2 Unix SMB/CIFS implementation.
4 Winbind daemon for ntdom nss module
6 Copyright (C) Tim Potter 2000-2001
7 Copyright (C) 2001 by Martin Pool <mbp@samba.org>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #define DBGC_CLASS DBGC_WINBIND
31 * @file winbindd_util.c
33 * Winbind daemon for NT domain authentication nss module.
38 * Used to clobber name fields that have an undefined value.
40 * Correct code should never look at a field that has this value.
43 static const fstring name_deadbeef = "<deadbeef>";
45 /* The list of trusted domains. Note that the list can be deleted and
46 recreated using the init_domain_list() function so pointers to
47 individual winbindd_domain structures cannot be made. Keep a copy of
48 the domain name instead. */
50 static struct winbindd_domain *_domain_list;
53 When was the last scan of trusted domains done?
58 static time_t last_trustdom_scan;
60 struct winbindd_domain *domain_list(void)
70 /* Free all entries in the trusted domain list */
72 void free_domain_list(void)
74 struct winbindd_domain *domain = _domain_list;
77 struct winbindd_domain *next = domain->next;
79 DLIST_REMOVE(_domain_list, domain);
85 static BOOL is_internal_domain(const DOM_SID *sid)
90 return (sid_check_is_domain(sid) || sid_check_is_builtin(sid));
93 static BOOL is_in_internal_domain(const DOM_SID *sid)
98 return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid));
102 /* Add a trusted domain to our list of domains */
103 static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
104 struct winbindd_methods *methods,
107 struct winbindd_domain *domain;
108 const char *alternative_name = NULL;
110 /* ignore alt_name if we are not in an AD domain */
112 if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
113 alternative_name = alt_name;
116 /* We can't call domain_list() as this function is called from
117 init_domain_list() and we'll get stuck in a loop. */
118 for (domain = _domain_list; domain; domain = domain->next) {
119 if (strequal(domain_name, domain->name) ||
120 strequal(domain_name, domain->alt_name)) {
123 if (alternative_name && *alternative_name) {
124 if (strequal(alternative_name, domain->name) ||
125 strequal(alternative_name, domain->alt_name)) {
130 if (is_null_sid(sid)) {
132 } else if (sid_equal(sid, &domain->sid)) {
138 /* Create new domain entry */
140 if ((domain = SMB_MALLOC_P(struct winbindd_domain)) == NULL)
145 ZERO_STRUCTP(domain);
147 /* prioritise the short name */
148 if (strchr_m(domain_name, '.') && alternative_name && *alternative_name) {
149 fstrcpy(domain->name, alternative_name);
150 fstrcpy(domain->alt_name, domain_name);
152 fstrcpy(domain->name, domain_name);
153 if (alternative_name) {
154 fstrcpy(domain->alt_name, alternative_name);
158 domain->methods = methods;
159 domain->backend = NULL;
160 domain->internal = is_internal_domain(sid);
161 domain->sequence_number = DOM_SEQUENCE_NONE;
162 domain->last_seq_check = 0;
163 domain->initialized = False;
165 sid_copy(&domain->sid, sid);
168 /* Link to domain list */
169 DLIST_ADD(_domain_list, domain);
171 DEBUG(2,("Added domain %s %s %s\n",
172 domain->name, domain->alt_name,
173 &domain->sid?sid_string_static(&domain->sid):""));
178 /********************************************************************
179 rescan our domains looking for new trusted domains
180 ********************************************************************/
182 struct trustdom_state {
184 struct winbindd_response *response;
187 static void trustdom_recv(void *private_data, BOOL success);
189 static void add_trusted_domains( struct winbindd_domain *domain )
192 struct winbindd_request *request;
193 struct winbindd_response *response;
195 struct trustdom_state *state;
197 mem_ctx = talloc_init("add_trusted_domains");
198 if (mem_ctx == NULL) {
199 DEBUG(0, ("talloc_init failed\n"));
203 request = TALLOC_ZERO_P(mem_ctx, struct winbindd_request);
204 response = TALLOC_P(mem_ctx, struct winbindd_response);
205 state = TALLOC_P(mem_ctx, struct trustdom_state);
207 if ((request == NULL) || (response == NULL) || (state == NULL)) {
208 DEBUG(0, ("talloc failed\n"));
209 talloc_destroy(mem_ctx);
213 state->mem_ctx = mem_ctx;
214 state->response = response;
216 request->length = sizeof(*request);
217 request->cmd = WINBINDD_LIST_TRUSTDOM;
