gid_t agid;
if (wb) {
- if ( ! ids[i].mapped) {
+ if (ids[i].status != ID_MAPPED) {
DEBUG(10, ("Could not convert SID %s to gid, "
"ignoring it\n", sid_string_static(ids[i].sid)));
continue;
#define dom_sid2 dom_sid
#define dom_sid28 dom_sid
+enum id_mapping {
+ ID_UNKNOWN,
+ ID_MAPPED,
+ ID_UNMAPPED
+};
+
enum id_type {
ID_TYPE_UID,
ID_TYPE_GID
struct id_map {
DOM_SID *sid;
struct unixid xid;
- BOOL mapped;
+ enum id_mapping status;
};
#include "librpc/ndr/misc.h"
/* by default calls to winbindd are disabled
the following call will not recurse so this is safe */
winbind_on();
- wbret =winbind_lookup_sid(ctx, map->sid, &domname, &name, &sid_type);
+ wbret = winbind_lookup_sid(ctx, map->sid, &domname, &name, &sid_type);
winbind_off();
/* check if this is a valid SID and then map it */
}
/* ok, got a new id, let's set a mapping */
- map->mapped = True;
+ map->status = ID_MAPPED;
DEBUG(10, ("Setting mapping: %s <-> %s %lu\n",
sid_string_static(map->sid),
_ids = ids;
- /* make sure all maps are marked as false */
+ /* make sure all maps are marked as in UNKNOWN status */
for (i = 0; _ids[i]; i++) {
- _ids[i]->mapped = False;
+ _ids[i]->status = ID_UNKNOWN;
}
unmapped = NULL;
unmapped = NULL;
for (i = 0, u = 0; _ids[i]; i++) {
- if (_ids[i]->mapped == False) {
+ if (_ids[i]->status == ID_UNKNOWN || _ids[i]->status == ID_UNMAPPED) {
unmapped = talloc_realloc(ctx, unmapped, struct id_map *, u + 2);
IDMAP_CHECK_ALLOC(unmapped);
unmapped[u] = _ids[i];
switch (unmapped[i]->xid.type) {
case ID_TYPE_UID:
uid_to_unix_users_sid((uid_t)unmapped[i]->xid.id, unmapped[i]->sid);
- unmapped[i]->mapped = True;
+ unmapped[i]->status = ID_MAPPED;
break;
case ID_TYPE_GID:
gid_to_unix_groups_sid((gid_t)unmapped[i]->xid.id, unmapped[i]->sid);
- unmapped[i]->mapped = True;
+ unmapped[i]->status = ID_MAPPED;
break;
default: /* what?! */
- unmapped[i]->mapped = False;
+ unmapped[i]->status = ID_UNKNOWN;
break;
}
}
for (i = 0; ids[i]; i++) {
int dom_num;
- /* make sure they are unmapped by default */
- ids[i]->mapped = False;
+ /* make sure they are unknown to start off */
+ ids[i]->status = ID_UNKNOWN;
for (dom_num = 0, dom = NULL; dom_num < num_domains; dom_num++) {
if (idmap_domains[dom_num]->default_domain) {
/* let's see if we have any unmapped SID left and act accordingly */
for (i = 0; ids[i]; i++) {
- if ( ! ids[i]->mapped) { /* ok this is an unmapped one, see if we can map it */
+ if (ids[i]->status == ID_UNKNOWN || ids[i]->status == ID_UNMAPPED) {
+ /* ok this is an unmapped one, see if we can map it */
ret = idmap_new_mapping(ctx, ids[i]);
if (NT_STATUS_IS_OK(ret)) {
/* successfully mapped */
- ids[i]->mapped = True;
+ ids[i]->status = ID_MAPPED;
} else if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
/* could not map it */
- ids[i]->mapped = False;
- } else{
+ ids[i]->status = ID_UNMAPPED;
+ } else {
/* Something very bad happened down there */
- goto done;
+ ids[i]->status = ID_UNKNOWN;
}
}
}
ret = idmap_cache_map_id(idmap_cache, ids[i]);
- /* TODO: handle NT_STATUS_SYNCHRONIZATION_REQUIRED for disconnected mode */
-
if ( ! NT_STATUS_IS_OK(ret)) {
if ( ! bids) {
/* update the cache */
for (i = 0; i < bi; i++) {
- if (bids[i]->mapped) {
+ if (bids[i]->status == ID_MAPPED) {
ret = idmap_cache_set(idmap_cache, bids[i]);
- } else {
+ } else if (bids[i]->status == ID_UNKNOWN) {
+ /* return an expired entry in the cache or an unknown */
