2 Unix SMB/CIFS implementation.
4 Copyright (C) Tim Potter 2000
5 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
6 Copyright (C) Simo Sorce 2003-2007
7 Copyright (C) Jeremy Allison 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #define DBGC_CLASS DBGC_IDMAP
31 static void idmap_init(void)
33 static bool initialized;
39 DEBUG(10, ("idmap_init(): calling static_init_idmap\n"));
47 * Pointer to the backend methods. Modules register themselves here via
51 struct idmap_backend {
53 struct idmap_methods *methods;
54 struct idmap_backend *prev, *next;
56 static struct idmap_backend *backends = NULL;
59 * The idmap alloc context that is configured via "idmap alloc
60 * backend". Defaults to "idmap backend" in case the module (tdb, ldap) also
61 * provides alloc methods.
63 struct idmap_alloc_context {
64 struct idmap_alloc_methods *methods;
66 static struct idmap_alloc_context *idmap_alloc_ctx = NULL;
69 * Default idmap domain configured via "idmap backend".
71 static struct idmap_domain *default_idmap_domain;
74 * Passdb idmap domain, not configurable. winbind must always give passdb a
77 static struct idmap_domain *passdb_idmap_domain;
80 * List of specially configured idmap domains. This list is filled on demand
81 * in the winbind idmap child when the parent winbind figures out via the
82 * special range parameter or via the domain SID that a special "idmap config
83 * domain" configuration is present.
85 static struct idmap_domain **idmap_domains = NULL;
86 static int num_domains = 0;
88 static struct idmap_methods *get_methods(const char *name)
90 struct idmap_backend *b;
92 for (b = backends; b; b = b->next) {
93 if (strequal(b->name, name)) {
101 bool idmap_is_offline(void)
103 return ( lp_winbind_offline_logon() &&
104 get_global_winbindd_state_offline() );
107 bool idmap_is_online(void)
109 return !idmap_is_offline();
112 /**********************************************************************
113 Allow a module to register itself as a method.
114 **********************************************************************/
116 NTSTATUS smb_register_idmap(int version, const char *name,
117 struct idmap_methods *methods)
119 struct idmap_backend *entry;
121 if ((version != SMB_IDMAP_INTERFACE_VERSION)) {
122 DEBUG(0, ("Failed to register idmap module.\n"
123 "The module was compiled against "
124 "SMB_IDMAP_INTERFACE_VERSION %d,\n"
125 "current SMB_IDMAP_INTERFACE_VERSION is %d.\n"
126 "Please recompile against the current version "
128 version, SMB_IDMAP_INTERFACE_VERSION));
129 return NT_STATUS_OBJECT_TYPE_MISMATCH;
132 if (!name || !name[0] || !methods) {
133 DEBUG(0,("Called with NULL pointer or empty name!\n"));
134 return NT_STATUS_INVALID_PARAMETER;
137 for (entry = backends; entry != NULL; entry = entry->next) {
138 if (strequal(entry->name, name)) {
139 DEBUG(0,("Idmap module %s already registered!\n",
141 return NT_STATUS_OBJECT_NAME_COLLISION;
145 entry = talloc(NULL, struct idmap_backend);
147 DEBUG(0,("Out of memory!\n"));
149 return NT_STATUS_NO_MEMORY;
151 entry->name = talloc_strdup(entry, name);
152 if ( ! entry->name) {
153 DEBUG(0,("Out of memory!\n"));
155 return NT_STATUS_NO_MEMORY;
157 entry->methods = methods;
159 DLIST_ADD(backends, entry);
160 DEBUG(5, ("Successfully added idmap backend '%s'\n", name));
164 static int close_domain_destructor(struct idmap_domain *dom)
168 ret = dom->methods->close_fn(dom);
169 if (!NT_STATUS_IS_OK(ret)) {
170 DEBUG(3, ("Failed to close idmap domain [%s]!\n", dom->name));
176 static bool parse_idmap_module(TALLOC_CTX *mem_ctx, const char *param,
177 char **pmodulename, char **pargs)
182 if (strncmp(param, "idmap_", 6) == 0) {
184 DEBUG(1, ("idmap_init: idmap backend uses deprecated "
185 "'idmap_' prefix. Please replace 'idmap_%s' by "
186 "'%s'\n", param, param));
189 modulename = talloc_strdup(mem_ctx, param);
190 if (modulename == NULL) {
194 args = strchr(modulename, ':');
196 *pmodulename = modulename;
