summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/include/passdb.h28
-rw-r--r--source3/passdb/lookup_sid.c19
-rw-r--r--source3/passdb/pdb_interface.c51
-rw-r--r--source3/passdb/pdb_ldap.c24
-rw-r--r--source3/passdb/pdb_samba_dsdb.c46
-rw-r--r--source3/passdb/pdb_wbc_sam.c23
-rw-r--r--source3/passdb/py_passdb.c13
-rw-r--r--source3/utils/net_sam.c6
-rw-r--r--source3/winbindd/idmap_passdb.c16
9 files changed, 129 insertions, 97 deletions
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 86cb16e2925..16e3bef27cc 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -415,9 +415,10 @@ enum pdb_policy_type {
* Changed to 21, set/enum_upn_suffixes. AB.
* Changed to 22, idmap control functions
* Changed to 23, new idmap control functions
+ * Changed to 24, removed uid_to_sid and gid_to_sid, replaced with id_to_sid
*/
-#define PASSDB_INTERFACE_VERSION 23
+#define PASSDB_INTERFACE_VERSION 24
struct pdb_methods
{
@@ -560,10 +561,16 @@ struct pdb_methods
struct pdb_search *search,
const struct dom_sid *sid);
- bool (*uid_to_sid)(struct pdb_methods *methods, uid_t uid,
- struct dom_sid *sid);
- bool (*gid_to_sid)(struct pdb_methods *methods, gid_t gid,
- struct dom_sid *sid);
+ /*
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+ bool (*id_to_sid)(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid);
bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid *sid,
struct unixid *id);
@@ -889,8 +896,15 @@ NTSTATUS pdb_lookup_names(const struct dom_sid *domain_sid,
bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value);
bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value);
bool pdb_get_seq_num(time_t *seq_num);
-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid);
-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid);
+/*
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid);
bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id);
uint32_t pdb_capabilities(void);
bool pdb_new_rid(uint32_t *rid);
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index d541719ec85..494a8407c0a 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1029,11 +1029,15 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
{
bool ret;
+ struct unixid id;
ZERO_STRUCTP(psid);
+ id.id = uid;
+ id.type = ID_TYPE_UID;
+
become_root();
- ret = pdb_uid_to_sid(uid, psid);
+ ret = pdb_id_to_sid(&id, psid);
unbecome_root();
if (ret) {
@@ -1059,11 +1063,15 @@ static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
{
bool ret;
+ struct unixid id;
ZERO_STRUCTP(psid);
+ id.id = gid;
+ id.type = ID_TYPE_GID;
+
become_root();
- ret = pdb_gid_to_sid(gid, psid);
+ ret = pdb_id_to_sid(&id, psid);
unbecome_root();
if (ret) {
@@ -1527,8 +1535,13 @@ NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx,
}
} else {
/* Try group mapping */
+ struct unixid id;
+
+ id.id = pwd->pw_gid;
+ id.type = ID_TYPE_GID;
+
ZERO_STRUCTP(group_sid);
- if (pdb_gid_to_sid(pwd->pw_gid, group_sid)) {
+ if (pdb_id_to_sid(&id, group_sid)) {
need_lookup_sid = true;
}
}
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index ed42961435d..9dee9d28b4e 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -1204,35 +1204,23 @@ bool pdb_get_seq_num(time_t *seq_num)
return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
}
-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid)
-{
- struct pdb_methods *pdb = pdb_get_methods();
- bool ret;
-
- ret = pdb->uid_to_sid(pdb, uid, sid);
-
- if (ret == true) {
- struct unixid id;
- id.id = uid;
- id.type = ID_TYPE_UID;
- idmap_cache_set_sid2unixid(sid, &id);
- }
-
- return ret;
-}
-
-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid)
+/*
+ * Instead of passing down a gid or uid, this function sends down a pointer
+ * to a unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
+ * the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid)
{
struct pdb_methods *pdb = pdb_get_methods();
bool ret;
- ret = pdb->gid_to_sid(pdb, gid, sid);
+ ret = pdb->id_to_sid(pdb, id, sid);
if (ret == true) {
- struct unixid id;
- id.id = gid;
- id.type = ID_TYPE_GID;
- idmap_cache_set_sid2unixid(sid, &id);
+ idmap_cache_set_sid2unixid(sid, id);
}
return ret;
@@ -1458,6 +1446,20 @@ static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
return true;
}
+static bool pdb_default_id_to_sid(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid)
+{
+ switch (id->type) {
+ case ID_TYPE_UID:
+ return pdb_default_uid_to_sid(methods, id->id, sid);
+
+ case ID_TYPE_GID:
+ return pdb_default_gid_to_sid(methods, id->id, sid);
+
+ default:
+ return false;
+ }
+}
/**
* The "Unix User" and "Unix Group" domains have a special
* id mapping that is a rid-algorithm with range starting at 0.