+ /* this handles a previous NT_STATUS_SYNCHRONIZATION_REQUIRED
+ * for disconnected mode */
+ idmap_cache_map_id(idmap_cache, ids[i]);
+ } else { /* unmapped */
ret = idmap_cache_set_negative_id(idmap_cache, bids[i]);
}
IDMAP_CHECK_RET(ret);
ret = idmap_cache_map_sid(idmap_cache, ids[i]);
- /* TODO: handle NT_STATUS_SYNCHRONIZATION_REQUIRED for disconnected mode */
-
if ( ! NT_STATUS_IS_OK(ret)) {
if ( ! bids) {
/* update the cache */
for (i = 0; bids[i]; i++) {
- if (bids[i]->mapped) {
+ if (bids[i]->status == ID_MAPPED) {
ret = idmap_cache_set(idmap_cache, bids[i]);
+ } else if (bids[i]->status == ID_UNKNOWN) {
+ /* return an expired entry in the cache or an unknown */
+ /* this handles a previous NT_STATUS_SYNCHRONIZATION_REQUIRED
+ * for disconnected mode */
+ idmap_cache_map_id(idmap_cache, ids[i]);
} else {
ret = idmap_cache_set_negative_sid(idmap_cache, bids[i]);
}
}
/* sanity checks */
- if ((id->sid == NULL) || (! id->mapped)) {
+ if ((id->sid == NULL) || (id->status != ID_MAPPED)) {
DEBUG(1, ("NULL SID or unmapped entry\n"));
return NT_STATUS_INVALID_PARAMETER;
}
default:
DEBUG(3, ("Unknown ID type\n"));
- ids[idx]->mapped = false;
+ ids[idx]->status = ID_UNKNOWN;
continue;
}
}
sid_copy(map->sid, &sid);
/* mapped */
- map->mapped = True;
+ map->status = ID_MAPPED;
DEBUG(10, ("Mapped %s -> %lu (%d)\n",
sid_string_static(map->sid),
}
ret = NT_STATUS_OK;
+
+ /* mark all unknwon ones as unmapped */
+ for (i = 0; ids[i]; i++) {
+ if (ids[i]->status == ID_UNKNOWN) ids[i]->status = ID_UNMAPPED;
+ }
+
done:
talloc_free(memctx);
return ret;
/* mapped */
map->xid.type = type;
map->xid.id = id;
- map->mapped = True;
+ map->status = ID_MAPPED;
DEBUG(10, ("Mapped %s -> %lu (%d)\n",
sid_string_static(map->sid),
}
ret = NT_STATUS_OK;
+
+ /* mark all unknwon ones as unmapped */
+ for (i = 0; ids[i]; i++) {
+ if (ids[i]->status == ID_UNKNOWN) ids[i]->status = ID_UNMAPPED;
+ }
+
done:
talloc_free(memctx);
return ret;
goto failed;
}
- id->mapped = True;
+ id->status = ID_MAPPED;
return NT_STATUS_OK;
}
goto failed;
}
- id->mapped = True;
+ id->status = ID_MAPPED;
return NT_STATUS_OK;
failed:
DEBUG(1, ("invalid value: %s\n", value));
- id->mapped = False;
+ id->status = ID_UNKNOWN;
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
* 3 cases are possible
*
* 1 map found
- * in this case id->mapped = True and NT_STATUS_OK is returned
+ * in this case id->status = ID_MAPPED and NT_STATUS_OK is returned
* 2 map not found
- * in this case id->mapped = False and NT_STATUS_NONE_MAPPED is returned
+ * in this case id->status = ID_UNKNOWN and NT_STATUS_NONE_MAPPED is returned
* 3 negative cache found
- * in this case id->mapped = False and NT_STATUS_OK is returned
+ * in this case id->status = ID_UNMAPPED and NT_STATUS_OK is returned
*
* As a special case if the cache is expired NT_STATUS_SYNCHRONIZATION_REQUIRED
* is returned instead of NT_STATUS_OK. In this case revalidation of the cache
char *endptr;
/* make sure it is marked as not mapped by default */
- id->mapped = False;
+ id->status = ID_UNKNOWN;
ret = idmap_cache_build_sidkey(cache, &sidkey, id);
if (!NT_STATUS_IS_OK(ret)) return ret;
goto done;
}
- /* here ret == NT_STATUS_OK and id->mapped = True */
+ /* here ret == NT_STATUS_OK and id->status = ID_MAPPED */
if (t <= time(NULL)) {
/* We're expired, set an error code for upper layer */
ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
}
} else {
- /* this is not mapped (id->mapped = False),
- * and that's right as it was a negative cache hit */
- ret = NT_STATUS_OK;
-
if (t <= time(NULL)) {
/* We're expired, delete the entry and return not mapped */
tdb_delete(cache->tdb, keybuf);
ret = NT_STATUS_NONE_MAPPED;
+ } else {
+ /* this is not mapped as it was a negative cache hit */
+ id->status = ID_UNMAPPED;
+ ret = NT_STATUS_OK;
}
}
* 3 cases are possible
*
* 1 map found
- * in this case id->mapped = True and NT_STATUS_OK is returned
+ * in this case id->status = ID_MAPPED and NT_STATUS_OK is returned
* 2 map not found
- * in this case id->mapped = False and NT_STATUS_NONE_MAPPED is returned
+ * in this case id->status = ID_UNKNOWN and NT_STATUS_NONE_MAPPED is returned
* 3 negative cache found
- * in this case id->mapped = False and NT_STATUS_OK is returned
+ * in this case id->status = ID_UNMAPPED and NT_STATUS_OK is returned
*
* As a special case if the cache is expired NT_STATUS_SYNCHRONIZATION_REQUIRED
* is returned instead of NT_STATUS_OK. In this case revalidation of the cache
char *endptr;
/* make sure it is marked as not mapped by default */
- id->mapped = False;
+ id->status = ID_UNKNOWN;
ret = idmap_cache_build_idkey(cache, &idkey, id);
if (!NT_STATUS_IS_OK(ret)) return ret;
ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
}
} else {
- /* this is not mapped (id->mapped = False),
- * and that's right as it was a negative cache hit */
- ret = NT_STATUS_OK;
-
if (t <= time(NULL)) {
/* We're expired, delete the entry and return not mapped */
tdb_delete(cache->tdb, keybuf);
ret = NT_STATUS_NONE_MAPPED;
+ } else {
+ /* this is not mapped is it was a negative cache hit */
+ id->status = ID_UNMAPPED;
+ ret = NT_STATUS_OK;
}
}
done:
TALLOC_FREE(sidstr);
/* mapped */
- map->mapped = True;
+ map->status = ID_MAPPED;
DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_static(map->sid), (unsigned long)map->xid.id, map->xid.type));
}
ret = NT_STATUS_OK;
+
+ /* mark all unknwon ones as unmapped */
+ for (i = 0; ids[i]; i++) {
+ if (ids[i]->status == ID_UNKNOWN) ids[i]->status = ID_UNMAPPED;
+ }
+
done:
talloc_free(memctx);
return ret;
/* mapped */
map->xid.type = type;
map->xid.id = id;
- map->mapped = True;
+ map->status = ID_MAPPED;
DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_static(map->sid), (unsigned long)map->xid.id, map->xid.type));
}
ret = NT_STATUS_OK;
+ /* mark all unknwon ones as unmapped */
+ for (i = 0; ids[i]; i++) {
+ if (ids[i]->status == ID_UNKNOWN) ids[i]->status = ID_UNMAPPED;
+ }
+
done:
talloc_free(memctx);
return ret;
pw = getpwuid((uid_t)ids[i]->xid.id);
if (!pw) {
- ids[i]->mapped = False;
+ ids[i]->status = ID_UNMAPPED;
continue;
}
name = pw->pw_name;
gr = getgrgid((gid_t)ids[i]->xid.id);
if (!gr) {
- ids[i]->mapped = False;
+ ids[i]->status = ID_UNMAPPED;
continue;
}
name = gr->gr_name;
break;
default: /* ?? */
- ids[i]->mapped = False;
+ ids[i]->status = ID_UNKNOWN;
continue;
}
winbind_off();
if (!ret) {
- ids[i]->mapped = False;
+ /* TODO: how do we know if the name is really not mapped,
+ * or something just failed ? */
+ ids[i]->status = ID_UNMAPPED;
continue;
}
- /* make sure it is marked as unmapped if types do not match */
- ids[i]->mapped = False;
-
switch (type) {
case SID_NAME_USER:
if (ids[i]->xid.type == ID_TYPE_UID) {
