2006-12-12 17:52:13 +03:00
/*
* idmap_rid : static map between Active Directory / NT RIDs and RFC 2307 accounts
* Copyright ( C ) Guenther Deschner , 2004
* Copyright ( C ) Sumit Bose , 2004
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2006-12-12 17:52:13 +03:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2006-12-12 17:52:13 +03:00
*
*/
# include "includes.h"
2006-12-12 18:16:26 +03:00
# include "winbindd.h"
2010-08-18 20:13:42 +04:00
# include "idmap.h"
2010-10-15 15:32:08 +04:00
# include "../libcli/security/dom_sid.h"
2006-12-12 17:52:13 +03:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_IDMAP
struct idmap_rid_context {
uint32_t base_rid ;
} ;
2007-01-22 19:54:02 +03:00
/******************************************************************************
compat params can ' t be used because of the completely different way
we support multiple domains in the new idmap
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-07-13 14:07:40 +04:00
static NTSTATUS idmap_rid_initialize ( struct idmap_domain * dom ,
const char * params )
2006-12-12 17:52:13 +03:00
{
NTSTATUS ret ;
struct idmap_rid_context * ctx ;
char * config_option = NULL ;
2010-06-21 19:28:37 +04:00
ctx = TALLOC_ZERO_P ( dom , struct idmap_rid_context ) ;
if ( ctx = = NULL ) {
2006-12-12 17:52:13 +03:00
DEBUG ( 0 , ( " Out of memory! \n " ) ) ;
return NT_STATUS_NO_MEMORY ;
}
config_option = talloc_asprintf ( ctx , " idmap config %s " , dom - > name ) ;
if ( ! config_option ) {
DEBUG ( 0 , ( " Out of memory! \n " ) ) ;
ret = NT_STATUS_NO_MEMORY ;
goto failed ;
}
ctx - > base_rid = lp_parm_int ( - 1 , config_option , " base_rid " , 0 ) ;
2010-06-22 14:44:22 +04:00
2006-12-12 17:52:13 +03:00
dom - > private_data = ctx ;
talloc_free ( config_option ) ;
return NT_STATUS_OK ;
failed :
talloc_free ( ctx ) ;
return ret ;
}
2010-06-22 14:38:19 +04:00
static NTSTATUS idmap_rid_id_to_sid ( struct idmap_domain * dom , struct id_map * map )
2006-12-12 17:52:13 +03:00
{
2010-06-22 14:38:19 +04:00
struct winbindd_domain * domain ;
struct idmap_rid_context * ctx ;
ctx = talloc_get_type ( dom - > private_data , struct idmap_rid_context ) ;
2006-12-12 17:52:13 +03:00
/* apply filters before checking */
2010-06-22 14:38:19 +04:00
if ( ! idmap_unix_id_is_in_range ( map - > xid . id , dom ) ) {
2006-12-12 17:52:13 +03:00
DEBUG ( 5 , ( " Requested id (%u) out of range (%u - %u). Filtered! \n " ,
2010-06-22 14:38:19 +04:00
map - > xid . id , dom - > low_id , dom - > high_id ) ) ;
2006-12-12 17:52:13 +03:00
return NT_STATUS_NONE_MAPPED ;
}
2010-06-22 14:38:19 +04:00
domain = find_domain_from_name_noinit ( dom - > name ) ;
if ( domain = = NULL ) {
2007-01-22 19:54:02 +03:00
return NT_STATUS_NO_SUCH_DOMAIN ;
}
2010-06-22 14:38:19 +04:00
sid_compose ( map - > sid , & domain - > sid , map - > xid . id - dom - > low_id + ctx - > base_rid ) ;
2006-12-12 17:52:13 +03:00
2007-04-20 02:26:09 +04:00
/* We **really** should have some way of validating
the SID exists and is the correct type here . But
that is a deficiency in the idmap_rid design . */
2006-12-12 17:52:13 +03:00
2007-01-14 20:58:24 +03:00
map - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
return NT_STATUS_OK ;
}
/**********************************
