2 * idmap_autorid_tdb: This file contains common code used by
3 * idmap_autorid and net idmap autorid utilities. The common
4 * code provides functions for performing various operations
7 * Copyright (C) Christian Ambach, 2010-2012
8 * Copyright (C) Atul Kulkarni, 2013
9 * Copyright (C) Michael Adam, 2012-2013
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #include "idmap_autorid.h"
27 #include "../libcli/security/dom_sid.h"
30 * Build the database keystring for getting a range
31 * belonging to a domain sid and a range index.
33 static void idmap_autorid_build_keystr(const char *domsid,
34 uint32_t domain_range_index,
37 if (domain_range_index > 0) {
38 snprintf(keystr, FSTRING_LEN, "%s#%"PRIu32,
39 domsid, domain_range_index);
41 fstrcpy(keystr, domsid);
45 static bool idmap_autorid_validate_sid(const char *sid)
47 struct dom_sid ignore;
52 if (strcmp(sid, ALLOC_RANGE) == 0) {
56 return dom_sid_parse(sid, &ignore);
59 struct idmap_autorid_addrange_ctx {
60 struct autorid_range_config *range;
64 static NTSTATUS idmap_autorid_addrange_action(struct db_context *db,
67 struct idmap_autorid_addrange_ctx *ctx;
68 uint32_t requested_rangenum, stored_rangenum;
69 struct autorid_range_config *range;
74 struct autorid_global_config *globalcfg;
78 ctx = (struct idmap_autorid_addrange_ctx *)private_data;
80 acquire = ctx->acquire;
81 requested_rangenum = range->rangenum;
84 DEBUG(3, ("Invalid database argument: NULL"));
85 return NT_STATUS_INVALID_PARAMETER;
89 DEBUG(3, ("Invalid range argument: NULL"));
90 return NT_STATUS_INVALID_PARAMETER;
93 DEBUG(10, ("Adding new range for domain %s "
94 "(domain_range_index=%"PRIu32")\n",
95 range->domsid, range->domain_range_index));
97 if (!idmap_autorid_validate_sid(range->domsid)) {
98 DEBUG(3, ("Invalid SID: %s\n", range->domsid));
99 return NT_STATUS_INVALID_PARAMETER;
102 idmap_autorid_build_keystr(range->domsid, range->domain_range_index,
105 ret = dbwrap_fetch_uint32_bystring(db, keystr, &stored_rangenum);
107 if (NT_STATUS_IS_OK(ret)) {
108 /* entry is already present*/
110 DEBUG(10, ("domain range already allocated - "
115 if (stored_rangenum != requested_rangenum) {
116 DEBUG(1, ("Error: requested rangenumber (%u) differs "
117 "from stored one (%u).\n",
118 requested_rangenum, stored_rangenum));
119 return NT_STATUS_UNSUCCESSFUL;
122 DEBUG(10, ("Note: stored range agrees with requested "
127 /* fetch the current HWM */
128 ret = dbwrap_fetch_uint32_bystring(db, HWM, &hwm);
129 if (!NT_STATUS_IS_OK(ret)) {
130 DEBUG(1, ("Fatal error while fetching current "
131 "HWM value: %s\n", nt_errstr(ret)));
132 ret = NT_STATUS_INTERNAL_ERROR;
136 ret = idmap_autorid_loadconfig(db, talloc_tos(), &globalcfg);
137 if (!NT_STATUS_IS_OK(ret)) {
138 DEBUG(1, ("Fatal error while fetching configuration: %s\n",
145 * automatically acquire the next range
147 requested_rangenum = hwm;
150 * set a specified range
153 if (requested_rangenum < hwm) {
154 DEBUG(3, ("Invalid range %u requested: Range may not "
155 "be smaller than %u (current HWM)\n",
156 requested_rangenum, hwm));
157 ret = NT_STATUS_INVALID_PARAMETER;
162 if (requested_rangenum >= globalcfg->maxranges) {
163 DEBUG(1, ("Not enough ranges available: New range %u must be "
164 "smaller than configured maximum number of ranges "
166 requested_rangenum, globalcfg->maxranges));
167 ret = NT_STATUS_NO_MEMORY;
170 TALLOC_FREE(globalcfg);
172 /* HWM always contains current max range + 1 */
173 increment = requested_rangenum + 1 - hwm;
175 /* increase the HWM */
176 ret = dbwrap_change_uint32_atomic_bystring(db, HWM, &hwm, increment);
177 if (!NT_STATUS_IS_OK(ret)) {
