2006-09-24 02:52:25 +00:00
/*
* Unix SMB / CIFS implementation .
*
* group mapping code on top of ldb
*
* Copyright ( C ) Andrew Tridgell 2006
*
* based on tdb group mapping code from groupdb / mapping . c
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
* the Free Software Foundation ; either version 3 of the License , or
2006-09-24 02:52:25 +00:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 05:23:25 +00:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2006-09-24 02:52:25 +00:00
*/
# include "includes.h"
# include "groupdb/mapping.h"
2009-04-23 14:31:45 +02:00
# include "lib/ldb/include/ldb.h"
2006-09-24 02:52:25 +00:00
# include "lib/ldb/include/ldb_errors.h"
static struct ldb_context * ldb ;
2007-10-18 17:40:25 -07:00
static bool mapping_upgrade ( const char * tdb_path ) ;
2006-09-24 02:52:25 +00:00
/*
connect to the group mapping ldb
*/
2007-10-18 17:40:25 -07:00
static bool init_group_mapping ( void )
2006-09-24 02:52:25 +00:00
{
2007-10-18 17:40:25 -07:00
bool existed ;
2006-09-24 02:52:25 +00:00
const char * init_ldif [ ] =
{ " dn: @ATTRIBUTES \n " \
" ntName: CASE_INSENSITIVE \n " \
" \n " ,
" dn: @INDEXLIST \n " \
" @IDXATTR: gidNumber \n " \
" @IDXATTR: ntName \n " \
2006-10-31 12:57:56 +00:00
" @IDXATTR: member \n " } ;
2006-09-24 02:52:25 +00:00
const char * db_path , * tdb_path ;
int ret ;
int flags = 0 ;
if ( ldb ! = NULL ) {
return True ;
}
2006-09-24 07:11:34 +00:00
/* this is needed as Samba3 doesn't have this globally yet */
ldb_global_init ( ) ;
2006-09-24 02:52:25 +00:00
2007-11-01 15:53:44 -04:00
db_path = state_path ( " group_mapping.ldb " ) ;
2006-09-24 02:52:25 +00:00
2009-04-23 14:27:59 +02:00
ldb = ldb_init ( NULL , NULL ) ;
2006-09-24 02:52:25 +00:00
if ( ldb = = NULL ) goto failed ;
2008-08-27 11:28:18 -07:00
/* Ensure this db is created read/write for root only. */
ldb_set_create_perms ( ldb , 0600 ) ;
2008-10-17 12:48:19 +02:00
existed = file_exist ( db_path ) ;
2006-09-24 02:52:25 +00:00
if ( lp_parm_bool ( - 1 , " groupmap " , " nosync " , False ) ) {
flags | = LDB_FLG_NOSYNC ;
}
2007-06-06 13:02:14 +00:00
if ( ! lp_use_mmap ( ) ) {
flags | = LDB_FLG_NOMMAP ;
}
2006-09-24 02:52:25 +00:00
ret = ldb_connect ( ldb , db_path , flags , NULL ) ;
if ( ret ! = LDB_SUCCESS ) {
goto failed ;
}
2008-08-27 10:45:43 +02:00
/* force the permissions on the ldb to 0600 - this will fix
existing databases as well as new ones */
if ( chmod ( db_path , 0600 ) ! = 0 ) {
goto failed ;
}
2006-09-24 02:52:25 +00:00
if ( ! existed ) {
/* initialise the ldb with an index */
struct ldb_ldif * ldif ;
int i ;
for ( i = 0 ; i < ARRAY_SIZE ( init_ldif ) ; i + + ) {
ldif = ldb_ldif_read_string ( ldb , & init_ldif [ i ] ) ;
if ( ldif = = NULL ) goto failed ;
ret = ldb_add ( ldb , ldif - > msg ) ;
talloc_free ( ldif ) ;
