2 Unix SMB/CIFS implementation.
4 Copyright (C) Tim Potter 2000
5 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
6 Copyright (C) Simo Sorce 2003-2007
7 Copyright (C) Jeremy Allison 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #define DBGC_CLASS DBGC_IDMAP
32 * Pointer to the backend methods. Modules register themselves here via
36 struct idmap_backend {
38 struct idmap_methods *methods;
39 struct idmap_backend *prev, *next;
41 static struct idmap_backend *backends = NULL;
44 * Default idmap domain configured via "idmap backend".
46 static struct idmap_domain *default_idmap_domain;
49 * Passdb idmap domain, not configurable. winbind must always give passdb a
52 static struct idmap_domain *passdb_idmap_domain;
55 * List of specially configured idmap domains. This list is filled on demand
56 * in the winbind idmap child when the parent winbind figures out via the
57 * special range parameter or via the domain SID that a special "idmap config
58 * domain" configuration is present.
60 static struct idmap_domain **idmap_domains = NULL;
61 static int num_domains = 0;
63 static struct idmap_methods *get_methods(const char *name)
65 struct idmap_backend *b;
67 for (b = backends; b; b = b->next) {
68 if (strequal(b->name, name)) {
76 bool idmap_is_offline(void)
78 return ( lp_winbind_offline_logon() &&
79 get_global_winbindd_state_offline() );
82 bool idmap_is_online(void)
84 return !idmap_is_offline();
87 /**********************************************************************
88 Allow a module to register itself as a method.
89 **********************************************************************/
91 NTSTATUS smb_register_idmap(int version, const char *name,
92 struct idmap_methods *methods)
94 struct idmap_backend *entry;
96 if ((version != SMB_IDMAP_INTERFACE_VERSION)) {
97 DEBUG(0, ("Failed to register idmap module.\n"
98 "The module was compiled against "
99 "SMB_IDMAP_INTERFACE_VERSION %d,\n"
100 "current SMB_IDMAP_INTERFACE_VERSION is %d.\n"
101 "Please recompile against the current version "
103 version, SMB_IDMAP_INTERFACE_VERSION));
104 return NT_STATUS_OBJECT_TYPE_MISMATCH;
107 if (!name || !name[0] || !methods) {
108 DEBUG(0,("Called with NULL pointer or empty name!\n"));
109 return NT_STATUS_INVALID_PARAMETER;
112 for (entry = backends; entry != NULL; entry = entry->next) {
113 if (strequal(entry->name, name)) {
114 DEBUG(0,("Idmap module %s already registered!\n",
116 return NT_STATUS_OBJECT_NAME_COLLISION;
120 entry = talloc(NULL, struct idmap_backend);
122 DEBUG(0,("Out of memory!\n"));
124 return NT_STATUS_NO_MEMORY;
126 entry->name = talloc_strdup(entry, name);
127 if ( ! entry->name) {
128 DEBUG(0,("Out of memory!\n"));
130 return NT_STATUS_NO_MEMORY;
132 entry->methods = methods;
134 DLIST_ADD(backends, entry);
135 DEBUG(5, ("Successfully added idmap backend '%s'\n", name));
139 static int close_domain_destructor(struct idmap_domain *dom)
143 ret = dom->methods->close_fn(dom);
144 if (!NT_STATUS_IS_OK(ret)) {
145 DEBUG(3, ("Failed to close idmap domain [%s]!\n", dom->name));
151 static bool parse_idmap_module(TALLOC_CTX *mem_ctx, const char *param,
152 char **pmodulename, char **pargs)
157 if (strncmp(param, "idmap_", 6) == 0) {
159 DEBUG(1, ("idmap_init: idmap backend uses deprecated "
160 "'idmap_' prefix. Please replace 'idmap_%s' by "
161 "'%s'\n", param, param));
164 modulename = talloc_strdup(mem_ctx, param);
165 if (modulename == NULL) {
169 args = strchr(modulename, ':');
171 *pmodulename = modulename;
178 args = talloc_strdup(mem_ctx, args+1);
180 TALLOC_FREE(modulename);
184 *pmodulename = modulename;
190 * Initialize a domain structure
191 * @param[in] mem_ctx memory context for the result
192 * @param[in] domainname which domain is this for
