2 Unix SMB/CIFS implementation.
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
8 Copyright (C) Jeremy Allison 2006
9 Copyright (C) Simo Sorce 2003-2006
10 Copyright (C) Michael Adam 2009-2010
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include "system/filesys.h"
31 #include "dbwrap/dbwrap.h"
32 #include "dbwrap/dbwrap_open.h"
33 #include "../libcli/security/security.h"
37 #define DBGC_CLASS DBGC_IDMAP
39 /* idmap version determines auto-conversion - this is the database
40 structure version specifier. */
42 #define IDMAP_VERSION 2
44 struct idmap_tdb_context {
45 struct db_context *db;
46 struct idmap_rw_ops *rw_ops;
49 /* High water mark keys */
50 #define HWM_GROUP "GROUP HWM"
51 #define HWM_USER "USER HWM"
53 struct convert_fn_state {
54 struct db_context *db;
58 /*****************************************************************************
59 For idmap conversion: convert one record to new format
60 Ancient versions (eg 2.2.3a) of winbindd_idmap.tdb mapped DOMAINNAME/rid
62 *****************************************************************************/
63 static int convert_fn(struct db_record *rec, void *private_data)
65 struct winbindd_domain *domain;
75 struct convert_fn_state *s = (struct convert_fn_state *)private_data;
77 key = dbwrap_record_get_key(rec);
79 DEBUG(10,("Converting %s\n", (const char *)key.dptr));
81 p = strchr((const char *)key.dptr, '/');
86 fstrcpy(dom_name, (const char *)key.dptr);
89 domain = find_domain_from_name(dom_name);
91 /* We must delete the old record. */
92 DEBUG(0,("Unable to find domain %s\n", dom_name ));
93 DEBUG(0,("deleting record %s\n", (const char *)key.dptr ));
95 status = dbwrap_record_delete(rec);
96 if (!NT_STATUS_IS_OK(status)) {
97 DEBUG(0, ("Unable to delete record %s:%s\n",
98 (const char *)key.dptr,
109 sid_compose(&sid, &domain->sid, rid);
111 sid_to_fstring(keystr, &sid);
112 key2 = string_term_tdb_data(keystr);
114 value = dbwrap_record_get_value(rec);
116 status = dbwrap_store(s->db, key2, value, TDB_INSERT);
117 if (!NT_STATUS_IS_OK(status)) {
118 DEBUG(0,("Unable to add record %s:%s\n",
119 (const char *)key2.dptr,
125 status = dbwrap_store(s->db, value, key2, TDB_REPLACE);
126 if (!NT_STATUS_IS_OK(status)) {
127 DEBUG(0,("Unable to update record %s:%s\n",
128 (const char *)value.dptr,
134 status = dbwrap_record_delete(rec);
135 if (!NT_STATUS_IS_OK(status)) {
136 DEBUG(0,("Unable to delete record %s:%s\n",
137 (const char *)key.dptr,
146 /*****************************************************************************
147 Convert the idmap database from an older version.
148 *****************************************************************************/
150 static bool idmap_tdb_upgrade(struct idmap_domain *dom, struct db_context *db)
153 bool bigendianheader;
154 struct convert_fn_state s;
158 /* If we are bigendian, tdb is bigendian if NOT converted. */
161 unsigned char small[2];
164 if (u.small[0] == 0x01)
165 bigendianheader = !(dbwrap_get_flags(db) & TDB_CONVERT);
167 assert(u.small[0] == 0x02);
168 bigendianheader = (dbwrap_get_flags(db) & TDB_CONVERT);
171 bigendianheader = (dbwrap_get_flags(db) & TDB_BIGENDIAN) ? True : False;
173 DEBUG(0, ("Upgrading winbindd_idmap.tdb from an old version\n"));
175 status = dbwrap_fetch_int32(db, "IDMAP_VERSION", &vers);
176 if (!NT_STATUS_IS_OK(status)) {
180 if (((vers == -1) && bigendianheader) || (IREV(vers) == IDMAP_VERSION)) {
181 /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */
183 * high and low records were created on a
184 * big endian machine and will need byte-reversing.