178 DEBUG(1, ("Fatal error while incrementing the HWM value "
179 "in the database: %s\n", nt_errstr(ret)));
183 /* store away the new mapping in both directions */
184 ret = dbwrap_store_uint32_bystring(db, keystr, requested_rangenum);
185 if (!NT_STATUS_IS_OK(ret)) {
186 DEBUG(1, ("Fatal error while storing new "
187 "domain->range assignment: %s\n", nt_errstr(ret)));
191 numstr = talloc_asprintf(talloc_tos(), "%u", requested_rangenum);
193 ret = NT_STATUS_NO_MEMORY;
197 ret = dbwrap_store_bystring(db, numstr,
198 string_term_tdb_data(keystr), TDB_INSERT);
201 if (!NT_STATUS_IS_OK(ret)) {
202 DEBUG(1, ("Fatal error while storing new "
203 "domain->range assignment: %s\n", nt_errstr(ret)));
206 DEBUG(5, ("Acquired new range #%d for domain %s "
207 "(domain_range_index=%"PRIu32")\n", requested_rangenum, keystr,
208 range->domain_range_index));
210 range->rangenum = requested_rangenum;
212 range->low_id = globalcfg->minvalue
213 + range->rangenum * globalcfg->rangesize;
221 static NTSTATUS idmap_autorid_addrange(struct db_context *db,
222 struct autorid_range_config *range,
226 struct idmap_autorid_addrange_ctx ctx;
228 ctx.acquire = acquire;
231 status = dbwrap_trans_do(db, idmap_autorid_addrange_action, &ctx);
235 NTSTATUS idmap_autorid_setrange(struct db_context *db,
237 uint32_t domain_range_index,
241 struct autorid_range_config range;
244 fstrcpy(range.domsid, domsid);
245 range.domain_range_index = domain_range_index;
246 range.rangenum = rangenum;
248 status = idmap_autorid_addrange(db, &range, false);
252 static NTSTATUS idmap_autorid_acquire_range(struct db_context *db,
253 struct autorid_range_config *range)
255 return idmap_autorid_addrange(db, range, true);
258 static NTSTATUS idmap_autorid_getrange_int(struct db_context *db,
259 struct autorid_range_config *range)
261 NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
262 struct autorid_global_config *globalcfg = NULL;
265 if (db == NULL || range == NULL) {
266 DEBUG(3, ("Invalid arguments received\n"));
270 idmap_autorid_build_keystr(range->domsid, range->domain_range_index,
273 DEBUG(10, ("reading domain range for key %s\n", keystr));
274 status = dbwrap_fetch_uint32_bystring(db, keystr, &(range->rangenum));
275 if (!NT_STATUS_IS_OK(status)) {
276 DEBUG(1, ("Failed to read database for key '%s': %s\n",
277 keystr, nt_errstr(status)));
281 status = idmap_autorid_loadconfig(db, talloc_tos(), &globalcfg);
282 if (!NT_STATUS_IS_OK(status)) {
283 DEBUG(1, ("Failed to read global configuration"));
286 range->low_id = globalcfg->minvalue
287 + range->rangenum * globalcfg->rangesize;
289 talloc_free(globalcfg);
294 NTSTATUS idmap_autorid_getrange(struct db_context *db,
296 uint32_t domain_range_index,
301 struct autorid_range_config range;
303 if (rangenum == NULL) {
304 return NT_STATUS_INVALID_PARAMETER;
308 fstrcpy(range.domsid, domsid);
309 range.domain_range_index = domain_range_index;
311 status = idmap_autorid_getrange_int(db, &range);
312 if (!NT_STATUS_IS_OK(status)) {
316 *rangenum = range.rangenum;
318 if (low_id != NULL) {
319 *low_id = range.low_id;
325 NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
326 struct autorid_range_config *range,
331 ret = idmap_autorid_getrange_int(db, range);
332 if (!NT_STATUS_IS_OK(ret)) {
334 return NT_STATUS_NOT_FOUND;
337 ret = idmap_autorid_acquire_range(db, range);
340 DEBUG(10, ("Using range #%d for domain %s "
341 "(domain_range_index=%"PRIu32", low_id=%"PRIu32")\n",
342 range->rangenum, range->domsid, range->domain_range_index,
348 /* initialize the given HWM to 0 if it does not exist yet */
