2006-12-12 17:52:13 +03:00
/*
* idmap_rid : static map between Active Directory / NT RIDs and RFC 2307 accounts
* Copyright ( C ) Guenther Deschner , 2004
* Copyright ( C ) Sumit Bose , 2004
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*
*/
# include "includes.h"
2006-12-12 18:16:26 +03:00
# include "winbindd.h"
2006-12-12 17:52:13 +03:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_IDMAP
struct idmap_rid_context {
2007-01-22 19:54:02 +03:00
const char * domain_name ;
2006-12-12 17:52:13 +03:00
uint32_t low_id ;
uint32_t high_id ;
uint32_t base_rid ;
} ;
2007-01-22 19:54:02 +03:00
/******************************************************************************
compat params can ' t be used because of the completely different way
we support multiple domains in the new idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-04-20 02:26:09 +04:00
static NTSTATUS idmap_rid_initialize ( struct idmap_domain * dom )
2006-12-12 17:52:13 +03:00
{
NTSTATUS ret ;
struct idmap_rid_context * ctx ;
char * config_option = NULL ;
const char * range ;
2007-04-28 03:18:41 +04:00
if ( ( ctx = TALLOC_ZERO ( dom , struct idmap_rid_context ) ) = = NULL ) {
2006-12-12 17:52:13 +03:00
DEBUG ( 0 , ( " Out of memory! \n " ) ) ;
return NT_STATUS_NO_MEMORY ;
}
config_option = talloc_asprintf ( ctx , " idmap config %s " , dom - > name ) ;
if ( ! config_option ) {
DEBUG ( 0 , ( " Out of memory! \n " ) ) ;
ret = NT_STATUS_NO_MEMORY ;
goto failed ;
}
range = lp_parm_const_string ( - 1 , config_option , " range " , NULL ) ;
2007-01-22 19:54:02 +03:00
if ( ! range | |
2006-12-12 17:52:13 +03:00
( sscanf ( range , " %u - %u " , & ctx - > low_id , & ctx - > high_id ) ! = 2 ) | |
2007-01-22 19:54:02 +03:00
( ctx - > low_id > ctx - > high_id ) )
{
2006-12-12 17:52:13 +03:00
ctx - > low_id = 0 ;
ctx - > high_id = 0 ;
}
2007-01-22 19:54:02 +03:00
if ( ! ctx - > low_id | | ! ctx - > high_id ) {
2006-12-12 17:52:13 +03:00
DEBUG ( 1 , ( " ERROR: Invalid configuration, ID range missing \n " ) ) ;
ret = NT_STATUS_UNSUCCESSFUL ;
goto failed ;
}
ctx - > base_rid = lp_parm_int ( - 1 , config_option , " base_rid " , 0 ) ;
2007-01-22 19:54:02 +03:00
ctx - > domain_name = talloc_strdup ( ctx , dom - > name ) ;
2006-12-12 17:52:13 +03:00
dom - > private_data = ctx ;
talloc_free ( config_option ) ;
return NT_STATUS_OK ;
failed :
talloc_free ( ctx ) ;
return ret ;
}
2006-12-13 19:39:50 +03:00
static NTSTATUS idmap_rid_id_to_sid ( TALLOC_CTX * memctx , struct idmap_rid_context * ctx , struct id_map * map )
2006-12-12 17:52:13 +03:00
{
2007-01-22 19:54:02 +03:00
struct winbindd_domain * domain ;
2006-12-12 17:52:13 +03:00
/* apply filters before checking */
if ( ( map - > xid . id < ctx - > low_id ) | | ( map - > xid . id > ctx - > high_id ) ) {
DEBUG ( 5 , ( " Requested id (%u) out of range (%u - %u). Filtered! \n " ,
map - > xid . id , ctx - > low_id , ctx - > high_id ) ) ;
return NT_STATUS_NONE_MAPPED ;
}
2007-01-22 19:54:02 +03:00
if ( ( domain = find_domain_from_name_noinit ( ctx - > domain_name ) ) = = NULL ) {
return NT_STATUS_NO_SUCH_DOMAIN ;
}
sid_compose ( map - > sid , & domain - > sid , map - > xid . id - ctx - > low_id + ctx - > base_rid ) ;
2006-12-12 17:52:13 +03:00
2007-04-20 02:26:09 +04:00
/* We **really** should have some way of validating
the SID exists and is the correct type here . But
that is a deficiency in the idmap_rid design . */
2006-12-12 17:52:13 +03:00
2007-01-14 20:58:24 +03:00
map - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
return NT_STATUS_OK ;
}
/**********************************
Single sid to id lookup function .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-12-13 19:39:50 +03:00