189 status = dbwrap_fetch_int32(db, HWM_USER, &wm);
190 if (!NT_STATUS_IS_OK(status)) {
200 status = dbwrap_store_int32(db, HWM_USER, wm);
201 if (!NT_STATUS_IS_OK(status)) {
202 DEBUG(0, ("Unable to byteswap user hwm in idmap "
203 "database: %s\n", nt_errstr(status)));
207 status = dbwrap_fetch_int32(db, HWM_GROUP, &wm);
208 if (!NT_STATUS_IS_OK(status)) {
218 status = dbwrap_store_int32(db, HWM_GROUP, wm);
219 if (!NT_STATUS_IS_OK(status)) {
220 DEBUG(0, ("Unable to byteswap group hwm in idmap "
221 "database: %s\n", nt_errstr(status)));
229 /* the old format stored as DOMAIN/rid - now we store the SID direct */
230 status = dbwrap_traverse(db, convert_fn, &s, NULL);
232 if (!NT_STATUS_IS_OK(status)) {
233 DEBUG(0, ("Database traverse failed during conversion\n"));
238 DEBUG(0, ("Problem during conversion\n"));
242 status = dbwrap_store_int32(db, "IDMAP_VERSION", IDMAP_VERSION);
243 if (!NT_STATUS_IS_OK(status)) {
244 DEBUG(0, ("Unable to store idmap version in database: %s\n",
252 static NTSTATUS idmap_tdb_init_hwm(struct idmap_domain *dom)
256 bool update_uid = false;
257 bool update_gid = false;
258 struct idmap_tdb_context *ctx;
261 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
263 status = dbwrap_fetch_uint32(ctx->db, HWM_USER, &low_uid);
264 if (!NT_STATUS_IS_OK(status) || low_uid < dom->low_id) {
268 status = dbwrap_fetch_uint32(ctx->db, HWM_GROUP, &low_gid);
269 if (!NT_STATUS_IS_OK(status) || low_gid < dom->low_id) {
273 if (!update_uid && !update_gid) {
277 if (dbwrap_transaction_start(ctx->db) != 0) {
278 DEBUG(0, ("Unable to start upgrade transaction!\n"));
279 return NT_STATUS_INTERNAL_DB_ERROR;
283 status = dbwrap_store_uint32(ctx->db, HWM_USER, dom->low_id);
284 if (!NT_STATUS_IS_OK(status)) {
285 dbwrap_transaction_cancel(ctx->db);
286 DEBUG(0, ("Unable to initialise user hwm in idmap "
287 "database: %s\n", nt_errstr(status)));
288 return NT_STATUS_INTERNAL_DB_ERROR;
293 status = dbwrap_store_uint32(ctx->db, HWM_GROUP, dom->low_id);
294 if (!NT_STATUS_IS_OK(status)) {
295 dbwrap_transaction_cancel(ctx->db);
296 DEBUG(0, ("Unable to initialise group hwm in idmap "
297 "database: %s\n", nt_errstr(status)));
298 return NT_STATUS_INTERNAL_DB_ERROR;
302 if (dbwrap_transaction_commit(ctx->db) != 0) {
303 DEBUG(0, ("Unable to commit upgrade transaction!\n"));
304 return NT_STATUS_INTERNAL_DB_ERROR;
310 static NTSTATUS idmap_tdb_open_db(struct idmap_domain *dom)
314 char *tdbfile = NULL;
315 struct db_context *db = NULL;
317 bool config_error = false;
318 struct idmap_tdb_context *ctx;
320 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
323 /* it is already open */
327 /* use our own context here */
328 mem_ctx = talloc_stackframe();
330 /* use the old database if present */
331 tdbfile = state_path("winbindd_idmap.tdb");
333 DEBUG(0, ("Out of memory!\n"));
334 ret = NT_STATUS_NO_MEMORY;
338 DEBUG(10,("Opening tdbfile %s\n", tdbfile ));
340 /* Open idmap repository */
341 db = db_open(mem_ctx, tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0644);
343 DEBUG(0, ("Unable to open idmap database\n"));