- ids[i]->mapped = True;
+ ids[i]->status = ID_MAPPED;
}
break;
case SID_NAME_ALIAS:
case SID_NAME_WKN_GRP:
if (ids[i]->xid.type == ID_TYPE_GID) {
- ids[i]->mapped = True;
+ ids[i]->status = ID_MAPPED;
}
break;
default:
+ ids[i]->status = ID_UNKNOWN;
break;
}
}
winbind_off();
if (!ret) {
- ids[i]->mapped = False;
+ /* TODO: how do we know if the name is really not mapped,
+ * or something just failed ? */
+ ids[i]->status = ID_UNMAPPED;
continue;
}
- /* make sure it is marked as unmapped if types do not match */
- ids[i]->mapped = False;
-
switch (type) {
case SID_NAME_USER:
if (pw) {
ids[i]->xid.id = pw->pw_uid;
ids[i]->xid.type = ID_TYPE_UID;
- ids[i]->mapped = True;
+ ids[i]->status = ID_MAPPED;
}
break;
if (gr) {
ids[i]->xid.id = gr->gr_gid;
ids[i]->xid.type = ID_TYPE_GID;
- ids[i]->mapped = True;
+ ids[i]->status = ID_MAPPED;
}
break;
default:
- ids[i]->mapped = False;
+ ids[i]->status = ID_UNKNOWN;
break;
}
}
int i;
for (i = 0; ids[i]; i++) {
+
+ /* unmapped by default */
+ ids[i]->status = ID_UNMAPPED;
+
switch (ids[i]->xid.type) {
case ID_TYPE_UID:
- ids[i]->mapped = pdb_uid_to_sid((uid_t)ids[i]->xid.id, ids[i]->sid);
+ if (pdb_uid_to_sid((uid_t)ids[i]->xid.id, ids[i]->sid)) {
+ ids[i]->status = ID_MAPPED;
+ }
break;
case ID_TYPE_GID:
- ids[i]->mapped = pdb_gid_to_sid((gid_t)ids[i]->xid.id, ids[i]->sid);
+ if (pdb_gid_to_sid((gid_t)ids[i]->xid.id, ids[i]->sid)) {
+ ids[i]->status = ID_MAPPED;
+ }
break;
default: /* ?? */
- ids[i]->mapped = False;
+ ids[i]->status = ID_UNKNOWN;
}
}
case SID_NAME_USER:
ids[i]->xid.id = id.uid;
ids[i]->xid.type = ID_TYPE_UID;
- ids[i]->mapped = True;
+ ids[i]->status = ID_MAPPED;
break;
case SID_NAME_DOM_GRP:
case SID_NAME_WKN_GRP:
ids[i]->xid.id = id.gid;
ids[i]->xid.type = ID_TYPE_GID;
- ids[i]->mapped = True;
+ ids[i]->status = ID_MAPPED;
break;
default: /* ?? */
/* make sure it is marked as unmapped */
- ids[i]->mapped = False;
+ ids[i]->status = ID_UNKNOWN;
break;
}
} else {
/* Query Failed */
- ids[i]->mapped = False;
+ ids[i]->status = ID_UNMAPPED;
}
}
case SID_NAME_USER:
if (map->xid.type != ID_TYPE_UID) {
/* wrong type */
+ map->status = ID_UNMAPPED;
DEBUG(5, ("Resulting SID is of wrong ID type\n"));
return NT_STATUS_NONE_MAPPED;
}
case SID_NAME_WKN_GRP:
if (map->xid.type != ID_TYPE_GID) {
/* wrong type */
+ map->status = ID_UNMAPPED;
DEBUG(5, ("Resulting SID is of wrong ID type\n"));
return NT_STATUS_NONE_MAPPED;
}
break;
default:
- /* invalid sid, let's just leave it unmapped */
+ /* invalid sid?? */
+ map->status = ID_UNKNOWN;
DEBUG(10, ("SID %s is UNKNOWN, skip mapping\n", sid_string_static(map->sid)));
return NT_STATUS_NONE_MAPPED;
}
} else {
+ /* TODO: how do we known if the lookup was negative
+ * or something just failed? */
+ map->status = ID_UNMAPPED;
DEBUG(2, ("Failed: to resolve SID\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- map->mapped = True;
+ map->status = ID_MAPPED;
return NT_STATUS_OK;
}
default:
/* invalid sid, let's just leave it unmapped */
DEBUG(10, ("SID %s is UNKNOWN, skip mapping\n", sid_string_static(map->sid)));
+ map->status = ID_UNKNOWN;
return NT_STATUS_NONE_MAPPED;
}
} else {
+ /* TODO: how do we known if the lookup was negative
+ * or something just failed? */
+ map->status = ID_UNMAPPED;
DEBUG(2, ("Failed: to resolve SID\n"));
return NT_STATUS_UNSUCCESSFUL;
}
if ((map->xid.id < ctx->low_id) || (map->xid.id > ctx->high_id)) {
DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
map->xid.id, ctx->low_id, ctx->high_id));
+ map->status = ID_UNMAPPED;
return NT_STATUS_NONE_MAPPED;
}
- map->mapped = True;
+ map->status = ID_MAPPED;
return NT_STATUS_OK;
}
}
for (i = 0; ids[i]; i++) {
- /* make sure it is marked as unmapped before resolveing */
- ids[i]->mapped = False;
ret = idmap_rid_id_to_sid(ctx, ridctx, ids[i]);
}
for (i = 0; ids[i]; i++) {
- /* make sure it is marked as unmapped before resolveing */
- ids[i]->mapped = False;
ret = idmap_rid_sid_to_id(ctx, ridctx, ids[i]);
if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
/* make sure it is marked as unmapped */
- ids[i]->mapped = False;
+ ids[i]->status = ID_UNMAPPED;
continue;
}
}
/* all ok, id is mapped */
- ids[i]->mapped = True;
+ ids[i]->status = ID_MAPPED;
}
ret = NT_STATUS_OK;
if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
/* make sure it is marked as unmapped */
- ids[i]->mapped = False;
+ ids[i]->status = ID_UNMAPPED;
continue;
}
}
/* all ok, id is mapped */
- ids[i]->mapped = True;
+ ids[i]->status = ID_MAPPED;
}
ret = NT_STATUS_OK;
/* Try a UID record. */
if (sscanf(value.dptr, "UID %u", &(maps[num_maps].xid.id)) == 1) {
maps[num_maps].xid.type = ID_TYPE_UID;
- maps[num_maps].mapped = True;
+ maps[num_maps].status = ID_MAPPED;
*data->num_maps = num_maps + 1;
/* Try a GID record. */
} else
if (sscanf(value.dptr, "GID %u", &(maps[num_maps].xid.id)) == 1) {
maps[num_maps].xid.type = ID_TYPE_GID;
- maps[num_maps].mapped = True;
+ maps[num_maps].status = ID_MAPPED;
*data->num_maps = num_maps + 1;
/* Unknown record type ! */
} else {
+ maps[num_maps].status = ID_UNKNOWN;
DEBUG(2, ("Found INVALID record %s -> %s\n", key.dptr, value.dptr));
/* do not increment num_maps */
}
return ret;
}
- if ( ! map.mapped) {
+ if (map.status != ID_MAPPED) {
DEBUG(10, ("uid [%lu] not mapped\n", (unsigned long)uid));
return NT_STATUS_NONE_MAPPED;
}
return ret;
}
- if ( ! map.mapped) {
+ if (map.status != ID_MAPPED) {
DEBUG(10, ("gid [%lu] not mapped\n", (unsigned long)gid));
return NT_STATUS_NONE_MAPPED;
}
return ret;
}
- if (( ! map.mapped) || (map.xid.type != ID_TYPE_UID)) {
- DEBUG(10, ("sid [%s] not mapped to an uid [%u,%u,%u]\n", sid_string_static(sid), map.mapped, map.xid.type, map.xid.id));
+ if ((map.status != ID_MAPPED) || (map.xid.type != ID_TYPE_UID)) {
+ DEBUG(10, ("sid [%s] not mapped to an uid [%u,%u,%u]\n", sid_string_static(sid), map.status, map.xid.type, map.xid.id));
return NT_STATUS_NONE_MAPPED;
}
return ret;
}
- if (( ! map.mapped) || (map.xid.type != ID_TYPE_GID)) {
- DEBUG(10, ("sid [%s] not mapped to an gid [%u,%u,%u]\n", sid_string_static(sid), map.mapped, map.xid.type, map.xid.id));
+ if ((map.status != ID_MAPPED) || (map.xid.type != ID_TYPE_GID)) {
+ DEBUG(10, ("sid [%s] not mapped to an gid [%u,%u,%u]\n", sid_string_static(sid), map.status, map.xid.type, map.xid.id));
return NT_STATUS_NONE_MAPPED;
}
for (i = 0; i < num_ids; i++) {
if (wid[i].type == -1) {
- ids[i].mapped = False;
+ ids[i].status = ID_UNMAPPED;
} else {
- ids[i].mapped = True;
+ ids[i].status = ID_MAPPED;
ids[i].xid.type = wid[i].type;
ids[i].xid.id = wid[i].id;
}
}
for (i = 0; i < num; i++) {
- if (ids[i]->mapped) {
+ if (ids[i]->status == ID_MAPPED) {
xids[i].type = ids[i]->xid.type;
xids[i].id = ids[i]->xid.id;
} else {
git.samba.org / ira / wip.git / commitdiff