diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/winbind_idmap_sss/libdlopen-test-winbind-idmap.c | 31 | ||||
-rw-r--r-- | src/lib/winbind_idmap_sss/winbind_idmap_sss.c | 201 | ||||
-rw-r--r-- | src/lib/winbind_idmap_sss/winbind_idmap_sss.h | 98 |
3 files changed, 330 insertions, 0 deletions
diff --git a/src/lib/winbind_idmap_sss/libdlopen-test-winbind-idmap.c b/src/lib/winbind_idmap_sss/libdlopen-test-winbind-idmap.c new file mode 100644 index 000000000..94e8719f8 --- /dev/null +++ b/src/lib/winbind_idmap_sss/libdlopen-test-winbind-idmap.c @@ -0,0 +1,31 @@ +/* + SSSD + + ID-mapping plugin for winbind - helper library for dlopen test + + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (C) 2016 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "lib/winbind_idmap_sss/winbind_idmap_sss.h" + +NTSTATUS smb_register_idmap(int version, const char *name, + struct idmap_methods *methods) +{ + return NT_STATUS_OK; +} diff --git a/src/lib/winbind_idmap_sss/winbind_idmap_sss.c b/src/lib/winbind_idmap_sss/winbind_idmap_sss.c new file mode 100644 index 000000000..26f753708 --- /dev/null +++ b/src/lib/winbind_idmap_sss/winbind_idmap_sss.c @@ -0,0 +1,201 @@ +/* + SSSD + + ID-mapping plugin for winbind + + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (C) 2016 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <string.h> +#include <errno.h> + +#include "lib/winbind_idmap_sss/winbind_idmap_sss.h" +#include "sss_client/idmap/sss_nss_idmap.h" +#include "lib/idmap/sss_idmap.h" +#include "util/util_sss_idmap.h" + +struct idmap_sss_ctx { + struct sss_idmap_ctx *idmap_ctx; +}; + +static NTSTATUS idmap_sss_initialize(struct idmap_domain *dom) +{ + struct idmap_sss_ctx *ctx; + enum idmap_error_code err; + + if (dom == NULL) { + return ERROR_INVALID_PARAMETER; + } + + ctx = talloc_zero(dom, struct idmap_sss_ctx); + if (ctx == NULL) { + return NT_STATUS_NO_MEMORY; + } + + err = sss_idmap_init(sss_idmap_talloc, ctx, sss_idmap_talloc_free, + &ctx->idmap_ctx); + if (err != IDMAP_SUCCESS) { + talloc_free(ctx); + return NT_STATUS_NO_MEMORY; + } + + dom->private_data = ctx; + + return NT_STATUS_OK; +} + +static NTSTATUS idmap_sss_unixids_to_sids(struct idmap_domain *dom, + struct id_map **map) +{ + size_t c; + int ret; + char *sid_str; + enum sss_id_type id_type; + struct dom_sid *sid; + enum idmap_error_code err; + struct idmap_sss_ctx *ctx; + + if (dom == NULL) { + return ERROR_INVALID_PARAMETER; + } + + ctx = talloc_get_type(dom->private_data, struct idmap_sss_ctx); + if (ctx == NULL) { + return ERROR_INVALID_PARAMETER; + } + + for (c = 0; map[c]; c++) { + map[c]->status = ID_UNKNOWN; + } + + for (c = 0; map[c]; c++) { + ret = sss_nss_getsidbyid(map[c]->xid.id, &sid_str, &id_type); + if (ret != 0) { + if (ret == ENOENT) { + map[c]->status = ID_UNMAPPED; + } + continue; + } + + switch (id_type) { + case SSS_ID_TYPE_UID: + map[c]->xid.type = ID_TYPE_UID; + break; + case SSS_ID_TYPE_GID: + map[c]->xid.type = ID_TYPE_GID; + break; + case SSS_ID_TYPE_BOTH: + map[c]->xid.type = ID_TYPE_BOTH; + break; + default: + free(sid_str); + continue; + } + + err = sss_idmap_sid_to_smb_sid(ctx->idmap_ctx, sid_str, &sid); + free(sid_str); + if (err != IDMAP_SUCCESS) { + continue; + } + + memcpy(map[c]->sid, sid, sizeof(struct dom_sid)); + sss_idmap_free_smb_sid(ctx->idmap_ctx, sid); + + map[c]->status = ID_MAPPED; + } + + return NT_STATUS_OK; +} + +static NTSTATUS idmap_sss_sids_to_unixids(struct idmap_domain *dom, + struct id_map **map) +{ + size_t c; + int ret; + char *sid_str; + enum sss_id_type id_type; + enum idmap_error_code