if ( ret = = - 1 ) goto failed ;
}
}
/* possibly upgrade */
2007-11-01 15:53:44 -04:00
tdb_path = state_path ( " group_mapping.tdb " ) ;
2008-10-17 12:48:19 +02:00
if ( file_exist ( tdb_path ) & & ! mapping_upgrade ( tdb_path ) ) {
2007-11-01 15:53:44 -04:00
unlink ( state_path ( " group_mapping.ldb " ) ) ;
2006-09-24 02:52:25 +00:00
goto failed ;
}
return True ;
failed :
DEBUG ( 0 , ( " Failed to open group mapping ldb '%s' - '%s' \n " ,
db_path , ldb ? ldb_errstring ( ldb ) : strerror ( errno ) ) ) ;
talloc_free ( ldb ) ;
ldb = NULL ;
return False ;
}
/*
form the DN for a mapping entry from a SID
*/
static struct ldb_dn * mapping_dn ( TALLOC_CTX * mem_ctx , const DOM_SID * sid )
{
fstring string_sid ;
uint32_t rid ;
DOM_SID domsid ;
sid_copy ( & domsid , sid ) ;
if ( ! sid_split_rid ( & domsid , & rid ) ) {
return NULL ;
}
2007-12-15 22:47:30 +01:00
if ( ! sid_to_fstring ( string_sid , & domsid ) ) {
2006-09-24 02:52:25 +00:00
return NULL ;
}
/* we split by domain and rid so we can do a subtree search
when we only want one domain */
2009-04-23 14:31:45 +02:00
return ldb_dn_new_fmt ( mem_ctx , ldb , " rid=%u,domain=%s " ,
rid , string_sid ) ;
2006-09-24 02:52:25 +00:00
}
/*
add a group mapping entry
*/
2007-10-18 17:40:25 -07:00
static bool add_mapping_entry ( GROUP_MAP * map , int flag )
2006-09-24 02:52:25 +00:00
{
struct ldb_message * msg ;
int ret , i ;
fstring string_sid ;
msg = ldb_msg_new ( ldb ) ;
2006-10-04 19:40:25 +00:00
if ( msg = = NULL ) {
return False ;
}
2006-09-24 02:52:25 +00:00
msg - > dn = mapping_dn ( msg , & map - > sid ) ;
2006-10-04 19:40:25 +00:00
if ( msg - > dn = = NULL ) {
goto failed ;
}
2006-09-24 02:52:25 +00:00
if ( ldb_msg_add_string ( msg , " objectClass " , " groupMap " ) ! = LDB_SUCCESS | |
ldb_msg_add_string ( msg , " sid " ,
2007-12-15 22:47:30 +01:00
sid_to_fstring ( string_sid , & map - > sid ) ) ! = LDB_SUCCESS | |
2006-09-24 02:52:25 +00:00
ldb_msg_add_fmt ( msg , " gidNumber " , " %u " , ( unsigned ) map - > gid ) ! = LDB_SUCCESS | |
ldb_msg_add_fmt ( msg , " sidNameUse " , " %u " , ( unsigned ) map - > sid_name_use ) ! = LDB_SUCCESS | |
2006-09-26 02:49:16 +00:00
ldb_msg_add_string ( msg , " comment " , map - > comment ) ! = LDB_SUCCESS | |
2006-09-24 22:10:48 +00:00
ldb_msg_add_string ( msg , " ntName " , map - > nt_name ) ! = LDB_SUCCESS ) {
goto failed ;
}
2006-09-24 02:52:25 +00:00
ret = ldb_add ( ldb , msg ) ;
/* if it exists we update it. This is a hangover from the semantics the
tdb backend had */
if ( ret = = LDB_ERR_ENTRY_ALREADY_EXISTS ) {
for ( i = 0 ; i < msg - > num_elements ; i + + ) {
msg - > elements [ i ] . flags = LDB_FLAG_MOD_REPLACE ;
}
ret = ldb_modify ( ldb , msg ) ;
}
talloc_free ( msg ) ;
return ret = = LDB_SUCCESS ;
failed :
talloc_free ( msg ) ;
return False ;
}
/*
