2 * idmap_autorid_tdb: This file contains common code used by
3 * idmap_autorid and net idmap autorid utilities. The common
4 * code provides functions for performing various operations
7 * Copyright (C) Christian Ambach, 2010-2012
8 * Copyright (C) Atul Kulkarni, 2013
9 * Copyright (C) Michael Adam, 2012-2013
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #include "idmap_autorid_tdb.h"
27 #include "../libcli/security/dom_sid.h"
30 * Build the database keystring for getting a range
31 * belonging to a domain sid and a range index.
33 static void idmap_autorid_build_keystr(const char *domsid,
34 uint32_t domain_range_index,
37 if (domain_range_index > 0) {
38 fstr_sprintf(keystr, "%s#%"PRIu32,
39 domsid, domain_range_index);
41 fstrcpy(keystr, domsid);
45 static char *idmap_autorid_build_keystr_talloc(TALLOC_CTX *mem_ctx,
47 uint32_t domain_range_index)
51 if (domain_range_index > 0) {
52 keystr = talloc_asprintf(mem_ctx, "%s#%"PRIu32, domsid,
55 keystr = talloc_strdup(mem_ctx, domsid);
62 static bool idmap_autorid_validate_sid(const char *sid)
64 struct dom_sid ignore;
69 if (strcmp(sid, ALLOC_RANGE) == 0) {
73 return dom_sid_parse(sid, &ignore);
76 struct idmap_autorid_addrange_ctx {
77 struct autorid_range_config *range;
81 static NTSTATUS idmap_autorid_addrange_action(struct db_context *db,
84 struct idmap_autorid_addrange_ctx *ctx;
85 uint32_t requested_rangenum, stored_rangenum;
86 struct autorid_range_config *range;
91 struct autorid_global_config *globalcfg;
94 TALLOC_CTX *mem_ctx = NULL;
96 ctx = (struct idmap_autorid_addrange_ctx *)private_data;
98 acquire = ctx->acquire;
99 requested_rangenum = range->rangenum;
102 DEBUG(3, ("Invalid database argument: NULL"));
103 return NT_STATUS_INVALID_PARAMETER;
107 DEBUG(3, ("Invalid range argument: NULL"));
108 return NT_STATUS_INVALID_PARAMETER;
111 DEBUG(10, ("Adding new range for domain %s "
112 "(domain_range_index=%"PRIu32")\n",
113 range->domsid, range->domain_range_index));
115 if (!idmap_autorid_validate_sid(range->domsid)) {
116 DEBUG(3, ("Invalid SID: %s\n", range->domsid));
117 return NT_STATUS_INVALID_PARAMETER;
120 idmap_autorid_build_keystr(range->domsid, range->domain_range_index,
123 ret = dbwrap_fetch_uint32_bystring(db, keystr, &stored_rangenum);
125 if (NT_STATUS_IS_OK(ret)) {
126 /* entry is already present*/
128 DEBUG(10, ("domain range already allocated - "
133 if (stored_rangenum != requested_rangenum) {
134 DEBUG(1, ("Error: requested rangenumber (%u) differs "
135 "from stored one (%u).\n",
136 requested_rangenum, stored_rangenum));
137 return NT_STATUS_UNSUCCESSFUL;
140 DEBUG(10, ("Note: stored range agrees with requested "
145 /* fetch the current HWM */
146 ret = dbwrap_fetch_uint32_bystring(db, HWM, &hwm);
147 if (!NT_STATUS_IS_OK(ret)) {
148 DEBUG(1, ("Fatal error while fetching current "
149 "HWM value: %s\n", nt_errstr(ret)));
150 return NT_STATUS_INTERNAL_ERROR;
153 mem_ctx = talloc_stackframe();
155 ret = idmap_autorid_loadconfig(db, mem_ctx, &globalcfg);
156 if (!NT_STATUS_IS_OK(ret)) {
157 DEBUG(1, ("Fatal error while fetching configuration: %s\n",
164 * automatically acquire the next range
166 requested_rangenum = hwm;
169 if (requested_rangenum >= globalcfg->maxranges) {
170 DEBUG(1, ("Not enough ranges available: New range %u must be "
171 "smaller than configured maximum number of ranges "
173 requested_rangenum, globalcfg->maxranges));
174 ret = NT_STATUS_NO_MEMORY;
179 * Check that it is not yet taken.
