search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-printing: rename queue->job sysjob
[Samba/id10ts.git] / source3 / winbindd / idmap_adex / idmap_adex.c
blobd64487a2d68d753269d8d00a6475242a66290cec
1 /*
2 * idmap_adex: Support for D Forests
3 *
4 * Copyright (C) Gerald (Jerry) Carter 2006-2008
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22 #include "ads.h"
23 #include "idmap.h"
24 #include "idmap_adex.h"
25 #include "nss_info.h"
26 #include "secrets.h"
27
28 #undef DBGC_CLASS
29 #define DBGC_CLASS DBGC_IDMAP
30
31 #define WINBIND_CCACHE_NAME "MEMORY:winbind_ccache"
32
33 /*
34 * IdMap backend
35 */
36
37 /********************************************************************
38 Basic init function responsible for determining our current mode
39 (standalone or using Centeris Cells). This must return success or
40 it will be dropped from the idmap backend list.
41 *******************************************************************/
42
43 static NTSTATUS _idmap_adex_init(struct idmap_domain *dom)
44 {
45 ADS_STRUCT *ads = NULL;
46 ADS_STATUS status;
47 static NTSTATUS init_status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
48 struct dom_sid domain_sid;
49 fstring dcname;
50 struct sockaddr_storage ip;
51 struct likewise_cell *lwcell;
52
53 if (NT_STATUS_IS_OK(init_status))
54 return NT_STATUS_OK;
55
56 /* Silently fail if we are not a member server in security = ads */
57
58 if ((lp_server_role() != ROLE_DOMAIN_MEMBER) ||
59 (lp_security() != SEC_ADS)) {
60 init_status = NT_STATUS_INVALID_SERVER_STATE;
61 BAIL_ON_NTSTATUS_ERROR(init_status);
62 }
63
64 /* fetch our domain SID first */
65
66 if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
67 init_status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
68 BAIL_ON_NTSTATUS_ERROR(init_status);
69 }
70
71 /* reuse the same ticket cache as winbindd */
72
73 setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
74
75 /* Establish a connection to a DC */
76
77 if ((ads = ads_init(lp_realm(), lp_workgroup(), NULL)) == NULL) {
78 init_status = NT_STATUS_NO_MEMORY;
79 BAIL_ON_NTSTATUS_ERROR(init_status);
80 }
81
82 ads->auth.password =
83 secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
84 ads->auth.realm = SMB_STRDUP(lp_realm());
85
86 /* get the DC name here to setup the server affinity cache and
87 local krb5.conf */
88
89 get_dc_name(lp_workgroup(), lp_realm(), dcname, &ip);
90
91 status = ads_connect(ads);
92 if (!ADS_ERR_OK(status)) {
93 DEBUG(0, ("_idmap_adex_init: ads_connect() failed! (%s)\n",
94 ads_errstr(status)));
95 }
96 init_status = ads_ntstatus(status);
97 BAIL_ON_NTSTATUS_ERROR(init_status);
98
99
100 /* Find out cell membership */
101
102 init_status = cell_locate_membership(ads);
103 if (!NT_STATUS_IS_OK(init_status)) {
104 DEBUG(0,("LWI: Fail to locate cell membership (%s).",
105 nt_errstr(init_status)));
106 goto done;
107 }
108
109 /* Fill in the cell information */
110
111 lwcell = cell_list_head();
112
113 init_status = cell_lookup_settings(lwcell);
114 BAIL_ON_NTSTATUS_ERROR(init_status);
115
116 /* Miscellaneous setup. E.g. set up the list of GC
117 servers and domain list for our forest (does not actually
118 connect). */
119
120 init_status = gc_init_list();
121 BAIL_ON_NTSTATUS_ERROR(init_status);
122
123 init_status = domain_init_list();
124 BAIL_ON_NTSTATUS_ERROR(init_status);
125
126 done:
127 if (!NT_STATUS_IS_OK(init_status)) {
128 DEBUG(1,("Likewise initialization failed (%s)\n",
129 nt_errstr(init_status)));
130 }
131
132 /* cleanup */
133
134 if (!NT_STATUS_IS_OK(init_status)) {
135 cell_list_destroy();
136
137 /* init_status stores the failure reason but we need to
138 return success or else idmap_init() will drop us from the