219 async_domain_request(mem_ctx, domain, request, response,
220 trustdom_recv, state);
223 static void trustdom_recv(void *private_data, BOOL success)
225 extern struct winbindd_methods cache_methods;
226 struct trustdom_state *state =
227 talloc_get_type_abort(private_data, struct trustdom_state);
228 struct winbindd_response *response = state->response;
231 if ((!success) || (response->result != WINBINDD_OK)) {
232 DEBUG(1, ("Could not receive trustdoms\n"));
233 talloc_destroy(state->mem_ctx);
237 p = response->extra_data;
239 while ((p != NULL) && (*p != '\0')) {
240 char *q, *sidstr, *alt_name;
243 alt_name = strchr(p, '\\');
244 if (alt_name == NULL) {
245 DEBUG(0, ("Got invalid trustdom response\n"));
252 sidstr = strchr(alt_name, '\\');
253 if (sidstr == NULL) {
254 DEBUG(0, ("Got invalid trustdom response\n"));
261 q = strchr(sidstr, '\n');
265 if (!string_to_sid(&sid, sidstr)) {
266 DEBUG(0, ("Got invalid trustdom response\n"));
270 if (find_domain_from_name_noinit(p) == NULL) {
271 struct winbindd_domain *domain;
272 char *alternate_name = NULL;
274 /* use the real alt_name if we have one, else pass in NULL */
276 if ( !strequal( alt_name, "(null)" ) )
277 alternate_name = alt_name;
279 domain = add_trusted_domain(p, alternate_name,
282 setup_domain_child(domain, &domain->child, NULL);
289 SAFE_FREE(response->extra_data);
290 talloc_destroy(state->mem_ctx);
293 /********************************************************************
294 Periodically we need to refresh the trusted domain cache for smbd
295 ********************************************************************/
297 void rescan_trusted_domains( void )
299 time_t now = time(NULL);
301 /* see if the time has come... */
303 if ((now >= last_trustdom_scan) &&
304 ((now-last_trustdom_scan) < WINBINDD_RESCAN_FREQ) )
307 /* this will only add new domains we didn't already know about */
309 add_trusted_domains( find_our_domain() );
311 last_trustdom_scan = now;
316 struct init_child_state {
318 struct winbindd_domain *domain;
319 struct winbindd_request *request;
320 struct winbindd_response *response;
321 void (*continuation)(void *private_data, BOOL success);
325 static void init_child_recv(void *private_data, BOOL success);
326 static void init_child_getdc_recv(void *private_data, BOOL success);
328 enum winbindd_result init_child_connection(struct winbindd_domain *domain,
329 void (*continuation)(void *private_data,
334 struct winbindd_request *request;
335 struct winbindd_response *response;
336 struct init_child_state *state;
338 mem_ctx = talloc_init("init_child_connection");
339 if (mem_ctx == NULL) {
340 DEBUG(0, ("talloc_init failed\n"));
341 return WINBINDD_ERROR;
344 request = TALLOC_ZERO_P(mem_ctx, struct winbindd_request);
345 response = TALLOC_P(mem_ctx, struct winbindd_response);
346 state = TALLOC_P(mem_ctx, struct init_child_state);
348 if ((request == NULL) || (response == NULL) || (state == NULL)) {
349 DEBUG(0, ("talloc failed\n"));
350 continuation(private_data, False);
351 return WINBINDD_ERROR;
354 request->length = sizeof(*request);
356 state->mem_ctx = mem_ctx;
357 state->domain = domain;
358 state->request = request;
359 state->response = response;
360 state->continuation = continuation;
361 state->private_data = private_data;
363 if (domain->primary) {
364 /* The primary domain has to find the DC name itself */
365 request->cmd = WINBINDD_INIT_CONNECTION;
366 fstrcpy(request->domain_name, domain->name);
367 request->data.init_conn.is_primary = True;
368 fstrcpy(request->data.init_conn.dcname, "");
370 async_request(mem_ctx, &domain->child, request, response,
371 init_child_recv, state);
372 return WINBINDD_PENDING;
375 /* This is *not* the primary domain, let's ask our DC about a DC
378 request->cmd = WINBINDD_GETDCNAME;
379 fstrcpy(request->domain_name, domain->name);
381 async_domain_request(mem_ctx, find_our_domain(), request, response,
382 init_child_getdc_recv, state);
383 return WINBINDD_PENDING;
386 static void init_child_getdc_recv(void *private_data, BOOL success)
388 struct init_child_state *state =
389 talloc_get_type_abort(private_data, struct init_child_state);
390 const char *dcname = "";
392 DEBUG(10, ("Received getdcname response\n"));
394 if (success && (state->response->result == WINBINDD_OK)) {
395 dcname = state->response->data.dc_name;
