2 Unix SMB/CIFS implementation.
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Anthony Liguori 2003
8 Copyright (C) Simo Sorce 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #define DBGC_CLASS DBGC_IDMAP
30 /* High water mark keys */
31 #define HWM_GROUP "GROUP HWM"
32 #define HWM_USER "USER HWM"
34 /* idmap version determines auto-conversion */
35 #define IDMAP_VERSION 2
38 static TDB_CONTEXT *idmap_tdb;
40 static struct idmap_state {
42 /* User and group id pool */
44 uid_t uid_low, uid_high; /* Range of uids to allocate */
45 gid_t gid_low, gid_high; /* Range of gids to allocate */
48 /* Allocate either a user or group id from the pool */
49 static NTSTATUS db_allocate_id(unid_t *id, int id_type)
54 if (!id) return NT_STATUS_INVALID_PARAMETER;
56 /* Get current high water mark */
57 switch (id_type & ID_TYPEMASK) {
59 if ((hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
60 return NT_STATUS_INTERNAL_DB_ERROR;
63 /* check it is in the range */
64 if (hwm > idmap_state.uid_high) {
65 DEBUG(0, ("idmap Fatal Error: UID range full!! (max: %u)\n", idmap_state.uid_high));
66 return NT_STATUS_UNSUCCESSFUL;
69 /* fetch a new id and increment it */
70 ret = tdb_change_uint32_atomic(idmap_tdb, HWM_USER, &hwm, 1);
72 DEBUG(0, ("idmap_tdb: Fatal error while fetching a new id\n!"));
73 return NT_STATUS_UNSUCCESSFUL;
76 /* recheck it is in the range */
77 if (hwm > idmap_state.uid_high) {
78 DEBUG(0, ("idmap Fatal Error: UID range full!! (max: %u)\n", idmap_state.uid_high));
79 return NT_STATUS_UNSUCCESSFUL;
86 if ((hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) {
87 return NT_STATUS_INTERNAL_DB_ERROR;
90 /* check it is in the range */
91 if (hwm > idmap_state.gid_high) {
92 DEBUG(0, ("idmap Fatal Error: GID range full!! (max: %u)\n", idmap_state.gid_high));
93 return NT_STATUS_UNSUCCESSFUL;
96 /* fetch a new id and increment it */
97 ret = tdb_change_uint32_atomic(idmap_tdb, HWM_GROUP, &hwm, 1);
100 DEBUG(0, ("idmap_tdb: Fatal error while fetching a new id\n!"));
101 return NT_STATUS_UNSUCCESSFUL;
104 /* recheck it is in the range */
105 if (hwm > idmap_state.gid_high) {
106 DEBUG(0, ("idmap Fatal Error: GID range full!! (max: %u)\n", idmap_state.gid_high));
107 return NT_STATUS_UNSUCCESSFUL;
114 return NT_STATUS_INVALID_PARAMETER;
120 /* Get a sid from an id */
121 static NTSTATUS db_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
125 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
127 if (!sid) return NT_STATUS_INVALID_PARAMETER;
129 switch (id_type & ID_TYPEMASK) {
131 slprintf(keystr, sizeof(keystr), "UID %d", id.uid);
134 slprintf(keystr, sizeof(keystr), "GID %d", id.gid);
137 return NT_STATUS_UNSUCCESSFUL;
141 key.dsize = strlen(keystr) + 1;
143 data = tdb_fetch(idmap_tdb, key);
146 if (string_to_sid(sid, data.dptr)) {
149 SAFE_FREE(data.dptr);
