CP437_OBJ = modules/CP437.o
CHARSET_MACOSXFS_OBJ = modules/charset_macosxfs.o
-GROUPDB_OBJ = groupdb/mapping.o groupdb/mapping_tdb.o
+GROUPDB_OBJ = groupdb/mapping.o groupdb/mapping_tdb.o groupdb/mapping_ldb.o
PROFILE_OBJ = profile/profile.o
PROFILES_OBJ = utils/profiles.o \
#include "includes.h"
#include "groupdb/mapping.h"
+static const struct mapping_backend *backend;
+
+/*
+ initialise a group mapping backend
+ */
+static BOOL init_group_mapping(void)
+{
+ const char *backend_string;
+
+ if (backend != NULL) {
+ /* already initialised */
+ return True;
+ }
+
+ /* default to using the ldb backend. This parameter should
+ disappear in future versions of Samba3, but for now it
+ provides a safety net in case any major problems are
+ discovered with ldb after the release */
+ backend_string = lp_parm_const_string(-1, "groupdb", "backend", "ldb");
+
+ if (strcmp(backend_string, "ldb") == 0) {
+ backend = groupdb_ldb_init();
+ } else if (strcmp(backend_string, "tdb") == 0) {
+ backend = groupdb_tdb_init();
+ } else {
+ DEBUG(0,("Unknown groupdb backend '%s'\n", backend_string));
+ smb_panic("Unknown groupdb backend\n");
+ }
+ return backend != NULL;
+}
+
/****************************************************************************
initialise first time the mapping list
****************************************************************************/
*sids = NULL;
for (i=0; i<num_members; i++) {
- NTSTATUS status = one_alias_membership(&members[i], sids, num);
+ NTSTATUS status = backend->one_alias_membership(&members[i], sids, num);
if (!NT_STATUS_IS_OK(status))
return status;
}
NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
DOM_SID sid)
{
- return get_group_map_from_sid(sid, map) ?
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return backend->get_group_map_from_sid(sid, map) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
gid_t gid)
{
- return get_group_map_from_gid(gid, map) ?
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return backend->get_group_map_from_gid(gid, map) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
const char *name)
{
- return get_group_map_from_ntname(name, map) ?
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return backend->get_group_map_from_ntname(name, map) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
- return add_mapping_entry(map, TDB_INSERT) ?
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return backend->add_mapping_entry(map, TDB_INSERT) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
- return add_mapping_entry(map, TDB_REPLACE) ?
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return backend->add_mapping_entry(map, TDB_REPLACE) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
DOM_SID sid)
{
- return group_map_remove(&sid) ?
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return backend->group_map_remove(&sid) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
GROUP_MAP **pp_rmap, size_t *p_num_entries,
BOOL unix_only)
{
- return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ?
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return backend->enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
const DOM_SID *alias, const DOM_SID *member)
{
- return add_aliasmem(alias, member);
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return backend->add_aliasmem(alias, member);
}
NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
const DOM_SID *alias, const DOM_SID *member)
{
- return del_aliasmem(alias, member);
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return backend->del_aliasmem(alias, member);
}
NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
const DOM_SID *alias, DOM_SID **pp_members,
size_t *p_num_members)
{
- return enum_aliasmem(alias, pp_members, p_num_members);
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return backend->enum_aliasmem(alias, pp_members, p_num_members);
}
NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
size_t i, num_alias_sids;
NTSTATUS result;
+ if (!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
alias_sids = NULL;
num_alias_sids = 0;
*/