@@ -2614,8 +2616,7 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods )
(*methods)->get_account_policy = pdb_default_get_account_policy;
(*methods)->set_account_policy = pdb_default_set_account_policy;
(*methods)->get_seq_num = pdb_default_get_seq_num;
- (*methods)->uid_to_sid = pdb_default_uid_to_sid;
- (*methods)->gid_to_sid = pdb_default_gid_to_sid;
+ (*methods)->id_to_sid = pdb_default_id_to_sid;
(*methods)->sid_to_id = pdb_default_sid_to_id;
(*methods)->search_groups = pdb_default_search_groups;
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 0458e56263b..0d2c302081a 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -3017,6 +3017,7 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
NTSTATUS result;
struct dom_sid sid;
+ struct unixid id;
int rc;
@@ -3082,7 +3083,10 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
goto done;
}
- if (pdb_gid_to_sid(map->gid, &sid)) {
+ id.id = map->gid;
+ id.type = ID_TYPE_GID;
+
+ if (pdb_id_to_sid(&id, &sid)) {
DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to "
"add\n", (unsigned int)map->gid, sid_string_dbg(&sid)));
result = NT_STATUS_GROUP_EXISTS;
@@ -5128,6 +5132,21 @@ static bool ldapsam_gid_to_sid(struct pdb_methods *methods, gid_t gid,
return ret;
}
+static bool ldapsam_id_to_sid(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid)
+{
+ switch (id->type) {
+ case ID_TYPE_UID:
+ return ldapsam_uid_to_sid(methods, id->id, sid);
+
+ case ID_TYPE_GID:
+ return ldapsam_gid_to_sid(methods, id->id, sid);
+
+ default:
+ return false;
+ }
+}
+
/*
* The following functions are called only if
@@ -6487,8 +6506,7 @@ NTSTATUS pdb_ldapsam_init_common(struct pdb_methods **pdb_method,
ldapsam_enum_group_memberships;
(*pdb_method)->lookup_rids = ldapsam_lookup_rids;
(*pdb_method)->sid_to_id = ldapsam_sid_to_id;
- (*pdb_method)->uid_to_sid = ldapsam_uid_to_sid;
- (*pdb_method)->gid_to_sid = ldapsam_gid_to_sid;
+ (*pdb_method)->id_to_sid = ldapsam_id_to_sid;
if (lp_parm_bool(-1, "ldapsam", "editposix", False)) {
(*pdb_method)->create_user = ldapsam_create_user;
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 465cc24dfd1..5fa2c2fbbf0 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -2042,8 +2042,16 @@ static bool pdb_samba_dsdb_search_aliases(struct pdb_methods *m,
return true;
}
-static bool pdb_samba_dsdb_uid_to_sid(struct pdb_methods *m, uid_t uid,
- struct dom_sid *sid)
+/*
+ * Instead of taking a gid or uid, this function takes a pointer to a
+ * unixid.
+ *
+ * This acts as an in-out variable so that the idmap functions can correctly
+ * receive ID_TYPE_BOTH, and this function ensures cache details are filled
+ * correctly rather than forcing the cache to store ID_TYPE_UID or ID_TYPE_GID.