unpack a ldb message into a GROUP_MAP structure
*/
2007-10-18 17:40:25 -07:00
static bool msg_to_group_map ( struct ldb_message * msg , GROUP_MAP * map )
2006-09-24 02:52:25 +00:00
{
const char * sidstr ;
map - > gid = ldb_msg_find_attr_as_int ( msg , " gidNumber " , - 1 ) ;
map - > sid_name_use = ldb_msg_find_attr_as_int ( msg , " sidNameUse " , - 1 ) ;
fstrcpy ( map - > nt_name , ldb_msg_find_attr_as_string ( msg , " ntName " , NULL ) ) ;
fstrcpy ( map - > comment , ldb_msg_find_attr_as_string ( msg , " comment " , NULL ) ) ;
sidstr = ldb_msg_find_attr_as_string ( msg , " sid " , NULL ) ;
if ( ! string_to_sid ( & map - > sid , sidstr ) | |
map - > gid = = ( gid_t ) - 1 | |
map - > sid_name_use = = ( enum lsa_SidType ) - 1 ) {
DEBUG ( 0 , ( " Unable to unpack group mapping \n " ) ) ;
return False ;
}
return True ;
}
/*
return a group map entry for a given sid
*/
2007-10-18 17:40:25 -07:00
static bool get_group_map_from_sid ( DOM_SID sid , GROUP_MAP * map )
2006-09-24 02:52:25 +00:00
{
int ret ;
struct ldb_dn * dn ;
struct ldb_result * res = NULL ;
2009-02-07 16:54:06 +01:00
bool result = false ;
2006-09-24 02:52:25 +00:00
2009-02-07 16:54:06 +01:00
dn = mapping_dn ( talloc_tos ( ) , & sid ) ;
if ( dn = = NULL ) {
2006-09-24 02:52:25 +00:00
goto failed ;
}
2009-02-07 16:54:06 +01:00
ret = ldb_search ( ldb , dn , & res , dn , LDB_SCOPE_BASE , NULL , NULL ) ;
2009-05-21 18:37:36 -07:00
if ( ret ! = LDB_SUCCESS | | res - > count ! = 1 ) {
2009-02-07 16:54:06 +01:00
goto failed ;
}
2006-09-24 02:52:25 +00:00
2009-02-07 16:54:06 +01:00
if ( ! msg_to_group_map ( res - > msgs [ 0 ] , map ) ) {
goto failed ;
}
2006-09-24 02:52:25 +00:00
2009-02-07 16:54:06 +01:00
result = true ;
failed :
2006-09-24 02:52:25 +00:00
talloc_free ( dn ) ;
2009-02-07 16:54:06 +01:00
return result ;
2006-09-24 02:52:25 +00:00
}
/*
return a group map entry for a given gid
*/
2007-10-18 17:40:25 -07:00
static bool get_group_map_from_gid ( gid_t gid , GROUP_MAP * map )
2006-09-24 02:52:25 +00:00
{
int ret ;
struct ldb_result * res = NULL ;
2009-02-07 16:54:06 +01:00
bool result = false ;
2006-09-24 02:52:25 +00:00
2009-02-07 16:54:06 +01:00
ret = ldb_search ( ldb , talloc_tos ( ) , & res , NULL , LDB_SCOPE_SUBTREE ,
NULL , " (&(gidNumber=%u)(objectClass=groupMap)) " ,
( unsigned ) gid ) ;
2009-05-21 18:37:36 -07:00
if ( ret ! = LDB_SUCCESS | | res - > count ! = 1 ) {
2009-02-07 16:54:06 +01:00
goto failed ;
}
2006-09-24 02:52:25 +00:00
2009-02-07 16:54:06 +01:00
if ( ! msg_to_group_map ( res - > msgs [ 0 ] , map ) ) {
goto failed ;
}
2006-09-24 02:52:25 +00:00
2009-02-07 16:54:06 +01:00
result = true ;
2006-09-24 02:52:25 +00:00
failed :
2009-02-07 16:54:06 +01:00
TALLOC_FREE ( res ) ;
return result ;
2006-09-24 02:52:25 +00:00
}
/*
Return the sid and the type of the unix group .