349 NTSTATUS idmap_autorid_init_hwm(struct db_context *db, const char *hwm)
354 status = dbwrap_fetch_uint32_bystring(db, hwm, &hwmval);
355 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
356 status = dbwrap_trans_store_int32_bystring(db, hwm, 0);
357 if (!NT_STATUS_IS_OK(status)) {
359 ("Unable to initialise HWM (%s) in autorid "
360 "database: %s\n", hwm, nt_errstr(status)));
361 return NT_STATUS_INTERNAL_DB_ERROR;
363 } else if (!NT_STATUS_IS_OK(status)) {
364 DEBUG(0, ("unable to fetch HWM (%s) from autorid "
365 "database: %s\n", hwm, nt_errstr(status)));
373 * open and initialize the database which stores the ranges for the domains
375 NTSTATUS idmap_autorid_db_init(const char *path,
377 struct db_context **db)
382 /* its already open */
386 /* Open idmap repository */
387 *db = db_open(mem_ctx, path, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0644,
388 DBWRAP_LOCK_ORDER_1);
391 DEBUG(0, ("Unable to open idmap_autorid database '%s'\n", path));
392 return NT_STATUS_UNSUCCESSFUL;
395 /* Initialize high water mark for the currently used range to 0 */
397 status = idmap_autorid_init_hwm(*db, HWM);
398 NT_STATUS_NOT_OK_RETURN(status);
400 status = idmap_autorid_init_hwm(*db, ALLOC_HWM_UID);
401 NT_STATUS_NOT_OK_RETURN(status);
403 status = idmap_autorid_init_hwm(*db, ALLOC_HWM_GID);
408 struct idmap_autorid_fetch_config_state {
414 static void idmap_autorid_config_parser(TDB_DATA key, TDB_DATA value,
417 struct idmap_autorid_fetch_config_state *state;
419 state = (struct idmap_autorid_fetch_config_state *)private_data;
421 state->configstr = talloc_zero_array(state->mem_ctx, char, value.dsize+1);
422 if (state->configstr == NULL) {
423 state->status = NT_STATUS_NO_MEMORY;
427 memcpy(state->configstr, value.dptr, value.dsize);
428 state->status = NT_STATUS_OK;
431 NTSTATUS idmap_autorid_getconfigstr(struct db_context *db, TALLOC_CTX *mem_ctx,
436 struct idmap_autorid_fetch_config_state state;
438 if (result == NULL) {
439 return NT_STATUS_INVALID_PARAMETER;
442 key = string_term_tdb_data(CONFIGKEY);
444 if (!dbwrap_exists(db, key)) {
445 DEBUG(1, ("Error: CONFIG entry does not exist\n"));
446 return NT_STATUS_NOT_FOUND;
449 state.mem_ctx = mem_ctx;
450 state.configstr = NULL;
451 state.status = NT_STATUS_OK;
453 status = dbwrap_parse_record(db, key, idmap_autorid_config_parser,
455 if (!NT_STATUS_IS_OK(status)) {
456 DEBUG(1, ("Error while retrieving config: %s\n",
461 if (!NT_STATUS_IS_OK(state.status)) {
462 DEBUG(1, ("Error while retrieving config: %s\n",
463 nt_errstr(state.status)));
467 DEBUG(5, ("found CONFIG: %s\n", state.configstr));
469 *result = state.configstr;
473 bool idmap_autorid_parse_configstr(const char *configstr,
474 struct autorid_global_config *cfg)
476 const char *confnames[] = { [0] = "minvalue",
479 char *str1, *saveptr1;
480 const char *delim = " ";
481 const char *subdelim = ":";
485 if (cfg == NULL || configstr == NULL) {
489 if (strlen(configstr) < 34) {
490 DEBUG(0, ("less than expected length for config: '%s'\n",
495 DEBUG(5, ("config for parsing: %s\n", configstr));
497 for (j = 0, str1 = discard_const_p(char, configstr); ; j++, str1 = NULL)
500 char *token, *str2, *saveptr2;
502 token = strtok_r(str1, delim, &saveptr1);
507 if (strncmp(token, confnames[j], strlen(confnames[j]))) {
508 DEBUG(0, ("expected %s but received '%s'\n",
509 confnames[j], token));
513 for (k=0, str2 = token; ; k++, str2 = NULL) {
517 pp = strtok_r(str2, subdelim, &saveptr2);
523 DEBUG(0, ("more than expected tokens in %s\n",
528 vp = strtok_r(NULL, subdelim, &saveptr2);
530 DEBUG(0, ("error while looking"
