2 Unix SMB/CIFS implementation.
4 Copyright (C) Simo Sorce 2003
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/
23 #define DBGC_CLASS DBGC_IDMAP
26 /******************************************************************
27 * Get the free RID base if idmap is configured, otherwise return 0
28 ******************************************************************/
30 uint32 idmap_get_free_rid_base(void)
33 if (idmap_get_free_rid_range(&low, &high)) {
39 BOOL idmap_check_ugid_is_in_free_range(uint32 id)
43 if (!idmap_get_free_ugid_range(&low, &high)) {
46 if (id < low || id > high) {
52 BOOL idmap_check_rid_is_in_free_range(uint32 rid)
56 if (!idmap_get_free_rid_range(&low, &high)) {
59 if (rid < low || rid > high) {
65 /******************************************************************
66 * Get the the non-algorithmic RID range if idmap range are defined
67 ******************************************************************/
69 BOOL idmap_get_free_rid_range(uint32 *low, uint32 *high)
71 uint32 id_low, id_high;
73 if (lp_idmap_only()) {
78 if (!idmap_get_free_ugid_range(&id_low, &id_high)) {
82 *low = fallback_pdb_uid_to_user_rid(id_low);
83 if (fallback_pdb_user_rid_to_uid((uint32)-1) < id_high) {
86 *high = fallback_pdb_uid_to_user_rid(id_high);
92 BOOL idmap_get_free_ugid_range(uint32 *low, uint32 *high)
97 if (!lp_idmap_uid(&u_low, &u_high) || !lp_idmap_gid(&g_low, &g_high)) {
105 if (u_high < g_high) {
113 /*****************************************************************
114 *THE CANONICAL* convert uid_t to SID function.
115 Tries winbind first - then uses local lookup.
117 *****************************************************************/
119 DOM_SID *uid_to_sid(DOM_SID *sid, uid_t uid)
123 DEBUG(10,("uid_to_sid: uid = [%d]\n", uid));
125 if (idmap_check_ugid_is_in_free_range(uid)) {
127 if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(sid, id, ID_USERID))) {
128 DEBUG(10, ("uid_to_sid: Failed to map sid = [%s]\n", sid_string_static(sid)));
132 sid_copy(sid, get_global_sam_sid());
133 sid_append_rid(sid, fallback_pdb_uid_to_user_rid(uid));
135 DEBUG(10,("uid_to_sid: algorithmic %u -> %s\n", (unsigned int)uid, sid_string_static(sid)));
141 /*****************************************************************
142 *THE CANONICAL* convert gid_t to SID function.
143 Tries winbind first - then uses local lookup.
145 *****************************************************************/
147 DOM_SID *gid_to_sid(DOM_SID *sid, gid_t gid)
152 DEBUG(10,("gid_to_sid: gid = [%d]\n", gid));
154 if (idmap_check_ugid_is_in_free_range(gid)) {
156 if (NT_STATUS_IS_ERR(idmap_get_sid_from_id(sid, id, ID_GROUPID))) {
157 DEBUG(10, ("gid_to_sid: Failed to map sid = [%s]\n", sid_string_static(sid)));
161 if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
162 sid_copy(sid, &map.sid);
164 sid_copy(sid, get_global_sam_sid());
165 sid_append_rid(sid, pdb_gid_to_group_rid(gid));
168 DEBUG(10,("gid_to_sid: algorithmic %u -> %s\n", (unsigned int)gid, sid_string_static(sid)));
174 /*****************************************************************
175 *THE CANONICAL* convert SID to uid function.
176 Tries winbind first - then uses local lookup.
177 Returns True if this name is a user sid and the conversion
178 was done correctly, False if not. sidtype is set by this function.
179 *****************************************************************/
181 BOOL sid_to_uid(const DOM_SID *sid, uid_t *uid)
187 DEBUG(10,("sid_to_uid: sid = [%s]\n", sid_string_static(sid)));
189 if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
190 if (!idmap_check_rid_is_in_free_range(rid)) {
191 if (!fallback_pdb_rid_is_user(rid)) {
192 DEBUG(3, ("sid_to_uid: RID %u is *NOT* a user\n", (unsigned)rid));
195 *uid = fallback_pdb_user_rid_to_uid(rid);
201 if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &type, sid))) {
202 DEBUG(10,("sid_to_uid: uid = [%d]\n", id.uid));
210 /*****************************************************************
211 *THE CANONICAL* convert SID to gid function.
212 Tries winbind first - then uses local lookup.
213 Returns True if this name is a user sid and the conversion
214 was done correctly, False if not.
215 *****************************************************************/
217 BOOL sid_to_gid(const DOM_SID *sid, gid_t *gid)
223 DEBUG(10,("sid_to_gid: sid = [%s]\n", sid_string_static(sid)));
225 if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
229 if (pdb_getgrsid(&map, *sid, MAPPING_WITHOUT_PRIV)) {
230 /* the SID is in the mapping table but not mapped */
231 if (map.gid==(gid_t)-1)
237 if (!idmap_check_rid_is_in_free_range(rid)) {
238 if (fallback_pdb_rid_is_user(rid)) {
239 DEBUG(3, ("sid_to_gid: RID %u is *NOT* a group\n", (unsigned)rid));
242 *gid = pdb_group_rid_to_gid(rid);
249 if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &type, sid))) {
250 DEBUG(10,("sid_to_gid: gid = [%d]\n", id.gid));