Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : idmap TDB backend
5 :
6 : Copyright (C) Tim Potter 2000
7 : Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
8 : Copyright (C) Jeremy Allison 2006
9 : Copyright (C) Simo Sorce 2003-2006
10 : Copyright (C) Michael Adam 2009-2010
11 :
12 : This program is free software; you can redistribute it and/or modify
13 : it under the terms of the GNU General Public License as published by
14 : the Free Software Foundation; either version 3 of the License, or
15 : (at your option) any later version.
16 :
17 : This program is distributed in the hope that it will be useful,
18 : but WITHOUT ANY WARRANTY; without even the implied warranty of
19 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 : GNU General Public License for more details.
21 :
22 : You should have received a copy of the GNU General Public License
23 : along with this program. If not, see <http://www.gnu.org/licenses/>.
24 : */
25 :
26 : #include "includes.h"
27 : #include "system/filesys.h"
28 : #include "winbindd.h"
29 : #include "idmap.h"
30 : #include "idmap_rw.h"
31 : #include "idmap_tdb_common.h"
32 : #include "dbwrap/dbwrap.h"
33 : #include "dbwrap/dbwrap_open.h"
34 : #include "../libcli/security/security.h"
35 : #include "util_tdb.h"
36 : #include "lib/util/string_wrappers.h"
37 :
38 : #undef DBGC_CLASS
39 : #define DBGC_CLASS DBGC_IDMAP
40 :
41 : /* idmap version determines auto-conversion - this is the database
42 : structure version specifier. */
43 :
44 : #define IDMAP_VERSION 2
45 :
46 : /* High water mark keys */
47 : #define HWM_GROUP "GROUP HWM"
48 : #define HWM_USER "USER HWM"
49 :
50 : struct convert_fn_state {
51 : struct db_context *db;
52 : bool failed;
53 : };
54 :
55 : /*****************************************************************************
56 : For idmap conversion: convert one record to new format
57 : Ancient versions (eg 2.2.3a) of winbindd_idmap.tdb mapped DOMAINNAME/rid
58 : instead of the SID.
59 : *****************************************************************************/
60 0 : static int convert_fn(struct db_record *rec, void *private_data)
61 : {
62 : struct winbindd_domain *domain;
63 : char *p;
64 : NTSTATUS status;
65 : struct dom_sid sid;
66 : uint32_t rid;
67 : struct dom_sid_buf keystr;
68 : fstring dom_name;
69 : TDB_DATA key;
70 : TDB_DATA key2;
71 : TDB_DATA value;
72 0 : struct convert_fn_state *s = (struct convert_fn_state *)private_data;
73 :
74 0 : key = dbwrap_record_get_key(rec);
75 :
76 0 : DEBUG(10,("Converting %s\n", (const char *)key.dptr));
77 :
78 0 : p = strchr((const char *)key.dptr, '/');
79 0 : if (!p)
80 0 : return 0;
81 :
82 0 : *p = 0;
83 0 : fstrcpy(dom_name, (const char *)key.dptr);
84 0 : *p++ = '/';
85 :
86 0 : domain = find_domain_from_name(dom_name);
87 0 : if (domain == NULL) {
88 : /* We must delete the old record. */
89 0 : DEBUG(0,("Unable to find domain %s\n", dom_name ));
90 0 : DEBUG(0,("deleting record %s\n", (const char *)key.dptr ));
91 :
92 0 : status = dbwrap_record_delete(rec);
93 0 : if (!NT_STATUS_IS_OK(status)) {
94 0 : DEBUG(0, ("Unable to delete record %s:%s\n",
95 : (const char *)key.dptr,
96 : nt_errstr(status)));
97 0 : s->failed = true;
98 0 : return -1;
99 : }
100 :
101 0 : return 0;
102 : }
103 :
104 0 : rid = atoi(p);
105 :
106 0 : sid_compose(&sid, &domain->sid, rid);
107 :
108 0 : key2 = string_term_tdb_data(dom_sid_str_buf(&sid, &keystr));
109 :
110 0 : value = dbwrap_record_get_value(rec);
111 :
112 0 : status = dbwrap_store(s->db, key2, value, TDB_INSERT);
113 0 : if (!NT_STATUS_IS_OK(status)) {
114 0 : DEBUG(0,("Unable to add record %s:%s\n",
115 : (const char *)key2.dptr,
116 : nt_errstr(status)));
117 0 : s->failed = true;
118 0 : return -1;
119 : }
120 :
121 0 : status = dbwrap_store(s->db, value, key2, TDB_REPLACE);
122 0 : if (!NT_STATUS_IS_OK(status)) {
123 0 : DEBUG(0,("Unable to update record %s:%s\n",
124 : (const char *)value.dptr,
125 : nt_errstr(status)));
126 0 : s->failed = true;
127 0 : return -1;
128 : }
129 :
130 0 : status = dbwrap_record_delete(rec);
131 0 : if (!NT_STATUS_IS_OK(status)) {
132 0 : DEBUG(0,("Unable to delete record %s:%s\n",
133 : (const char *)key.dptr,
134 : nt_errstr(status)));
135 0 : s->failed = true;
136 0 : return -1;
137 : }
138 :
139 0 : return 0;
140 : }
141 :
142 : /*****************************************************************************
143 : Convert the idmap database from an older version.