*/
2007-10-18 17:40:25 -07:00
static bool get_group_map_from_ntname ( const char * name , GROUP_MAP * map )
2006-09-24 02:52:25 +00:00
{
int ret ;
struct ldb_result * res = NULL ;
2009-02-07 16:54:06 +01:00
bool result = false ;
2006-09-24 02:52:25 +00:00
2009-02-07 16:54:06 +01:00
ret = ldb_search ( ldb , talloc_tos ( ) , & res , NULL , LDB_SCOPE_SUBTREE ,
NULL , " (&(ntName=%s)(objectClass=groupMap)) " , name ) ;
2009-05-21 18:37:36 -07:00
if ( ret ! = LDB_SUCCESS | | res - > count ! = 1 ) {
2009-02-07 16:54:06 +01:00
goto failed ;
}
2006-09-24 02:52:25 +00:00
2009-02-07 16:54:06 +01:00
if ( ! msg_to_group_map ( res - > msgs [ 0 ] , map ) ) {
goto failed ;
}
2006-09-24 02:52:25 +00:00
2009-02-07 16:54:06 +01:00
result = true ;
failed :
TALLOC_FREE ( res ) ;
return result ;
2006-09-24 02:52:25 +00:00
}
/*
Remove a group mapping entry .
*/
2007-10-18 17:40:25 -07:00
static bool group_map_remove ( const DOM_SID * sid )
2006-09-24 02:52:25 +00:00
{
struct ldb_dn * dn ;
int ret ;
dn = mapping_dn ( ldb , sid ) ;
2006-10-04 19:40:25 +00:00
if ( dn = = NULL ) {
return False ;
}
2006-09-24 02:52:25 +00:00
ret = ldb_delete ( ldb , dn ) ;
talloc_free ( dn ) ;
return ret = = LDB_SUCCESS ;
}
/*
Enumerate the group mappings for a domain
*/
2007-10-18 17:40:25 -07:00
static bool enum_group_mapping ( const DOM_SID * domsid , enum lsa_SidType sid_name_use ,
2007-06-04 01:51:18 +00:00
GROUP_MAP * * pp_rmap ,
2007-10-18 17:40:25 -07:00
size_t * p_num_entries , bool unix_only )
2006-09-24 02:52:25 +00:00
{
int i , ret ;
fstring name ;
2008-03-28 15:06:56 +01:00
struct ldb_result * res = NULL ;
2006-09-24 02:52:25 +00:00
struct ldb_dn * basedn = NULL ;
TALLOC_CTX * tmp_ctx ;
tmp_ctx = talloc_new ( ldb ) ;
if ( tmp_ctx = = NULL ) goto failed ;
/* we do a subtree search on the domain */
if ( domsid ! = NULL ) {
2007-12-15 22:47:30 +01:00
sid_to_fstring ( name , domsid ) ;
2009-04-23 14:31:45 +02:00
basedn = ldb_dn_new_fmt ( tmp_ctx , ldb , " domain=%s " , name ) ;
2006-09-24 02:52:25 +00:00
if ( basedn = = NULL ) goto failed ;
}
2009-01-21 16:15:53 +01:00
if ( sid_name_use = = SID_NAME_UNKNOWN ) {
2009-02-07 16:54:06 +01:00
ret = ldb_search ( ldb , tmp_ctx , & res , basedn , LDB_SCOPE_SUBTREE ,
NULL , " (&(objectClass=groupMap)) " ) ;
2009-01-21 16:15:53 +01:00
} else {
2009-02-07 16:54:06 +01:00
ret = ldb_search ( ldb , tmp_ctx , & res , basedn , LDB_SCOPE_SUBTREE ,
NULL , " (&(sidNameUse=%u)(objectClass=groupMap)) " ,
sid_name_use ) ;
2009-01-21 16:15:53 +01:00
}
2009-05-21 18:37:36 -07:00
if ( ret ! = LDB_SUCCESS ) goto failed ;
2006-09-24 02:52:25 +00:00
( * pp_rmap ) = NULL ;
* p_num_entries = 0 ;
for ( i = 0 ; i < res - > count ; i + + ) {