344 ret = NT_STATUS_UNSUCCESSFUL;
348 /* check against earlier versions */
349 ret = dbwrap_fetch_int32(db, "IDMAP_VERSION", &version);
350 if (!NT_STATUS_IS_OK(ret)) {
354 if (version != IDMAP_VERSION) {
356 DEBUG(0,("Upgrade of IDMAP_VERSION from %d to %d is not "
357 "possible with incomplete configuration\n",
358 version, IDMAP_VERSION));
359 ret = NT_STATUS_UNSUCCESSFUL;
362 if (dbwrap_transaction_start(db) != 0) {
363 DEBUG(0, ("Unable to start upgrade transaction!\n"));
364 ret = NT_STATUS_INTERNAL_DB_ERROR;
368 if (!idmap_tdb_upgrade(dom, db)) {
369 dbwrap_transaction_cancel(db);
370 DEBUG(0, ("Unable to open idmap database, it's in an old format, and upgrade failed!\n"));
371 ret = NT_STATUS_INTERNAL_DB_ERROR;
375 if (dbwrap_transaction_commit(db) != 0) {
376 DEBUG(0, ("Unable to commit upgrade transaction!\n"));
377 ret = NT_STATUS_INTERNAL_DB_ERROR;
382 ctx->db = talloc_move(ctx, &db);
384 ret = idmap_tdb_init_hwm(dom);
387 talloc_free(mem_ctx);
391 /**********************************************************************
392 IDMAP ALLOC TDB BACKEND
393 **********************************************************************/
395 /**********************************
397 **********************************/
399 struct idmap_tdb_allocate_id_context {
406 static NTSTATUS idmap_tdb_allocate_id_action(struct db_context *db,
410 struct idmap_tdb_allocate_id_context *state;
413 state = (struct idmap_tdb_allocate_id_context *)private_data;
415 ret = dbwrap_fetch_uint32(db, state->hwmkey, &hwm);
416 if (!NT_STATUS_IS_OK(ret)) {
417 ret = NT_STATUS_INTERNAL_DB_ERROR;
421 /* check it is in the range */
422 if (hwm > state->high_hwm) {
423 DEBUG(1, ("Fatal Error: %s range full!! (max: %lu)\n",
424 state->hwmtype, (unsigned long)state->high_hwm));
425 ret = NT_STATUS_UNSUCCESSFUL;
429 /* fetch a new id and increment it */
430 ret = dbwrap_trans_change_uint32_atomic(db, state->hwmkey, &hwm, 1);
431 if (!NT_STATUS_IS_OK(ret)) {
432 DEBUG(0, ("Fatal error while fetching a new %s value: %s\n!",
433 state->hwmtype, nt_errstr(ret)));
437 /* recheck it is in the range */
438 if (hwm > state->high_hwm) {
439 DEBUG(1, ("Fatal Error: %s range full!! (max: %lu)\n",
440 state->hwmtype, (unsigned long)state->high_hwm));
441 ret = NT_STATUS_UNSUCCESSFUL;
452 static NTSTATUS idmap_tdb_allocate_id(struct idmap_domain *dom,
460 struct idmap_tdb_allocate_id_context state;
461 struct idmap_tdb_context *ctx;
463 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
465 /* Get current high water mark */
479 DEBUG(2, ("Invalid ID type (0x%x)\n", xid->type));
480 return NT_STATUS_INVALID_PARAMETER;
483 high_hwm = dom->high_id;
486 state.high_hwm = high_hwm;
487 state.hwmtype = hwmtype;
488 state.hwmkey = hwmkey;
490 status = dbwrap_trans_do(ctx->db, idmap_tdb_allocate_id_action,
493 if (NT_STATUS_IS_OK(status)) {
495 DEBUG(10,("New %s = %d\n", hwmtype, state.hwm));
497 DEBUG(1, ("Error allocating a new %s\n", hwmtype));
504 * Allocate a new unix-ID.
505 * For now this is for the default idmap domain only.
506 * Should be extended later on.