193 * @param[in] modulename which backend module
194 * @param[in] params parameter to pass to the init function
195 * @result The initialized structure
197 static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
198 const char *domainname,
199 const char *modulename,
202 struct idmap_domain *result;
205 result = talloc_zero(mem_ctx, struct idmap_domain);
206 if (result == NULL) {
207 DEBUG(0, ("talloc failed\n"));
211 result->name = talloc_strdup(result, domainname);
212 if (result->name == NULL) {
213 DEBUG(0, ("talloc failed\n"));
217 result->methods = get_methods(modulename);
218 if (result->methods == NULL) {
219 DEBUG(3, ("idmap backend %s not found\n", modulename));
221 status = smb_probe_module("idmap", modulename);
222 if (!NT_STATUS_IS_OK(status)) {
223 DEBUG(3, ("Could not probe idmap module %s\n",
228 result->methods = get_methods(modulename);
230 if (result->methods == NULL) {
231 DEBUG(1, ("idmap backend %s not found\n", modulename));
235 status = result->methods->init(result, params);
236 if (!NT_STATUS_IS_OK(status)) {
237 DEBUG(1, ("idmap initialization returned %s\n",
242 talloc_set_destructor(result, close_domain_destructor);
252 * Initialize the default domain structure
253 * @param[in] mem_ctx memory context for the result
254 * @result The default domain structure
256 * This routine takes the module name from the "idmap backend" parameter,
257 * passing a possible parameter like ldap:ldap://ldap-url/ to the module.
260 static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx)
262 struct idmap_domain *result;
266 DEBUG(10, ("idmap_init_default_domain: calling static_init_idmap\n"));
270 if (!parse_idmap_module(talloc_tos(), lp_idmap_backend(), &modulename,
272 DEBUG(1, ("parse_idmap_module failed\n"));
276 DEBUG(3, ("idmap_init: using '%s' as remote backend\n", modulename));
278 result = idmap_init_domain(mem_ctx, "*", modulename, params);
279 if (result == NULL) {
283 TALLOC_FREE(modulename);
288 TALLOC_FREE(modulename);
295 * Initialize a named domain structure
296 * @param[in] mem_ctx memory context for the result
297 * @param[in] domname the domain name
298 * @result The default domain structure
300 * This routine looks at the "idmap config <domname>" parameters to figure out
304 static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
307 struct idmap_domain *result = NULL;
311 config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
313 if (config_option == NULL) {
314 DEBUG(0, ("talloc failed\n"));
318 backend = lp_parm_const_string(-1, config_option, "backend", NULL);
319 if (backend == NULL) {
320 DEBUG(1, ("no backend defined for %s\n", config_option));
324 result = idmap_init_domain(mem_ctx, domname, backend, NULL);
325 if (result == NULL) {
329 TALLOC_FREE(config_option);
333 TALLOC_FREE(config_option);
339 * Initialize the passdb domain structure
340 * @param[in] mem_ctx memory context for the result
341 * @result The default domain structure
343 * No config, passdb has its own configuration.
346 static struct idmap_domain *idmap_init_passdb_domain(TALLOC_CTX *mem_ctx)
348 if (passdb_idmap_domain != NULL) {
349 return passdb_idmap_domain;
352 passdb_idmap_domain = idmap_init_domain(NULL, get_global_sam_name(),
354 if (passdb_idmap_domain == NULL) {
355 DEBUG(1, ("Could not init passdb idmap domain\n"));
358 return passdb_idmap_domain;
362 * Find a domain struct according to a domain name
363 * @param[in] domname Domain name to get the config for
364 * @result The default domain structure that fits
366 * This is the central routine in the winbindd-idmap child to pick the correct
367 * domain for looking up IDs. If domname is NULL or empty, we use the default
368 * domain. If it contains something, we try to use idmap_init_named_domain()
369 * to fetch the correct backend.