155 /* Get an id from a sid */
156 static NTSTATUS db_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
160 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
162 if (!sid || !id || !id_type) return NT_STATUS_INVALID_PARAMETER;
164 /* Check if sid is present in database */
165 sid_to_string(keystr, sid);
168 key.dsize = strlen(keystr) + 1;
170 data = tdb_fetch(idmap_tdb, key);
173 int type = *id_type & ID_TYPEMASK;
176 if (type == ID_EMPTY || type == ID_USERID) {
177 /* Parse and return existing uid */
178 fstrcpy(scanstr, "UID %d");
180 if (sscanf(data.dptr, scanstr, &((*id).uid)) == 1) {
182 if (type == ID_EMPTY) {
183 *id_type = ID_USERID;
190 if (type == ID_EMPTY || type == ID_GROUPID) {
191 /* Parse and return existing gid */
192 fstrcpy(scanstr, "GID %d");
194 if (sscanf(data.dptr, scanstr, &((*id).gid)) == 1) {
196 if (type == ID_EMPTY) {
197 *id_type = ID_GROUPID;
203 SAFE_FREE(data.dptr);
205 } else if (!(*id_type & ID_NOMAP) &&
206 (((*id_type & ID_TYPEMASK) == ID_USERID)
207 || (*id_type & ID_TYPEMASK) == ID_GROUPID)) {
209 /* Allocate a new id for this sid */
210 ret = db_allocate_id(id, *id_type);
211 if (NT_STATUS_IS_OK(ret)) {
215 if (*id_type & ID_USERID) {
216 slprintf(keystr2, sizeof(keystr2), "UID %d", (*id).uid);
218 slprintf(keystr2, sizeof(keystr2), "GID %d", (*id).gid);
222 data.dsize = strlen(keystr2) + 1;
224 if (tdb_store(idmap_tdb, key, data, TDB_REPLACE) == -1) {
225 /* TODO: print tdb error !! */
226 return NT_STATUS_UNSUCCESSFUL;
228 if (tdb_store(idmap_tdb, data, key, TDB_REPLACE) == -1) {
229 /* TODO: print tdb error !! */
230 return NT_STATUS_UNSUCCESSFUL;
240 static NTSTATUS db_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
242 TDB_DATA ksid, kid, data;
246 if (!sid) return NT_STATUS_INVALID_PARAMETER;
248 sid_to_string(ksidstr, sid);
251 ksid.dsize = strlen(ksidstr) + 1;
253 if (id_type & ID_USERID) {
254 slprintf(kidstr, sizeof(kidstr), "UID %d", id.uid);
255 } else if (id_type & ID_GROUPID) {
256 slprintf(kidstr, sizeof(kidstr), "GID %d", id.gid);
258 return NT_STATUS_INVALID_PARAMETER;
262 kid.dsize = strlen(kidstr) + 1;
264 /* *DELETE* prevoius mappings if any.
265 * This is done both SID and [U|G]ID passed in */
267 data = tdb_fetch(idmap_tdb, ksid);
269 tdb_delete(idmap_tdb, data);
270 tdb_delete(idmap_tdb, ksid);
272 data = tdb_fetch(idmap_tdb, kid);
274 tdb_delete(idmap_tdb, data);
275 tdb_delete(idmap_tdb, kid);
278 if (tdb_store(idmap_tdb, ksid, kid, TDB_INSERT) == -1) {
279 DEBUG(0, ("idb_set_mapping: tdb_store 1 error: %s\n", tdb_errorstr(idmap_tdb)));
280 return NT_STATUS_UNSUCCESSFUL;
282 if (tdb_store(idmap_tdb, kid, ksid, TDB_INSERT) == -1) {
283 DEBUG(0, ("idb_set_mapping: tdb_store 2 error: %s\n", tdb_errorstr(idmap_tdb)));
284 return NT_STATUS_UNSUCCESSFUL;
289 /*****************************************************************************