180 * If the range is requested and < HWM, we need
181 * to check anyways, and otherwise, we also better
182 * check in order to prevent further corruption
183 * in case the db has been externally modified.
186 numstr = talloc_asprintf(mem_ctx, "%u", requested_rangenum);
188 DEBUG(1, ("Talloc failed!\n"));
189 ret = NT_STATUS_NO_MEMORY;
193 if (dbwrap_exists(db, string_term_tdb_data(numstr))) {
194 DEBUG(1, ("Requested range '%s' is already in use.\n", numstr));
196 if (requested_rangenum < hwm) {
197 ret = NT_STATUS_INVALID_PARAMETER;
199 ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
205 if (requested_rangenum >= hwm) {
207 * requested or automatic range >= HWM:
211 /* HWM always contains current max range + 1 */
212 increment = requested_rangenum + 1 - hwm;
214 /* increase the HWM */
215 ret = dbwrap_change_uint32_atomic_bystring(db, HWM, &hwm,
217 if (!NT_STATUS_IS_OK(ret)) {
218 DEBUG(1, ("Fatal error while incrementing the HWM "
219 "value in the database: %s\n",
226 * store away the new mapping in both directions
229 ret = dbwrap_store_uint32_bystring(db, keystr, requested_rangenum);
230 if (!NT_STATUS_IS_OK(ret)) {
231 DEBUG(1, ("Fatal error while storing new "
232 "domain->range assignment: %s\n", nt_errstr(ret)));
236 numstr = talloc_asprintf(mem_ctx, "%u", requested_rangenum);
238 ret = NT_STATUS_NO_MEMORY;
242 ret = dbwrap_store_bystring(db, numstr,
243 string_term_tdb_data(keystr), TDB_INSERT);
245 if (!NT_STATUS_IS_OK(ret)) {
246 DEBUG(1, ("Fatal error while storing new "
247 "domain->range assignment: %s\n", nt_errstr(ret)));
251 DEBUG(5, ("%s new range #%d for domain %s "
252 "(domain_range_index=%"PRIu32")\n",
253 (acquire?"Acquired":"Stored"),
254 requested_rangenum, keystr,
255 range->domain_range_index));
257 range->rangenum = requested_rangenum;
259 range->low_id = globalcfg->minvalue
260 + range->rangenum * globalcfg->rangesize;
265 talloc_free(mem_ctx);
269 static NTSTATUS idmap_autorid_addrange(struct db_context *db,
270 struct autorid_range_config *range,
274 struct idmap_autorid_addrange_ctx ctx;
276 ctx.acquire = acquire;
279 status = dbwrap_trans_do(db, idmap_autorid_addrange_action, &ctx);
283 NTSTATUS idmap_autorid_setrange(struct db_context *db,
285 uint32_t domain_range_index,
289 struct autorid_range_config range;
292 fstrcpy(range.domsid, domsid);
293 range.domain_range_index = domain_range_index;
294 range.rangenum = rangenum;
296 status = idmap_autorid_addrange(db, &range, false);
300 static NTSTATUS idmap_autorid_acquire_range(struct db_context *db,
301 struct autorid_range_config *range)
303 return idmap_autorid_addrange(db, range, true);
306 static NTSTATUS idmap_autorid_getrange_int(struct db_context *db,
307 struct autorid_range_config *range)
309 NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
310 struct autorid_global_config *globalcfg = NULL;
313 if (db == NULL || range == NULL) {
314 DEBUG(3, ("Invalid arguments received\n"));
318 if (!idmap_autorid_validate_sid(range->domsid)) {
319 DEBUG(3, ("Invalid SID: '%s'\n", range->domsid));
320 status = NT_STATUS_INVALID_PARAMETER;
324 idmap_autorid_build_keystr(range->domsid, range->domain_range_index,
327 DEBUG(10, ("reading domain range for key %s\n", keystr));
328 status = dbwrap_fetch_uint32_bystring(db, keystr, &(range->rangenum));
