153
143
Verify the sambaUnixIdPool entry in the directory.
154
144
**********************************************************************/
156
static NTSTATUS verify_idpool(void)
146
static NTSTATUS verify_idpool(struct idmap_domain *dom)
160
150
LDAPMessage *result = NULL;
161
151
LDAPMod **mods = NULL;
162
152
const char **attr_list;
167
if ( ! idmap_alloc_ldap) {
168
return NT_STATUS_UNSUCCESSFUL;
171
ctx = talloc_new(idmap_alloc_ldap);
156
struct idmap_ldap_context *ctx;
158
ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context);
160
mem_ctx = talloc_new(ctx);
161
if (mem_ctx == NULL) {
173
162
DEBUG(0, ("Out of memory!\n"));
174
163
return NT_STATUS_NO_MEMORY;
177
filter = talloc_asprintf(ctx, "(objectclass=%s)", LDAP_OBJ_IDPOOL);
166
filter = talloc_asprintf(mem_ctx, "(objectclass=%s)", LDAP_OBJ_IDPOOL);
178
167
CHECK_ALLOC_DONE(filter);
180
attr_list = get_attr_list(ctx, idpool_attr_list);
169
attr_list = get_attr_list(mem_ctx, idpool_attr_list);
181
170
CHECK_ALLOC_DONE(attr_list);
183
rc = smbldap_search(idmap_alloc_ldap->smbldap_state,
184
idmap_alloc_ldap->suffix,
172
rc = smbldap_search(ctx->smbldap_state,
185
174
LDAP_SCOPE_SUBTREE,
237
225
ret = (rc == LDAP_SUCCESS)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
243
/*****************************************************************************
244
Initialise idmap database.
245
*****************************************************************************/
247
static NTSTATUS idmap_ldap_alloc_init(const char *params)
249
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
256
/* Only do init if we are online */
257
if (idmap_is_offline()) {
258
return NT_STATUS_FILE_IS_OFFLINE;
261
idmap_alloc_ldap = TALLOC_ZERO_P(NULL, struct idmap_ldap_alloc_context);
262
CHECK_ALLOC_DONE( idmap_alloc_ldap );
266
if (!lp_idmap_uid(&low_uid, &high_uid)
267
|| !lp_idmap_gid(&low_gid, &high_gid)) {
268
DEBUG(1, ("idmap uid or idmap gid missing\n"));
269
ret = NT_STATUS_UNSUCCESSFUL;
273
idmap_alloc_ldap->low_uid = low_uid;
274
idmap_alloc_ldap->high_uid = high_uid;
275
idmap_alloc_ldap->low_gid = low_gid;
276
idmap_alloc_ldap->high_gid= high_gid;
278
if (idmap_alloc_ldap->high_uid <= idmap_alloc_ldap->low_uid) {
279
DEBUG(1, ("idmap uid range invalid\n"));
280
DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n"));
281
ret = NT_STATUS_UNSUCCESSFUL;
285
if (idmap_alloc_ldap->high_gid <= idmap_alloc_ldap->low_gid) {
286
DEBUG(1, ("idmap gid range invalid\n"));
287
DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n"));
288
ret = NT_STATUS_UNSUCCESSFUL;
292
if (params && *params) {
293
/* assume location is the only parameter */
294
idmap_alloc_ldap->url = talloc_strdup(idmap_alloc_ldap, params);
296
tmp = lp_parm_const_string(-1, "idmap alloc config",
300
DEBUG(1, ("ERROR: missing idmap ldap url\n"));
301
ret = NT_STATUS_UNSUCCESSFUL;
305
idmap_alloc_ldap->url = talloc_strdup(idmap_alloc_ldap, tmp);
307
CHECK_ALLOC_DONE( idmap_alloc_ldap->url );
309
trim_char(idmap_alloc_ldap->url, '\"', '\"');
311
tmp = lp_parm_const_string(-1, "idmap alloc config",
312
"ldap_base_dn", NULL);
313
if ( ! tmp || ! *tmp) {
314
tmp = lp_ldap_idmap_suffix();