144 : *****************************************************************************/
145 :
146 0 : static bool idmap_tdb_upgrade(struct idmap_domain *dom, struct db_context *db)
147 : {
148 : int32_t vers;
149 : struct convert_fn_state s;
150 : NTSTATUS status;
151 :
152 0 : status = dbwrap_fetch_int32_bystring(db, "IDMAP_VERSION", &vers);
153 0 : if (!NT_STATUS_IS_OK(status)) {
154 0 : vers = -1;
155 : }
156 :
157 0 : if (IREV(vers) == IDMAP_VERSION) {
158 : /* Arrggghh ! Bytereversed - make order independent ! */
159 : /*
160 : * high and low records were created on a
161 : * big endian machine and will need byte-reversing.
162 : */
163 :
164 : int32_t wm;
165 :
166 0 : status = dbwrap_fetch_int32_bystring(db, HWM_USER, &wm);
167 0 : if (!NT_STATUS_IS_OK(status)) {
168 0 : wm = -1;
169 : }
170 :
171 0 : if (wm != -1) {
172 0 : wm = IREV(wm);
173 : } else {
174 0 : wm = dom->low_id;
175 : }
176 :
177 0 : status = dbwrap_store_int32_bystring(db, HWM_USER, wm);
178 0 : if (!NT_STATUS_IS_OK(status)) {
179 0 : DEBUG(0, ("Unable to byteswap user hwm in idmap "
180 : "database: %s\n", nt_errstr(status)));
181 0 : return False;
182 : }
183 :
184 0 : status = dbwrap_fetch_int32_bystring(db, HWM_GROUP, &wm);
185 0 : if (!NT_STATUS_IS_OK(status)) {
186 0 : wm = -1;
187 : }
188 :
189 0 : if (wm != -1) {
190 0 : wm = IREV(wm);
191 : } else {
192 0 : wm = dom->low_id;
193 : }
194 :
195 0 : status = dbwrap_store_int32_bystring(db, HWM_GROUP, wm);
196 0 : if (!NT_STATUS_IS_OK(status)) {
197 0 : DEBUG(0, ("Unable to byteswap group hwm in idmap "
198 : "database: %s\n", nt_errstr(status)));
199 0 : return False;
200 : }
201 : }
202 :
203 0 : s.db = db;
204 0 : s.failed = false;
205 :
206 : /* the old format stored as DOMAIN/rid - now we store the SID direct */
207 0 : status = dbwrap_traverse(db, convert_fn, &s, NULL);
208 :
209 0 : if (!NT_STATUS_IS_OK(status)) {
210 0 : DEBUG(0, ("Database traverse failed during conversion\n"));
211 0 : return false;
212 : }
213 :
214 0 : if (s.failed) {
215 0 : DEBUG(0, ("Problem during conversion\n"));
216 0 : return False;
217 : }
218 :
219 0 : status = dbwrap_store_int32_bystring(db, "IDMAP_VERSION",
220 : IDMAP_VERSION);
221 0 : if (!NT_STATUS_IS_OK(status)) {
222 0 : DEBUG(0, ("Unable to store idmap version in database: %s\n",
223 : nt_errstr(status)));
224 0 : return False;
225 : }
226 :
227 0 : return True;
228 : }
229 :
230 0 : static NTSTATUS idmap_tdb_init_hwm(struct idmap_domain *dom)
231 : {
232 : uint32_t low_uid;
233 : uint32_t low_gid;
234 0 : bool update_uid = false;
235 0 : bool update_gid = false;
236 : struct idmap_tdb_common_context *ctx;
237 : NTSTATUS status;
238 :
239 0 : ctx = talloc_get_type(dom->private_data,
240 : struct idmap_tdb_common_context);
241 :
242 0 : status = dbwrap_fetch_uint32_bystring(ctx->db, HWM_USER, &low_uid);
243 0 : if (!NT_STATUS_IS_OK(status) || low_uid < dom->low_id) {
244 0 : update_uid = true;
245 : }
246 :