329 if (!NT_STATUS_IS_OK(status)) {
330 DEBUG(1, ("Failed to read database record for key '%s': %s\n",
331 keystr, nt_errstr(status)));
335 status = idmap_autorid_loadconfig(db, talloc_tos(), &globalcfg);
336 if (!NT_STATUS_IS_OK(status)) {
337 DEBUG(1, ("Failed to read global configuration"));
340 range->low_id = globalcfg->minvalue
341 + range->rangenum * globalcfg->rangesize;
343 TALLOC_FREE(globalcfg);
348 NTSTATUS idmap_autorid_getrange(struct db_context *db,
350 uint32_t domain_range_index,
355 struct autorid_range_config range;
357 if (rangenum == NULL) {
358 return NT_STATUS_INVALID_PARAMETER;
362 fstrcpy(range.domsid, domsid);
363 range.domain_range_index = domain_range_index;
365 status = idmap_autorid_getrange_int(db, &range);
366 if (!NT_STATUS_IS_OK(status)) {
370 *rangenum = range.rangenum;
372 if (low_id != NULL) {
373 *low_id = range.low_id;
379 NTSTATUS idmap_autorid_get_domainrange(struct db_context *db,
380 struct autorid_range_config *range,
385 ret = idmap_autorid_getrange_int(db, range);
386 if (!NT_STATUS_IS_OK(ret)) {
387 DEBUG(10, ("Failed to read range config for '%s': %s\n",
388 range->domsid, nt_errstr(ret)));
390 DEBUG(10, ("Not allocating new range for '%s' because "
391 "read-only is enabled.\n", range->domsid));
392 return NT_STATUS_NOT_FOUND;
395 ret = idmap_autorid_acquire_range(db, range);
398 DEBUG(10, ("Using range #%d for domain %s "
399 "(domain_range_index=%"PRIu32", low_id=%"PRIu32")\n",
400 range->rangenum, range->domsid, range->domain_range_index,
406 /* initialize the given HWM to 0 if it does not exist yet */
407 static NTSTATUS idmap_autorid_init_hwm_action(struct db_context *db,
414 hwm = (char *)private_data;
416 status = dbwrap_fetch_uint32_bystring(db, hwm, &hwmval);
417 if (NT_STATUS_IS_OK(status)) {
418 DEBUG(1, ("HWM (%s) already initialized in autorid database "
419 "(value %"PRIu32").\n", hwm, hwmval));
422 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
423 DEBUG(0, ("Error fetching HWM (%s) from autorid "
424 "database: %s\n", hwm, nt_errstr(status)));
428 status = dbwrap_trans_store_uint32_bystring(db, hwm, 0);
429 if (!NT_STATUS_IS_OK(status)) {
430 DEBUG(0, ("Error storing HWM (%s) in autorid database: %s\n",
431 hwm, nt_errstr(status)));
438 NTSTATUS idmap_autorid_init_hwm(struct db_context *db, const char *hwm)
443 status = dbwrap_fetch_uint32_bystring(db, hwm, &hwmval);
444 if (NT_STATUS_IS_OK(status)) {
445 DEBUG(1, ("HWM (%s) already initialized in autorid database "
446 "(value %"PRIu32").\n", hwm, hwmval));
449 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
450 DEBUG(0, ("unable to fetch HWM (%s) from autorid "
451 "database: %s\n", hwm, nt_errstr(status)));
455 status = dbwrap_trans_do(db, idmap_autorid_init_hwm_action,
457 if (!NT_STATUS_IS_OK(status)) {
458 DEBUG(0, ("Error initializing HWM (%s) in autorid database: "
459 "%s\n", hwm, nt_errstr(status)));
460 return NT_STATUS_INTERNAL_DB_ERROR;
463 DEBUG(1, ("Initialized HWM (%s) in autorid database.\n", hwm));
469 * Delete a domain#index <-> range mapping from the database.
470 * The mapping is specified by the sid and index.
471 * If force == true, invalid mapping records are deleted as far
472 * as possible, otherwise they are left untouched.
