search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r428: add acls debug class
[Samba/gebeck_regimport.git] / source3 / sam / idmap.c
blob4d8b768c2fa96350051bcfb74e22c03afdde0c47
1 /*
2 Unix SMB/CIFS implementation.
3 ID Mapping
4 Copyright (C) Tim Potter 2000
5 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
6 Copyright (C) Simo Sorce 2003
7 Copyright (C) Jeremy Allison 2003.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/
22
23 #include "includes.h"
24
25 #undef DBGC_CLASS
26 #define DBGC_CLASS DBGC_IDMAP
27
28 struct idmap_function_entry {
29 const char *name;
30 struct idmap_methods *methods;
31 struct idmap_function_entry *prev,*next;
32 };
33
34 static struct idmap_function_entry *backends = NULL;
35
36 static struct idmap_methods *cache_map;
37 static struct idmap_methods *remote_map;
38
39 /**********************************************************************
40 Get idmap methods. Don't allow tdb to be a remote method.
41 **********************************************************************/
42
43 static struct idmap_methods *get_methods(const char *name, BOOL cache_method)
44 {
45 struct idmap_function_entry *entry = backends;
46
47 for(entry = backends; entry; entry = entry->next) {
48 if (!cache_method && strequal(entry->name, "tdb"))
49 continue; /* tdb is only cache method. */
50 if (strequal(entry->name, name))
51 return entry->methods;
52 }
53
54 return NULL;
55 }
56
57 /**********************************************************************
58 Allow a module to register itself as a method.
59 **********************************************************************/
60
61 NTSTATUS smb_register_idmap(int version, const char *name, struct idmap_methods *methods)
62 {
63 struct idmap_function_entry *entry;
64
65 if ((version != SMB_IDMAP_INTERFACE_VERSION)) {
66 DEBUG(0, ("smb_register_idmap: Failed to register idmap module.\n"
67 "The module was compiled against SMB_IDMAP_INTERFACE_VERSION %d,\n"
68 "current SMB_IDMAP_INTERFACE_VERSION is %d.\n"
69 "Please recompile against the current version of samba!\n",
70 version, SMB_IDMAP_INTERFACE_VERSION));
71 return NT_STATUS_OBJECT_TYPE_MISMATCH;
72 }
73
74 if (!name || !name[0] || !methods) {
75 DEBUG(0,("smb_register_idmap: called with NULL pointer or empty name!\n"));
76 return NT_STATUS_INVALID_PARAMETER;
77 }
78
79 if (get_methods(name, False)) {
80 DEBUG(0,("smb_register_idmap: idmap module %s already registered!\n", name));
81 return NT_STATUS_OBJECT_NAME_COLLISION;
82 }
83
84 entry = smb_xmalloc(sizeof(struct idmap_function_entry));
85 entry->name = smb_xstrdup(name);
86 entry->methods = methods;
87
88 DLIST_ADD(backends, entry);
89 DEBUG(5, ("smb_register_idmap: Successfully added idmap backend '%s'\n", name));
90 return NT_STATUS_OK;
91 }
92
93 /**********************************************************************
94 Initialise idmap cache and a remote backend (if configured).
95 **********************************************************************/
96
97 BOOL idmap_init(const char *remote_backend)
98 {
99 if (!backends)
100 static_init_idmap;
101
102 if (!cache_map) {
103 cache_map = get_methods("tdb", True);
104
105 if (!cache_map) {
106 DEBUG(0, ("idmap_init: could not find tdb cache backend!\n"));
107 return False;
108 }
109
110 if (!NT_STATUS_IS_OK(cache_map->init( NULL ))) {
111 DEBUG(0, ("idmap_init: could not initialise tdb cache backend!\n"));
112 return False;
113 }
114 }
115
116 if (!remote_map && remote_backend && *remote_backend != 0) {
117 char *rem_backend = smb_xstrdup(remote_backend);
118 fstring params = "";
119 char *pparams;
120
121 /* get any mode parameters passed in */
122
123 if ( (pparams = strchr( rem_backend, ':' )) != NULL ) {
124 *pparams = '\0';
125 pparams++;
126 fstrcpy( params, pparams );
127 }
128
129 DEBUG(3, ("idmap_init: using '%s' as remote backend\n", rem_backend));
130
131 if((remote_map = get_methods(rem_backend, False)) ||
132 (NT_STATUS_IS_OK(smb_probe_module("idmap", rem_backend)) &&
133 (remote_map = get_methods(rem_backend, False)))) {
134 remote_map->init(params);
135 } else {
136 DEBUG(0, ("idmap_init: could not load remote backend '%s'\n", rem_backend));
137 SAFE_FREE(rem_backend);
138 return False;
139 }
140 SAFE_FREE(rem_backend);
141 }
142
143 return True;
144 }
145
146 /**************************************************************************
147 This is a rare operation, designed to allow an explicit mapping to be
148 set up for a sid to a POSIX id.