139 backend list */
140 return NT_STATUS_OK;
141 }
142
143 init_status = NT_STATUS_OK;
144
145 return init_status;
146 }
147
148 /**********************************************************************
149 *********************************************************************/
150
151 static NTSTATUS _idmap_adex_get_sid_from_id(struct
152 idmap_domain
153 *dom, struct
154 id_map
155 **ids)
156 {
157 int i;
158 NTSTATUS nt_status;
159 struct likewise_cell *cell;
160
161 /* initialize the status to avoid suprise */
162 for (i = 0; ids[i]; i++) {
163 ids[i]->status = ID_UNKNOWN;
164 }
165
166 nt_status = _idmap_adex_init(dom);
167 if (!NT_STATUS_IS_OK(nt_status))
168 return nt_status;
169
170 if ((cell = cell_list_head()) == NULL) {
171 return NT_STATUS_INVALID_SERVER_STATE;
172 }
173
174 /* have to work through these one by one */
175 for (i = 0; ids[i]; i++) {
176 NTSTATUS status;
177 status = cell->provider->get_sid_from_id(ids[i]->sid,
178 ids[i]->xid.id,
179 ids[i]->xid.type);
180 /* Fail if we cannot find any DC */
181 if (NT_STATUS_EQUAL
182 (status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
183 return status;
184 }
185
186 if (!NT_STATUS_IS_OK(status)) {
187 ids[i]->status = ID_UNMAPPED;
188 continue;
189 }
190
191 ids[i]->status = ID_MAPPED;
192 }
193
194 return NT_STATUS_OK;
195 }
196
197 /**********************************************************************
198 *********************************************************************/
199
200 static NTSTATUS _idmap_adex_get_id_from_sid(struct
201 idmap_domain
202 *dom, struct
203 id_map
204 **ids)
205 {
206 int i;
207 NTSTATUS nt_status;
208 struct likewise_cell *cell;
209
210 /* initialize the status to avoid suprise */
211 for (i = 0; ids[i]; i++) {
212 ids[i]->status = ID_UNKNOWN;
213 }
214
215 nt_status = _idmap_adex_init(dom);
216 if (!NT_STATUS_IS_OK(nt_status))
217 return nt_status;
218
219 if ((cell = cell_list_head()) == NULL) {
220 return NT_STATUS_INVALID_SERVER_STATE;
221 }
222
223 /* have to work through these one by one */
224 for (i = 0; ids[i]; i++) {
225 NTSTATUS status;
226 status = cell->provider->get_id_from_sid(&ids[i]->xid.id,
227 &ids[i]->xid.
228 type, ids[i]->sid);
229 /* Fail if we cannot find any DC */
230 if (NT_STATUS_EQUAL
231 (status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
232 return status;
233 }
234
235 if (!NT_STATUS_IS_OK(status)) {
236 ids[i]->status = ID_UNMAPPED;
237 continue;
238 }
239
240 ids[i]->status = ID_MAPPED;
241 }
242
243 return NT_STATUS_OK;
244 }
245
246 /*
247 * IdMap NSS plugin
248 */
249
250 /**********************************************************************
251 *********************************************************************/
252
253 static NTSTATUS _nss_adex_init(struct nss_domain_entry
254 *e)
255 {
256 return _idmap_adex_init(NULL);
257 }
258
259 /**********************************************************************
260 *********************************************************************/
261
262 static NTSTATUS _nss_adex_get_info(struct
263 nss_domain_entry *e,
264 const struct dom_sid * sid,
265 TALLOC_CTX * ctx,
266 const char **homedir,
267 const char **shell,
268 const char **gecos, gid_t * p_gid)
269 {
270 NTSTATUS nt_status;
271 struct likewise_cell *cell;
272
273 nt_status = _idmap_adex_init(NULL);
274 if (!NT_STATUS_IS_OK(nt_status))
275 return nt_status;
276
277 if ((cell = cell_list_head()) == NULL) {
278 return NT_STATUS_INVALID_SERVER_STATE;
279 }
280
281 return cell->provider->get_nss_info(sid, ctx, homedir,
282 shell, gecos, p_gid);
283 }
284
285 /**********************************************************************
286 *********************************************************************/
287