398 state->request->cmd = WINBINDD_INIT_CONNECTION;
399 fstrcpy(state->request->domain_name, state->domain->name);
400 state->request->data.init_conn.is_primary = False;
401 fstrcpy(state->request->data.init_conn.dcname, dcname);
403 async_request(state->mem_ctx, &state->domain->child,
404 state->request, state->response,
405 init_child_recv, state);
408 static void init_child_recv(void *private_data, BOOL success)
410 struct init_child_state *state =
411 talloc_get_type_abort(private_data, struct init_child_state);
413 DEBUG(5, ("Received child initialization response for domain %s\n",
414 state->domain->name));
416 if ((!success) || (state->response->result != WINBINDD_OK)) {
417 DEBUG(3, ("Could not init child\n"));
418 state->continuation(state->private_data, False);
419 talloc_destroy(state->mem_ctx);
423 fstrcpy(state->domain->name,
424 state->response->data.domain_info.name);
425 fstrcpy(state->domain->alt_name,
426 state->response->data.domain_info.alt_name);
427 string_to_sid(&state->domain->sid,
428 state->response->data.domain_info.sid);
429 state->domain->native_mode =
430 state->response->data.domain_info.native_mode;
431 state->domain->active_directory =
432 state->response->data.domain_info.active_directory;
433 state->domain->sequence_number =
434 state->response->data.domain_info.sequence_number;
436 state->domain->initialized = 1;
438 if (state->continuation != NULL)
439 state->continuation(state->private_data, True);
440 talloc_destroy(state->mem_ctx);
443 enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domain,
444 struct winbindd_cli_state *state)
446 struct in_addr ipaddr;
448 /* Ensure null termination */
449 state->request.domain_name
450 [sizeof(state->request.domain_name)-1]='\0';
451 state->request.data.init_conn.dcname
452 [sizeof(state->request.data.init_conn.dcname)-1]='\0';
454 if (strlen(state->request.data.init_conn.dcname) > 0) {
455 fstrcpy(domain->dcname, state->request.data.init_conn.dcname);
458 if (strlen(domain->dcname) > 0) {
459 if (!resolve_name(domain->dcname, &ipaddr, 0x20)) {
460 DEBUG(2, ("Could not resolve DC name %s for domain %s\n",
461 domain->dcname, domain->name));
462 return WINBINDD_ERROR;
465 domain->dcaddr.sin_family = PF_INET;
466 putip((char *)&(domain->dcaddr.sin_addr), (char *)&ipaddr);
467 domain->dcaddr.sin_port = 0;
470 set_dc_type_and_flags(domain);
472 if (!domain->initialized) {
473 DEBUG(1, ("Could not initialize domain %s\n",
474 state->request.domain_name));
475 return WINBINDD_ERROR;
478 fstrcpy(state->response.data.domain_info.name, domain->name);
479 fstrcpy(state->response.data.domain_info.alt_name, domain->alt_name);
480 fstrcpy(state->response.data.domain_info.sid,
481 sid_string_static(&domain->sid));
483 state->response.data.domain_info.native_mode
484 = domain->native_mode;
485 state->response.data.domain_info.active_directory
486 = domain->active_directory;
487 state->response.data.domain_info.primary
489 state->response.data.domain_info.sequence_number =
490 domain->sequence_number;
495 /* Look up global info for the winbind daemon */
496 void init_domain_list(void)
498 extern struct winbindd_methods cache_methods;
499 extern struct winbindd_methods passdb_methods;
500 struct winbindd_domain *domain;
502 /* Free existing list */
505 /* Add ourselves as the first entry. */
508 domain = add_trusted_domain(get_global_sam_name(), NULL,
510 get_global_sam_sid());
515 if (!secrets_fetch_domain_sid(lp_workgroup(), &our_sid)) {
516 smb_panic("Could not fetch our SID - did we join?\n");
519 domain = add_trusted_domain( lp_workgroup(), lp_realm(),
520 &cache_methods, &our_sid);
523 domain->primary = True;
524 setup_domain_child(domain, &domain->child, NULL);
526 /* Add our local SAM domains */
528 domain = add_trusted_domain("BUILTIN", NULL, &passdb_methods,
529 &global_sid_Builtin);
530 setup_domain_child(domain, &domain->child, NULL);
533 domain = add_trusted_domain(get_global_sam_name(), NULL,
535 get_global_sam_sid());
536 setup_domain_child(domain, &domain->child, NULL);
541 * Given a domain name, return the struct winbindd domain info for it
543 * @note Do *not* pass lp_workgroup() to this function. domain_list
544 * may modify it's value, and free that pointer. Instead, our local
545 * domain may be found by calling find_our_domain().