203 args = talloc_strdup(mem_ctx, args+1);
205 TALLOC_FREE(modulename);
209 *pmodulename = modulename;
215 * Initialize a domain structure
216 * @param[in] mem_ctx memory context for the result
217 * @param[in] domainname which domain is this for
218 * @param[in] modulename which backend module
219 * @param[in] params parameter to pass to the init function
220 * @result The initialized structure
222 static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
223 const char *domainname,
224 const char *modulename,
227 struct idmap_domain *result;
230 result = talloc_zero(mem_ctx, struct idmap_domain);
231 if (result == NULL) {
232 DEBUG(0, ("talloc failed\n"));
236 result->name = talloc_strdup(result, domainname);
237 if (result->name == NULL) {
238 DEBUG(0, ("talloc failed\n"));
242 result->methods = get_methods(modulename);
243 if (result->methods == NULL) {
244 DEBUG(3, ("idmap backend %s not found\n", modulename));
246 status = smb_probe_module("idmap", modulename);
247 if (!NT_STATUS_IS_OK(status)) {
248 DEBUG(3, ("Could not probe idmap module %s\n",
253 result->methods = get_methods(modulename);
255 if (result->methods == NULL) {
256 DEBUG(1, ("idmap backend %s not found\n", modulename));
260 status = result->methods->init(result, params);
261 if (!NT_STATUS_IS_OK(status)) {
262 DEBUG(1, ("idmap initialization returned %s\n",
267 talloc_set_destructor(result, close_domain_destructor);
277 * Initialize the default domain structure
278 * @param[in] mem_ctx memory context for the result
279 * @result The default domain structure
281 * This routine takes the module name from the "idmap backend" parameter,
282 * passing a possible parameter like ldap:ldap://ldap-url/ to the module.
285 static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx)
287 struct idmap_domain *result;
293 if (!parse_idmap_module(talloc_tos(), lp_idmap_backend(), &modulename,
295 DEBUG(1, ("parse_idmap_module failed\n"));
299 DEBUG(3, ("idmap_init: using '%s' as remote backend\n", modulename));
301 result = idmap_init_domain(mem_ctx, "*", modulename, params);
302 if (result == NULL) {
306 TALLOC_FREE(modulename);
311 TALLOC_FREE(modulename);
318 * Initialize a named domain structure
319 * @param[in] mem_ctx memory context for the result
320 * @param[in] domname the domain name
321 * @result The default domain structure
323 * This routine looks at the "idmap config <domname>" parameters to figure out
327 static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
330 struct idmap_domain *result = NULL;
334 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
336 if (config_option == NULL) {
337 DEBUG(0, ("talloc failed\n"));
341 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
342 if (backend == NULL) {
343 DEBUG(1, ("no backend defined for %s\n", config_option));
347 result = idmap_init_domain(mem_ctx, domname, backend, NULL);
348 if (result == NULL) {
352 TALLOC_FREE(config_option);
356 TALLOC_FREE(config_option);
362 * Initialize the passdb domain structure
363 * @param[in] mem_ctx memory context for the result
364 * @result The default domain structure
366 * No config, passdb has its own configuration.
369 static struct idmap_domain *idmap_init_passdb_domain(TALLOC_CTX *mem_ctx)
373 if (passdb_idmap_domain != NULL) {
374 return passdb_idmap_domain;
377 passdb_idmap_domain = idmap_init_domain(NULL, get_global_sam_name(),
379 if (passdb_idmap_domain == NULL) {
380 DEBUG(1, ("Could not init passdb idmap domain\n"));
383 return passdb_idmap_domain;
387 * Find a domain struct according to a domain name
388 * @param[in] domname Domain name to get the config for
389 * @result The default domain structure that fits
391 * This is the central routine in the winbindd-idmap child to pick the correct
392 * domain for looking up IDs. If domname is NULL or empty, we use the default
393 * domain. If it contains something, we try to use idmap_init_named_domain()
394 * to fetch the correct backend.