316
DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
317
ret = NT_STATUS_UNSUCCESSFUL;
322
idmap_alloc_ldap->suffix = talloc_strdup(idmap_alloc_ldap, tmp);
323
CHECK_ALLOC_DONE( idmap_alloc_ldap->suffix );
325
ret = smbldap_init(idmap_alloc_ldap, winbind_event_context(),
326
idmap_alloc_ldap->url,
327
&idmap_alloc_ldap->smbldap_state);
328
if (!NT_STATUS_IS_OK(ret)) {
329
DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n",
330
idmap_alloc_ldap->url));
334
ret = get_credentials( idmap_alloc_ldap,
335
idmap_alloc_ldap->smbldap_state,
336
"idmap alloc config", NULL,
337
&idmap_alloc_ldap->user_dn );
338
if ( !NT_STATUS_IS_OK(ret) ) {
339
DEBUG(1,("idmap_ldap_alloc_init: Failed to get connection "
340
"credentials (%s)\n", nt_errstr(ret)));
344
/* see if the idmap suffix and sub entries exists */
346
ret = verify_idpool();
349
if ( !NT_STATUS_IS_OK( ret ) )
350
TALLOC_FREE( idmap_alloc_ldap );
227
talloc_free(mem_ctx);
405
281
return NT_STATUS_INVALID_PARAMETER;
408
filter = talloc_asprintf(ctx, "(objectClass=%s)", LDAP_OBJ_IDPOOL);
284
filter = talloc_asprintf(mem_ctx, "(objectClass=%s)", LDAP_OBJ_IDPOOL);
409
285
CHECK_ALLOC_DONE(filter);
411
attr_list = get_attr_list(ctx, idpool_attr_list);
287
attr_list = get_attr_list(mem_ctx, idpool_attr_list);
412
288
CHECK_ALLOC_DONE(attr_list);
414
290
DEBUG(10, ("Search of the id pool (filter: %s)\n", filter));
416
rc = smbldap_search(idmap_alloc_ldap->smbldap_state,
417
idmap_alloc_ldap->suffix,
418
LDAP_SCOPE_SUBTREE, filter,
419
attr_list, 0, &result);
292
rc = smbldap_search(ctx->smbldap_state,
294
LDAP_SCOPE_SUBTREE, filter,
295
attr_list, 0, &result);
421
297
if (rc != LDAP_SUCCESS) {
422
298
DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL));
426
talloc_autofree_ldapmsg(ctx, result);
302
talloc_autofree_ldapmsg(mem_ctx, result);
428
count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct,
304
count = ldap_count_entries(ctx->smbldap_state->ldap_struct, result);
430
305
if (count != 1) {
431
306
DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL));
435
entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct,
310
entry = ldap_first_entry(ctx->smbldap_state->ldap_struct, result);
438
dn = smbldap_talloc_dn(ctx,
439
idmap_alloc_ldap->smbldap_state->ldap_struct,
312
dn = smbldap_talloc_dn(mem_ctx,
313
ctx->smbldap_state->ldap_struct,
445
if ( ! (id_str = smbldap_talloc_single_attribute(idmap_alloc_ldap->smbldap_state->ldap_struct,
446
entry, type, ctx))) {
319
id_str = smbldap_talloc_single_attribute(
320
ctx->smbldap_state->ldap_struct,
321
entry, type, mem_ctx);
322
if (id_str == NULL) {
447
323
DEBUG(0,("%s attribute not found\n", type));
451
DEBUG(0,("Out of memory\n"));
452
ret = NT_STATUS_NO_MEMORY;
324
ret = NT_STATUS_UNSUCCESSFUL;
497
369
DEBUG(10, ("Try to atomically increment the id (%s -> %s)\n",
498
370
id_str, new_id_str));
500
rc = smbldap_modify(idmap_alloc_ldap->smbldap_state, dn, mods);
502
ldap_mods_free(mods, True);
504
if (rc != LDAP_SUCCESS) {
505
DEBUG(1,("Failed to allocate new %s. "
506
"smbldap_modify() failed.\n", type));
517
/**********************************
518
Get current highest id.
