samba-mirror/source/sam/idmap.c

/* 
   Unix SMB/CIFS implementation.
   ID Mapping
   Copyright (C) Tim Potter 2000
   Copyright (C) Anthony Liguori <aliguor@us.ibm.com>	2003
   Copyright (C) Simo Sorce 2003
   Copyright (C) Jeremy Allison 2003.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/

#include "includes.h"

#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP

struct idmap_function_entry {
	const char *name;
	struct idmap_methods *methods;
	struct idmap_function_entry *prev,*next;
};

static struct idmap_function_entry *backends = NULL;

static struct idmap_methods *cache_map;
static struct idmap_methods *remote_map;

/**********************************************************************
 Get idmap methods. Don't allow tdb to be a remote method.
**********************************************************************/

static struct idmap_methods *get_methods(const char *name, BOOL cache_method)
{
	struct idmap_function_entry *entry = backends;

	for(entry = backends; entry; entry = entry->next) {
		if (!cache_method && strequal(entry->name, "tdb"))
			continue; /* tdb is only cache method. */
		if (strequal(entry->name, name))
			return entry->methods;
	}

	return NULL;
}

/**********************************************************************
 Allow a module to register itself as a method.
**********************************************************************/

NTSTATUS smb_register_idmap(int version, const char *name, struct idmap_methods *methods)
{
	struct idmap_function_entry *entry;

 	if ((version != SMB_IDMAP_INTERFACE_VERSION)) {
		DEBUG(0, ("smb_register_idmap: Failed to register idmap module.\n"
		          "The module was compiled against SMB_IDMAP_INTERFACE_VERSION %d,\n"
		          "current SMB_IDMAP_INTERFACE_VERSION is %d.\n"
		          "Please recompile against the current version of samba!\n",  
			  version, SMB_IDMAP_INTERFACE_VERSION));
		return NT_STATUS_OBJECT_TYPE_MISMATCH;
  	}

	if (!name || !name[0] || !methods) {
		DEBUG(0,("smb_register_idmap: called with NULL pointer or empty name!\n"));
		return NT_STATUS_INVALID_PARAMETER;
	}

	if (get_methods(name, False)) {
		DEBUG(0,("smb_register_idmap: idmap module %s already registered!\n", name));
		return NT_STATUS_OBJECT_NAME_COLLISION;
	}

	entry = smb_xmalloc(sizeof(struct idmap_function_entry));
	entry->name = smb_xstrdup(name);
	entry->methods = methods;

	DLIST_ADD(backends, entry);
	DEBUG(5, ("smb_register_idmap: Successfully added idmap backend '%s'\n", name));
	return NT_STATUS_OK;
}

/**********************************************************************
 Initialise idmap cache and a remote backend (if configured).
**********************************************************************/

BOOL idmap_init(const char *remote_backend)
{
	if (!backends)
		static_init_idmap;

	if (!cache_map) {
		cache_map = get_methods("tdb", True);

		if (!cache_map) {
			DEBUG(0, ("idmap_init: could not find tdb cache backend!\n"));
			return False;
		}
		
		if (!NT_STATUS_IS_OK(cache_map->init( NULL ))) {
			DEBUG(0, ("idmap_init: could not initialise tdb cache backend!\n"));
			return False;
		}
	}
	
	if (!remote_map && remote_backend && *remote_backend != 0) {
		char *rem_backend = smb_xstrdup(remote_backend);
		fstring params = "";
		char *pparams;
		
		/* get any mode parameters passed in */
		
		if ( (pparams = strchr( rem_backend, ':' )) != NULL ) {
			*pparams = '\0';
			pparams++;
			fstrcpy( params, pparams );
		}
		