396 * The choice about "domname" is being made by the winbind parent, look at the
397 * "have_idmap_config" of "struct winbindd_domain" which is set in
398 * add_trusted_domain.
401 static struct idmap_domain *idmap_find_domain(const char *domname)
403 struct idmap_domain *result;
406 DEBUG(10, ("idmap_find_domain called for domain '%s'\n",
407 domname?domname:"NULL"));
410 * Always init the default domain, we can't go without one
412 if (default_idmap_domain == NULL) {
413 default_idmap_domain = idmap_init_default_domain(NULL);
415 if (default_idmap_domain == NULL) {
419 if ((domname == NULL) || (domname[0] == '\0')) {
420 return default_idmap_domain;
423 for (i=0; i<num_domains; i++) {
424 if (strequal(idmap_domains[i]->name, domname)) {
425 return idmap_domains[i];
429 if (idmap_domains == NULL) {
431 * talloc context for all idmap domains
433 idmap_domains = TALLOC_ARRAY(NULL, struct idmap_domain *, 1);
436 if (idmap_domains == NULL) {
437 DEBUG(0, ("talloc failed\n"));
441 result = idmap_init_named_domain(idmap_domains, domname);
442 if (result == NULL) {
444 * Could not init that domain -- try the default one
446 return default_idmap_domain;
449 ADD_TO_ARRAY(idmap_domains, struct idmap_domain *, result,
450 &idmap_domains, &num_domains);
454 void idmap_close(void)
456 if (idmap_alloc_ctx) {
457 idmap_alloc_ctx->methods->close_fn();
458 idmap_alloc_ctx->methods = NULL;
460 TALLOC_FREE(default_idmap_domain);
461 TALLOC_FREE(passdb_idmap_domain);
462 TALLOC_FREE(idmap_domains);
466 /**************************************************************************
467 idmap allocator interface functions
468 **************************************************************************/
470 static NTSTATUS idmap_allocate_unixid(struct unixid *id)
472 struct idmap_domain *dom;
475 dom = idmap_find_domain(NULL);
478 return NT_STATUS_UNSUCCESSFUL;
481 if (dom->methods->allocate_id == NULL) {
482 return NT_STATUS_NOT_IMPLEMENTED;
485 ret = dom->methods->allocate_id(dom, id);
491 NTSTATUS idmap_allocate_uid(struct unixid *id)
493 id->type = ID_TYPE_UID;
494 return idmap_allocate_unixid(id);
497 NTSTATUS idmap_allocate_gid(struct unixid *id)
499 id->type = ID_TYPE_GID;
500 return idmap_allocate_unixid(id);
503 NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
505 struct idmap_domain *dom;
506 struct id_map *maps[2];
508 DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d "
510 domname?domname:"NULL", id->xid.id, id->xid.type));
516 * Always give passdb a chance first
519 dom = idmap_init_passdb_domain(NULL);
521 && NT_STATUS_IS_OK(dom->methods->unixids_to_sids(dom, maps))
522 && id->status == ID_MAPPED) {
526 dom = idmap_find_domain(domname);
528 return NT_STATUS_NONE_MAPPED;
531 return dom->methods->unixids_to_sids(dom, maps);
534 NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id)
536 struct idmap_domain *dom;
537 struct id_map *maps[2];
539 DEBUG(10, ("idmap_backends_sid_to_unixid: domain = '%s', sid = [%s]\n",
540 domain?domain:"NULL", sid_string_dbg(id->sid)));
545 if (sid_check_is_in_builtin(id->sid)
546 || (sid_check_is_in_our_domain(id->sid))) {
548 dom = idmap_init_passdb_domain(NULL);
550 return NT_STATUS_NONE_MAPPED;
552 return dom->methods->sids_to_unixids(dom, maps);
555 dom = idmap_find_domain(domain);
557 return NT_STATUS_NONE_MAPPED;
560 return dom->methods->sids_to_unixids(dom, maps);