519
**********************************/
521
static NTSTATUS idmap_ldap_get_hwm(struct unixid *xid)
524
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
525
int rc = LDAP_SERVER_DOWN;
527
LDAPMessage *result = NULL;
528
LDAPMessage *entry = NULL;
531
const char **attr_list;
534
/* Only do query if we are online */
535
if (idmap_is_offline()) {
536
return NT_STATUS_FILE_IS_OFFLINE;
539
if ( ! idmap_alloc_ldap) {
540
return NT_STATUS_UNSUCCESSFUL;
543
memctx = talloc_new(idmap_alloc_ldap);
545
DEBUG(0, ("Out of memory!\n"));
546
return NT_STATUS_NO_MEMORY;
553
type = get_attr_key2string(idpool_attr_list,
554
LDAP_ATTR_UIDNUMBER);
558
type = get_attr_key2string(idpool_attr_list,
559
LDAP_ATTR_GIDNUMBER);
563
DEBUG(2, ("Invalid ID type (0x%x)\n", xid->type));
564
return NT_STATUS_INVALID_PARAMETER;
567
filter = talloc_asprintf(memctx, "(objectClass=%s)", LDAP_OBJ_IDPOOL);
568
CHECK_ALLOC_DONE(filter);
570
attr_list = get_attr_list(memctx, idpool_attr_list);
571
CHECK_ALLOC_DONE(attr_list);
573
rc = smbldap_search(idmap_alloc_ldap->smbldap_state,
574
idmap_alloc_ldap->suffix,
575
LDAP_SCOPE_SUBTREE, filter,
576
attr_list, 0, &result);
578
if (rc != LDAP_SUCCESS) {
579
DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL));
583
talloc_autofree_ldapmsg(memctx, result);
585
count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct,
588
DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL));
592
entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct,
595
id_str = smbldap_talloc_single_attribute(idmap_alloc_ldap->smbldap_state->ldap_struct,
596
entry, type, memctx);
598
DEBUG(0,("%s attribute not found\n", type));
602
DEBUG(0,("Out of memory\n"));
603
ret = NT_STATUS_NO_MEMORY;
607
xid->id = strtoul(id_str, NULL, 10);
614
/**********************************
616
**********************************/
618
static NTSTATUS idmap_ldap_set_hwm(struct unixid *xid)
621
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
622
int rc = LDAP_SERVER_DOWN;
624
LDAPMessage *result = NULL;
625
LDAPMessage *entry = NULL;
626
LDAPMod **mods = NULL;
629
const char *dn = NULL;
630
const char **attr_list;
633
/* Only do query if we are online */
634
if (idmap_is_offline()) {
635
return NT_STATUS_FILE_IS_OFFLINE;
638
if ( ! idmap_alloc_ldap) {
639
return NT_STATUS_UNSUCCESSFUL;
642
ctx = talloc_new(idmap_alloc_ldap);
644
DEBUG(0, ("Out of memory!\n"));
645
return NT_STATUS_NO_MEMORY;
652
type = get_attr_key2string(idpool_attr_list,
653
LDAP_ATTR_UIDNUMBER);
657
type = get_attr_key2string(idpool_attr_list,
658
LDAP_ATTR_GIDNUMBER);
662
DEBUG(2, ("Invalid ID type (0x%x)\n", xid->type));
663
return NT_STATUS_INVALID_PARAMETER;
666
filter = talloc_asprintf(ctx, "(objectClass=%s)", LDAP_OBJ_IDPOOL);
667
CHECK_ALLOC_DONE(filter);
669
attr_list = get_attr_list(ctx, idpool_attr_list);
670
CHECK_ALLOC_DONE(attr_list);
672
rc = smbldap_search(idmap_alloc_ldap->smbldap_state,
673
idmap_alloc_ldap->suffix,
674
LDAP_SCOPE_SUBTREE, filter,
675
attr_list, 0, &result);
677
if (rc != LDAP_SUCCESS) {
678
DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL));
682
talloc_autofree_ldapmsg(ctx, result);
684
count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct,
687
DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL));
691
entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct,
694
dn = smbldap_talloc_dn(ctx,
695
idmap_alloc_ldap->smbldap_state->ldap_struct,
701
new_id_str = talloc_asprintf(ctx, "%lu", (unsigned long)xid->id);
703
DEBUG(0,("Out of memory\n"));
704
ret = NT_STATUS_NO_MEMORY;
708
smbldap_set_mod(&mods, LDAP_MOD_REPLACE, type, new_id_str);
711
DEBUG(0,("smbldap_set_mod() failed.\n"));
715
rc = smbldap_modify(idmap_alloc_ldap->smbldap_state, dn, mods);
717
ldap_mods_free(mods, True);
719
if (rc != LDAP_SUCCESS) {
720
DEBUG(1,("Failed to allocate new %s. "
721
"smbldap_modify() failed.\n", type));
732
/**********************************
733
Close idmap ldap alloc
734
**********************************/
736
static NTSTATUS idmap_ldap_alloc_close(void)
738
if (idmap_alloc_ldap) {
739
smbldap_free_struct(&idmap_alloc_ldap->smbldap_state);
740
DEBUG(5,("The connection to the LDAP server was closed\n"));
741
/* maybe free the results here --metze */
742
TALLOC_FREE(idmap_alloc_ldap);
372
rc = smbldap_modify(ctx->smbldap_state, dn, mods);
374
ldap_mods_free(mods, True);
376
if (rc != LDAP_SUCCESS) {
377
DEBUG(1,("Failed to allocate new %s. "
378
"smbldap_modify() failed.\n", type));
385
talloc_free(mem_ctx);
390
* Allocate a new unix-ID.
391
* For now this is for the default idmap domain only.
392
* Should be extended later on.
394
static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom,
399
if (!strequal(dom->name, "*")) {
400
DEBUG(3, ("idmap_ldap_allocate_id: "
401
"Refusing allocation of a new unixid for domain'%s'. "
402
"This is only supported for the default "
405
return NT_STATUS_NOT_IMPLEMENTED;
408
ret = idmap_ldap_allocate_id_internal(dom, id);
781
449
return NT_STATUS_NO_MEMORY;
784
if (strequal(dom->name, "*")) {
790
ctx->filter_low_id = 0;
791
ctx->filter_high_id = 0;
793
if (lp_idmap_uid(&low_uid, &high_uid)) {
794
ctx->filter_low_id = low_uid;
795
ctx->filter_high_id = high_uid;
797
DEBUG(3, ("Warning: 'idmap uid' not set!\n"));
800
if (lp_idmap_gid(&low_gid, &high_gid)) {
801
if ((low_gid != low_uid) || (high_gid != high_uid)) {
802
DEBUG(1, ("Warning: 'idmap uid' and 'idmap gid'"
803
" ranges do not agree -- building "
805
ctx->filter_low_id = MAX(ctx->filter_low_id,
807
ctx->filter_high_id = MIN(ctx->filter_high_id,
811
DEBUG(3, ("Warning: 'idmap gid' not set!\n"));
814
const char *range = NULL;
816
config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
817
if ( ! config_option) {
818
DEBUG(0, ("Out of memory!\n"));
819
ret = NT_STATUS_NO_MEMORY;
824
range = lp_parm_const_string(-1, config_option, "range", NULL);
825
if (range && range[0]) {
826
if ((sscanf(range, "%u - %u", &ctx->filter_low_id,
827
&ctx->filter_high_id) != 2))
829
DEBUG(1, ("ERROR: invalid filter range [%s]", range));
830
ctx->filter_low_id = 0;
831