371 * The choice about "domname" is being made by the winbind parent, look at the
372 * "have_idmap_config" of "struct winbindd_domain" which is set in
373 * add_trusted_domain.
376 static struct idmap_domain *idmap_find_domain(const char *domname)
378 struct idmap_domain *result;
381 DEBUG(10, ("idmap_find_domain called for domain '%s'\n",
382 domname?domname:"NULL"));
385 * Always init the default domain, we can't go without one
387 if (default_idmap_domain == NULL) {
388 default_idmap_domain = idmap_init_default_domain(NULL);
390 if (default_idmap_domain == NULL) {
394 if ((domname == NULL) || (domname[0] == '\0')) {
395 return default_idmap_domain;
398 for (i=0; i<num_domains; i++) {
399 if (strequal(idmap_domains[i]->name, domname)) {
400 return idmap_domains[i];
404 if (idmap_domains == NULL) {
406 * talloc context for all idmap domains
408 idmap_domains = TALLOC_ARRAY(NULL, struct idmap_domain *, 1);
411 if (idmap_domains == NULL) {
412 DEBUG(0, ("talloc failed\n"));
416 result = idmap_init_named_domain(idmap_domains, domname);
417 if (result == NULL) {
419 * Could not init that domain -- try the default one
421 return default_idmap_domain;
424 ADD_TO_ARRAY(idmap_domains, struct idmap_domain *, result,
425 &idmap_domains, &num_domains);
429 void idmap_close(void)
431 TALLOC_FREE(default_idmap_domain);
432 TALLOC_FREE(passdb_idmap_domain);
433 TALLOC_FREE(idmap_domains);
437 /**************************************************************************
438 idmap allocator interface functions
439 **************************************************************************/
441 static NTSTATUS idmap_allocate_unixid(struct unixid *id)
443 struct idmap_domain *dom;
444 struct id_map *maps[2];
447 dom = idmap_find_domain(NULL);
450 return NT_STATUS_UNSUCCESSFUL;
454 map.status = ID_UNKNOWN;
460 return dom->methods->sids_to_unixids(dom, maps);
464 NTSTATUS idmap_allocate_uid(struct unixid *id)
466 id->type = ID_TYPE_UID;
467 return idmap_allocate_unixid(id);
470 NTSTATUS idmap_allocate_gid(struct unixid *id)
472 id->type = ID_TYPE_GID;
473 return idmap_allocate_unixid(id);
476 NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
478 struct idmap_domain *dom;
479 struct id_map *maps[2];
481 DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d "
483 domname?domname:"NULL", id->xid.id, id->xid.type));
489 * Always give passdb a chance first
492 dom = idmap_init_passdb_domain(NULL);
494 && NT_STATUS_IS_OK(dom->methods->unixids_to_sids(dom, maps))
495 && id->status == ID_MAPPED) {
499 dom = idmap_find_domain(domname);
501 return NT_STATUS_NONE_MAPPED;
504 return dom->methods->unixids_to_sids(dom, maps);
507 NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id)
509 struct idmap_domain *dom;
510 struct id_map *maps[2];
512 DEBUG(10, ("idmap_backends_sid_to_unixid: domain = '%s', sid = [%s]\n",
513 domain?domain:"NULL", sid_string_dbg(id->sid)));
518 if (sid_check_is_in_builtin(id->sid)
519 || (sid_check_is_in_our_domain(id->sid))) {
521 dom = idmap_init_passdb_domain(NULL);
523 return NT_STATUS_NONE_MAPPED;
525 return dom->methods->sids_to_unixids(dom, maps);
528 dom = idmap_find_domain(domain);
530 return NT_STATUS_NONE_MAPPED;
533 return dom->methods->sids_to_unixids(dom, maps);