#define MEMBEROF_PREFIX "MEMBEROF/"
-/* internal prototypes */
-BOOL enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
- size_t *p_num_entries, BOOL unix_only);
-BOOL group_map_remove(const DOM_SID *sid);
-BOOL init_group_mapping(void);
-NTSTATUS one_alias_membership(const DOM_SID *member,
- DOM_SID **sids, size_t *num);
-BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map);
-BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map);
-BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map);
-BOOL add_mapping_entry(GROUP_MAP *map, int flag);
-NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member);
-NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member);
-NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num);
+/*
+ groupdb mapping backend abstraction
+ */
+struct mapping_backend {
+ BOOL (*init_group_mapping)(void);
+ BOOL (*add_mapping_entry)(GROUP_MAP *map, int flag);
+ BOOL (*get_group_map_from_sid)(DOM_SID sid, GROUP_MAP *map);
+ BOOL (*get_group_map_from_gid)(gid_t gid, GROUP_MAP *map);
+ BOOL (*get_group_map_from_ntname)(const char *name, GROUP_MAP *map);
+ BOOL (*group_map_remove)(const DOM_SID *sid);
+ BOOL (*enum_group_mapping)(const DOM_SID *domsid, enum lsa_SidType sid_name_use,
+ GROUP_MAP **pp_rmap,
+ size_t *p_num_entries, BOOL unix_only);
+ NTSTATUS (*one_alias_membership)(const DOM_SID *member,
+ DOM_SID **sids, size_t *num);
+ NTSTATUS (*add_aliasmem)(const DOM_SID *alias, const DOM_SID *member);
+ NTSTATUS (*del_aliasmem)(const DOM_SID *alias, const DOM_SID *member);
+ NTSTATUS (*enum_aliasmem)(const DOM_SID *alias, DOM_SID **sids, size_t *num);
+};
/*
connect to the group mapping ldb
*/
- BOOL init_group_mapping(void)
+static BOOL init_group_mapping(void)
{
BOOL existed;
const char *init_ldif[] =
/*
add a group mapping entry
*/
- BOOL add_mapping_entry(GROUP_MAP *map, int flag)
+static BOOL add_mapping_entry(GROUP_MAP *map, int flag)
{
struct ldb_message *msg;
int ret, i;
fstring string_sid;
- if (!init_group_mapping()) {
- return False;
- }
-
msg = ldb_msg_new(ldb);
if (msg == NULL) {
return False;
/*
return a group map entry for a given sid
*/
- BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
+static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
{
int ret;
struct ldb_dn *dn;
struct ldb_result *res=NULL;
- if (!init_group_mapping()) {
- return False;
- }
-
dn = mapping_dn(ldb, &sid);
if (dn == NULL) goto failed;
/*
return a group map entry for a given gid
*/
- BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
+static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
{
int ret;
char *expr;
struct ldb_result *res=NULL;
- if (!init_group_mapping()) {
- return False;
- }
-
expr = talloc_asprintf(ldb, "(&(gidNumber=%u)(objectClass=groupMap))",
(unsigned)gid);
if (expr == NULL) goto failed;
/*
Return the sid and the type of the unix group.
*/
- BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map)
+static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map)
{
int ret;
char *expr;
struct ldb_result *res=NULL;
- if (!init_group_mapping()) {
- return False;
- }
-
expr = talloc_asprintf(ldb, "(&(ntName=%s)(objectClass=groupMap))", name);
if (expr == NULL) goto failed;
/*
Remove a group mapping entry.
*/
- BOOL group_map_remove(const DOM_SID *sid)
+static BOOL group_map_remove(const DOM_SID *sid)
{
struct ldb_dn *dn;
int ret;
- if (!init_group_mapping()) {
- return False;
- }
-
dn = mapping_dn(ldb, sid);
if (dn == NULL) {
return False;
/*
Enumerate the group mappings for a domain
*/
- BOOL enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap,
- size_t *p_num_entries, BOOL unix_only)
+static BOOL enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use,
+ GROUP_MAP **pp_rmap,
+ size_t *p_num_entries, BOOL unix_only)
{
int i, ret;
char *expr;
struct ldb_dn *basedn=NULL;
TALLOC_CTX *tmp_ctx;
- if (!init_group_mapping()) {
- return False;
- }
-
tmp_ctx = talloc_new(ldb);
if (tmp_ctx == NULL) goto failed;
This operation happens on session setup, so it should better be fast. We
store a list of aliases a SID is member of hanging off MEMBEROF/SID.