288 static NTSTATUS _nss_adex_map_to_alias(TALLOC_CTX * mem_ctx,
289 struct nss_domain_entry *e,
290 const char *name, char **alias)
291 {
292 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
293 struct likewise_cell *cell = NULL;
294
295 nt_status = _idmap_adex_init(NULL);
296 BAIL_ON_NTSTATUS_ERROR(nt_status);
297
298 if ((cell = cell_list_head()) == NULL) {
299 nt_status = NT_STATUS_INVALID_SERVER_STATE;
300 BAIL_ON_NTSTATUS_ERROR(nt_status);
301 }
302
303 nt_status = cell->provider->map_to_alias(mem_ctx, e->domain,
304 name, alias);
305
306 /* go ahead and allow the cache mgr to mark this in
307 negative cache */
308
309 if (!NT_STATUS_IS_OK(nt_status))
310 nt_status = NT_STATUS_NONE_MAPPED;
311
312 done:
313 return nt_status;
314 }
315
316 /**********************************************************************
317 *********************************************************************/
318
319 static NTSTATUS _nss_adex_map_from_alias(TALLOC_CTX * mem_ctx,
320 struct nss_domain_entry *e,
321 const char *alias, char **name)
322 {
323 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
324 struct likewise_cell *cell = NULL;
325
326 nt_status = _idmap_adex_init(NULL);
327 BAIL_ON_NTSTATUS_ERROR(nt_status);
328
329 if ((cell = cell_list_head()) == NULL) {
330 nt_status = NT_STATUS_INVALID_SERVER_STATE;
331 BAIL_ON_NTSTATUS_ERROR(nt_status);
332 }
333
334
335 nt_status = cell->provider->map_from_alias(mem_ctx, e->domain,
336 alias, name);
337
338 /* go ahead and allow the cache mgr to mark this in
339 negative cache */
340
341 if (!NT_STATUS_IS_OK(nt_status))
342 nt_status = NT_STATUS_NONE_MAPPED;
343
344 done:
345 return nt_status;
346 }
347
348 /**********************************************************************
349 *********************************************************************/
350
351 static NTSTATUS _nss_adex_close(void)
352 {
353 return NT_STATUS_NOT_IMPLEMENTED;
354 }
355
356 /**********************************************************************
357 *********************************************************************/
358
359 static struct idmap_methods adex_idmap_methods = {
360
361 .init = _idmap_adex_init,
362 .unixids_to_sids = _idmap_adex_get_sid_from_id,
363 .sids_to_unixids = _idmap_adex_get_id_from_sid,
364 };
365 static struct nss_info_methods adex_nss_methods = {
366 .init = _nss_adex_init,
367 .get_nss_info = _nss_adex_get_info,
368 .map_to_alias = _nss_adex_map_to_alias,
369 .map_from_alias = _nss_adex_map_from_alias,
370 .close_fn = _nss_adex_close
371 };
372
373 /**********************************************************************
374 Register with the idmap and idmap_nss subsystems. We have to protect
375 against the idmap and nss_info interfaces being in a half-registered
376 state.
377 **********************************************************************/
378 NTSTATUS samba_init_module(void)
379 {
380 static NTSTATUS idmap_status = NT_STATUS_UNSUCCESSFUL;
381 static NTSTATUS nss_status = NT_STATUS_UNSUCCESSFUL;
382 if (!NT_STATUS_IS_OK(idmap_status)) {
383 idmap_status =
384 smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION,
385 "adex", &adex_idmap_methods);
386 if (!NT_STATUS_IS_OK(idmap_status)) {
387 DEBUG(0,
388 ("idmap_centeris_init: Failed to register the adex"
389 "idmap plugin.\n"));
390 return idmap_status;
391 }
392 }
393
394 if (!NT_STATUS_IS_OK(nss_status)) {
395 nss_status =
396 smb_register_idmap_nss(SMB_NSS_INFO_INTERFACE_VERSION,
397 "adex", &adex_nss_methods);
398 if (!NT_STATUS_IS_OK(nss_status)) {
399 DEBUG(0,
400 ("idmap_adex_init: Failed to register the adex"
401 "nss plugin.\n"));
402 return nss_status;
403 }
404 }
405
406 return NT_STATUS_OK;
407 }
Working branch of Samba for id10ts