( * pp_rmap ) = SMB_REALLOC_ARRAY ( ( * pp_rmap ) , GROUP_MAP ,
( * p_num_entries ) + 1 ) ;
if ( ! ( * pp_rmap ) ) goto failed ;
if ( ! msg_to_group_map ( res - > msgs [ i ] , & ( * pp_rmap ) [ * p_num_entries ] ) ) {
goto failed ;
}
( * p_num_entries ) + + ;
}
talloc_free ( tmp_ctx ) ;
return True ;
failed :
talloc_free ( tmp_ctx ) ;
return False ;
}
/*
This operation happens on session setup , so it should better be fast . We
store a list of aliases a SID is member of hanging off MEMBEROF / SID .
*/
2007-06-04 01:51:18 +00:00
static NTSTATUS one_alias_membership ( const DOM_SID * member ,
DOM_SID * * sids , size_t * num )
2006-09-24 02:52:25 +00:00
{
const char * attrs [ ] = {
" sid " ,
NULL
} ;
DOM_SID alias ;
int ret , i ;
struct ldb_result * res = NULL ;
fstring string_sid ;
2009-02-07 16:54:06 +01:00
NTSTATUS status ;
2006-09-27 03:29:38 +00:00
2007-12-15 22:47:30 +01:00
if ( ! sid_to_fstring ( string_sid , member ) ) {
2006-09-24 02:52:25 +00:00
return NT_STATUS_INVALID_PARAMETER ;
}
2009-02-07 16:54:06 +01:00
ret = ldb_search ( ldb , talloc_tos ( ) , & res , NULL , LDB_SCOPE_SUBTREE ,
attrs , " (&(member=%s)(objectClass=groupMap)) " ,
string_sid ) ;
2009-05-21 18:37:36 -07:00
if ( ret ! = LDB_SUCCESS ) {
2009-02-07 16:54:06 +01:00
status = NT_STATUS_INTERNAL_DB_CORRUPTION ;
2006-09-24 02:52:25 +00:00
goto failed ;
}
for ( i = 0 ; i < res - > count ; i + + ) {
struct ldb_message_element * el ;
el = ldb_msg_find_element ( res - > msgs [ i ] , " sid " ) ;
if ( el = = NULL | | el - > num_values ! = 1 ) {
status = NT_STATUS_INTERNAL_DB_CORRUPTION ;
goto failed ;
}
string_to_sid ( & alias , ( char * ) el - > values [ 0 ] . data ) ;
2008-01-09 00:11:31 +01:00
status = add_sid_to_array_unique ( NULL , & alias , sids , num ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-09-24 02:52:25 +00:00
goto failed ;
}
}
2009-02-07 16:54:06 +01:00
status = NT_STATUS_OK ;
failed :
TALLOC_FREE ( res ) ;
2006-09-24 02:52:25 +00:00
return status ;
}
/*
2006-10-31 12:57:56 +00:00
add / remove a member field
2006-09-24 02:52:25 +00:00
*/
static NTSTATUS modify_aliasmem ( const DOM_SID * alias , const DOM_SID * member ,
int operation )
{
fstring string_sid ;
int ret ;
struct ldb_message msg ;
struct ldb_message_element el ;
struct ldb_val val ;
TALLOC_CTX * tmp_ctx ;
GROUP_MAP map ;
if ( ! get_group_map_from_sid ( * alias , & map ) ) {
2007-12-15 22:47:30 +01:00
sid_to_fstring ( string_sid , alias ) ;
2006-09-24 02:52:25 +00:00
return NT_STATUS_NO_SUCH_ALIAS ;
}
if ( ( map . sid_name_use ! = SID_NAME_ALIAS ) & &
( map . sid_name_use ! = SID_NAME_WKN_GRP ) ) {
DEBUG ( 0 , ( " sid_name_use=%d \n " , map . sid_name_use ) ) ;
return NT_STATUS_NO_SUCH_ALIAS ;
}