Single sid to id lookup function .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-06-22 14:42:06 +04:00
static NTSTATUS idmap_rid_sid_to_id ( struct idmap_domain * dom , struct id_map * map )
2006-12-12 17:52:13 +03:00
{
uint32_t rid ;
2010-06-22 14:42:06 +04:00
struct idmap_rid_context * ctx ;
ctx = talloc_get_type ( dom - > private_data , struct idmap_rid_context ) ;
2006-12-12 17:52:13 +03:00
sid_peek_rid ( map - > sid , & rid ) ;
2010-06-22 14:42:06 +04:00
map - > xid . id = rid - ctx - > base_rid + dom - > low_id ;
2006-12-12 17:52:13 +03:00
/* apply filters before returning result */
2007-04-20 02:26:09 +04:00
2010-06-22 14:42:06 +04:00
if ( ! idmap_unix_id_is_in_range ( map - > xid . id , dom ) ) {
2006-12-12 17:52:13 +03:00
DEBUG ( 5 , ( " Requested id (%u) out of range (%u - %u). Filtered! \n " ,
2010-06-22 14:42:06 +04:00
map - > xid . id , dom - > low_id , dom - > high_id ) ) ;
2007-01-14 20:58:24 +03:00
map - > status = ID_UNMAPPED ;
2006-12-12 17:52:13 +03:00
return NT_STATUS_NONE_MAPPED ;
}
2007-01-14 20:58:24 +03:00
map - > status = ID_MAPPED ;
2006-12-12 17:52:13 +03:00
return NT_STATUS_OK ;
}
/**********************************
lookup a set of unix ids .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS idmap_rid_unixids_to_sids ( struct idmap_domain * dom , struct id_map * * ids )
{
NTSTATUS ret ;
int i ;
2009-03-02 09:19:50 +03:00
/* initialize the status to avoid suprise */
for ( i = 0 ; ids [ i ] ; i + + ) {
ids [ i ] - > status = ID_UNKNOWN ;
}
2006-12-13 19:39:50 +03:00
2006-12-12 17:52:13 +03:00
for ( i = 0 ; ids [ i ] ; i + + ) {
2010-06-22 14:38:19 +04:00
ret = idmap_rid_id_to_sid ( dom , ids [ i ] ) ;
2006-12-12 17:52:13 +03:00
if ( ( ! NT_STATUS_IS_OK ( ret ) ) & &
( ! NT_STATUS_EQUAL ( ret , NT_STATUS_NONE_MAPPED ) ) ) {
/* some fatal error occurred, log it */
DEBUG ( 3 , ( " Unexpected error resolving an ID (%d) \n " , ids [ i ] - > xid . id ) ) ;
}
}
return NT_STATUS_OK ;
}
/**********************************
lookup a set of sids .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS idmap_rid_sids_to_unixids ( struct idmap_domain * dom , struct id_map * * ids )
{
NTSTATUS ret ;
int i ;
2009-03-02 09:19:50 +03:00
/* initialize the status to avoid suprise */
for ( i = 0 ; ids [ i ] ; i + + ) {
ids [ i ] - > status = ID_UNKNOWN ;
}
2006-12-13 19:39:50 +03:00
2006-12-12 17:52:13 +03:00
for ( i = 0 ; ids [ i ] ; i + + ) {
2010-06-22 14:42:06 +04:00
ret = idmap_rid_sid_to_id ( dom , ids [ i ] ) ;
2006-12-12 17:52:13 +03:00
if ( ( ! NT_STATUS_IS_OK ( ret ) ) & &
( ! NT_STATUS_EQUAL ( ret , NT_STATUS_NONE_MAPPED ) ) ) {
/* some fatal error occurred, log it */
DEBUG ( 3 , ( " Unexpected error resolving a SID (%s) \n " ,
2007-12-15 23:11:36 +03:00
sid_string_dbg ( ids [ i ] - > sid ) ) ) ;
2006-12-12 17:52:13 +03:00
}
}
return NT_STATUS_OK ;
}
static NTSTATUS idmap_rid_close ( struct idmap_domain * dom )
{
if ( dom - > private_data ) {
TALLOC_FREE ( dom - > private_data ) ;
}
return NT_STATUS_OK ;
}
static struct idmap_methods rid_methods = {
. init = idmap_rid_initialize ,
. unixids_to_sids = idmap_rid_unixids_to_sids ,
. sids_to_unixids = idmap_rid_sids_to_unixids ,
. close_fn = idmap_rid_close
} ;
NTSTATUS idmap_rid_init ( void )
{
return smb_register_idmap ( SMB_IDMAP_INTERFACE_VERSION , " rid " , & rid_methods ) ;
}