		DEBUG(3, ("idmap_init: using '%s' as remote backend\n", rem_backend));
		
		if((remote_map = get_methods(rem_backend, False)) ||
		    (NT_STATUS_IS_OK(smb_probe_module("idmap", rem_backend)) && 
		    (remote_map = get_methods(rem_backend, False)))) {
			remote_map->init(params);
		} else {
			DEBUG(0, ("idmap_init: could not load remote backend '%s'\n", rem_backend));
			SAFE_FREE(rem_backend);
			return False;
		}
		SAFE_FREE(rem_backend);
	}

	return True;
}

/**************************************************************************
 This is a rare operation, designed to allow an explicit mapping to be
 set up for a sid to a POSIX id. Usually called to set up mappings for groups.
**************************************************************************/

NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
{
	NTSTATUS ret;

	ret = cache_map->set_mapping(sid, id, id_type);
	if (!NT_STATUS_IS_OK(ret)) {
		DEBUG (0, ("idmap_set_mapping: Error, unable to modify local cache!\n"));
		DEBUGADD(0, ("Error: %s", nt_errstr(ret)));
		return ret;
	}

	/* Being able to update the remote cache is seldomly right.
	   Generally this is a forbidden operation. */
	if (!(id_type & ID_CACHE_SAVE) && (remote_map != NULL)) {
		ret = remote_map->set_mapping(sid, id, id_type);
		if (!NT_STATUS_IS_OK(ret)) {
			DEBUG (0, ("idmap_set_mapping: Error, unable to modify remote cache!\n"));
			DEBUGADD(0, ("Error: %s", nt_errstr(ret)));
		}
	}

	return ret;
}

/**************************************************************************
 Get ID from SID. This can create a mapping for a SID to a POSIX id.
**************************************************************************/

NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
{
	NTSTATUS ret;
	int loc_type;

	loc_type = *id_type;
	if (remote_map) {
		/* We have a central remote idmap so only look in cache not set. */
		loc_type |= ID_QUERY_ONLY;
	}
	ret = cache_map->get_id_from_sid(id, &loc_type, sid);
	if (!NT_STATUS_IS_OK(ret)) {
		if (remote_map) {
			ret = remote_map->get_id_from_sid(id, id_type, sid);
			if (!NT_STATUS_IS_OK(ret)) {
				DEBUG(3, ("idmap_get_id_from_sid: error fetching id!\n"));
				return ret;
			} else {
				/* The remote backend gave us a valid mapping, cache it. */
				loc_type |= ID_CACHE_SAVE;
				idmap_set_mapping(sid, *id, loc_type);
			}
		}
	} else {
		*id_type = loc_type & ID_TYPEMASK;
	}

	return ret;
}

/**************************************************************************
 Get SID from ID. This must have been created before.
**************************************************************************/

NTSTATUS idmap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
{
	NTSTATUS ret;
	int loc_type;

	loc_type = id_type;
	if (remote_map) {
		loc_type = id_type | ID_QUERY_ONLY;
	}
	ret = cache_map->get_sid_from_id(sid, id, loc_type);
	if (!NT_STATUS_IS_OK(ret)) {
		if (remote_map) {
			ret = remote_map->get_sid_from_id(sid, id, id_type);
			if (!NT_STATUS_IS_OK(ret)) {
				DEBUG(3, ("idmap_get_sid_from_id: unable to fetch sid!\n"));
				return ret;
			} else {
				/* The remote backend gave us a valid mapping, cache it. */
				loc_type |= ID_CACHE_SAVE;
				ret = cache_map->set_mapping(sid, id, loc_type);
			}
		}
	}

	return ret;
}

/**************************************************************************
 Shutdown maps.
**************************************************************************/

NTSTATUS idmap_close(void)
{
	NTSTATUS ret;

	ret = cache_map->close();
	if (!NT_STATUS_IS_OK(ret)) {
		DEBUG(3, ("idmap_close: failed to close local tdb cache!\n"));
	}

	if (remote_map) {
		ret = remote_map->close();
		if (!NT_STATUS_IS_OK(ret)) {
			DEBUG(3, ("idmap_close: failed to close remote idmap repository!\n"));
		}
	}

	return ret;
}

/**************************************************************************
 Dump backend status.
**************************************************************************/

void idmap_status(void)
{
	cache_map->status();
	if (remote_map)
		remote_map->status();
}