tmp_ctx = talloc_new ( NULL ) ;
if ( tmp_ctx = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
msg . dn = mapping_dn ( tmp_ctx , alias ) ;
2006-10-04 19:40:25 +00:00
if ( msg . dn = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-09-24 02:52:25 +00:00
msg . num_elements = 1 ;
msg . elements = & el ;
el . flags = operation ;
2006-10-31 12:57:56 +00:00
el . name = talloc_strdup ( tmp_ctx , " member " ) ;
2006-09-24 02:52:25 +00:00
el . num_values = 1 ;
el . values = & val ;
2007-12-15 22:47:30 +01:00
sid_to_fstring ( string_sid , member ) ;
2006-09-24 02:52:25 +00:00
val . data = ( uint8_t * ) string_sid ;
val . length = strlen ( string_sid ) ;
ret = ldb_modify ( ldb , & msg ) ;
talloc_free ( tmp_ctx ) ;
if ( ret = = LDB_ERR_NO_SUCH_OBJECT ) {
return NT_STATUS_NO_SUCH_ALIAS ;
}
if ( operation = = LDB_FLAG_MOD_ADD & &
ret = = LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS ) {
return NT_STATUS_MEMBER_IN_ALIAS ;
}
return ( ret = = LDB_SUCCESS ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED ) ;
}
2007-06-04 01:51:18 +00:00
static NTSTATUS add_aliasmem ( const DOM_SID * alias , const DOM_SID * member )
2006-09-24 02:52:25 +00:00
{
return modify_aliasmem ( alias , member , LDB_FLAG_MOD_ADD ) ;
}
2007-06-04 01:51:18 +00:00
static NTSTATUS del_aliasmem ( const DOM_SID * alias , const DOM_SID * member )
2006-09-24 02:52:25 +00:00
{
return modify_aliasmem ( alias , member , LDB_FLAG_MOD_DELETE ) ;
}
/*
2006-10-31 12:57:56 +00:00
enumerate sids that have the given alias set in member
2006-09-24 02:52:25 +00:00
*/
2009-06-08 19:43:01 +02:00
static NTSTATUS enum_aliasmem ( const DOM_SID * alias , TALLOC_CTX * mem_ctx ,
DOM_SID * * sids , size_t * num )
2006-09-24 02:52:25 +00:00
{
const char * attrs [ ] = {
2006-10-31 12:57:56 +00:00
" member " ,
2006-09-24 02:52:25 +00:00
NULL
} ;
int ret , i ;
2008-01-15 15:09:13 -08:00
NTSTATUS status = NT_STATUS_OK ;
2006-09-24 02:52:25 +00:00
struct ldb_result * res = NULL ;
struct ldb_dn * dn ;
struct ldb_message_element * el ;
* sids = NULL ;
* num = 0 ;
dn = mapping_dn ( ldb , alias ) ;
2006-10-04 19:40:25 +00:00
if ( dn = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-09-24 02:52:25 +00:00
2009-01-21 15:18:05 +01:00
ret = ldb_search ( ldb , ldb , & res , dn , LDB_SCOPE_BASE , attrs , NULL ) ;
2009-05-21 18:37:36 -07:00
if ( ret = = LDB_SUCCESS & & res - > count = = 0 ) {
2009-05-21 18:48:17 -07:00
talloc_free ( res ) ;
2006-09-24 02:52:25 +00:00
talloc_free ( dn ) ;
return NT_STATUS_OK ;
}
if ( ret ! = LDB_SUCCESS ) {
talloc_free ( dn ) ;
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2009-05-21 18:37:36 -07:00
talloc_steal ( dn , res ) ;
2006-10-31 12:57:56 +00:00