+ */
+static bool pdb_samba_dsdb_id_to_sid(struct pdb_methods *m, struct unixid *id,
+ struct dom_sid *sid)
{
struct pdb_samba_dsdb_state *state = talloc_get_type_abort(
m->private_data, struct pdb_samba_dsdb_state);
@@ -2055,8 +2063,7 @@ static bool pdb_samba_dsdb_uid_to_sid(struct pdb_methods *m, uid_t uid,
return false;
}
- id_map.xid.id = uid;
- id_map.xid.type = ID_TYPE_UID;
+ id_map.xid = *id;
id_maps[0] = &id_map;
id_maps[1] = NULL;
@@ -2065,33 +2072,9 @@ static bool pdb_samba_dsdb_uid_to_sid(struct pdb_methods *m, uid_t uid,
talloc_free(tmp_ctx);
return false;
}
- *sid = *id_map.sid;
- talloc_free(tmp_ctx);
- return true;
-}
-static bool pdb_samba_dsdb_gid_to_sid(struct pdb_methods *m, gid_t gid,
- struct dom_sid *sid)
-{
- struct pdb_samba_dsdb_state *state = talloc_get_type_abort(
- m->private_data, struct pdb_samba_dsdb_state);
- NTSTATUS status;
- struct id_map id_map;
- struct id_map *id_maps[2];
- TALLOC_CTX *tmp_ctx = talloc_stackframe();
- if (!tmp_ctx) {
- return false;
- }
-
- id_map.xid.id = gid;
- id_map.xid.type = ID_TYPE_GID;
- id_maps[0] = &id_map;
- id_maps[1] = NULL;
-
- status = idmap_xids_to_sids(state->idmap_ctx, tmp_ctx, id_maps);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(tmp_ctx);
- return false;
+ if (id_map.xid.type != ID_TYPE_NOT_SPECIFIED) {
+ id->type = id_map.xid.type;
}
*sid = *id_map.sid;
talloc_free(tmp_ctx);
@@ -2341,8 +2324,7 @@ static void pdb_samba_dsdb_init_methods(struct pdb_methods *m)
m->search_users = pdb_samba_dsdb_search_users;
m->search_groups = pdb_samba_dsdb_search_groups;
m->search_aliases = pdb_samba_dsdb_search_aliases;
- m->uid_to_sid = pdb_samba_dsdb_uid_to_sid;
- m->gid_to_sid = pdb_samba_dsdb_gid_to_sid;
+ m->id_to_sid = pdb_samba_dsdb_id_to_sid;
m->sid_to_id = pdb_samba_dsdb_sid_to_id;
m->capabilities = pdb_samba_dsdb_capabilities;
m->new_rid = pdb_samba_dsdb_new_rid;
diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c
index 23436496cd4..b20a35a4fa9 100644
--- a/source3/passdb/pdb_wbc_sam.c
+++ b/source3/passdb/pdb_wbc_sam.c
@@ -40,6 +40,7 @@
#include "passdb.h"
#include "lib/winbind_util.h"
#include "passdb/pdb_wbc_sam.h"
+#include "idmap.h"
/***************************************************************************
Default implementations of some functions.
@@ -72,16 +73,19 @@ static NTSTATUS pdb_wbc_sam_getsampwsid(struct pdb_methods *methods, struct samu
return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid));
}
-static bool pdb_wbc_sam_uid_to_sid(struct pdb_methods *methods, uid_t uid,
- struct dom_sid *sid)
+static bool pdb_wbc_sam_id_to_sid(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid)
{
- return winbind_uid_to_sid(sid, uid);
-}
+ switch (id->type) {
+ case ID_TYPE_UID:
+ return winbind_uid_to_sid(sid, id->id);
-static bool pdb_wbc_sam_gid_to_sid(struct pdb_methods *methods, gid_t gid,
- struct dom_sid *sid)
-{
- return winbind_gid_to_sid(sid, gid);
+ case ID_TYPE_GID:
+ return winbind_gid_to_sid(sid, id->id);
+
+ default:
+ return false;
+ }
}
static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods,
@@ -426,8 +430,7 @@ static NTSTATUS pdb_init_wbc_sam(struct pdb_methods **pdb_method, const char *lo
(*pdb_method)->lookup_rids = pdb_wbc_sam_lookup_rids;
(*pdb_method)->get_account_policy = pdb_wbc_sam_get_account_policy;
(*pdb_method)->set_account_policy = pdb_wbc_sam_set_account_policy;
- (*pdb_method)->uid_to_sid = pdb_wbc_sam_uid_to_sid;
- (*pdb_method)->gid_to_sid = pdb_wbc_sam_gid_to_sid;
+ (*pdb_method)->id_to_sid = pdb_wbc_sam_id_to_sid;