549 * @return The domain structure for the named domain, if it is working.
552 struct winbindd_domain *find_domain_from_name_noinit(const char *domain_name)
554 struct winbindd_domain *domain;
556 /* Search through list */
558 for (domain = domain_list(); domain != NULL; domain = domain->next) {
559 if (strequal(domain_name, domain->name) ||
560 (domain->alt_name[0] &&
561 strequal(domain_name, domain->alt_name))) {
571 struct winbindd_domain *find_domain_from_name(const char *domain_name)
573 struct winbindd_domain *domain;
575 domain = find_domain_from_name_noinit(domain_name);
580 if (!domain->initialized)
581 set_dc_type_and_flags(domain);
586 /* Given a domain sid, return the struct winbindd domain info for it */
588 struct winbindd_domain *find_domain_from_sid_noinit(const DOM_SID *sid)
590 struct winbindd_domain *domain;
592 /* Search through list */
594 for (domain = domain_list(); domain != NULL; domain = domain->next) {
595 if (sid_compare_domain(sid, &domain->sid) == 0)
604 /* Given a domain sid, return the struct winbindd domain info for it */
606 struct winbindd_domain *find_domain_from_sid(const DOM_SID *sid)
608 struct winbindd_domain *domain;
610 domain = find_domain_from_sid_noinit(sid);
615 if (!domain->initialized)
616 set_dc_type_and_flags(domain);
621 struct winbindd_domain *find_our_domain(void)
623 struct winbindd_domain *domain;
625 /* Search through list */
627 for (domain = domain_list(); domain != NULL; domain = domain->next) {
632 smb_panic("Could not find our domain\n");
636 struct winbindd_domain *find_builtin_domain(void)
639 struct winbindd_domain *domain;
641 string_to_sid(&sid, "S-1-5-32");
642 domain = find_domain_from_sid(&sid);
645 smb_panic("Could not find BUILTIN domain\n");
650 /* Find the appropriate domain to lookup a name or SID */
652 struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid)
654 /* A DC can't ask the local smbd for remote SIDs, here winbindd is the
655 * one to contact the external DC's. On member servers the internal
656 * domains are different: These are part of the local SAM. */
658 DEBUG(10, ("find_lookup_domain_from_sid(%s)\n",
659 sid_string_static(sid)));
661 if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) {
662 DEBUG(10, ("calling find_domain_from_sid\n"));
663 return find_domain_from_sid(sid);
666 /* On a member server a query for SID or name can always go to our
669 DEBUG(10, ("calling find_our_domain\n"));
670 return find_our_domain();
673 struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name)
675 if (IS_DC || strequal(domain_name, "BUILTIN") ||
676 strequal(domain_name, get_global_sam_name()))
677 return find_domain_from_name_noinit(domain_name);
679 return find_our_domain();
682 /* Lookup a sid in a domain from a name */
684 BOOL winbindd_lookup_sid_by_name(TALLOC_CTX *mem_ctx,
685 struct winbindd_domain *domain,
686 const char *domain_name,
687 const char *name, DOM_SID *sid,
688 enum SID_NAME_USE *type)
693 result = domain->methods->name_to_sid(domain, mem_ctx, domain_name, name, sid, type);
695 /* Return rid and type if lookup successful */
696 if (!NT_STATUS_IS_OK(result)) {
697 *type = SID_NAME_UNKNOWN;
700 return NT_STATUS_IS_OK(result);
704 * @brief Lookup a name in a domain from a sid.