508 static NTSTATUS idmap_tdb_get_new_id(struct idmap_domain *dom,
513 if (!strequal(dom->name, "*")) {
514 DEBUG(3, ("idmap_tdb_get_new_id: "
515 "Refusing allocation of a new unixid for domain'%s'. "
516 "Currently only supported for the default "
519 return NT_STATUS_NOT_IMPLEMENTED;
522 ret = idmap_tdb_allocate_id(dom, id);
527 /**********************************************************************
528 IDMAP MAPPING TDB BACKEND
529 **********************************************************************/
531 /*****************************
532 Initialise idmap database.
533 *****************************/
535 static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom,
536 const struct id_map *map);
538 static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom)
541 struct idmap_tdb_context *ctx;
543 DEBUG(10, ("idmap_tdb_db_init called for domain '%s'\n", dom->name));
545 ctx = talloc_zero(dom, struct idmap_tdb_context);
547 DEBUG(0, ("Out of memory!\n"));
548 return NT_STATUS_NO_MEMORY;
551 /* load backend specific configuration here: */
553 if (strequal(dom->name, "*")) {
558 ctx->rw_ops = talloc_zero(ctx, struct idmap_rw_ops);
559 if (ctx->rw_ops == NULL) {
560 DEBUG(0, ("Out of memory!\n"));
561 ret = NT_STATUS_NO_MEMORY;
565 ctx->rw_ops->get_new_id = idmap_tdb_get_new_id;
566 ctx->rw_ops->set_mapping = idmap_tdb_set_mapping;
568 dom->private_data = ctx;
570 ret = idmap_tdb_open_db(dom);
571 if ( ! NT_STATUS_IS_OK(ret)) {
584 * store a mapping in the database
587 struct idmap_tdb_set_mapping_context {
592 static NTSTATUS idmap_tdb_set_mapping_action(struct db_context *db,
596 struct idmap_tdb_set_mapping_context *state;
598 state = (struct idmap_tdb_set_mapping_context *)private_data;
600 DEBUG(10, ("Storing %s <-> %s map\n", state->ksidstr, state->kidstr));
602 ret = dbwrap_store_bystring(db, state->ksidstr,
603 string_term_tdb_data(state->kidstr),
605 if (!NT_STATUS_IS_OK(ret)) {
606 DEBUG(0, ("Error storing SID -> ID (%s -> %s): %s\n",
607 state->ksidstr, state->kidstr, nt_errstr(ret)));
611 ret = dbwrap_store_bystring(db, state->kidstr,
612 string_term_tdb_data(state->ksidstr),
614 if (!NT_STATUS_IS_OK(ret)) {
615 DEBUG(0, ("Error storing ID -> SID (%s -> %s): %s\n",
616 state->kidstr, state->ksidstr, nt_errstr(ret)));
620 DEBUG(10,("Stored %s <-> %s\n", state->ksidstr, state->kidstr));
627 static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom,
628 const struct id_map *map)
630 struct idmap_tdb_context *ctx;
632 char *ksidstr, *kidstr;
633 struct idmap_tdb_set_mapping_context state;
635 if (!map || !map->sid) {
636 return NT_STATUS_INVALID_PARAMETER;
639 ksidstr = kidstr = NULL;
641 /* TODO: should we filter a set_mapping using low/high filters ? */
643 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
645 switch (map->xid.type) {
648 kidstr = talloc_asprintf(ctx, "UID %lu",
649 (unsigned long)map->xid.id);
653 kidstr = talloc_asprintf(ctx, "GID %lu",
654 (unsigned long)map->xid.id);
658 DEBUG(2, ("INVALID unix ID type: 0x02%x\n", map->xid.type));
659 return NT_STATUS_INVALID_PARAMETER;
662 if (kidstr == NULL) {
663 DEBUG(0, ("ERROR: Out of memory!\n"));
664 ret = NT_STATUS_NO_MEMORY;
668 ksidstr = sid_string_talloc(ctx, map->sid);
669 if (ksidstr == NULL) {
670 DEBUG(0, ("Out of memory!\n"));
671 ret = NT_STATUS_NO_MEMORY;
675 state.ksidstr = ksidstr;
676 state.kidstr = kidstr;
678 ret = dbwrap_trans_do(ctx->db, idmap_tdb_set_mapping_action, &state);
681 talloc_free(ksidstr);
687 * Create a new mapping for an unmapped SID, also allocating a new ID.
688 * This should be run inside a transaction.
691 * Properly integrate this with multi domain idmap config:
692 * Currently, the allocator is default-config only.