err; + struct idmap_sss_ctx *ctx; + uint32_t id; + + if (dom == NULL) { + return ERROR_INVALID_PARAMETER; + } + + ctx = talloc_get_type(dom->private_data, struct idmap_sss_ctx); + if (ctx == NULL) { + return ERROR_INVALID_PARAMETER; + } + + for (c = 0; map[c]; c++) { + map[c]->status = ID_UNKNOWN; + } + + for (c = 0; map[c]; c++) { + err = sss_idmap_smb_sid_to_sid(ctx->idmap_ctx, map[c]->sid, &sid_str); + if (err != IDMAP_SUCCESS) { + continue; + } + + ret = sss_nss_getidbysid(sid_str, &id, &id_type); + sss_idmap_free_sid(ctx->idmap_ctx, sid_str); + if (ret != 0) { + if (ret == ENOENT) { + map[c]->status = ID_UNMAPPED; + } + continue; + } + + switch (id_type) { + case SSS_ID_TYPE_UID: + map[c]->xid.type = ID_TYPE_UID; + break; + case SSS_ID_TYPE_GID: + map[c]->xid.type = ID_TYPE_GID; + break; + case SSS_ID_TYPE_BOTH: + map[c]->xid.type = ID_TYPE_BOTH; + break; + default: + continue; + } + + map[c]->xid.id = id; + + map[c]->status = ID_MAPPED; + } + + return NT_STATUS_OK; +} + +static struct idmap_methods sss_methods = { + .init = idmap_sss_initialize, + .unixids_to_sids = idmap_sss_unixids_to_sids, + .sids_to_unixids = idmap_sss_sids_to_unixids, +}; + +NTSTATUS idmap_sss_init(void) +{ + return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "sss", &sss_methods); +} + +NTSTATUS samba_init_module(void) +{ + return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "sss", &sss_methods); +} diff --git a/src/lib/winbind_idmap_sss/winbind_idmap_sss.h b/src/lib/winbind_idmap_sss/winbind_idmap_sss.h new file mode 100644 index 000000000..0f27c8561 --- /dev/null +++ b/src/lib/winbind_idmap_sss/winbind_idmap_sss.h @@ -0,0 +1,98 @@ +/* + SSSD + + ID-mapping plugin for winbind + + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (C) 2016 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _WINBIND_SSS_IDMAP_H_ +#define _WINBIND_SSS_IDMAP_H_ + +#include <stdint.h> +#include <stdbool.h> + +#include <core/ntstatus.h> +#include <ndr.h> +#include <gen_ndr/security.h> + +/* The following definitions are taken from the Samba header files + * - winbindd/idmap_proto.h + * - idmap.d + * - gen_ndr/idmap.h + * and can be removed if the related Samba header files become public headers + * or if this plugin is build inside the Samba source tree. */ + +enum id_type { + ID_TYPE_NOT_SPECIFIED, + ID_TYPE_UID, + ID_TYPE_GID, + ID_TYPE_BOTH +}; + +struct unixid { + uint32_t id; + enum id_type type; +}; + +enum id_mapping { + ID_UNKNOWN, + ID_MAPPED, + ID_UNMAPPED, + ID_EXPIRED +}; + +struct id_map { + struct dom_sid *sid; + struct unixid xid; + enum id_mapping status; +}; + +#define SMB_IDMAP_INTERFACE_VERSION 5 + +struct idmap_domain { + const char *name; + struct idmap_methods *methods; + uint32_t low_id; + uint32_t high_id; + bool read_only; + void *private_data; +}; + +/* Filled out by IDMAP backends */ +struct idmap_methods { + + /* Called when backend is first loaded */ + NTSTATUS (*init)(struct idmap_domain *dom); + + /* Map an array of uids/gids to SIDs. The caller specifies + the uid/gid and type. Gets back the SID. */ + NTSTATUS (*unixids_to_sids)(struct idmap_domain *dom, struct id_map **ids); + + /* Map an arry of SIDs to uids/gids. The caller sets the SID + and type and gets back a uid or gid. */ + NTSTATUS (*sids_to_unixids)(struct idmap_domain *dom, struct id_map **ids); + + /* Allocate a Unix-ID. */ + NTSTATUS (*allocate_id)(struct idmap_domain *dom, struct unixid *id); +}; + +NTSTATUS smb_register_idmap(int version, const char *name, + struct idmap_methods *methods); +#endif /* _WINBIND_SSS_IDMAP_H_ */ |