706 * @param sid Security ID you want to look up.
707 * @param name On success, set to the name corresponding to @p sid.
708 * @param dom_name On success, set to the 'domain name' corresponding to @p sid.
709 * @param type On success, contains the type of name: alias, group or
711 * @retval True if the name exists, in which case @p name and @p type
712 * are set, otherwise False.
714 BOOL winbindd_lookup_name_by_sid(TALLOC_CTX *mem_ctx,
718 enum SID_NAME_USE *type)
724 struct winbindd_domain *domain;
726 domain = find_lookup_domain_from_sid(sid);
729 DEBUG(1,("Can't find domain from sid\n"));
735 result = domain->methods->sid_to_name(domain, mem_ctx, sid, &dom_names, &names, type);
737 /* Return name and type if successful */
739 if ((rv = NT_STATUS_IS_OK(result))) {
740 fstrcpy(dom_name, dom_names);
741 fstrcpy(name, names);
743 *type = SID_NAME_UNKNOWN;
744 fstrcpy(name, name_deadbeef);
750 /* Free state information held for {set,get,end}{pw,gr}ent() functions */
752 void free_getent_state(struct getent_state *state)
754 struct getent_state *temp;
756 /* Iterate over state list */
760 while(temp != NULL) {
761 struct getent_state *next;
763 /* Free sam entries then list entry */
765 SAFE_FREE(state->sam_entries);
766 DLIST_REMOVE(state, state);
774 /* Parse winbindd related parameters */
776 BOOL winbindd_param_init(void)
778 /* Parse winbind uid and winbind_gid parameters */
780 if (!lp_idmap_uid(&server_state.uid_low, &server_state.uid_high)) {
781 DEBUG(0, ("winbindd: idmap uid range missing or invalid\n"));
782 DEBUG(0, ("winbindd: cannot continue, exiting.\n"));
786 if (!lp_idmap_gid(&server_state.gid_low, &server_state.gid_high)) {
787 DEBUG(0, ("winbindd: idmap gid range missing or invalid\n"));
788 DEBUG(0, ("winbindd: cannot continue, exiting.\n"));
795 BOOL is_in_uid_range(uid_t uid)
797 return ((uid >= server_state.uid_low) &&
798 (uid <= server_state.uid_high));
801 BOOL is_in_gid_range(gid_t gid)
803 return ((gid >= server_state.gid_low) &&
804 (gid <= server_state.gid_high));
807 /* Is this a domain which we may assume no DOMAIN\ prefix? */
809 static BOOL assume_domain(const char *domain) {
810 if ((lp_winbind_use_default_domain()
811 || lp_winbind_trusted_domains_only()) &&
812 strequal(lp_workgroup(), domain))
815 if (strequal(get_global_sam_name(), domain))
821 /* Parse a string of the form DOMAIN\user into a domain and a user */
823 BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
825 char *p = strchr(domuser,*lp_winbind_separator());
828 fstrcpy(user, domuser);
830 if ( assume_domain(lp_workgroup())) {
831 fstrcpy(domain, lp_workgroup());
833 fstrcpy( domain, get_global_sam_name() );
838 fstrcpy(domain, domuser);
839 domain[PTR_DIFF(p, domuser)] = 0;
847 BOOL parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser,
848 char **domain, char **user)
850 fstring fstr_domain, fstr_user;
851 parse_domain_user(domuser, fstr_domain, fstr_user);
852 *domain = talloc_strdup(mem_ctx, fstr_domain);
853 *user = talloc_strdup(mem_ctx, fstr_user);
854 return ((*domain != NULL) && (*user != NULL));
858 Fill DOMAIN\\USERNAME entry accounting 'winbind use default domain' and
859 'winbind separator' options.