694 static NTSTATUS idmap_tdb_new_mapping(struct idmap_domain *dom, struct id_map *map)
697 struct idmap_tdb_context *ctx;
699 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
701 ret = idmap_rw_new_mapping(dom, ctx->rw_ops, map);
707 /**********************************
708 Single id to sid lookup function.
709 **********************************/
711 static NTSTATUS idmap_tdb_id_to_sid(struct idmap_domain *dom, struct id_map *map)
716 struct idmap_tdb_context *ctx;
719 return NT_STATUS_INVALID_PARAMETER;
722 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
724 /* apply filters before checking */
725 if (!idmap_unix_id_is_in_range(map->xid.id, dom)) {
726 DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
727 map->xid.id, dom->low_id, dom->high_id));
728 return NT_STATUS_NONE_MAPPED;
731 switch (map->xid.type) {
734 keystr = talloc_asprintf(ctx, "UID %lu", (unsigned long)map->xid.id);
738 keystr = talloc_asprintf(ctx, "GID %lu", (unsigned long)map->xid.id);
742 DEBUG(2, ("INVALID unix ID type: 0x02%x\n", map->xid.type));
743 return NT_STATUS_INVALID_PARAMETER;
746 /* final SAFE_FREE safe */
749 if (keystr == NULL) {
750 DEBUG(0, ("Out of memory!\n"));
751 ret = NT_STATUS_NO_MEMORY;
755 DEBUG(10,("Fetching record %s\n", keystr));
757 /* Check if the mapping exists */
758 ret = dbwrap_fetch_bystring(ctx->db, NULL, keystr, &data);
760 if (!NT_STATUS_IS_OK(ret)) {
761 DEBUG(10,("Record %s not found\n", keystr));
762 ret = NT_STATUS_NONE_MAPPED;
766 if (!string_to_sid(map->sid, (const char *)data.dptr)) {
767 DEBUG(10,("INVALID SID (%s) in record %s\n",
768 (const char *)data.dptr, keystr));
769 ret = NT_STATUS_INTERNAL_DB_ERROR;
773 DEBUG(10,("Found record %s -> %s\n", keystr, (const char *)data.dptr));
777 talloc_free(data.dptr);
782 /**********************************
783 Single sid to id lookup function.
784 **********************************/
786 static NTSTATUS idmap_tdb_sid_to_id(struct idmap_domain *dom, struct id_map *map)
791 unsigned long rec_id = 0;
792 struct idmap_tdb_context *ctx;
793 TALLOC_CTX *tmp_ctx = talloc_stackframe();
795 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
797 keystr = sid_string_talloc(tmp_ctx, map->sid);
798 if (keystr == NULL) {
799 DEBUG(0, ("Out of memory!\n"));
800 ret = NT_STATUS_NO_MEMORY;
804 DEBUG(10,("Fetching record %s\n", keystr));
806 /* Check if sid is present in database */
807 ret = dbwrap_fetch_bystring(ctx->db, tmp_ctx, keystr, &data);
808 if (!NT_STATUS_IS_OK(ret)) {
809 DEBUG(10,("Record %s not found\n", keystr));
810 ret = NT_STATUS_NONE_MAPPED;
814 /* What type of record is this ? */
815 if (sscanf((const char *)data.dptr, "UID %lu", &rec_id) == 1) { /* Try a UID record. */
816 map->xid.id = rec_id;
817 map->xid.type = ID_TYPE_UID;
818 DEBUG(10,("Found uid record %s -> %s \n", keystr, (const char *)data.dptr ));
821 } else if (sscanf((const char *)data.dptr, "GID %lu", &rec_id) == 1) { /* Try a GID record. */
822 map->xid.id = rec_id;
823 map->xid.type = ID_TYPE_GID;
824 DEBUG(10,("Found gid record %s -> %s \n", keystr, (const char *)data.dptr ));
827 } else { /* Unknown record type ! */
828 DEBUG(2, ("Found INVALID record %s -> %s\n", keystr, (const char *)data.dptr));
829 ret = NT_STATUS_INTERNAL_DB_ERROR;
833 /* apply filters before returning result */
834 if (!idmap_unix_id_is_in_range(map->xid.id, dom)) {
835 DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
836 map->xid.id, dom->low_id, dom->high_id));
837 ret = NT_STATUS_NONE_MAPPED;
841 talloc_free(tmp_ctx);
845 /**********************************
846 lookup a set of unix ids.