*/
- NTSTATUS one_alias_membership(const DOM_SID *member,
- DOM_SID **sids, size_t *num)
+static NTSTATUS one_alias_membership(const DOM_SID *member,
+ DOM_SID **sids, size_t *num)
{
const char *attrs[] = {
"sid",
fstring string_sid;
NTSTATUS status = NT_STATUS_INTERNAL_DB_CORRUPTION;
- if (!init_group_mapping()) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
if (!sid_to_string(string_sid, member)) {
return NT_STATUS_INVALID_PARAMETER;
}
TALLOC_CTX *tmp_ctx;
GROUP_MAP map;
- if (!init_group_mapping()) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
if (!get_group_map_from_sid(*alias, &map)) {
sid_to_string(string_sid, alias);
return NT_STATUS_NO_SUCH_ALIAS;
return (ret == LDB_SUCCESS ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED);
}
- NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
+static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
return modify_aliasmem(alias, member, LDB_FLAG_MOD_ADD);
}
- NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
+static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
return modify_aliasmem(alias, member, LDB_FLAG_MOD_DELETE);
}
/*
enumerate sids that have the given alias set in member
*/
- NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
+static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
{
const char *attrs[] = {
"member",
struct ldb_dn *dn;
struct ldb_message_element *el;
- if (!init_group_mapping()) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
*sids = NULL;
*num = 0;
int ret;
GROUP_MAP map;
- if (strncmp(key.dptr, GROUP_PREFIX,
+ if (strncmp((char *)key.dptr, GROUP_PREFIX,
MIN(key.dsize, strlen(GROUP_PREFIX))) != 0) {
return 0;
}
static int upgrade_alias_record(TDB_CONTEXT *tdb_ctx, TDB_DATA key,
TDB_DATA data, void *state)
{
- const char *p = data.dptr;
+ const char *p = (const char *)data.dptr;
fstring string_sid;
DOM_SID member;
- if (strncmp(key.dptr, MEMBEROF_PREFIX,
+ if (strncmp((char *)key.dptr, MEMBEROF_PREFIX,
MIN(key.dsize, strlen(MEMBEROF_PREFIX))) != 0) {
return 0;
}
if (tdb) tdb_close(tdb);
return False;
}
+
+
+
+static const struct mapping_backend ldb_backend = {
+ .add_mapping_entry = add_mapping_entry,
+ .get_group_map_from_sid = get_group_map_from_sid,
+ .get_group_map_from_gid = get_group_map_from_gid,
+ .get_group_map_from_ntname = get_group_map_from_ntname,
+ .group_map_remove = group_map_remove,
+ .enum_group_mapping = enum_group_mapping,
+ .one_alias_membership = one_alias_membership,
+ .add_aliasmem = add_aliasmem,
+ .del_aliasmem = del_aliasmem,
+ .enum_aliasmem = enum_aliasmem
+};
+
+/*
+ initialise the ldb mapping backend
+ */
+const struct mapping_backend *groupdb_ldb_init(void)
+{
+ if (!init_group_mapping()) {
+ DEBUG(0,("Failed to initialise ldb mapping backend\n"));
+ return NULL;
+ }
+
+ return &ldb_backend;
+}
static TDB_CONTEXT *tdb; /* used for driver files */
+static BOOL enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
+ size_t *p_num_entries, BOOL unix_only);
+static BOOL group_map_remove(const DOM_SID *sid);
+
/****************************************************************************
Open the group mapping tdb.
****************************************************************************/
- BOOL init_group_mapping(void)
+static BOOL init_group_mapping(void)
{
const char *vstring = "INFO/version";
int32 vers_id;
/****************************************************************************
****************************************************************************/
- BOOL add_mapping_entry(GROUP_MAP *map, int flag)
+static BOOL add_mapping_entry(GROUP_MAP *map, int flag)
{
TDB_DATA dbuf;
pstring key, buf;
fstring string_sid="";
int len;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
sid_to_string(string_sid, &map->sid);
len = tdb_pack((uint8 *)buf, sizeof(buf), "ddff",
Return the sid and the type of the unix group.