475 struct idmap_autorid_delete_range_by_sid_ctx {
477 uint32_t domain_range_index;
481 static NTSTATUS idmap_autorid_delete_range_by_sid_action(struct db_context *db,
484 struct idmap_autorid_delete_range_by_sid_ctx *ctx =
485 (struct idmap_autorid_delete_range_by_sid_ctx *)private_data;
487 uint32_t domain_range_index;
493 TALLOC_CTX *frame = talloc_stackframe();
494 bool is_valid_range_mapping = true;
497 domsid = ctx->domsid;
498 domain_range_index = ctx->domain_range_index;
501 keystr = idmap_autorid_build_keystr_talloc(frame, domsid,
503 if (keystr == NULL) {
504 status = NT_STATUS_NO_MEMORY;
508 status = dbwrap_fetch_uint32_bystring(db, keystr, &rangenum);
509 if (!NT_STATUS_IS_OK(status)) {
513 range_keystr = talloc_asprintf(frame, "%"PRIu32, rangenum);
514 if (range_keystr == NULL) {
515 status = NT_STATUS_NO_MEMORY;
519 status = dbwrap_fetch_bystring(db, frame, range_keystr, &data);
520 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
521 DEBUG(1, ("Incomplete mapping %s -> %s: no backward mapping\n",
522 keystr, range_keystr));
523 is_valid_range_mapping = false;
524 } else if (!NT_STATUS_IS_OK(status)) {
525 DEBUG(1, ("Error fetching reverse mapping for %s -> %s: %s\n",
526 keystr, range_keystr, nt_errstr(status)));
528 } else if (strncmp((const char *)data.dptr, keystr, strlen(keystr))
531 DEBUG(1, ("Invalid mapping: %s -> %s -> %s\n",
532 keystr, range_keystr, (const char *)data.dptr));
533 is_valid_range_mapping = false;
536 if (!is_valid_range_mapping && !force) {
537 DEBUG(10, ("Not deleting invalid mapping, since not in force "
539 status = NT_STATUS_FILE_INVALID;
543 status = dbwrap_delete_bystring(db, keystr);
544 if (!NT_STATUS_IS_OK(status)) {
545 DEBUG(1, ("Deletion of '%s' failed: %s\n",
546 keystr, nt_errstr(status)));
550 if (!is_valid_range_mapping) {
554 status = dbwrap_delete_bystring(db, range_keystr);
555 if (!NT_STATUS_IS_OK(status)) {
556 DEBUG(1, ("Deletion of '%s' failed: %s\n",
557 range_keystr, nt_errstr(status)));
561 DEBUG(10, ("Deleted range mapping %s <--> %s\n", keystr,
569 NTSTATUS idmap_autorid_delete_range_by_sid(struct db_context *db,
571 uint32_t domain_range_index,
575 struct idmap_autorid_delete_range_by_sid_ctx ctx;
577 ctx.domain_range_index = domain_range_index;
581 status = dbwrap_trans_do(db, idmap_autorid_delete_range_by_sid_action,
587 * Delete a domain#index <-> range mapping from the database.
588 * The mapping is specified by the range number.
589 * If force == true, invalid mapping records are deleted as far
590 * as possible, otherwise they are left untouched.
592 struct idmap_autorid_delete_range_by_num_ctx {
597 static NTSTATUS idmap_autorid_delete_range_by_num_action(struct db_context *db,
600 struct idmap_autorid_delete_range_by_num_ctx *ctx =
601 (struct idmap_autorid_delete_range_by_num_ctx *)private_data;
607 TALLOC_CTX *frame = talloc_stackframe();
608 bool is_valid_range_mapping = true;
611 rangenum = ctx->rangenum;
614 range_keystr = talloc_asprintf(frame, "%"PRIu32, rangenum);
615 if (range_keystr == NULL) {
616 status = NT_STATUS_NO_MEMORY;
622 status = dbwrap_fetch_bystring(db, frame, range_keystr, &val);
623 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
624 DEBUG(10, ("Did not find range '%s' in database.\n",
627 } else if (!NT_STATUS_IS_OK(status)) {
628 DEBUG(5, ("Error fetching rang key: %s\n", nt_errstr(status)));
632 if (val.dptr == NULL) {
633 DEBUG(1, ("Invalid mapping: %s -> empty value\n",
635 is_valid_range_mapping = false;
637 uint32_t reverse_rangenum = 0;
639 keystr = (char *)val.dptr;
641 status = dbwrap_fetch_uint32_bystring(db, keystr,
643 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
644 DEBUG(1, ("Incomplete mapping %s -> %s: "
645 "no backward mapping\n",
646 range_keystr, keystr));
647 is_valid_range_mapping = false;
648 } else if (!NT_STATUS_IS_OK(status)) {
649 DEBUG(1, ("Error fetching reverse mapping for "
651 range_keystr, keystr, nt_errstr(status)));
653 } else if (rangenum != reverse_rangenum) {
654 is_valid_range_mapping = false;
658 if (!is_valid_range_mapping && !force) {
659 DEBUG(10, ("Not deleting invalid mapping, since not in force "
661 status = NT_STATUS_FILE_INVALID;
665 status = dbwrap_delete_bystring(db, range_keystr);
666 if (!NT_STATUS_IS_OK(status)) {
667 DEBUG(1, ("Deletion of '%s' failed: %s\n",
668 range_keystr, nt_errstr(status)));
672 if (!is_valid_range_mapping) {
676 status = dbwrap_delete_bystring(db, keystr);
677 if (!NT_STATUS_IS_OK(status)) {
678 DEBUG(1, ("Deletion of '%s' failed: %s\n",
679 keystr, nt_errstr(status)));
683 DEBUG(10, ("Deleted range mapping %s <--> %s\n", range_keystr,
691 NTSTATUS idmap_autorid_delete_range_by_num(struct db_context *db,
696 struct idmap_autorid_delete_range_by_num_ctx ctx;
698 ctx.rangenum = rangenum;
701 status = dbwrap_trans_do(db, idmap_autorid_delete_range_by_num_action,
707 * Open and possibly create the database.
