Instead of passing down gid or uid, a pointer to a unixid is now sent
down. This acts as an in-out variable so that the idmap functions can
correctly receive ID_TYPE_BOTH, filling in cache details correctly
rather than forcing the cache to store ID_TYPE_UID or ID_TYPE_GID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720
Change-Id: I11409a0f498e61a3c0a6ae606dd7af1135e6b066
Pair-programmed-with: Andrew Bartlett <abarlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Changed to 21, set/enum_upn_suffixes. AB.
* Changed to 22, idmap control functions
* Changed to 23, new idmap control functions
* Changed to 21, set/enum_upn_suffixes. AB.
* Changed to 22, idmap control functions
* Changed to 23, new idmap control functions
+ * Changed to 24, removed uid_to_sid and gid_to_sid, replaced with id_to_sid
-#define PASSDB_INTERFACE_VERSION 23
+#define PASSDB_INTERFACE_VERSION 24
struct pdb_search *search,
const struct dom_sid *sid);
struct pdb_search *search,
const struct dom_sid *sid);
- bool (*uid_to_sid)(struct pdb_methods *methods, uid_t uid,
- struct dom_sid *sid);
- bool (*gid_to_sid)(struct pdb_methods *methods, gid_t gid,
- struct dom_sid *sid);
+ /*
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+ bool (*id_to_sid)(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid);
bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid *sid,
struct unixid *id);
bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid *sid,
struct unixid *id);
bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value);
bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value);
bool pdb_get_seq_num(time_t *seq_num);
bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value);
bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value);
bool pdb_get_seq_num(time_t *seq_num);
-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid);
-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid);
+/*
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid);
bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id);
uint32_t pdb_capabilities(void);
bool pdb_new_rid(uint32_t *rid);
bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id);
uint32_t pdb_capabilities(void);
bool pdb_new_rid(uint32_t *rid);
static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
{
bool ret;
static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
{
bool ret;
+ id.id = uid;
+ id.type = ID_TYPE_UID;
+
- ret = pdb_uid_to_sid(uid, psid);
+ ret = pdb_id_to_sid(&id, psid);
unbecome_root();
if (ret) {
unbecome_root();
if (ret) {
static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
{
bool ret;
static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
{
bool ret;
+ id.id = gid;
+ id.type = ID_TYPE_GID;
+
- ret = pdb_gid_to_sid(gid, psid);
+ ret = pdb_id_to_sid(&id, psid);
unbecome_root();
if (ret) {
unbecome_root();
if (ret) {
}
} else {
/* Try group mapping */
}
} else {
/* Try group mapping */
+ struct unixid id;
+
+ id.id = pwd->pw_gid;
+ id.type = ID_TYPE_GID;
+
- if (pdb_gid_to_sid(pwd->pw_gid, group_sid)) {
+ if (pdb_id_to_sid(&id, group_sid)) {
need_lookup_sid = true;
}
}
need_lookup_sid = true;
}
}
return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
}
return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
}
-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid)
-{
- struct pdb_methods *pdb = pdb_get_methods();
- bool ret;
-
- ret = pdb->uid_to_sid(pdb, uid, sid);
-
- if (ret == true) {
- struct unixid id;
- id.id = uid;
- id.type = ID_TYPE_UID;
- idmap_cache_set_sid2unixid(sid, &id);
- }
-
- return ret;
-}
-
-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid)
+/*
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid)
{
struct pdb_methods *pdb = pdb_get_methods();
bool ret;
{
struct pdb_methods *pdb = pdb_get_methods();
bool ret;
- ret = pdb->gid_to_sid(pdb, gid, sid);
+ ret = pdb->id_to_sid(pdb, id, sid);
- struct unixid id;
- id.id = gid;
- id.type = ID_TYPE_GID;
- idmap_cache_set_sid2unixid(sid, &id);
+ idmap_cache_set_sid2unixid(sid, id);
+static bool pdb_default_id_to_sid(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid)
+{
+ switch (id->type) {
+ case ID_TYPE_UID:
+ return pdb_default_uid_to_sid(methods, id->id, sid);
+
+ case ID_TYPE_GID:
+ return pdb_default_gid_to_sid(methods, id->id, sid);
+
+ default:
+ return false;
+ }
+}
/**
* The "Unix User" and "Unix Group" domains have a special
* id mapping that is a rid-algorithm with range starting at 0.