****************************************************************************/
- BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
+static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
{
TDB_DATA dbuf;
pstring key;
fstring string_sid;
int ret = 0;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
/* the key is the SID, retrieving is direct */
sid_to_string(string_sid, &sid);
Return the sid and the type of the unix group.
****************************************************************************/
- BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
+static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
{
TDB_DATA kbuf, dbuf, newkey;
fstring string_sid;
int ret;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
/* we need to enumerate the TDB to find the GID */
for (kbuf = tdb_firstkey(tdb);
Return the sid and the type of the unix group.
****************************************************************************/
- BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map)
+static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map)
{
TDB_DATA kbuf, dbuf, newkey;
fstring string_sid;
int ret;
- if(!init_group_mapping()) {
- DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n"));
- return(False);
- }
-
/* we need to enumerate the TDB to find the name */
for (kbuf = tdb_firstkey(tdb);
Remove a group mapping entry.
****************************************************************************/
-BOOL group_map_remove(const DOM_SID *sid)
+static BOOL group_map_remove(const DOM_SID *sid)
{
TDB_DATA dbuf;
pstring key;
fstring string_sid;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
/* the key is the SID, retrieving is direct */
sid_to_string(string_sid, sid);
Enumerate the group mapping.
****************************************************************************/
-BOOL enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
+static BOOL enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
size_t *p_num_entries, BOOL unix_only)
{
TDB_DATA kbuf, dbuf, newkey;
DOM_SID grpsid;
uint32 rid;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
*p_num_entries=0;
*pp_rmap=NULL;
/* This operation happens on session setup, so it should better be fast. We
* store a list of aliases a SID is member of hanging off MEMBEROF/SID. */
- NTSTATUS one_alias_membership(const DOM_SID *member,
+static NTSTATUS one_alias_membership(const DOM_SID *member,
DOM_SID **sids, size_t *num)
{
fstring key, string_sid;
TDB_DATA dbuf;
const char *p;
- if (!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
sid_to_string(string_sid, member);
slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid);
}
- NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
+static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
GROUP_MAP map;
TDB_DATA dbuf;
char *new_memberstring;
int result;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
if (!get_group_map_from_sid(*alias, &map))
return NT_STATUS_NO_SUCH_ALIAS;
return 0;
}
- NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
+static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
{
GROUP_MAP map;
struct aliasmem_closure closure;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
if (!get_group_map_from_sid(*alias, &map))
return NT_STATUS_NO_SUCH_ALIAS;
return NT_STATUS_OK;
}
- NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
+static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
NTSTATUS result;
DOM_SID *sids;
return result;
}
+
+static const struct mapping_backend tdb_backend = {
+ .add_mapping_entry = add_mapping_entry,
+ .get_group_map_from_sid = get_group_map_from_sid,
+ .get_group_map_from_gid = get_group_map_from_gid,
+ .get_group_map_from_ntname = get_group_map_from_ntname,
+ .group_map_remove = group_map_remove,
+ .enum_group_mapping = enum_group_mapping,
+ .one_alias_membership = one_alias_membership,
+ .add_aliasmem = add_aliasmem,
+ .del_aliasmem = del_aliasmem,
+ .enum_aliasmem = enum_aliasmem
+};
+
+/*
+ initialise the tdb mapping backend
+ */
+const struct mapping_backend *groupdb_tdb_init(void)
+{
+ if (!init_group_mapping()) {
+ DEBUG(0,("Failed to initialise tdb mapping backend\n"));
+ return NULL;
+ }
+
+ return &tdb_backend;
+}
printf("%s\n", sid_string_static(&(members[i])));
}
- SAFE_FREE(members);
+ TALLOC_FREE(members);
return 0;
}
sid_string_static(&members[i]));
}
}
+
+ TALLOC_FREE(members);
} else {
d_fprintf(stderr, "Can only list local group members so far.\n"
"%s is a %s\n", argv[0], sid_type_lookup(grouptype));
git.samba.org / jra / samba / .git / commitdiff