861 - omit DOMAIN when 'winbind use default domain = true' and DOMAIN is
864 If we are a PDC or BDC, and this is for our domain, do likewise.
866 Also, if omit DOMAIN if 'winbind trusted domains only = true', as the
867 username is then unqualified in unix
870 void fill_domain_username(fstring name, const char *domain, const char *user)
874 fstrcpy(tmp_user, user);
875 strlower_m(tmp_user);
877 if (assume_domain(domain)) {
878 strlcpy(name, user, sizeof(fstring));
880 slprintf(name, sizeof(fstring) - 1, "%s%c%s",
881 domain, *lp_winbind_separator(),
887 * Winbindd socket accessor functions
890 char *get_winbind_priv_pipe_dir(void)
892 return lock_path(WINBINDD_PRIV_SOCKET_SUBDIR);
895 /* Open the winbindd socket */
897 static int _winbindd_socket = -1;
898 static int _winbindd_priv_socket = -1;
900 int open_winbindd_socket(void)
902 if (_winbindd_socket == -1) {
903 _winbindd_socket = create_pipe_sock(
904 WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME, 0755);
905 DEBUG(10, ("open_winbindd_socket: opened socket fd %d\n",
909 return _winbindd_socket;
912 int open_winbindd_priv_socket(void)
914 if (_winbindd_priv_socket == -1) {
915 _winbindd_priv_socket = create_pipe_sock(
916 get_winbind_priv_pipe_dir(), WINBINDD_SOCKET_NAME, 0750);
917 DEBUG(10, ("open_winbindd_priv_socket: opened socket fd %d\n",
918 _winbindd_priv_socket));
921 return _winbindd_priv_socket;
924 /* Close the winbindd socket */
926 void close_winbindd_socket(void)
928 if (_winbindd_socket != -1) {
929 DEBUG(10, ("close_winbindd_socket: closing socket fd %d\n",
931 close(_winbindd_socket);
932 _winbindd_socket = -1;
934 if (_winbindd_priv_socket != -1) {
935 DEBUG(10, ("close_winbindd_socket: closing socket fd %d\n",
936 _winbindd_priv_socket));
937 close(_winbindd_priv_socket);
938 _winbindd_priv_socket = -1;
943 * Client list accessor functions
946 static struct winbindd_cli_state *_client_list;
947 static int _num_clients;
949 /* Return list of all connected clients */
951 struct winbindd_cli_state *winbindd_client_list(void)
956 /* Add a connection to the list */
958 void winbindd_add_client(struct winbindd_cli_state *cli)
960 DLIST_ADD(_client_list, cli);
964 /* Remove a client from the list */
966 void winbindd_remove_client(struct winbindd_cli_state *cli)
968 DLIST_REMOVE(_client_list, cli);
972 /* Demote a client to be the last in the list */
974 void winbindd_demote_client(struct winbindd_cli_state *cli)
976 struct winbindd_cli_state *tmp;
977 DLIST_DEMOTE(_client_list, cli, tmp);
980 /* Close all open clients */
982 void winbindd_kill_all_clients(void)
984 struct winbindd_cli_state *cl = winbindd_client_list();
986 DEBUG(10, ("winbindd_kill_all_clients: going postal\n"));
989 struct winbindd_cli_state *next;
992 winbindd_remove_client(cl);
997 /* Return number of open clients */
999 int winbindd_num_clients(void)
1001 return _num_clients;
1004 /*****************************************************************************
1005 For idmap conversion: convert one record to new format
1006 Ancient versions (eg 2.2.3a) of winbindd_idmap.tdb mapped DOMAINNAME/rid
1008 *****************************************************************************/
1009 static int convert_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA data, void *state)
1011 struct winbindd_domain *domain;
1018 BOOL *failed = (BOOL *)state;
1020 DEBUG(10,("Converting %s\n", key.dptr));
1022 p = strchr(key.dptr, '/');
1027 fstrcpy(dom_name, key.dptr);
1030 domain = find_domain_from_name(dom_name);
1031 if (domain == NULL) {
1032 /* We must delete the old record. */
1033 DEBUG(0,("Unable to find domain %s\n", dom_name ));
1034 DEBUG(0,("deleting record %s\n", key.dptr ));
1036 if (tdb_delete(tdb, key) != 0) {
1037 DEBUG(0, ("Unable to delete record %s\n", key.dptr));
1047 sid_copy(&sid, &domain->sid);
1048 sid_append_rid(&sid, rid);
1050 sid_to_string(keystr, &sid);
1052 key2.dsize = strlen(keystr) + 1;
1054 if (tdb_store(tdb, key2, data, TDB_INSERT) != 0) {
1055 DEBUG(0,("Unable to add record %s\n", key2.dptr ));
1060 if (tdb_store(tdb, data, key2, TDB_REPLACE) != 0) {
1061 DEBUG(0,("Unable to update record %s\n", data.dptr ));
1066 if (tdb_delete(tdb, key) != 0) {
1067 DEBUG(0,("Unable to delete record %s\n", key.dptr ));
1075 /* These definitions are from sam/idmap_tdb.c. Replicated here just
1076 out of laziness.... :-( */
1078 /* High water mark keys */
1079 #define HWM_GROUP "GROUP HWM"
1080 #define HWM_USER "USER HWM"
1082 /* idmap version determines auto-conversion */
1083 #define IDMAP_VERSION 2
1086 /*****************************************************************************
