239
240 switch (loc_type) {
241 case ID_USERID:
242 loc_type = ID_GROUPID;
243 break;
244 case ID_GROUPID:
245 loc_type = ID_USERID;
246 break;
247 default:
248 loc_type = ID_EMPTY;
249 }
250
251 loc_type |= ID_QUERY_ONLY;
252
253 ret = cache_map->get_id_from_sid(&loc_id, &loc_type, sid);
254
255 if (NT_STATUS_IS_OK(ret)) {
256 /* Ok, we have the uid as gid or vice versa. The remote map
257 * would not know anything different, so return here. */
258 return NT_STATUS_UNSUCCESSFUL;
259 }
260
261 /* Ok, the mapping was not in the cache, give the remote map a
262 second try. */
263
264 ret = remote_map->get_id_from_sid(id, id_type, sid);
265
266 if (NT_STATUS_IS_OK(ret)) {
267 /* The remote backend gave us a valid mapping, cache it. */
268 ret = cache_map->set_mapping(sid, *id, *id_type);
269 }
270
271 return ret;
272 }
273
274 /**************************************************************************
275 Get SID from ID. This must have been created before.
276 **************************************************************************/
277
278 NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
279 {
280 NTSTATUS ret;
281 int loc_type;
282
283 if (proxyonly)
284 return NT_STATUS_UNSUCCESSFUL;
285
286 loc_type = id_type;
287 if (remote_map) {
288 loc_type = id_type | ID_QUERY_ONLY;
289 }
290
291 ret = cache_map->get_sid_from_id(sid, id, loc_type);
292
293 if (NT_STATUS_IS_OK(ret))
294 return ret;
295
296 if ((remote_map == NULL) || (loc_type & ID_CACHE_ONLY))
297 return ret;
298
299 /* We have a second chance, ask our authoritative backend */
300
301 ret = remote_map->get_sid_from_id(sid, id, id_type);
302
303 if (NT_STATUS_IS_OK(ret)) {
304 /* The remote backend gave us a valid mapping, cache it. */
305 ret = cache_map->set_mapping(sid, id, id_type);
306 }
307
308 return ret;
309 }
310
311 /**************************************************************************
312 Alloocate a new UNIX uid/gid
313 **************************************************************************/
314
315 NTSTATUS idmap_allocate_id(unid_t *id, int id_type)
316 {
317 /* we have to allocate from the authoritative backend */
318
319 if (proxyonly)
320 return NT_STATUS_UNSUCCESSFUL;
321
322 if ( remote_map )
323 return remote_map->allocate_id( id, id_type );
324
325 return cache_map->allocate_id( id, id_type );
326 }
327
328 /**************************************************************************
329 Alloocate a new RID
330 **************************************************************************/
331
332 NTSTATUS idmap_allocate_rid(uint32 *rid, int type)
333 {
334 /* we have to allocate from the authoritative backend */
335
336 if (proxyonly)
337 return NT_STATUS_UNSUCCESSFUL;
338
339 if ( remote_map )
340 return remote_map->allocate_rid( rid, type );
341
342 return cache_map->allocate_rid( rid, type );
343 }
344
345 /**************************************************************************
346 Shutdown maps.
347 **************************************************************************/
348
349 NTSTATUS idmap_close(void)
350 {
351 NTSTATUS ret;
352
353 if (proxyonly)
354 return NT_STATUS_OK;
355
356 ret = cache_map->close();
357 if (!NT_STATUS_IS_OK(ret)) {
358 DEBUG(3, ("idmap_close: failed to close local tdb cache!\n"));
359 }
360 cache_map = NULL;
361
362 if (remote_map) {
363 ret = remote_map->close();
364 if (!NT_STATUS_IS_OK(ret)) {
365 DEBUG(3, ("idmap_close: failed to close remote idmap repository!\n"));
366 }
367 remote_map = NULL;
368 }
369
370 return ret;
371 }
372
373 /**************************************************************************
374 Dump backend status.
375 **************************************************************************/
376
377 void idmap_status(void)
378 {
379 cache_map->status();
380 if (remote_map)
381 remote_map->status();
382 }
WIP