709 NTSTATUS idmap_autorid_db_open(const char *path,
711 struct db_context **db)
716 /* its already open */
720 /* Open idmap repository */
721 *db = db_open(mem_ctx, path, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0644,
722 DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
725 DEBUG(0, ("Unable to open idmap_autorid database '%s'\n", path));
726 return NT_STATUS_UNSUCCESSFUL;
733 * Initialize the high watermark records in the database.
735 NTSTATUS idmap_autorid_init_hwms(struct db_context *db)
739 status = idmap_autorid_init_hwm(db, HWM);
740 if (!NT_STATUS_IS_OK(status)) {
744 status = idmap_autorid_init_hwm(db, ALLOC_HWM_UID);
745 if (!NT_STATUS_IS_OK(status)) {
749 status = idmap_autorid_init_hwm(db, ALLOC_HWM_GID);
754 NTSTATUS idmap_autorid_db_init(const char *path,
756 struct db_context **db)
760 status = idmap_autorid_db_open(path, mem_ctx, db);
761 if (!NT_STATUS_IS_OK(status)) {
765 status = idmap_autorid_init_hwms(*db);
771 struct idmap_autorid_fetch_config_state {
776 static void idmap_autorid_config_parser(TDB_DATA key, TDB_DATA value,
779 struct idmap_autorid_fetch_config_state *state;
781 state = (struct idmap_autorid_fetch_config_state *)private_data;
784 * strndup because we have non-nullterminated strings in the db
786 state->configstr = talloc_strndup(
787 state->mem_ctx, (const char *)value.dptr, value.dsize);
790 NTSTATUS idmap_autorid_getconfigstr(struct db_context *db, TALLOC_CTX *mem_ctx,
795 struct idmap_autorid_fetch_config_state state;
797 if (result == NULL) {
798 return NT_STATUS_INVALID_PARAMETER;
801 key = string_term_tdb_data(CONFIGKEY);
803 state.mem_ctx = mem_ctx;
804 state.configstr = NULL;
806 status = dbwrap_parse_record(db, key, idmap_autorid_config_parser,
808 if (!NT_STATUS_IS_OK(status)) {
809 DEBUG(1, ("Error while retrieving config: %s\n",
814 if (state.configstr == NULL) {
815 DEBUG(1, ("Error while retrieving config\n"));
816 return NT_STATUS_NO_MEMORY;
819 DEBUG(5, ("found CONFIG: %s\n", state.configstr));
821 *result = state.configstr;
825 bool idmap_autorid_parse_configstr(const char *configstr,
826 struct autorid_global_config *cfg)
828 unsigned long minvalue, rangesize, maxranges;
830 if (sscanf(configstr,
831 "minvalue:%lu rangesize:%lu maxranges:%lu",
832 &minvalue, &rangesize, &maxranges) != 3) {
834 ("Found invalid configuration data. "
835 "Creating new config\n"));
839 cfg->minvalue = minvalue;
840 cfg->rangesize = rangesize;
841 cfg->maxranges = maxranges;
846 NTSTATUS idmap_autorid_loadconfig(struct db_context *db,
848 struct autorid_global_config **result)
850 struct autorid_global_config *cfg;
853 char *configstr = NULL;
855 if (result == NULL) {
856 return NT_STATUS_INVALID_PARAMETER;
859 status = idmap_autorid_getconfigstr(db, mem_ctx, &configstr);
860 if (!NT_STATUS_IS_OK(status)) {
864 cfg = talloc_zero(mem_ctx, struct autorid_global_config);
866 return NT_STATUS_NO_MEMORY;
869 ok = idmap_autorid_parse_configstr(configstr, cfg);
872 return NT_STATUS_INVALID_PARAMETER;
875 DEBUG(10, ("Loaded previously stored configuration "
876 "minvalue:%d rangesize:%d\n",
877 cfg->minvalue, cfg->rangesize));
884 NTSTATUS idmap_autorid_saveconfig(struct db_context *db,
885 struct autorid_global_config *cfg)
888 struct autorid_global_config *storedconfig = NULL;