247 0 : status = dbwrap_fetch_uint32_bystring(ctx->db, HWM_GROUP, &low_gid);
248 0 : if (!NT_STATUS_IS_OK(status) || low_gid < dom->low_id) {
249 0 : update_gid = true;
250 : }
251 :
252 0 : if (!update_uid && !update_gid) {
253 0 : return NT_STATUS_OK;
254 : }
255 :
256 0 : if (dbwrap_transaction_start(ctx->db) != 0) {
257 0 : DEBUG(0, ("Unable to start upgrade transaction!\n"));
258 0 : return NT_STATUS_INTERNAL_DB_ERROR;
259 : }
260 :
261 0 : if (update_uid) {
262 0 : status = dbwrap_store_uint32_bystring(ctx->db, HWM_USER,
263 : dom->low_id);
264 0 : if (!NT_STATUS_IS_OK(status)) {
265 0 : dbwrap_transaction_cancel(ctx->db);
266 0 : DEBUG(0, ("Unable to initialise user hwm in idmap "
267 : "database: %s\n", nt_errstr(status)));
268 0 : return NT_STATUS_INTERNAL_DB_ERROR;
269 : }
270 : }
271 :
272 0 : if (update_gid) {
273 0 : status = dbwrap_store_uint32_bystring(ctx->db, HWM_GROUP,
274 : dom->low_id);
275 0 : if (!NT_STATUS_IS_OK(status)) {
276 0 : dbwrap_transaction_cancel(ctx->db);
277 0 : DEBUG(0, ("Unable to initialise group hwm in idmap "
278 : "database: %s\n", nt_errstr(status)));
279 0 : return NT_STATUS_INTERNAL_DB_ERROR;
280 : }
281 : }
282 :
283 0 : if (dbwrap_transaction_commit(ctx->db) != 0) {
284 0 : DEBUG(0, ("Unable to commit upgrade transaction!\n"));
285 0 : return NT_STATUS_INTERNAL_DB_ERROR;
286 : }
287 :
288 0 : return NT_STATUS_OK;
289 : }
290 :
291 0 : static NTSTATUS idmap_tdb_open_db(struct idmap_domain *dom)
292 : {
293 : NTSTATUS ret;
294 : TALLOC_CTX *mem_ctx;
295 0 : char *tdbfile = NULL;
296 0 : struct db_context *db = NULL;
297 : int32_t version;
298 0 : bool config_error = false;
299 : struct idmap_tdb_common_context *ctx;
300 :
301 0 : ctx = talloc_get_type(dom->private_data,
302 : struct idmap_tdb_common_context);
303 :
304 0 : if (ctx->db) {
305 : /* it is already open */
306 0 : return NT_STATUS_OK;
307 : }
308 :
309 : /* use our own context here */
310 0 : mem_ctx = talloc_stackframe();
311 :
312 : /* use the old database if present */
313 0 : tdbfile = state_path(talloc_tos(), "winbindd_idmap.tdb");
314 0 : if (!tdbfile) {
315 0 : DEBUG(0, ("Out of memory!\n"));
316 0 : ret = NT_STATUS_NO_MEMORY;
317 0 : goto done;
318 : }
319 :
320 0 : DEBUG(10,("Opening tdbfile %s\n", tdbfile ));
321 :
322 : /* Open idmap repository */
323 0 : db = db_open(mem_ctx, tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0644,
324 : DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
325 0 : if (!db) {
326 0 : DEBUG(0, ("Unable to open idmap database\n"));
327 0 : ret = NT_STATUS_UNSUCCESSFUL;
328 0 : goto done;
329 : }
330 :
331 : /* check against earlier versions */
332 0 : ret = dbwrap_fetch_int32_bystring(db, "IDMAP_VERSION", &version);
333 0 : if (!NT_STATUS_IS_OK(ret)) {
334 0 : version = -1;
335 : }
336 :
337 0 : if (version != IDMAP_VERSION) {
338 0 : if (config_error) {
339 0 : DEBUG(0,("Upgrade of IDMAP_VERSION from %d to %d is not "
340 : "possible with incomplete configuration\n",
