Changeset 988 for vendor/current/source3/winbindd/idmap.c

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/source3/winbindd/idmap.c (modified) (19 diffs)

vendor/current/source3/winbindd/idmap.c

@@ -25 +25 @@
 #include "winbindd.h"
 #include "idmap.h"
-#include "passdb/machine_sid.h"
+#include "lib/util_sid_passdb.h"
+#include "passdb.h"
 
 #undef DBGC_CLASS
@@ -31 +32 @@
 
 static_decl_idmap;
-
-static void idmap_init(void)
-{
-        static bool initialized;
-
-        if (initialized) {
-                return;
-        }
-
-        DEBUG(10, ("idmap_init(): calling static_init_idmap\n"));
-
-        static_init_idmap;
-
-        initialized = true;
-}
 
 /**
@@ -78 +64 @@
 static struct idmap_domain **idmap_domains = NULL;
 static int num_domains = 0;
+
+static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
+                                                    const char *domname);
+static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
+                                              const char *domainname,
+                                              const char *modulename,
+                                              bool check_range);
+static bool idmap_found_domain_backend(
+        const char *string, regmatch_t matches[], void *private_data);
+
+static bool idmap_init(void)
+{
+        static bool initialized;
+        int ret;
+
+        if (initialized) {
+                return true;
+        }
+
+        DEBUG(10, ("idmap_init(): calling static_init_idmap\n"));
+
+        static_init_idmap;
+
+        initialized = true;
+
+        if (!pdb_is_responsible_for_everything_else()) {
+                default_idmap_domain = idmap_init_named_domain(NULL, "*");
+                if (default_idmap_domain == NULL) {
+                        return false;
+                }
+        }
+
+        passdb_idmap_domain = idmap_init_domain(
+                NULL, get_global_sam_name(), "passdb", false);
+        if (passdb_idmap_domain == NULL) {
+                TALLOC_FREE(default_idmap_domain);
+                return false;
+        }
+
+        idmap_domains = talloc_array(NULL, struct idmap_domain *, 0);
+        if (idmap_domains == NULL) {
+                TALLOC_FREE(passdb_idmap_domain);
+                TALLOC_FREE(default_idmap_domain);
+                return false;
+        }
+
+        ret = lp_wi_scan_global_parametrics(
+                "idmapconfig\\(.*\\):backend", 2,
+                idmap_found_domain_backend, NULL);
+        if (ret != 0) {
+                DBG_WARNING("wi_scan_global_parametrics returned %d\n", ret);
+                return false;
+        }
+
+        return true;
+}
+
+bool domain_has_idmap_config(const char *domname)
+{
+        int i;
+        char *config_option;
+        const char *range = NULL;
+        const char *backend = NULL;
+        bool ok;
+
+        ok = idmap_init();
+        if (!ok) {
+                return false;
+        }
+
+        for (i=0; i<num_domains; i++) {
+                if (strequal(idmap_domains[i]->name, domname)) {
+                        return true;
+                }
+        }
+
+        /* fallback: also check loadparm */
+
+        config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
+                                        domname);
+        if (config_option == NULL) {
+                DEBUG(0, ("out of memory\n"));
+                return false;
+        }
+
+        range = lp_parm_const_string(-1, config_option, "range", NULL);
+        backend = lp_parm_const_string(-1, config_option, "backend", NULL);
+        if (range != NULL && backend != NULL) {
+                DEBUG(5, ("idmap configuration specified for domain '%s'\n",
+                        domname));
+                TALLOC_FREE(config_option);
+                return true;
+        }
+
+        TALLOC_FREE(config_option);
+        return false;
+}
+
+static bool idmap_found_domain_backend(
+        const char *string, regmatch_t matches[], void *private_data)
+{
+        if (matches[1].rm_so == -1) {
+                DBG_WARNING("Found match, but no name??\n");
+                return false;
+        }
+
+        {
+                struct idmap_domain *dom, **tmp;
+                regoff_t len = matches[1].rm_eo - matches[1].rm_so;
+                char domname[len+1];
+
+                memcpy(domname, string + matches[1].rm_so, len);
+                domname[len] = '\0';
+
+                DBG_DEBUG("Found idmap domain \"%s\"\n", domname);
+
+                if (strcmp(domname, "*") == 0) {
+                        return false;
+                }
+
+                dom = idmap_init_named_domain(idmap_domains, domname);
+                if (dom == NULL) {
+                        DBG_NOTICE("Could not init idmap domain %s\n",
+                                   domname);
+                        return false;
+                }
+
+                tmp = talloc_realloc(idmap_domains, idmap_domains,
+                                     struct idmap_domain *, num_domains + 1);
+                if (tmp == NULL) {
+                        DBG_WARNING("talloc_realloc failed\n");
+                        TALLOC_FREE(dom);
+                        return false;
+                }
+                idmap_domains = tmp;
+                idmap_domains[num_domains] = dom;
+                num_domains += 1;
+        }
+
+        return false;
+}
 