/**
* The "Unix User" and "Unix Group" domains have a special
* id mapping that is a rid-algorithm with range starting at 0.
(*methods)->get_account_policy = pdb_default_get_account_policy;
(*methods)->set_account_policy = pdb_default_set_account_policy;
(*methods)->get_seq_num = pdb_default_get_seq_num;
(*methods)->get_account_policy = pdb_default_get_account_policy;
(*methods)->set_account_policy = pdb_default_set_account_policy;
(*methods)->get_seq_num = pdb_default_get_seq_num;
- (*methods)->uid_to_sid = pdb_default_uid_to_sid;
- (*methods)->gid_to_sid = pdb_default_gid_to_sid;
+ (*methods)->id_to_sid = pdb_default_id_to_sid;
(*methods)->sid_to_id = pdb_default_sid_to_id;
(*methods)->search_groups = pdb_default_search_groups;
(*methods)->sid_to_id = pdb_default_sid_to_id;
(*methods)->search_groups = pdb_default_search_groups;
NTSTATUS result;
struct dom_sid sid;
NTSTATUS result;
struct dom_sid sid;
- if (pdb_gid_to_sid(map->gid, &sid)) {
+ id.id = map->gid;
+ id.type = ID_TYPE_GID;
+
+ if (pdb_id_to_sid(&id, &sid)) {
DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to "
"add\n", (unsigned int)map->gid, sid_string_dbg(&sid)));
result = NT_STATUS_GROUP_EXISTS;
DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to "
"add\n", (unsigned int)map->gid, sid_string_dbg(&sid)));
result = NT_STATUS_GROUP_EXISTS;
+static bool ldapsam_id_to_sid(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid)
+{
+ switch (id->type) {
+ case ID_TYPE_UID:
+ return ldapsam_uid_to_sid(methods, id->id, sid);
+
+ case ID_TYPE_GID:
+ return ldapsam_gid_to_sid(methods, id->id, sid);
+
+ default:
+ return false;
+ }
+}
+
/*
* The following functions are called only if
/*
* The following functions are called only if
ldapsam_enum_group_memberships;
(*pdb_method)->lookup_rids = ldapsam_lookup_rids;
(*pdb_method)->sid_to_id = ldapsam_sid_to_id;
ldapsam_enum_group_memberships;
(*pdb_method)->lookup_rids = ldapsam_lookup_rids;
(*pdb_method)->sid_to_id = ldapsam_sid_to_id;
- (*pdb_method)->uid_to_sid = ldapsam_uid_to_sid;
- (*pdb_method)->gid_to_sid = ldapsam_gid_to_sid;
+ (*pdb_method)->id_to_sid = ldapsam_id_to_sid;
if (lp_parm_bool(-1, "ldapsam", "editposix", False)) {
(*pdb_method)->create_user = ldapsam_create_user;
if (lp_parm_bool(-1, "ldapsam", "editposix", False)) {
(*pdb_method)->create_user = ldapsam_create_user;
-static bool pdb_samba_dsdb_uid_to_sid(struct pdb_methods *m, uid_t uid,
- struct dom_sid *sid)
+/*
+ * Instead of taking a gid or uid, this function takes a pointer to a
+ * unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, and this function ensures cache details are filled
+ * correctly rather than forcing the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+static bool pdb_samba_dsdb_id_to_sid(struct pdb_methods *m, struct unixid *id,
+ struct dom_sid *sid)
{
struct pdb_samba_dsdb_state *state = talloc_get_type_abort(
m->private_data, struct pdb_samba_dsdb_state);
{
struct pdb_samba_dsdb_state *state = talloc_get_type_abort(
m->private_data, struct pdb_samba_dsdb_state);
- id_map.xid.id = uid;
- id_map.xid.type = ID_TYPE_UID;
id_maps[0] = &id_map;
id_maps[1] = NULL;
id_maps[0] = &id_map;
id_maps[1] = NULL;
talloc_free(tmp_ctx);
return false;
}
talloc_free(tmp_ctx);
return false;
}
- *sid = *id_map.sid;
- talloc_free(tmp_ctx);
- return true;
-}
