Changeset 745 for trunk/server/source3/winbindd/idmap_util.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/winbindd/idmap_util.c (modified) (11 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/winbindd/idmap_util.c
r596 r745 4 4 Copyright (C) Simo Sorce 2003 5 5 Copyright (C) Jeremy Allison 2006 6 Copyright (C) Michael Adam 2010 6 7 7 8 This program is free software; you can redistribute it and/or modify … … 21 22 #include "winbindd.h" 22 23 #include "winbindd_proto.h" 24 #include "idmap.h" 25 #include "idmap_cache.h" 26 #include "../libcli/security/security.h" 23 27 24 28 #undef DBGC_CLASS 25 29 #define DBGC_CLASS DBGC_IDMAP 26 27 /*****************************************************************28 Returns true if the request was for a specific domain, or29 for a sid we are authoritative for - BUILTIN, or our own domain.30 *****************************************************************/31 32 static bool is_specific_domain_request(const char *dom_name, DOM_SID *sid)33 {34 if (dom_name && dom_name[0] != '\0') {35 return true;36 }37 if (sid_check_is_in_builtin(sid) ||38 sid_check_is_in_our_domain(sid)) {39 return true;40 }41 return false;42 }43 30 44 31 /***************************************************************** … … 47 34 *****************************************************************/ 48 35 49 NTSTATUS idmap_uid_to_sid(const char *domname, DOM_SID*sid, uid_t uid)36 NTSTATUS idmap_uid_to_sid(const char *domname, struct dom_sid *sid, uid_t uid) 50 37 { 51 38 NTSTATUS ret; … … 106 93 *****************************************************************/ 107 94 108 NTSTATUS idmap_gid_to_sid(const char *domname, DOM_SID*sid, gid_t gid)95 NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid) 109 96 { 110 97 NTSTATUS ret; … … 147 134 struct dom_sid null_sid; 148 135 ZERO_STRUCT(null_sid); 149 idmap_cache_set_sid2 uid(&null_sid, gid);136 idmap_cache_set_sid2gid(&null_sid, gid); 150 137 } 151 138 DEBUG(10, ("gid [%lu] not mapped\n", (unsigned long)gid)); … … 165 152 *****************************************************************/ 166 153 167 NTSTATUS idmap_sid_to_uid(const char *dom_name, DOM_SID*sid, uid_t *uid)154 NTSTATUS idmap_sid_to_uid(const char *dom_name, struct dom_sid *sid, uid_t *uid) 168 155 { 169 156 NTSTATUS ret; … … 196 183 ret = idmap_backends_sid_to_unixid(dom_name, &map); 197 184 198 if (NT_STATUS_IS_OK(ret) && (map.status == ID_MAPPED)) { 199 if (map.xid.type != ID_TYPE_UID) { 200 DEBUG(10, ("sid [%s] not mapped to a uid " 201 "[%u,%u,%u]\n", 202 sid_string_dbg(sid), 203 map.status, 204 map.xid.type, 205 map.xid.id)); 206 if (winbindd_use_idmap_cache()) { 207 idmap_cache_set_sid2uid(sid, -1); 208 } 209 return NT_STATUS_NONE_MAPPED; 210 } 211 goto done; 212 } 213 214 if (is_specific_domain_request(dom_name, sid)) { 215 /* 216 * We had the task to go to a specific domain or 217 * a domain for which we are authoritative for and 218 * it could not answer our request. Fail. 219 */ 185 if (!NT_STATUS_IS_OK(ret)) { 186 DEBUG(10, ("idmap_backends_sid_to_unixid failed: %s\n", 187 nt_errstr(ret))); 220 188 if (winbindd_use_idmap_cache()) { 221 189 idmap_cache_set_sid2uid(sid, -1); 222 190 } 223 return NT_STATUS_NONE_MAPPED; 224 } 225 226 ret = idmap_new_mapping(sid, ID_TYPE_UID, &map.xid); 227 228 