531 " for a value of %s\n", pp));
536 DEBUG(0, ("value specified for '%s' "
537 "can't be negative\n", confnames[j]));
543 cfg->minvalue = strtoul(vp, &e, 10);
546 cfg->rangesize = strtoul(vp, &e, 10);
549 cfg->maxranges = strtoul(vp, &e, 10);
553 if (errno == ERANGE || vp == e || (e && *e != '\0')) {
554 DEBUG(0, ("invalid value specified for '%s'\n",
561 if (cfg->rangesize == 0 || cfg->maxranges == 0) {
562 DEBUG(0, ("%s and %s both must be greater than 0\n",
563 confnames[1], confnames[2]));
573 NTSTATUS idmap_autorid_loadconfig(struct db_context *db,
575 struct autorid_global_config **result)
577 struct autorid_global_config *cfg;
580 char *configstr = NULL;
582 if (result == NULL) {
583 return NT_STATUS_INVALID_PARAMETER;
586 status = idmap_autorid_getconfigstr(db, mem_ctx, &configstr);
587 if (!NT_STATUS_IS_OK(status)) {
591 cfg = talloc_zero(mem_ctx, struct autorid_global_config);
593 return NT_STATUS_NO_MEMORY;
596 ok = idmap_autorid_parse_configstr(configstr, cfg);
599 return NT_STATUS_INVALID_PARAMETER;
602 DEBUG(10, ("Loaded previously stored configuration "
603 "minvalue:%d rangesize:%d\n",
604 cfg->minvalue, cfg->rangesize));
611 NTSTATUS idmap_autorid_saveconfig(struct db_context *db,
612 struct autorid_global_config *cfg)
615 struct autorid_global_config *storedconfig = NULL;
616 NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
620 TALLOC_CTX *frame = talloc_stackframe();
622 if (db == NULL || cfg == NULL) {
626 DEBUG(10, ("New configuration provided for storing is "
627 "minvalue:%d rangesize:%d maxranges:%d\n",
628 cfg->minvalue, cfg->rangesize, cfg->maxranges));
630 if (cfg->rangesize < 2000) {
631 DEBUG(1, ("autorid rangesize must be at least 2000\n"));
635 if (cfg->maxranges == 0) {
636 DEBUG(1, ("An autorid maxranges value of 0 is invalid. "
637 "Must have at least one range available.\n"));
641 status = idmap_autorid_loadconfig(db, frame, &storedconfig);
642 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
643 DEBUG(5, ("No configuration found. Storing initial "
644 "configuration.\n"));
645 } else if (!NT_STATUS_IS_OK(status)) {
649 /* did the minimum value or rangesize change? */
651 ((storedconfig->minvalue != cfg->minvalue) ||
652 (storedconfig->rangesize != cfg->rangesize)))
654 DEBUG(1, ("New configuration values for rangesize or "
655 "minimum uid value conflict with previously "
656 "used values! Not storing new config.\n"));
657 status = NT_STATUS_INVALID_PARAMETER;
661 status = dbwrap_fetch_uint32_bystring(db, HWM, &hwm);
662 if (!NT_STATUS_IS_OK(status)) {
663 DEBUG(1, ("Fatal error while fetching current "
664 "HWM value: %s\n", nt_errstr(status)));
665 status = NT_STATUS_INTERNAL_ERROR;
670 * has the highest uid value been reduced to setting that is not
671 * sufficient any more for already existing ranges?
673 if (hwm > cfg->maxranges) {
674 DEBUG(1, ("New upper uid limit is too low to cover "
675 "existing mappings! Not storing new config."));
676 status = NT_STATUS_INVALID_PARAMETER;
681 talloc_asprintf(frame,
682 "minvalue:%u rangesize:%u maxranges:%u",
683 cfg->minvalue, cfg->rangesize, cfg->maxranges);
685 if (cfgstr == NULL) {
686 status = NT_STATUS_NO_MEMORY;
690 data = string_tdb_data(cfgstr);
692 status = dbwrap_trans_store_bystring(db, CONFIGKEY, data, TDB_REPLACE);
699 NTSTATUS idmap_autorid_saveconfigstr(struct db_context *db,
700 const char *configstr)
704 struct autorid_global_config cfg;
706 ok = idmap_autorid_parse_configstr(configstr, &cfg);
708 return NT_STATUS_INVALID_PARAMETER;
711 status = idmap_autorid_saveconfig(db, &cfg);
git.samba.org / obnox / samba / samba-obnox.git / blob