341 : version, IDMAP_VERSION));
342 0 : ret = NT_STATUS_UNSUCCESSFUL;
343 0 : goto done;
344 : }
345 0 : if (dbwrap_transaction_start(db) != 0) {
346 0 : DEBUG(0, ("Unable to start upgrade transaction!\n"));
347 0 : ret = NT_STATUS_INTERNAL_DB_ERROR;
348 0 : goto done;
349 : }
350 :
351 0 : if (!idmap_tdb_upgrade(dom, db)) {
352 0 : dbwrap_transaction_cancel(db);
353 0 : DEBUG(0, ("Unable to open idmap database, it's in an old format, and upgrade failed!\n"));
354 0 : ret = NT_STATUS_INTERNAL_DB_ERROR;
355 0 : goto done;
356 : }
357 :
358 0 : if (dbwrap_transaction_commit(db) != 0) {
359 0 : DEBUG(0, ("Unable to commit upgrade transaction!\n"));
360 0 : ret = NT_STATUS_INTERNAL_DB_ERROR;
361 0 : goto done;
362 : }
363 : }
364 :
365 0 : ctx->db = talloc_move(ctx, &db);
366 :
367 0 : ret = idmap_tdb_init_hwm(dom);
368 :
369 0 : done:
370 0 : talloc_free(mem_ctx);
371 0 : return ret;
372 : }
373 :
374 : /**********************************************************************
375 : IDMAP MAPPING TDB BACKEND
376 : **********************************************************************/
377 :
378 : /*****************************
379 : Initialise idmap database.
380 : *****************************/
381 :
382 0 : static NTSTATUS idmap_tdb_db_init(struct idmap_domain *dom)
383 : {
384 : NTSTATUS ret;
385 : struct idmap_tdb_common_context *ctx;
386 :
387 0 : DEBUG(10, ("idmap_tdb_db_init called for domain '%s'\n", dom->name));
388 :
389 0 : ctx = talloc_zero(dom, struct idmap_tdb_common_context);
390 0 : if ( ! ctx) {
391 0 : DEBUG(0, ("Out of memory!\n"));
392 0 : return NT_STATUS_NO_MEMORY;
393 : }
394 :
395 : /* load backend specific configuration here: */
396 : #if 0
397 : if (strequal(dom->name, "*")) {
398 : } else {
399 : }
400 : #endif
401 :
402 0 : ctx->rw_ops = talloc_zero(ctx, struct idmap_rw_ops);
403 0 : if (ctx->rw_ops == NULL) {
404 0 : DEBUG(0, ("Out of memory!\n"));
405 0 : ret = NT_STATUS_NO_MEMORY;
406 0 : goto failed;
407 : }
408 :
409 0 : ctx->max_id = dom->high_id;
410 0 : ctx->hwmkey_uid = HWM_USER;
411 0 : ctx->hwmkey_gid = HWM_GROUP;
412 :
413 0 : ctx->rw_ops->get_new_id = idmap_tdb_common_get_new_id;
414 0 : ctx->rw_ops->set_mapping = idmap_tdb_common_set_mapping;
415 :
416 0 : dom->private_data = ctx;
417 :
418 0 : ret = idmap_tdb_open_db(dom);
419 0 : if ( ! NT_STATUS_IS_OK(ret)) {
420 0 : goto failed;
421 : }
422 :
423 0 : return NT_STATUS_OK;
424 :
425 0 : failed:
426 0 : talloc_free(ctx);
427 0 : return ret;
428 : }
429 :
430 : static const struct idmap_methods db_methods = {
431 : .init = idmap_tdb_db_init,
432 : .unixids_to_sids = idmap_tdb_common_unixids_to_sids,
433 : .sids_to_unixids = idmap_tdb_common_sids_to_unixids,
434 : .allocate_id = idmap_tdb_common_get_new_id,
435 : };
436 :
437 0 : NTSTATUS idmap_tdb_init(TALLOC_CTX *mem_ctx)
438 : {
439 0 : DEBUG(10, ("calling idmap_tdb_init\n"));
440 :
441 0 : return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "tdb", &db_methods);
442 : }
|