 static struct idmap_methods *get_methods(const char *name)
@@ -130 +257 @@
         for (entry = backends; entry != NULL; entry = entry->next) {
                 if (strequal(entry->name, name)) {
-                        DEBUG(0,("Idmap module %s already registered!\n",
+                        DEBUG(5,("Idmap module %s already registered!\n",
                                  name));
                         return NT_STATUS_OBJECT_NAME_COLLISION;
@@ -172 +299 @@
         char *config_option = NULL;
         const char *range;
+        unsigned low_id = 0;
+        unsigned high_id = 0;
 
         result = talloc_zero(mem_ctx, struct idmap_domain);
@@ -186 +315 @@
 
         /*
+         * Check whether the requested backend module exists and
+         * load the methods.
+         */
+
+        result->methods = get_methods(modulename);
+        if (result->methods == NULL) {
+                DEBUG(3, ("idmap backend %s not found\n", modulename));
+
+                status = smb_probe_module("idmap", modulename);
+                if (!NT_STATUS_IS_OK(status)) {
+                        DEBUG(3, ("Could not probe idmap module %s\n",
+                                  modulename));
+                        goto fail;
+                }
+
+                result->methods = get_methods(modulename);
+        }
+        if (result->methods == NULL) {
+                DEBUG(1, ("idmap backend %s not found\n", modulename));
+                goto fail;
+        }
+
+        /*
          * load ranges and read only information from the config
          */
@@ -196 +348 @@
         }
 
+        result->read_only = lp_parm_bool(-1, config_option, "read only", false);
         range = lp_parm_const_string(-1, config_option, "range", NULL);
+
+        talloc_free(config_option);
+
         if (range == NULL) {
-                DEBUG(1, ("idmap range not specified for domain %s\n",
-                          result->name));
                 if (check_range) {
+                        DEBUG(1, ("idmap range not specified for domain %s\n",
+                                  result->name));
                         goto fail;
                 }
-        } else if (sscanf(range, "%u - %u", &result->low_id,
-                          &result->high_id) != 2)
+        } else if (sscanf(range, "%u - %u", &low_id, &high_id) != 2)
         {
                 DEBUG(1, ("invalid range '%s' specified for domain "
@@ -211 +366 @@
                         goto fail;
                 }
-        }
-
-        result->read_only = lp_parm_bool(-1, config_option, "read only", false);
-
-        talloc_free(config_option);
-
-        if (result->low_id > result->high_id) {
-                DEBUG(1, ("Error: invalid idmap range detected: %lu - %lu\n",
-                          (unsigned long)result->low_id,
-                          (unsigned long)result->high_id));
+        } else if (low_id > high_id) {
+                DEBUG(1, ("Error: invalid idmap range detected: %u - %u\n",
+                          low_id, high_id));
                 if (check_range) {
                         goto fail;
@@ -226 +374 @@
         }
 
-        result->methods = get_methods(modulename);
-        if (result->methods == NULL) {
-                DEBUG(3, ("idmap backend %s not found\n", modulename));
-
-                status = smb_probe_module("idmap", modulename);
-                if (!NT_STATUS_IS_OK(status)) {
-                        DEBUG(3, ("Could not probe idmap module %s\n",
-                                  modulename));
-                        goto fail;
-                }
-
-                result->methods = get_methods(modulename);
-        }
-        if (result->methods == NULL) {
-                DEBUG(1, ("idmap backend %s not found\n", modulename));
-                goto fail;
-        }
+        result->low_id = low_id;
+        result->high_id = high_id;
 
         status = result->methods->init(result);
@@ -274 +407 @@
         char *config_option;
         const char *backend;
-
-        idmap_init();
+        bool ok;
+
+        ok = idmap_init();
+        if (!ok) {
+                return NULL;
+        }
 
         config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
@@ -286 +423 @@
         backend = lp_parm_const_string(-1, config_option, "backend", NULL);
         if (backend == NULL) {
-                DEBUG(1, ("no backend defined for %s\n", config_option));
+                DEBUG(10, ("no idmap backend configured for domain '%s'\n",
+                           domname));
                 goto fail;
         }
@@ -302 +440 @@
         TALLOC_FREE(result);
         return NULL;
-}
-
-/**
- * Initialize the default domain structure
- * @param[in] mem_ctx           memory context for the result
- * @result The default domain structure
- *
- * This routine takes the module name from the "idmap backend" parameter,
- * passing a possible parameter like ldap:ldap://ldap-url/ to the module.
- */
-
-static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx)
-{
-        return idmap_init_named_domain(mem_ctx, "*");
-}
-
-/**
- * Initialize the passdb domain structure
- * @param[in] mem_ctx           memory context for the result
- * @result The default domain structure
- *
- * No config, passdb has its own configuration.
- */
-
-static struct idmap_domain *idmap_init_passdb_domain(TALLOC_CTX *mem_ctx)
-{
-        idmap_init();
-
-        /*
-         * Always init the default domain, we can't go without one
-         */
-        if (default_idmap_domain == NULL) {
-                default_idmap_domain = idmap_init_default_domain(NULL);
-        }
-        if (default_idmap_domain == NULL) {
-                return NULL;
-        }
-
-        if (passdb_idmap_domain != NULL) {
-                return passdb_idmap_domain;
-        }
-
-        passdb_idmap_domain = idmap_init_domain(NULL, get_global_sam_name(),
-                                                "passdb", false);
-        if (passdb_idmap_domain == NULL) {
-                DEBUG(1, ("Could not init passdb idmap domain\n"));
-        }
-
-        return passdb_idmap_domain;
 }
 