el = ldb_msg_find_element ( res - > msgs [ 0 ] , " member " ) ;
2006-09-24 02:52:25 +00:00
if ( el = = NULL ) {
talloc_free ( dn ) ;
2009-06-07 11:23:09 +02:00
return NT_STATUS_OK ;
2006-09-24 02:52:25 +00:00
}
for ( i = 0 ; i < el - > num_values ; i + + ) {
DOM_SID sid ;
string_to_sid ( & sid , ( const char * ) el - > values [ i ] . data ) ;
2009-06-08 19:43:01 +02:00
status = add_sid_to_array_unique ( mem_ctx , & sid , sids , num ) ;
2008-01-09 00:11:31 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
2006-09-24 02:52:25 +00:00
}
}
2008-01-09 00:11:31 +01:00
done :
talloc_free ( dn ) ;
return status ;
2006-09-24 02:52:25 +00:00
}
/*
upgrade one group mapping record from the old tdb format
*/
static int upgrade_map_record ( TDB_CONTEXT * tdb_ctx , TDB_DATA key ,
TDB_DATA data , void * state )
{
int ret ;
GROUP_MAP map ;
2007-06-04 01:51:18 +00:00
if ( strncmp ( ( char * ) key . dptr , GROUP_PREFIX ,
2006-09-24 02:52:25 +00:00
MIN ( key . dsize , strlen ( GROUP_PREFIX ) ) ) ! = 0 ) {
return 0 ;
}
if ( ! string_to_sid ( & map . sid , strlen ( GROUP_PREFIX ) + ( const char * ) key . dptr ) ) {
DEBUG ( 0 , ( " Bad sid key '%s' during upgrade \n " , ( const char * ) key . dptr ) ) ;
* ( int * ) state = - 1 ;
return - 1 ;
}
ret = tdb_unpack ( data . dptr , data . dsize , " ddff " ,
& map . gid , & map . sid_name_use , & map . nt_name , & map . comment ) ;
if ( ret = = - 1 ) {
DEBUG ( 0 , ( " Failed to unpack group map record during upgrade \n " ) ) ;
* ( int * ) state = - 1 ;
return - 1 ;
}
2008-11-04 10:51:08 +01:00
if ( ( int ) map . gid = = - 1 ) {
/*
* Ignore old invalid mappings
*/
return 0 ;
}
2006-09-24 02:52:25 +00:00
if ( ! add_mapping_entry ( & map , 0 ) ) {
DEBUG ( 0 , ( " Failed to add mapping entry during upgrade \n " ) ) ;
* ( int * ) state = - 1 ;
return - 1 ;
}
return 0 ;
}
/*
upgrade one alias record from the old tdb format
*/
static int upgrade_alias_record ( TDB_CONTEXT * tdb_ctx , TDB_DATA key ,
TDB_DATA data , void * state )
{
2007-06-04 01:51:18 +00:00
const char * p = ( const char * ) data . dptr ;
2007-12-07 17:32:32 -08:00
char * string_sid ;
2006-09-24 02:52:25 +00:00
DOM_SID member ;
2007-12-07 17:32:32 -08:00
TALLOC_CTX * frame ;
2006-09-24 02:52:25 +00:00
2007-06-04 01:51:18 +00:00
if ( strncmp ( ( char * ) key . dptr , MEMBEROF_PREFIX ,
2006-09-24 02:52:25 +00:00
MIN ( key . dsize , strlen ( MEMBEROF_PREFIX ) ) ) ! = 0 ) {
return 0 ;
}
if ( ! string_to_sid ( & member , strlen ( MEMBEROF_PREFIX ) + ( const char * ) key . dptr ) ) {
DEBUG ( 0 , ( " Bad alias key %s during upgrade \n " ,
( const char * ) key . dptr ) ) ;
* ( int * ) state = - 1 ;
}
2007-12-07 17:32:32 -08:00
frame = talloc_stackframe ( ) ;