889 NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
893 TALLOC_CTX *frame = talloc_stackframe();
895 DEBUG(10, ("New configuration provided for storing is "
896 "minvalue:%d rangesize:%d maxranges:%d\n",
897 cfg->minvalue, cfg->rangesize, cfg->maxranges));
899 if (cfg->rangesize < 2000) {
900 DEBUG(1, ("autorid rangesize must be at least 2000\n"));
904 if (cfg->maxranges == 0) {
905 DEBUG(1, ("An autorid maxranges value of 0 is invalid. "
906 "Must have at least one range available.\n"));
910 status = idmap_autorid_loadconfig(db, frame, &storedconfig);
911 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
912 DEBUG(5, ("No configuration found. Storing initial "
913 "configuration.\n"));
914 } else if (!NT_STATUS_IS_OK(status)) {
915 DEBUG(1, ("Error loading configuration: %s\n",
920 /* did the minimum value or rangesize change? */
922 ((storedconfig->minvalue != cfg->minvalue) ||
923 (storedconfig->rangesize != cfg->rangesize)))
925 DEBUG(1, ("New configuration values for rangesize or "
926 "minimum uid value conflict with previously "
927 "used values! Not storing new config.\n"));
928 status = NT_STATUS_INVALID_PARAMETER;
932 status = dbwrap_fetch_uint32_bystring(db, HWM, &hwm);
933 if (!NT_STATUS_IS_OK(status)) {
934 DEBUG(1, ("Fatal error while fetching current "
935 "HWM value: %s\n", nt_errstr(status)));
936 status = NT_STATUS_INTERNAL_ERROR;
941 * has the highest uid value been reduced to setting that is not
942 * sufficient any more for already existing ranges?
944 if (hwm > cfg->maxranges) {
945 DEBUG(1, ("New upper uid limit is too low to cover "
946 "existing mappings! Not storing new config.\n"));
947 status = NT_STATUS_INVALID_PARAMETER;
952 talloc_asprintf(frame,
953 "minvalue:%u rangesize:%u maxranges:%u",
954 cfg->minvalue, cfg->rangesize, cfg->maxranges);
956 if (cfgstr == NULL) {
957 status = NT_STATUS_NO_MEMORY;
961 data = string_tdb_data(cfgstr);
963 status = dbwrap_trans_store_bystring(db, CONFIGKEY, data, TDB_REPLACE);
970 NTSTATUS idmap_autorid_saveconfigstr(struct db_context *db,
971 const char *configstr)
975 struct autorid_global_config cfg;
977 ok = idmap_autorid_parse_configstr(configstr, &cfg);
979 return NT_STATUS_INVALID_PARAMETER;
982 status = idmap_autorid_saveconfig(db, &cfg);
988 * iteration: Work on all range mappings for a given domain
991 struct domain_range_visitor_ctx {
993 NTSTATUS (*fn)(struct db_context *db,
999 int count; /* number of records worked on */
1002 static int idmap_autorid_visit_domain_range(struct db_record *rec,
1005 struct domain_range_visitor_ctx *vi;
1008 uint32_t range_index = 0;
1009 uint32_t rangenum = 0;
1010 TDB_DATA key, value;
1013 struct db_context *db;
1015 vi = talloc_get_type_abort(private_data,
1016 struct domain_range_visitor_ctx);
1018 key = dbwrap_record_get_key(rec);
1021 * split string "<sid>[#<index>]" into sid string and index number
1024 domsid = (char *)key.dptr;
1026 DEBUG(10, ("idmap_autorid_visit_domain_range: visiting key '%s'\n",
1029 sep = strrchr(domsid, '#');
1034 if (sscanf(index_str, "%"SCNu32, &range_index) != 1) {
1035 DEBUG(10, ("Found separator '#' but '%s' is not a "
1036 "valid range index. Skipping record\n",
1042 if (!idmap_autorid_validate_sid(domsid)) {
1043 DEBUG(10, ("String '%s' is not a valid sid. "