ctx->filter_high_id = 0;
836
if (ctx->filter_low_id > ctx->filter_high_id) {
837
DEBUG(1, ("ERROR: invalid filter range [%u-%u]",
838
ctx->filter_low_id, ctx->filter_high_id));
839
ctx->filter_low_id = 0;
840
ctx->filter_high_id = 0;
843
if (params != NULL) {
844
/* assume location is the only parameter */
845
ctx->url = talloc_strdup(ctx, params);
847
tmp = lp_parm_const_string(-1, config_option, "ldap_url", NULL);
850
DEBUG(1, ("ERROR: missing idmap ldap url\n"));
851
ret = NT_STATUS_UNSUCCESSFUL;
855
ctx->url = talloc_strdup(ctx, tmp);
857
CHECK_ALLOC_DONE(ctx->url);
452
config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
453
if (!config_option) {
454
DEBUG(0, ("Out of memory!\n"));
455
ret = NT_STATUS_NO_MEMORY;
459
tmp = lp_parm_const_string(-1, config_option, "ldap_url", NULL);
462
DEBUG(1, ("ERROR: missing idmap ldap url\n"));
463
ret = NT_STATUS_UNSUCCESSFUL;
467
ctx->url = talloc_strdup(ctx, tmp);
859
469
trim_char(ctx->url, '\"', '\"');
861
tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL);
862
if ( ! tmp || ! *tmp) {
863
tmp = lp_ldap_idmap_suffix();
865
DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
866
ret = NT_STATUS_UNSUCCESSFUL;
471
tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL);
472
if ( ! tmp || ! *tmp) {
473
tmp = lp_ldap_idmap_suffix();
475
DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
476
ret = NT_STATUS_UNSUCCESSFUL;
871
481
ctx->suffix = talloc_strdup(ctx, tmp);
872
482
CHECK_ALLOC_DONE(ctx->suffix);
484
ctx->rw_ops = talloc_zero(ctx, struct idmap_rw_ops);
485
CHECK_ALLOC_DONE(ctx->rw_ops);
487
ctx->rw_ops->get_new_id = idmap_ldap_allocate_id_internal;
488
ctx->rw_ops->set_mapping = idmap_ldap_set_mapping;
874
490
ret = smbldap_init(ctx, winbind_event_context(), ctx->url,
875
491
&ctx->smbldap_state);
876
492
if (!NT_STATUS_IS_OK(ret)) {
533
/* TODO: change this: This function cannot be called to modify a mapping,
534
* only set a new one */
536
static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom,
537
const struct id_map *map)
541
struct idmap_ldap_context *ctx;
542
LDAPMessage *entry = NULL;
543
LDAPMod **mods = NULL;
550
/* Only do query if we are online */
551
if (idmap_is_offline()) {
552
return NT_STATUS_FILE_IS_OFFLINE;
555
ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context);
557
switch(map->xid.type) {
559
type = get_attr_key2string(sidmap_attr_list,
560
LDAP_ATTR_UIDNUMBER);
564
type = get_attr_key2string(sidmap_attr_list,
565
LDAP_ATTR_GIDNUMBER);
569
return NT_STATUS_INVALID_PARAMETER;
572
memctx = talloc_new(ctx);
574
DEBUG(0, ("Out of memory!\n"));
575
return NT_STATUS_NO_MEMORY;
578
id_str = talloc_asprintf(memctx, "%lu", (unsigned long)map->xid.id);
579
CHECK_ALLOC_DONE(id_str);
581
sid = talloc_strdup(memctx, sid_string_talloc(memctx, map->sid));
582
CHECK_ALLOC_DONE(sid);
584
dn = talloc_asprintf(memctx, "%s=%s,%s",
585
get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID),
588
CHECK_ALLOC_DONE(dn);
590
smbldap_set_mod(&mods, LDAP_MOD_ADD,
591
"objectClass", LDAP_OBJ_IDMAP_ENTRY);