1087 Convert the idmap database from an older version.
1088 *****************************************************************************/
1090 static BOOL idmap_convert(const char *idmap_name)
1093 BOOL bigendianheader;
1094 BOOL failed = False;
1095 TDB_CONTEXT *idmap_tdb;
1097 if (!(idmap_tdb = tdb_open_log(idmap_name, 0,
1098 TDB_DEFAULT, O_RDWR,
1100 DEBUG(0, ("idmap_convert: Unable to open idmap database\n"));
1104 bigendianheader = (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False;
1106 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION");
1108 if (((vers == -1) && bigendianheader) || (IREV(vers) == IDMAP_VERSION)) {
1109 /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */
1111 * high and low records were created on a
1112 * big endian machine and will need byte-reversing.
1117 wm = tdb_fetch_int32(idmap_tdb, HWM_USER);
1122 wm = server_state.uid_low;
1125 if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) {
1126 DEBUG(0, ("idmap_convert: Unable to byteswap user hwm in idmap database\n"));
1127 tdb_close(idmap_tdb);
1131 wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP);
1135 wm = server_state.gid_low;
1138 if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) {
1139 DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n"));
1140 tdb_close(idmap_tdb);
1145 /* the old format stored as DOMAIN/rid - now we store the SID direct */
1146 tdb_traverse(idmap_tdb, convert_fn, &failed);
1149 DEBUG(0, ("Problem during conversion\n"));
1150 tdb_close(idmap_tdb);
1154 if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == -1) {
1155 DEBUG(0, ("idmap_convert: Unable to dtore idmap version in databse\n"));
1156 tdb_close(idmap_tdb);
1160 tdb_close(idmap_tdb);
1164 /*****************************************************************************
1165 Convert the idmap database from an older version if necessary
1166 *****************************************************************************/
1168 BOOL winbindd_upgrade_idmap(void)
1171 pstring backup_name;
1172 SMB_STRUCT_STAT stbuf;
1173 TDB_CONTEXT *idmap_tdb;
1175 pstrcpy(idmap_name, lock_path("winbindd_idmap.tdb"));
1177 if (!file_exist(idmap_name, &stbuf)) {
1178 /* nothing to convert return */
1182 if (!(idmap_tdb = tdb_open_log(idmap_name, 0,
1183 TDB_DEFAULT, O_RDWR,
1185 DEBUG(0, ("idmap_convert: Unable to open idmap database\n"));
1189 if (tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION") == IDMAP_VERSION) {
1190 /* nothing to convert return */
1191 tdb_close(idmap_tdb);
1195 /* backup_tdb expects the tdb not to be open */
1196 tdb_close(idmap_tdb);
1198 DEBUG(0, ("Upgrading winbindd_idmap.tdb from an old version\n"));
1200 pstrcpy(backup_name, idmap_name);
1201 pstrcat(backup_name, ".bak");
1203 if (backup_tdb(idmap_name, backup_name) != 0) {
1204 DEBUG(0, ("Could not backup idmap database\n"));
1208 return idmap_convert(idmap_name);