149 **************************************************************************/
150
151 NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
152 {
153 struct idmap_methods *map = remote_map;
154 DOM_SID tmp_sid;
155
156 DEBUG(10, ("idmap_set_mapping: Set %s to %s %lu\n",
157 sid_string_static(sid),
158 ((id_type & ID_TYPEMASK) == ID_USERID) ? "UID" : "GID",
159 ((id_type & ID_TYPEMASK) == ID_USERID) ? (unsigned long)id.uid :
160 (unsigned long)id.gid));
161
162 if ( (NT_STATUS_IS_OK(cache_map->
163 get_sid_from_id(&tmp_sid, id,
164 id_type | ID_QUERY_ONLY))) &&
165 sid_equal(sid, &tmp_sid) ) {
166 /* Nothing to do, we already have that mapping */
167 DEBUG(10, ("idmap_set_mapping: Mapping already there\n"));
168 return NT_STATUS_OK;
169 }
170
171 if (map == NULL) {
172 /* Ok, we don't have a authoritative remote
173 mapping. So update our local cache only. */
174 map = cache_map;
175 }
176
177 return map->set_mapping(sid, id, id_type);
178 }
179
180 /**************************************************************************
181 Get ID from SID. This can create a mapping for a SID to a POSIX id.
182 **************************************************************************/
183
184 NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
185 {
186 NTSTATUS ret;
187 int loc_type;
188
189 loc_type = *id_type;
190
191 if (remote_map) {
192 /* We have a central remote idmap so only look in
193 cache, don't allocate */
194 loc_type |= ID_QUERY_ONLY;
195 }
196
197 ret = cache_map->get_id_from_sid(id, &loc_type, sid);
198
199 if (NT_STATUS_IS_OK(ret)) {
200 *id_type = loc_type & ID_TYPEMASK;
201 return NT_STATUS_OK;
202 }
203
204 if (remote_map == NULL) {
205 return ret;
206 }
207
208 /* Ok, the mapping was not in the cache, give the remote map a
209 second try. */
210
211 ret = remote_map->get_id_from_sid(id, id_type, sid);
212
213 if (NT_STATUS_IS_OK(ret)) {
214 /* The remote backend gave us a valid mapping, cache it. */
215 ret = cache_map->set_mapping(sid, *id, *id_type);
216 }
217
218 return ret;
219 }
220
221 /**************************************************************************
222 Get SID from ID. This must have been created before.
223 **************************************************************************/
224
225 NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
226 {
227 NTSTATUS ret;
228 int loc_type;
229
230 loc_type = id_type;
231 if (remote_map) {
232 loc_type = id_type | ID_QUERY_ONLY;
233 }
234
235 ret = cache_map->get_sid_from_id(sid, id, loc_type);
236
237 if (NT_STATUS_IS_OK(ret))
238 return ret;
239
240 if (remote_map == NULL)
241 return ret;
242
243 /* We have a second chance, ask our authoritative backend */
244
245 ret = remote_map->get_sid_from_id(sid, id, id_type);
246
247 if (NT_STATUS_IS_OK(ret)) {
248 /* The remote backend gave us a valid mapping, cache it. */
249 ret = cache_map->set_mapping(sid, id, id_type);
250 }
251
252 return ret;
253 }
254
255 /**************************************************************************
256 Alloocate a new UNIX uid/gid
257 **************************************************************************/
258
259 NTSTATUS idmap_allocate_id(unid_t *id, int id_type)
260 {
261 /* we have to allocate from the authoritative backend */
262
263 if ( remote_map )
264 return remote_map->allocate_id( id, id_type );
265
266 return cache_map->allocate_id( id, id_type );
267 }
268
269 /**************************************************************************
270 Alloocate a new RID
271 **************************************************************************/
272
273 NTSTATUS idmap_allocate_rid(uint32 *rid, int type)
274 {
275 /* we have to allocate from the authoritative backend */
276
277 if ( remote_map )
278 return remote_map->allocate_rid( rid, type );
279
280 return cache_map->allocate_rid( rid, type );
281 }
282
283 /**************************************************************************
284 Shutdown maps.
285 **************************************************************************/
286
287 NTSTATUS idmap_close(void)
288 {
289 NTSTATUS ret;
290
291 ret = cache_map->close();
292 if (!NT_STATUS_IS_OK(ret)) {
293 DEBUG(3, ("idmap_close: failed to close local tdb cache!\n"));
294 }
295 cache_map = NULL;
296
297 if (remote_map) {
298 ret = remote_map->close();
299 if (!NT_STATUS_IS_OK(ret)) {
300 DEBUG(3, ("idmap_close: failed to close remote idmap repository!\n"));
301 }
302 remote_map = NULL;
303 }
304
305 return ret;
306 }
307
308 /**************************************************************************
309 Dump backend status.
310 **************************************************************************/
311
312 void idmap_status(void)
313 {
314 cache_map->status();
315 if (remote_map)
316 remote_map->status();
317 }
reg import