1044 "Skipping record.\n", domsid));
1048 if ((vi->domsid != NULL) && (strcmp(domsid, vi->domsid) != 0)) {
1049 DEBUG(10, ("key sid '%s' does not match requested sid '%s'.\n",
1050 domsid, vi->domsid));
1054 value = dbwrap_record_get_value(rec);
1056 if (value.dsize != sizeof(uint32_t)) {
1057 /* it might be a mapping of a well known sid */
1058 DEBUG(10, ("value size %u != sizeof(uint32_t) for sid '%s', "
1059 "skipping.\n", (unsigned)value.dsize, vi->domsid));
1063 rangenum = IVAL(value.dptr, 0);
1065 db = dbwrap_record_get_db(rec);
1067 status = vi->fn(db, domsid, range_index, rangenum, vi->private_data);
1068 if (!NT_STATUS_IS_OK(status)) {
1080 static NTSTATUS idmap_autorid_iterate_domain_ranges_int(struct db_context *db,
1082 NTSTATUS (*fn)(struct db_context *db,
1086 void *private_data),
1089 NTSTATUS (*traverse)(struct db_context *db,
1090 int (*f)(struct db_record *, void *),
1095 struct domain_range_visitor_ctx *vi;
1096 TALLOC_CTX *frame = talloc_stackframe();
1098 if (domsid == NULL) {
1099 DEBUG(10, ("No sid provided, operating on all ranges\n"));
1103 DEBUG(1, ("Error: missing visitor callback\n"));
1104 status = NT_STATUS_INVALID_PARAMETER;
1108 vi = talloc_zero(frame, struct domain_range_visitor_ctx);
1110 status = NT_STATUS_NO_MEMORY;
1114 vi->domsid = domsid;
1116 vi->private_data = private_data;
1118 status = traverse(db, idmap_autorid_visit_domain_range, vi, NULL);
1119 if (!NT_STATUS_IS_OK(status)) {
1123 if (count != NULL) {
1132 NTSTATUS idmap_autorid_iterate_domain_ranges(struct db_context *db,
1134 NTSTATUS (*fn)(struct db_context *db,
1138 void *private_data),
1144 status = idmap_autorid_iterate_domain_ranges_int(db,
1155 NTSTATUS idmap_autorid_iterate_domain_ranges_read(struct db_context *db,
1157 NTSTATUS (*fn)(struct db_context *db,
1167 status = idmap_autorid_iterate_domain_ranges_int(db,
1172 dbwrap_traverse_read);
1179 * Delete all ranges configured for a given domain
1182 struct delete_domain_ranges_visitor_ctx {
1186 static NTSTATUS idmap_autorid_delete_domain_ranges_visitor(
1187 struct db_context *db,
1189 uint32_t domain_range_index,
1193 struct delete_domain_ranges_visitor_ctx *ctx;
1196 ctx = (struct delete_domain_ranges_visitor_ctx *)private_data;
1198 status = idmap_autorid_delete_range_by_sid(
1199 db, domsid, domain_range_index, ctx->force);
1203 struct idmap_autorid_delete_domain_ranges_ctx {
1206 int count; /* output: count records operated on */
1209 static NTSTATUS idmap_autorid_delete_domain_ranges_action(struct db_context *db,
1212 struct idmap_autorid_delete_domain_ranges_ctx *ctx;
1213 struct delete_domain_ranges_visitor_ctx visitor_ctx;
1217 ctx = (struct idmap_autorid_delete_domain_ranges_ctx *)private_data;
1219 ZERO_STRUCT(visitor_ctx);
1220 visitor_ctx.force = ctx->force;
1222 status = idmap_autorid_iterate_domain_ranges(db,
1224 idmap_autorid_delete_domain_ranges_visitor,
1227 if (!NT_STATUS_IS_OK(status)) {
1233 return NT_STATUS_OK;
1236 NTSTATUS idmap_autorid_delete_domain_ranges(struct db_context *db,
1242 struct idmap_autorid_delete_domain_ranges_ctx ctx;
1245 ctx.domsid = domsid;
1248 status = dbwrap_trans_do(db, idmap_autorid_delete_domain_ranges_action,
1250 if (!NT_STATUS_IS_OK(status)) {
1256 return NT_STATUS_OK;
git.samba.org / obnox / samba / samba-obnox.git / blob