847 **********************************/
849 static NTSTATUS idmap_tdb_unixids_to_sids(struct idmap_domain *dom, struct id_map **ids)
854 /* initialize the status to avoid suprise */
855 for (i = 0; ids[i]; i++) {
856 ids[i]->status = ID_UNKNOWN;
859 for (i = 0; ids[i]; i++) {
860 ret = idmap_tdb_id_to_sid(dom, ids[i]);
861 if ( ! NT_STATUS_IS_OK(ret)) {
863 /* if it is just a failed mapping continue */
864 if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
866 /* make sure it is marked as unmapped */
867 ids[i]->status = ID_UNMAPPED;
871 /* some fatal error occurred, return immediately */
875 /* all ok, id is mapped */
876 ids[i]->status = ID_MAPPED;
885 /**********************************
886 lookup a set of sids.
887 **********************************/
889 struct idmap_tdb_sids_to_unixids_context {
890 struct idmap_domain *dom;
892 bool allocate_unmapped;
895 static NTSTATUS idmap_tdb_sids_to_unixids_action(struct db_context *db,
898 struct idmap_tdb_sids_to_unixids_context *state;
900 NTSTATUS ret = NT_STATUS_OK;
902 state = (struct idmap_tdb_sids_to_unixids_context *)private_data;
904 DEBUG(10, ("idmap_tdb_sids_to_unixids_action: "
905 " domain: [%s], allocate: %s\n",
907 state->allocate_unmapped ? "yes" : "no"));
909 for (i = 0; state->ids[i]; i++) {
910 if ((state->ids[i]->status == ID_UNKNOWN) ||
911 /* retry if we could not map in previous run: */
912 (state->ids[i]->status == ID_UNMAPPED))
916 ret2 = idmap_tdb_sid_to_id(state->dom, state->ids[i]);
917 if (!NT_STATUS_IS_OK(ret2)) {
919 /* if it is just a failed mapping, continue */
920 if (NT_STATUS_EQUAL(ret2, NT_STATUS_NONE_MAPPED)) {
922 /* make sure it is marked as unmapped */
923 state->ids[i]->status = ID_UNMAPPED;
924 ret = STATUS_SOME_UNMAPPED;
926 /* some fatal error occurred, return immediately */
931 /* all ok, id is mapped */
932 state->ids[i]->status = ID_MAPPED;
936 if ((state->ids[i]->status == ID_UNMAPPED) &&
937 state->allocate_unmapped)
939 ret = idmap_tdb_new_mapping(state->dom, state->ids[i]);
940 if (!NT_STATUS_IS_OK(ret)) {
950 static NTSTATUS idmap_tdb_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids)
952 struct idmap_tdb_context *ctx;
955 struct idmap_tdb_sids_to_unixids_context state;
957 /* initialize the status to avoid suprise */
958 for (i = 0; ids[i]; i++) {
959 ids[i]->status = ID_UNKNOWN;
962 ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context);
966 state.allocate_unmapped = false;
968 ret = idmap_tdb_sids_to_unixids_action(ctx->db, &state);
970 if (NT_STATUS_EQUAL(ret, STATUS_SOME_UNMAPPED) && !dom->read_only) {
971 state.allocate_unmapped = true;
972 ret = dbwrap_trans_do(ctx->db,
973 idmap_tdb_sids_to_unixids_action,
981 /**********************************
982 Close the idmap tdb instance
983 **********************************/
985 static struct idmap_methods db_methods = {
986 .init = idmap_tdb_db_init,
987 .unixids_to_sids = idmap_tdb_unixids_to_sids,
988 .sids_to_unixids = idmap_tdb_sids_to_unixids,
989 .allocate_id = idmap_tdb_get_new_id,
992 NTSTATUS idmap_tdb_init(void)
994 DEBUG(10, ("calling idmap_tdb_init\n"));
996 return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "tdb", &db_methods);