-static bool pdb_samba_dsdb_gid_to_sid(struct pdb_methods *m, gid_t gid,
- struct dom_sid *sid)
-{
- struct pdb_samba_dsdb_state *state = talloc_get_type_abort(
- m->private_data, struct pdb_samba_dsdb_state);
- NTSTATUS status;
- struct id_map id_map;
- struct id_map *id_maps[2];
- TALLOC_CTX *tmp_ctx = talloc_stackframe();
- if (!tmp_ctx) {
- return false;
- }
-
- id_map.xid.id = gid;
- id_map.xid.type = ID_TYPE_GID;
- id_maps[0] = &id_map;
- id_maps[1] = NULL;
-
- status = idmap_xids_to_sids(state->idmap_ctx, tmp_ctx, id_maps);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(tmp_ctx);
- return false;
+ if (id_map.xid.type != ID_TYPE_NOT_SPECIFIED) {
+ id->type = id_map.xid.type;
}
*sid = *id_map.sid;
talloc_free(tmp_ctx);
}
*sid = *id_map.sid;
talloc_free(tmp_ctx);
m->search_users = pdb_samba_dsdb_search_users;
m->search_groups = pdb_samba_dsdb_search_groups;
m->search_aliases = pdb_samba_dsdb_search_aliases;
m->search_users = pdb_samba_dsdb_search_users;
m->search_groups = pdb_samba_dsdb_search_groups;
m->search_aliases = pdb_samba_dsdb_search_aliases;
- m->uid_to_sid = pdb_samba_dsdb_uid_to_sid;
- m->gid_to_sid = pdb_samba_dsdb_gid_to_sid;
+ m->id_to_sid = pdb_samba_dsdb_id_to_sid;
m->sid_to_id = pdb_samba_dsdb_sid_to_id;
m->capabilities = pdb_samba_dsdb_capabilities;
m->new_rid = pdb_samba_dsdb_new_rid;
m->sid_to_id = pdb_samba_dsdb_sid_to_id;
m->capabilities = pdb_samba_dsdb_capabilities;
m->new_rid = pdb_samba_dsdb_new_rid;
#include "passdb.h"
#include "lib/winbind_util.h"
#include "passdb/pdb_wbc_sam.h"
#include "passdb.h"
#include "lib/winbind_util.h"
#include "passdb/pdb_wbc_sam.h"
/***************************************************************************
Default implementations of some functions.
/***************************************************************************
Default implementations of some functions.
return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid));
}
return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid));
}
-static bool pdb_wbc_sam_uid_to_sid(struct pdb_methods *methods, uid_t uid,
- struct dom_sid *sid)
+static bool pdb_wbc_sam_id_to_sid(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid)
- return winbind_uid_to_sid(sid, uid);
-}
+ switch (id->type) {
+ case ID_TYPE_UID:
+ return winbind_uid_to_sid(sid, id->id);
-static bool pdb_wbc_sam_gid_to_sid(struct pdb_methods *methods, gid_t gid,
- struct dom_sid *sid)
-{
- return winbind_gid_to_sid(sid, gid);
+ case ID_TYPE_GID:
+ return winbind_gid_to_sid(sid, id->id);
+
+ default:
+ return false;
+ }
}
static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods,
}
static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods,
(*pdb_method)->lookup_rids = pdb_wbc_sam_lookup_rids;
(*pdb_method)->get_account_policy = pdb_wbc_sam_get_account_policy;
(*pdb_method)->set_account_policy = pdb_wbc_sam_set_account_policy;
(*pdb_method)->lookup_rids = pdb_wbc_sam_lookup_rids;
(*pdb_method)->get_account_policy = pdb_wbc_sam_get_account_policy;
(*pdb_method)->set_account_policy = pdb_wbc_sam_set_account_policy;
- (*pdb_method)->uid_to_sid = pdb_wbc_sam_uid_to_sid;
- (*pdb_method)->gid_to_sid = pdb_wbc_sam_gid_to_sid;
+ (*pdb_method)->id_to_sid = pdb_wbc_sam_id_to_sid;
(*pdb_method)->search_groups = pdb_wbc_sam_search_groups;
(*pdb_method)->search_aliases = pdb_wbc_sam_search_aliases;