593
smbldap_make_mod(ctx->smbldap_state->ldap_struct,
594
entry, &mods, type, id_str);
596
smbldap_make_mod(ctx->smbldap_state->ldap_struct, entry, &mods,
597
get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID),
601
DEBUG(2, ("ERROR: No mods?\n"));
602
ret = NT_STATUS_UNSUCCESSFUL;
606
/* TODO: remove conflicting mappings! */
608
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SID_ENTRY);
610
DEBUG(10, ("Set DN %s (%s -> %s)\n", dn, sid, id_str));
612
rc = smbldap_add(ctx->smbldap_state, dn, mods);
613
ldap_mods_free(mods, True);
615
if (rc != LDAP_SUCCESS) {
616
char *ld_error = NULL;
617
ldap_get_option(ctx->smbldap_state->ldap_struct,
618
LDAP_OPT_ERROR_STRING, &ld_error);
619
DEBUG(0,("ldap_set_mapping_internals: Failed to add %s to %lu "
620
"mapping [%s]\n", sid,
621
(unsigned long)map->xid.id, type));
622
DEBUG(0, ("ldap_set_mapping_internals: Error was: %s (%s)\n",
623
ld_error ? ld_error : "(NULL)", ldap_err2string (rc)));
625
ldap_memfree(ld_error);
627
ret = NT_STATUS_UNSUCCESSFUL;
631
DEBUG(10,("ldap_set_mapping: Successfully created mapping from %s to "
632
"%lu [%s]\n", sid, (unsigned long)map->xid.id, type));
642
* Create a new mapping for an unmapped SID, also allocating a new ID.
643
* If possible, this should be run inside a transaction to make the
646
static NTSTATUS idmap_ldap_new_mapping(struct idmap_domain *dom, struct id_map *map)
649
struct idmap_ldap_context *ctx;
651
ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context);
653
ret = idmap_rw_new_mapping(dom, ctx->rw_ops, map);
905
659
/* max number of ids requested per batch query */
906
660
#define IDMAP_LDAP_MAX_IDS 30
1368
/* mark all unknwon/expired ones as unmapped */
1117
* try to create new mappings for unmapped sids
1369
1119
for (i = 0; ids[i]; i++) {
1370
if (ids[i]->status != ID_MAPPED)
1120
if (ids[i]->status != ID_MAPPED) {
1371
1121
ids[i]->status = ID_UNMAPPED;
1375
talloc_free(memctx);
1379
/**********************************
1381
**********************************/
1383
/* TODO: change this: This function cannot be called to modify a mapping,
1384
* only set a new one */
1386
static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom,
1387
const struct id_map *map)
1391
struct idmap_ldap_context *ctx;
1392
LDAPMessage *entry = NULL;
1393
LDAPMod **mods = NULL;
1400
/* Only do query if we are online */
1401
if (idmap_is_offline()) {
1402
return NT_STATUS_FILE_IS_OFFLINE;
1405
ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context);
1407
switch(map->xid.type) {
1409
type = get_attr_key2string(sidmap_attr_list,
1410
LDAP_ATTR_UIDNUMBER);
1414
type = get_attr_key2string(sidmap_attr_list,
1415
LDAP_ATTR_GIDNUMBER);
1419
return NT_STATUS_INVALID_PARAMETER;
1422
memctx = talloc_new(ctx);
1424
DEBUG(0, ("Out of memory!\n"));
1425
return NT_STATUS_NO_MEMORY;
1428
id_str = talloc_asprintf(memctx, "%lu", (unsigned long)map->xid.id);
1429
CHECK_ALLOC_DONE(id_str);
1431
sid = talloc_strdup(memctx, sid_string_talloc(memctx, map->sid));
1432
CHECK_ALLOC_DONE(sid);