while ( next_token_talloc ( frame , & p , & string_sid , " " ) ) {
2006-09-24 02:52:25 +00:00
DOM_SID alias ;
NTSTATUS status ;
string_to_sid ( & alias , string_sid ) ;
status = add_aliasmem ( & alias , & member ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NO_SUCH_ALIAS ) ) {
DEBUG ( 0 , ( " Ignoring orphaned alias record '%s' \n " ,
string_sid ) ) ;
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " Failed to add alias member during upgrade - %s \n " ,
nt_errstr ( status ) ) ) ;
* ( int * ) state = - 1 ;
2007-12-07 17:32:32 -08:00
TALLOC_FREE ( frame ) ;
2006-09-24 02:52:25 +00:00
return - 1 ;
}
}
2007-12-07 17:32:32 -08:00
TALLOC_FREE ( frame ) ;
2006-09-24 02:52:25 +00:00
return 0 ;
}
/*
upgrade from a old style tdb
*/
2007-10-18 17:40:25 -07:00
static bool mapping_upgrade ( const char * tdb_path )
2006-09-24 02:52:25 +00:00
{
static TDB_CONTEXT * tdb ;
int ret , status = 0 ;
tdb = tdb_open_log ( tdb_path , 0 , TDB_DEFAULT , O_RDWR , 0600 ) ;
if ( tdb = = NULL ) goto failed ;
/* we have to do the map records first, as alias records may
reference them */
ret = tdb_traverse ( tdb , upgrade_map_record , & status ) ;
if ( ret = = - 1 | | status = = - 1 ) goto failed ;
ret = tdb_traverse ( tdb , upgrade_alias_record , & status ) ;
if ( ret = = - 1 | | status = = - 1 ) goto failed ;
2006-11-28 08:11:04 +00:00
if ( tdb ) {
tdb_close ( tdb ) ;
tdb = NULL ;
}
2006-09-24 02:52:25 +00:00
2007-11-13 15:00:48 -08:00
{
const char * old_path = tdb_path ;
char * new_path = state_path ( " group_mapping.tdb.upgraded " ) ;
2006-09-24 02:58:58 +00:00
2007-11-13 15:00:48 -08:00
if ( ! new_path ) {
goto failed ;
}
if ( rename ( old_path , new_path ) ! = 0 ) {
DEBUG ( 0 , ( " Failed to rename old group mapping database \n " ) ) ;
goto failed ;
}
2006-09-24 02:52:25 +00:00
}
return True ;
failed :
DEBUG ( 0 , ( " Failed to upgrade group mapping database \n " ) ) ;
if ( tdb ) tdb_close ( tdb ) ;
return False ;
}
2007-06-04 01:51:18 +00:00
static const struct mapping_backend ldb_backend = {
. add_mapping_entry = add_mapping_entry ,
. get_group_map_from_sid = get_group_map_from_sid ,
. get_group_map_from_gid = get_group_map_from_gid ,
. get_group_map_from_ntname = get_group_map_from_ntname ,
. group_map_remove = group_map_remove ,
. enum_group_mapping = enum_group_mapping ,
. one_alias_membership = one_alias_membership ,
. add_aliasmem = add_aliasmem ,
. del_aliasmem = del_aliasmem ,
. enum_aliasmem = enum_aliasmem
} ;
/*
initialise the ldb mapping backend
*/
const struct mapping_backend * groupdb_ldb_init ( void )
{
if ( ! init_group_mapping ( ) ) {
DEBUG ( 0 , ( " Failed to initialise ldb mapping backend \n " ) ) ;
return NULL ;
}
return & ldb_backend ;
}