if (!NT_STATUS_IS_OK(ret)) { 229 DEBUG(10, ("idmap_new_mapping failed: %s\n", 230 nt_errstr(ret))); 191 return ret; 192 } 193 194 if (map.status != ID_MAPPED) { 195 DEBUG(10, ("sid [%s] is not mapped\n", sid_string_dbg(sid))); 231 196 if (winbindd_use_idmap_cache()) { 232 197 idmap_cache_set_sid2uid(sid, -1); 233 198 } 234 return ret; 235 } 236 237 done: 199 return NT_STATUS_NONE_MAPPED; 200 } 201 202 if (map.xid.type != ID_TYPE_UID) { 203 DEBUG(10, ("sid [%s] not mapped to a uid " 204 "[%u,%u,%u]\n", 205 sid_string_dbg(sid), 206 map.status, 207 map.xid.type, 208 map.xid.id)); 209 if (winbindd_use_idmap_cache()) { 210 idmap_cache_set_sid2uid(sid, -1); 211 } 212 return NT_STATUS_NONE_MAPPED; 213 } 214 238 215 *uid = (uid_t)map.xid.id; 239 216 if (winbindd_use_idmap_cache()) { … … 248 225 *****************************************************************/ 249 226 250 NTSTATUS idmap_sid_to_gid(const char *domname, DOM_SID*sid, gid_t *gid)227 NTSTATUS idmap_sid_to_gid(const char *domname, struct dom_sid *sid, gid_t *gid) 251 228 { 252 229 NTSTATUS ret; … … 278 255 279 256 ret = idmap_backends_sid_to_unixid(domname, &map); 280 if (NT_STATUS_IS_OK(ret) && (map.status == ID_MAPPED)) {281 if (map.xid.type != ID_TYPE_GID) {282 DEBUG(10, ("sid [%s] not mapped to a gid "283 "[%u,%u,%u]\n",284 sid_string_dbg(sid),285 map.status,286 map.xid.type,287 map.xid.id));288 if (winbindd_use_idmap_cache()) {289 idmap_cache_set_sid2gid(sid, -1);290 }291 return NT_STATUS_NONE_MAPPED;292 }293 goto done;294 }295 296 if (is_specific_domain_request(domname, sid)) {297 /*298 * We had the task to go to a specific domain or299 * a domain for which we are authoritative for and300 * it could not answer our request. Fail.301 */302 if (winbindd_use_idmap_cache()) {303 idmap_cache_set_sid2uid(sid, -1);304 }305 return NT_STATUS_NONE_MAPPED;306 }307 308 ret = idmap_new_mapping(sid, ID_TYPE_GID, &map.xid);309 257 310 258 if (!NT_STATUS_IS_OK(ret)) { 311 DEBUG(10, ("idmap_ new_mappingfailed: %s\n",259 DEBUG(10, ("idmap_backends_sid_to_unixid failed: %s\n", 312 260 nt_errstr(ret))); 313 261 if (winbindd_use_idmap_cache()) { … … 317 265 } 318 266 319 done: 267 if (map.status != ID_MAPPED) { 268 DEBUG(10, ("sid [%s] is not mapped\n", sid_string_dbg(sid))); 269 if (winbindd_use_idmap_cache()) { 270 idmap_cache_set_sid2gid(sid, -1); 271 } 272 return NT_STATUS_NONE_MAPPED; 273 } 274 275 if (map.xid.type != ID_TYPE_GID) { 276 DEBUG(10, ("sid [%s] not mapped to a gid " 277 "[%u,%u,%u]\n", 278 sid_string_dbg(sid), 279 map.status, 280 map.xid.type, 281 map.xid.id)); 282 if (winbindd_use_idmap_cache()) { 283 idmap_cache_set_sid2gid(sid, -1); 284 } 285 return NT_STATUS_NONE_MAPPED; 286 } 287 320 288 *gid = map.xid.id; 321 289 if (winbindd_use_idmap_cache()) { … … 324 292 return NT_STATUS_OK; 325 293 } 294 295 /** 296 * check whether a given unix id is inside the filter range of an idmap domain 297 */ 298 bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom) 299 { 300 if (id == 0) { 301 /* 0 is not an allowed unix id for id mapping */ 302 return false; 303 } 304 305 if ((dom->low_id && (id < dom->low_id)) || 306 (dom->high_id && (id > dom->high_id))) 307 { 308 return false; 309 } 310 311 return true; 312 }
Note:
See TracChangeset
for help on using the changeset viewer.