(*pdb_method)->search_groups = pdb_wbc_sam_search_groups;
(*pdb_method)->search_aliases = pdb_wbc_sam_search_aliases;
#include "librpc/gen_ndr/idmap.h"
#include "passdb.h"
#include "secrets.h"
#include "librpc/gen_ndr/idmap.h"
#include "passdb.h"
#include "secrets.h"
/* There's no Py_ssize_t in 2.4, apparently */
#if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION < 5
/* There's no Py_ssize_t in 2.4, apparently */
#if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION < 5
{
TALLOC_CTX *frame = talloc_stackframe();
struct pdb_methods *methods;
{
TALLOC_CTX *frame = talloc_stackframe();
struct pdb_methods *methods;
unsigned int uid;
struct dom_sid user_sid, *copy_user_sid;
PyObject *py_user_sid;
unsigned int uid;
struct dom_sid user_sid, *copy_user_sid;
PyObject *py_user_sid;
methods = pytalloc_get_ptr(self);
methods = pytalloc_get_ptr(self);
- if (!methods->uid_to_sid(methods, uid, &user_sid)) {
+ id.id = uid;
+ id.type = ID_TYPE_UID;
+
+ if (!methods->id_to_sid(methods, &id, &user_sid)) {
PyErr_Format(py_pdb_error, "Unable to get sid for uid=%d", uid);
talloc_free(frame);
return NULL;
PyErr_Format(py_pdb_error, "Unable to get sid for uid=%d", uid);
talloc_free(frame);
return NULL;
{
TALLOC_CTX *frame = talloc_stackframe();
struct pdb_methods *methods;
{
TALLOC_CTX *frame = talloc_stackframe();
struct pdb_methods *methods;
unsigned int gid;
struct dom_sid group_sid, *copy_group_sid;
PyObject *py_group_sid;
unsigned int gid;
struct dom_sid group_sid, *copy_group_sid;
PyObject *py_group_sid;
+ id.id = gid;
+ id.type = ID_TYPE_GID;
+
methods = pytalloc_get_ptr(self);
methods = pytalloc_get_ptr(self);
- if (!methods->gid_to_sid(methods, gid, &group_sid)) {
+ if (!methods->id_to_sid(methods, &id, &group_sid)) {
PyErr_Format(py_pdb_error, "Unable to get sid for gid=%d", gid);
talloc_free(frame);
return NULL;
PyErr_Format(py_pdb_error, "Unable to get sid for gid=%d", gid);
talloc_free(frame);
return NULL;
#include "passdb/pdb_ldap_schema.h"
#include "lib/privileges.h"
#include "secrets.h"
#include "passdb/pdb_ldap_schema.h"
#include "lib/privileges.h"
#include "secrets.h"
static NTSTATUS unmap_unix_group(const struct group *grp)
{
struct dom_sid dom_sid;
static NTSTATUS unmap_unix_group(const struct group *grp)
{
struct dom_sid dom_sid;
if (!lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
NULL, NULL, NULL, NULL)) {
if (!lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
NULL, NULL, NULL, NULL)) {
return NT_STATUS_NO_SUCH_GROUP;
}
return NT_STATUS_NO_SUCH_GROUP;
}
- if (!pdb_gid_to_sid(grp->gr_gid, &dom_sid)) {
+ id.id = grp->gr_gid;
+ id.type = ID_TYPE_GID;
+ if (!pdb_id_to_sid(&id, &dom_sid)) {
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_UNSUCCESSFUL;
}
int i;
for (i = 0; ids[i]; i++) {
int i;
for (i = 0; ids[i]; i++) {
/* unmapped by default */
ids[i]->status = ID_UNMAPPED;
/* unmapped by default */
ids[i]->status = ID_UNMAPPED;
- switch (ids[i]->xid.type) {
- case ID_TYPE_UID:
- if (pdb_uid_to_sid((uid_t)ids[i]->xid.id, ids[i]->sid)) {
- ids[i]->status = ID_MAPPED;
- }
- break;
- case ID_TYPE_GID:
- if (pdb_gid_to_sid((gid_t)ids[i]->xid.id, ids[i]->sid)) {
- ids[i]->status = ID_MAPPED;
- }
- break;
- default: /* ?? */
- ids[i]->status = ID_UNKNOWN;
+ if (pdb_id_to_sid(&ids[i]->xid, ids[i]->sid)) {
+ ids[i]->status = ID_MAPPED;