static NTSTATUS idmap_rid_sid_to_id ( TALLOC_CTX * memctx , struct idmap_rid_context * ctx , struct id_map * map )
2006-12-12 17:52:13 +03:00
{
uint32_t rid ;
sid_peek_rid ( map - > sid , & rid ) ;
map - > xid . id = rid - ctx - > base_rid + ctx - > low_id ;
/* apply filters before returning result */
2007-04-20 02:26:09 +04:00
2006-12-12 17:52:13 +03:00
if ( ( map - > xid . id < ctx - > low_id ) | | ( map - > xid . id > ctx - > high_id ) ) {
DEBUG ( 5 , ( " Requested id (%u) out of range (%u - %u). Filtered! \n " ,
map - > xid . id , ctx - > low_id , ctx - > high_id ) ) ;
2007-01-14 20:58:24 +03:00
map - > status = ID_UNMAPPED ;
2006-12-12 17:52:13 +03:00
return NT_STATUS_NONE_MAPPED ;
}
2007-04-20 02:26:09 +04:00
/* We **really** should have some way of validating
the SID exists and is the correct type here . But
that is a deficiency in the idmap_rid design . */
2007-01-14 20:58:24 +03:00
map - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
return NT_STATUS_OK ;
}
/**********************************
lookup a set of unix ids .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS idmap_rid_unixids_to_sids ( struct idmap_domain * dom , struct id_map * * ids )
{
2006-12-13 19:39:50 +03:00
struct idmap_rid_context * ridctx ;
TALLOC_CTX * ctx ;
2006-12-12 17:52:13 +03:00
NTSTATUS ret ;
int i ;
2006-12-13 19:39:50 +03:00
ridctx = talloc_get_type ( dom - > private_data , struct idmap_rid_context ) ;
ctx = talloc_new ( dom ) ;
if ( ! ctx ) {
DEBUG ( 0 , ( " Out of memory! \n " ) ) ;
return NT_STATUS_NO_MEMORY ;
}
2006-12-12 17:52:13 +03:00
for ( i = 0 ; ids [ i ] ; i + + ) {
2006-12-13 19:39:50 +03:00
ret = idmap_rid_id_to_sid ( ctx , ridctx , ids [ i ] ) ;
2006-12-12 17:52:13 +03:00
if ( ( ! NT_STATUS_IS_OK ( ret ) ) & &
( ! NT_STATUS_EQUAL ( ret , NT_STATUS_NONE_MAPPED ) ) ) {
/* some fatal error occurred, log it */
DEBUG ( 3 , ( " Unexpected error resolving an ID (%d) \n " , ids [ i ] - > xid . id ) ) ;
}
}
2006-12-13 19:39:50 +03:00
talloc_free ( ctx ) ;
2006-12-12 17:52:13 +03:00
return NT_STATUS_OK ;
}
/**********************************
lookup a set of sids .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS idmap_rid_sids_to_unixids ( struct idmap_domain * dom , struct id_map * * ids )
{
2006-12-13 19:39:50 +03:00
struct idmap_rid_context * ridctx ;
TALLOC_CTX * ctx ;
2006-12-12 17:52:13 +03:00
NTSTATUS ret ;
int i ;
2006-12-13 19:39:50 +03:00
ridctx = talloc_get_type ( dom - > private_data , struct idmap_rid_context ) ;
ctx = talloc_new ( dom ) ;
if ( ! ctx ) {
DEBUG ( 0 , ( " Out of memory! \n " ) ) ;
return NT_STATUS_NO_MEMORY ;
}
2006-12-12 17:52:13 +03:00
for ( i = 0 ; ids [ i ] ; i + + ) {
2006-12-13 19:39:50 +03:00
ret = idmap_rid_sid_to_id ( ctx , ridctx , ids [ i ] ) ;
2006-12-12 17:52:13 +03:00
if ( ( ! NT_STATUS_IS_OK ( ret ) ) & &
( ! NT_STATUS_EQUAL ( ret , NT_STATUS_NONE_MAPPED ) ) ) {
/* some fatal error occurred, log it */
DEBUG ( 3 , ( " Unexpected error resolving a SID (%s) \n " ,
sid_string_static ( ids [ i ] - > sid ) ) ) ;
}
}
2006-12-13 19:39:50 +03:00
talloc_free ( ctx ) ;
2006-12-12 17:52:13 +03:00
return NT_STATUS_OK ;
}
static NTSTATUS idmap_rid_close ( struct idmap_domain * dom )
{
if ( dom - > private_data ) {
TALLOC_FREE ( dom - > private_data ) ;
}
return NT_STATUS_OK ;
}
static struct idmap_methods rid_methods = {
. init = idmap_rid_initialize ,
. unixids_to_sids = idmap_rid_unixids_to_sids ,
. sids_to_unixids = idmap_rid_sids_to_unixids ,
. close_fn = idmap_rid_close
} ;
NTSTATUS idmap_rid_init ( void )
{
return smb_register_idmap ( SMB_IDMAP_INTERFACE_VERSION , " rid " , & rid_methods ) ;
}