1434
dn = talloc_asprintf(memctx, "%s=%s,%s",
1435
get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID),
1438
CHECK_ALLOC_DONE(dn);
1440
smbldap_set_mod(&mods, LDAP_MOD_ADD,
1441
"objectClass", LDAP_OBJ_IDMAP_ENTRY);
1443
smbldap_make_mod(ctx->smbldap_state->ldap_struct,
1444
entry, &mods, type, id_str);
1446
smbldap_make_mod(ctx->smbldap_state->ldap_struct, entry, &mods,
1447
get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID),
1451
DEBUG(2, ("ERROR: No mods?\n"));
1452
ret = NT_STATUS_UNSUCCESSFUL;
1456
/* TODO: remove conflicting mappings! */
1458
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SID_ENTRY);
1460
DEBUG(10, ("Set DN %s (%s -> %s)\n", dn, sid, id_str));
1462
rc = smbldap_add(ctx->smbldap_state, dn, mods);
1463
ldap_mods_free(mods, True);
1465
if (rc != LDAP_SUCCESS) {
1466
char *ld_error = NULL;
1467
ldap_get_option(ctx->smbldap_state->ldap_struct,
1468
LDAP_OPT_ERROR_STRING, &ld_error);
1469
DEBUG(0,("ldap_set_mapping_internals: Failed to add %s to %lu "
1470
"mapping [%s]\n", sid,
1471
(unsigned long)map->xid.id, type));
1472
DEBUG(0, ("ldap_set_mapping_internals: Error was: %s (%s)\n",
1473
ld_error ? ld_error : "(NULL)", ldap_err2string (rc)));
1475
ldap_memfree(ld_error);
1122
if (ids[i]->sid != NULL) {
1123
ret = idmap_ldap_new_mapping(dom, ids[i]);
1124
if (!NT_STATUS_IS_OK(ret)) {
1477
ret = NT_STATUS_UNSUCCESSFUL;
1481
DEBUG(10,("ldap_set_mapping: Successfully created mapping from %s to "
1482
"%lu [%s]\n", sid, (unsigned long)map->xid.id, type));
1484
1131
ret = NT_STATUS_OK;
1492
1139
Close the idmap ldap instance
1493
1140
**********************************/
1495
static NTSTATUS idmap_ldap_close(struct idmap_domain *dom)
1497
struct idmap_ldap_context *ctx;
1499
if (dom->private_data) {
1500
ctx = talloc_get_type(dom->private_data,
1501
struct idmap_ldap_context);
1504
dom->private_data = NULL;
1507
return NT_STATUS_OK;
1510
1142
static struct idmap_methods idmap_ldap_methods = {
1512
1144
.init = idmap_ldap_db_init,
1513
1145
.unixids_to_sids = idmap_ldap_unixids_to_sids,
1514
1146
.sids_to_unixids = idmap_ldap_sids_to_unixids,
1515
.set_mapping = idmap_ldap_set_mapping,
1516
.close_fn = idmap_ldap_close
1519
static struct idmap_alloc_methods idmap_ldap_alloc_methods = {
1521
.init = idmap_ldap_alloc_init,
1522
1147
.allocate_id = idmap_ldap_allocate_id,
1523
.get_id_hwm = idmap_ldap_get_hwm,
1524
.set_id_hwm = idmap_ldap_set_hwm,
1525
.close_fn = idmap_ldap_alloc_close,
1526
/* .dump_data = TODO */
1529
static NTSTATUS idmap_alloc_ldap_init(void)
1531
return smb_register_idmap_alloc(SMB_IDMAP_INTERFACE_VERSION, "ldap",
1532
&idmap_ldap_alloc_methods);
1535
1150
NTSTATUS idmap_ldap_init(void);
1536
1151
NTSTATUS idmap_ldap_init(void)
1540
/* FIXME: bad hack to actually register also the alloc_ldap module
1541
* without changining configure.in */
1542
ret = idmap_alloc_ldap_init();
1543
if (! NT_STATUS_IS_OK(ret)) {
1546
1153
return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "ldap",
1547
1154
&idmap_ldap_methods);