@@ -368 +457 @@
  */
 
-struct idmap_domain *idmap_find_domain(const char *domname)
-{
-        struct idmap_domain *result;
+static struct idmap_domain *idmap_find_domain(const char *domname)
+{
+        bool ok;
         int i;
 
@@ -376 +465 @@
                    domname?domname:"NULL"));
 
-        idmap_init();
-
-        /*
-         * Always init the default domain, we can't go without one
-         */
-        if (default_idmap_domain == NULL) {
-                default_idmap_domain = idmap_init_default_domain(NULL);
-        }
-        if (default_idmap_domain == NULL) {
+        ok = idmap_init();
+        if (!ok) {
                 return NULL;
         }
@@ -398 +480 @@
         }
 
-        if (idmap_domains == NULL) {
-                /*
-                 * talloc context for all idmap domains
-                 */
-                idmap_domains = TALLOC_ARRAY(NULL, struct idmap_domain *, 1);
-        }
-
-        if (idmap_domains == NULL) {
-                DEBUG(0, ("talloc failed\n"));
+        return default_idmap_domain;
+}
+
+struct idmap_domain *idmap_find_domain_with_sid(const char *domname,
+                                                const struct dom_sid *sid)
+{
+        bool ok;
+
+        ok = idmap_init();
+        if (!ok) {
                 return NULL;
         }
 
-        result = idmap_init_named_domain(idmap_domains, domname);
-        if (result == NULL) {
-                /*
-                 * Could not init that domain -- try the default one
-                 */
-                return default_idmap_domain;
-        }
-
-        ADD_TO_ARRAY(idmap_domains, struct idmap_domain *, result,
-                     &idmap_domains, &num_domains);
-        return result;
+        if (sid_check_is_for_passdb(sid)) {
+                return passdb_idmap_domain;
+        }
+
+        return idmap_find_domain(domname);
 }
 
@@ -468 +545 @@
 }
 
-NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
+NTSTATUS idmap_backends_unixid_to_sid(struct id_map *id)
 {
         struct idmap_domain *dom;
         struct id_map *maps[2];
-
-         DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d "
-                    "(type %d)\n",
-                    domname?domname:"NULL", id->xid.id, id->xid.type));
+        bool ok;
+        int i;
+
+        ok = idmap_init();
+        if (!ok) {
+                return NT_STATUS_NONE_MAPPED;
+        }
+
+        DEBUG(10, ("idmap_backend_unixid_to_sid: xid = %d (type %d)\n",
+                   id->xid.id, id->xid.type));
 
         maps[0] = id;
@@ -484 +567 @@
          */
 
-        dom = idmap_init_passdb_domain(NULL);
+        dom = passdb_idmap_domain;
         if ((dom != NULL)
             && NT_STATUS_IS_OK(dom->methods->unixids_to_sids(dom, maps))
@@ -491 +574 @@
         }
 
-        dom = idmap_find_domain(domname);
+        dom = default_idmap_domain;
+
+        for (i=0; i<num_domains; i++) {
+                if ((id->xid.id >= idmap_domains[i]->low_id) &&
+                    (id->xid.id <= idmap_domains[i]->high_id)) {
+                        dom = idmap_domains[i];
+                        break;
+                }
+        }
+
         if (dom == NULL) {
                 return NT_STATUS_NONE_MAPPED;
@@ -498 +590 @@
         return dom->methods->unixids_to_sids(dom, maps);
 }
-
-NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id)
-{
-        struct idmap_domain *dom;
-        struct id_map *maps[2];
-
-        DEBUG(10, ("idmap_backends_sid_to_unixid: domain = '%s', sid = [%s]\n",
-                   domain?domain:"NULL", sid_string_dbg(id->sid)));
-
-        maps[0] = id;
-        maps[1] = NULL;
-
-        if (sid_check_is_in_builtin(id->sid)
-            || (sid_check_is_in_our_domain(id->sid)))
-        {
-                NTSTATUS status;
-
-                DEBUG(10, ("asking passdb...\n"));
-
-                dom = idmap_init_passdb_domain(NULL);
-                if (dom == NULL) {
-                        return NT_STATUS_NONE_MAPPED;
-                }
-                status = dom->methods->sids_to_unixids(dom, maps);
-
-                if (NT_STATUS_IS_OK(status) && id->status == ID_MAPPED) {
-                        return status;
-                }
-
-                DEBUG(10, ("passdb could not map.\n"));
-
-                return NT_STATUS_NONE_MAPPED;
-        }
-
-        dom = idmap_find_domain(domain);
-        if (dom == NULL) {
-                return NT_STATUS_NONE_MAPPED;
-        }
-
-        return dom->methods->sids_to_unixids(dom, maps);
-}