290 Initialise idmap database.
291 *****************************************************************************/
292 static NTSTATUS db_idmap_init( char *params )
294 SMB_STRUCT_STAT stbuf;
295 char *tdbfile = NULL;
297 BOOL tdb_is_new = False;
299 /* use the old database if present */
300 if (!file_exist(lock_path("idmap.tdb"), &stbuf)) {
301 if (file_exist(lock_path("winbindd_idmap.tdb"), &stbuf)) {
302 DEBUG(0, ("idmap_init: using winbindd_idmap.tdb file!\n"));
303 tdbfile = strdup(lock_path("winbindd_idmap.tdb"));
305 DEBUG(0, ("idmap_init: out of memory!\n"));
306 return NT_STATUS_NO_MEMORY;
313 tdbfile = strdup(lock_path("idmap.tdb"));
315 DEBUG(0, ("idmap_init: out of memory!\n"));
316 return NT_STATUS_NO_MEMORY;
321 if (!(idmap_tdb = tdb_open_log(tdbfile, 0,
322 TDB_DEFAULT, O_RDWR | O_CREAT,
324 DEBUG(0, ("idmap_init: Unable to open idmap database\n"));
326 return NT_STATUS_UNSUCCESSFUL;
331 /* check against earlier versions */
333 /* TODO: delete the file if this fail */
334 tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION);
336 version = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION");
337 if (version != IDMAP_VERSION) {
338 DEBUG(0, ("idmap_init: Unable to open idmap database, it's in an old format!\n"));
339 return NT_STATUS_INTERNAL_DB_ERROR;
343 /* Create high water marks for group and user id */
344 if (!lp_idmap_uid(&idmap_state.uid_low, &idmap_state.uid_high)) {
345 DEBUG(1, ("idmap uid range missing or invalid\n"));
346 DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n"));
348 if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) {
349 if (tdb_store_int32(idmap_tdb, HWM_USER, idmap_state.uid_low) == -1) {
350 DEBUG(0, ("idmap_init: Unable to initialise user hwm in idmap database\n"));
351 return NT_STATUS_INTERNAL_DB_ERROR;
356 if (!lp_idmap_gid(&idmap_state.gid_low, &idmap_state.gid_high)) {
357 DEBUG(1, ("idmap gid range missing or invalid\n"));
358 DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n"));
360 if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) {
361 if (tdb_store_int32(idmap_tdb, HWM_GROUP, idmap_state.gid_low) == -1) {
362 DEBUG(0, ("idmap_init: Unable to initialise group hwm in idmap database\n"));
363 return NT_STATUS_INTERNAL_DB_ERROR;
372 static NTSTATUS db_idmap_close(void)
375 if (tdb_close(idmap_tdb) == 0) {
378 return NT_STATUS_UNSUCCESSFUL;
385 /* Dump status information to log file. Display different stuff based on
388 Debug Level Information Displayed
389 =================================================================
390 0 Percentage of [ug]id range allocated
391 0 High water marks (next allocated ids)
396 static void db_idmap_status(void)
398 int user_hwm, group_hwm;
400 DEBUG(0, ("winbindd idmap status:\n"));
402 /* Get current high water marks */
404 if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
406 ("\tCould not get userid high water mark!\n"));
409 if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) {
411 ("\tCould not get groupid high water mark!\n"));
414 /* Display next ids to allocate */
416 if (user_hwm != -1) {
418 ("\tNext userid to allocate is %d\n", user_hwm));
421 if (group_hwm != -1) {
423 ("\tNext groupid to allocate is %d\n", group_hwm));
426 /* Display percentage of id range already allocated. */
428 if (user_hwm != -1) {
429 int num_users = user_hwm - idmap_state.uid_low;
431 idmap_state.uid_high - idmap_state.uid_low;
434 ("\tUser id range is %d%% full (%d of %d)\n",
435 num_users * 100 / total_users, num_users,
439 if (group_hwm != -1) {
440 int num_groups = group_hwm - idmap_state.gid_low;
442 idmap_state.gid_high - idmap_state.gid_low;
445 ("\tGroup id range is %d%% full (%d of %d)\n",
446 num_groups * 100 / total_groups, num_groups,
450 /* Display complete mapping of users and groups to rids */
453 static struct idmap_methods db_methods = {
464 NTSTATUS idmap_tdb_init(void)
466 return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "tdb", &db_methods);