diff options
Diffstat (limited to 'source3/winbindd/idmap.c')
-rw-r--r-- | source3/winbindd/idmap.c | 199 |
1 files changed, 109 insertions, 90 deletions
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 0ba8fdae995..7b4a84d030f 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -64,12 +64,22 @@ static struct idmap_domain *passdb_idmap_domain; static struct idmap_domain **idmap_domains = NULL; static int num_domains = 0; -static void idmap_init(void) +static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx, + const char *domname); +static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, + const char *domainname, + const char *modulename, + bool check_range); +static bool idmap_found_domain_backend( + const char *string, regmatch_t matches[], void *private_data); + +static bool idmap_init(void) { static bool initialized; + int ret; if (initialized) { - return; + return true; } DEBUG(10, ("idmap_init(): calling static_init_idmap\n")); @@ -77,6 +87,80 @@ static void idmap_init(void) static_init_idmap; initialized = true; + + if (!pdb_is_responsible_for_everything_else()) { + default_idmap_domain = idmap_init_named_domain(NULL, "*"); + if (default_idmap_domain == NULL) { + return false; + } + } + + passdb_idmap_domain = idmap_init_domain( + NULL, get_global_sam_name(), "passdb", false); + if (passdb_idmap_domain == NULL) { + TALLOC_FREE(default_idmap_domain); + return false; + } + + idmap_domains = talloc_array(NULL, struct idmap_domain *, 0); + if (idmap_domains == NULL) { + TALLOC_FREE(passdb_idmap_domain); + TALLOC_FREE(default_idmap_domain); + return false; + } + + ret = lp_wi_scan_global_parametrics( + "idmapconfig\\(.*\\):backend", 2, + idmap_found_domain_backend, NULL); + if (ret != 0) { + DBG_WARNING("wi_scan_global_parametrics returned %d\n", ret); + return false; + } + + return true; +} + +static bool idmap_found_domain_backend( + const char *string, regmatch_t matches[], void *private_data) +{ + if (matches[1].rm_so == -1) { + DBG_WARNING("Found match, but no name??\n"); + return false; + } + + { + struct idmap_domain *dom, **tmp; + regoff_t len = matches[1].rm_eo - matches[1].rm_so; + char domname[len+1]; + + memcpy(domname, string + matches[1].rm_so, len); + domname[len] = '\0'; + + DBG_DEBUG("Found idmap domain \"%s\"\n", domname); + + if (strcmp(domname, "*") == 0) { + return false; + } + + dom = idmap_init_named_domain(idmap_domains, domname); + if (dom == NULL) { + DBG_NOTICE("Could not init idmap domain %s\n", + domname); + } + + tmp = talloc_realloc(idmap_domains, idmap_domains, + struct idmap_domain *, num_domains + 1); + if (tmp == NULL) { + DBG_WARNING("talloc_realloc failed\n"); + TALLOC_FREE(dom); + return false; + } + idmap_domains = tmp; + idmap_domains[num_domains] = dom; + num_domains += 1; + } + + return false; } static struct idmap_methods *get_methods(const char *name) @@ -280,8 +364,12 @@ static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx, struct idmap_domain *result = NULL; char *config_option; const char *backend; + bool ok; - idmap_init(); + ok = idmap_init(); + if (!ok) { + return NULL; + } config_option = talloc_asprintf(talloc_tos(), "idmap config %s", domname); @@ -312,57 +400,6 @@ fail: } /** - * Initialize the default domain structure - * @param[in] mem_ctx memory context for the result - * @result The default domain structure - * - * This routine takes the module name from the "idmap backend" parameter, - * passing a possible parameter like ldap:ldap://ldap-url/ to the module. - */ - -static struct idmap_domain *idmap_init_default_domain(TALLOC_CTX *mem_ctx) -{ - return idmap_init_named_domain(mem_ctx, "*"); -} - -/** - * Initialize the passdb domain structure - * @param[in] mem_ctx memory context for the result - * @result The default domain structure - * - * No config, passdb has its own configuration. - */ - -static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) -{ - idmap_init(); - - if (!pdb_is_responsible_for_everything_else()) { - /* - * Always init the default domain, we can't go without one - */ - if (default_idmap_domain == NULL) { - default_idmap_domain = idmap_init_default_domain(NULL); - } - if (default_idmap_domain == NULL) { - return NULL; - } - } - - if (passdb_idmap_domain != NULL) { - return passdb_idmap_domain; - } - - passdb_idmap_domain = idmap_init_domain(mem_ctx, get_global_sam_name(), - "passdb", false); - if (passdb_idmap_domain == NULL) { - DEBUG(1, ("Could not init passdb idmap domain\n")); - } - - return passdb_idmap_domain; -} - -/** * Find a domain struct according to a domain name * @param[in] domname Domain name to get the config for * @result The default domain structure that fits @@ -379,21 +416,14 @@ static struct idmap_domain *idmap_passdb_domain(TALLOC_CTX *mem_ctx) static struct idmap_domain *idmap_find_domain(const char *domname) { - struct idmap_domain *result; + bool ok; int i; DEBUG(10, ("idmap_find_domain called for domain '%s'\n", domname?domname:"NULL")); - idmap_init(); - - /* - * Always init the default domain, we can't go without one - */ - if (default_idmap_domain == NULL) { - default_idmap_domain = idmap_init_default_domain(NULL); - } - if (default_idmap_domain == NULL) { + ok = idmap_init(); + if (!ok) { return NULL; } @@ -407,38 +437,21 @@ static struct idmap_domain *idmap_find_domain(const char *domname) } } - if (idmap_domains == NULL) { - /* - * talloc context for all idmap domains - */ - idmap_domains = talloc_array(NULL, struct idmap_domain *, 1); - } - - if (idmap_domains == NULL) { - DEBUG(0, ("talloc failed\n")); - return NULL; - } - - result = idmap_init_named_domain(idmap_domains, domname); - if (result == NULL) { - /* - * Could not init that domain -- try the default one - */ - return default_idmap_domain; - } - - ADD_TO_ARRAY(idmap_domains, struct idmap_domain *, result, - &idmap_domains, &num_domains); - return result; + return default_idmap_domain; } struct idmap_domain *idmap_find_domain_with_sid(const char *domname, const struct dom_sid *sid) { - idmap_init(); + bool ok; + + ok = idmap_init(); + if (!ok) { + return NULL; + } if (sid_check_is_for_passdb(sid)) { - return idmap_passdb_domain(NULL); + return passdb_idmap_domain; } return idmap_find_domain(domname); @@ -493,6 +506,12 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) { struct idmap_domain *dom; struct id_map *maps[2]; + bool ok; + + ok = idmap_init(); + if (!ok) { + return NT_STATUS_NONE_MAPPED; + } DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " "(type %d)\n", @@ -505,7 +524,7 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) * Always give passdb a chance first */ - dom = idmap_passdb_domain(NULL); + dom = passdb_idmap_domain; if ((dom != NULL) && NT_STATUS_IS_OK(dom->methods->unixids_to_sids(dom, maps)) && id->status == ID_MAPPED) { |