(*pdb_method)->search_groups = pdb_wbc_sam_search_groups;
(*pdb_method)->search_aliases = pdb_wbc_sam_search_aliases;
diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c
index dec45c3a5c4..3a1e583f0f6 100644
--- a/source3/passdb/py_passdb.c
+++ b/source3/passdb/py_passdb.c
@@ -25,6 +25,7 @@
#include "librpc/gen_ndr/idmap.h"
#include "passdb.h"
#include "secrets.h"
+#include "idmap.h"
/* There's no Py_ssize_t in 2.4, apparently */
#if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION < 5
@@ -2678,6 +2679,7 @@ static PyObject *py_pdb_uid_to_sid(pytalloc_Object *self, PyObject *args)
{
TALLOC_CTX *frame = talloc_stackframe();
struct pdb_methods *methods;
+ struct unixid id;
unsigned int uid;
struct dom_sid user_sid, *copy_user_sid;
PyObject *py_user_sid;
@@ -2689,7 +2691,10 @@ static PyObject *py_pdb_uid_to_sid(pytalloc_Object *self, PyObject *args)
methods = pytalloc_get_ptr(self);
- if (!methods->uid_to_sid(methods, uid, &user_sid)) {
+ id.id = uid;
+ id.type = ID_TYPE_UID;
+
+ if (!methods->id_to_sid(methods, &id, &user_sid)) {
PyErr_Format(py_pdb_error, "Unable to get sid for uid=%d", uid);
talloc_free(frame);
return NULL;
@@ -2713,6 +2718,7 @@ static PyObject *py_pdb_gid_to_sid(pytalloc_Object *self, PyObject *args)
{
TALLOC_CTX *frame = talloc_stackframe();
struct pdb_methods *methods;
+ struct unixid id;
unsigned int gid;
struct dom_sid group_sid, *copy_group_sid;
PyObject *py_group_sid;
@@ -2722,9 +2728,12 @@ static PyObject *py_pdb_gid_to_sid(pytalloc_Object *self, PyObject *args)
return NULL;
}
+ id.id = gid;
+ id.type = ID_TYPE_GID;
+
methods = pytalloc_get_ptr(self);
- if (!methods->gid_to_sid(methods, gid, &group_sid)) {
+ if (!methods->id_to_sid(methods, &id, &group_sid)) {
PyErr_Format(py_pdb_error, "Unable to get sid for gid=%d", gid);
talloc_free(frame);
return NULL;
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index aadabc14354..2ee9a91b704 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -30,6 +30,7 @@
#include "passdb/pdb_ldap_schema.h"
#include "lib/privileges.h"
#include "secrets.h"
+#include "idmap.h"
/*
* Set a user's data
@@ -912,6 +913,7 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar
static NTSTATUS unmap_unix_group(const struct group *grp)
{
struct dom_sid dom_sid;
+ struct unixid id;
if (!lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
NULL, NULL, NULL, NULL)) {
@@ -919,7 +921,9 @@ static NTSTATUS unmap_unix_group(const struct group *grp)
return NT_STATUS_NO_SUCH_GROUP;
}
- if (!pdb_gid_to_sid(grp->gr_gid, &dom_sid)) {
+ id.id = grp->gr_gid;
+ id.type = ID_TYPE_GID;
+ if (!pdb_id_to_sid(&id, &dom_sid)) {
return NT_STATUS_UNSUCCESSFUL;
}
diff --git a/source3/winbindd/idmap_passdb.c b/source3/winbindd/idmap_passdb.c
index e547e9bf7cf..cf8ad7446ce 100644
--- a/source3/winbindd/idmap_passdb.c
+++ b/source3/winbindd/idmap_passdb.c
@@ -44,23 +44,11 @@ static NTSTATUS idmap_pdb_unixids_to_sids(struct idmap_domain *dom, struct id_ma
int i;
for (i = 0; ids[i]; i++) {
-
/* unmapped by default */
ids[i]->status = ID_UNMAPPED;
- switch (ids[i]->xid.type) {
- case ID_TYPE_UID:
- if (pdb_uid_to_sid((uid_t)ids[i]->xid.id, ids[i]->sid)) {
- ids[i]->status = ID_MAPPED;
- }
- break;
- case ID_TYPE_GID:
- if (pdb_gid_to_sid((gid_t)ids[i]->xid.id, ids[i]->sid)) {
- ids[i]->status = ID_MAPPED;
- }
- break;
- default: /* ?? */
- ids[i]->status = ID_UNKNOWN;
+ if (pdb_id_to_sid(&ids[i]->xid, ids[i]->sid)) {
+ ids[i]->status = ID_MAPPED;
}
}
View Lorry Controller Status