static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom)
{
NTSTATUS ret;
struct idmap_ldap_context *ctx = NULL;
char *config_option = NULL;
const char *tmp = NULL;
/* Only do init if we are online */
if (idmap_is_offline()) {
return NT_STATUS_FILE_IS_OFFLINE;
}
ctx = talloc_zero(dom, struct idmap_ldap_context);
if ( ! ctx) {
DEBUG(0, ("Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
if (!config_option) {
DEBUG(0, ("Out of memory!\n"));
ret = NT_STATUS_NO_MEMORY;
goto done;
}
tmp = lp_parm_const_string(-1, config_option, "ldap_url", NULL);
if ( ! tmp) {
DEBUG(1, ("ERROR: missing idmap ldap url\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
ctx->url = talloc_strdup(ctx, tmp);
trim_char(ctx->url, '\"', '\"');
tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL);
if ( ! tmp || ! *tmp) {
tmp = lp_ldap_idmap_suffix(talloc_tos());
if ( ! tmp) {
DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
}
ctx->suffix = talloc_strdup(ctx, tmp);
CHECK_ALLOC_DONE(ctx->suffix);
ctx->rw_ops = talloc_zero(ctx, struct idmap_rw_ops);
CHECK_ALLOC_DONE(ctx->rw_ops);
ctx->rw_ops->get_new_id = idmap_ldap_allocate_id_internal;
ctx->rw_ops->set_mapping = idmap_ldap_set_mapping;
/* get_credentials deals with setting up creds */
ret = smbldap_init(ctx, winbind_event_context(), ctx->url,
false, NULL, NULL, &ctx->smbldap_state);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n", ctx->url));
goto done;
}
ret = get_credentials( ctx, ctx->smbldap_state, config_option,
dom, &ctx->user_dn );
if ( !NT_STATUS_IS_OK(ret) ) {
DEBUG(1,("idmap_ldap_db_init: Failed to get connection "
"credentials (%s)\n", nt_errstr(ret)));
goto done;
}
/*
* Set the destructor on the context, so that resources are
* properly freed when the context is released.
*/
talloc_set_destructor(ctx, idmap_ldap_close_destructor);
dom->private_data = ctx;
ret = verify_idpool(dom);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("idmap_ldap_db_init: failed to verify ID pool (%s)\n",
nt_errstr(ret)));
goto done;
}
talloc_free(config_option);
return NT_STATUS_OK;
/*failed */
done:
talloc_free(ctx);
return ret;
}
static NTSTATUS idmap_ldap_alloc_init(const char *params)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
const char *range;
const char *tmp;
uid_t low_uid = 0;
uid_t high_uid = 0;
gid_t low_gid = 0;
gid_t high_gid = 0;
/* Only do init if we are online */
if (idmap_is_offline()) {
return NT_STATUS_FILE_IS_OFFLINE;
}
idmap_alloc_ldap = TALLOC_ZERO_P(NULL, struct idmap_ldap_alloc_context);
CHECK_ALLOC_DONE( idmap_alloc_ldap );
/* load ranges */
idmap_alloc_ldap->low_uid = 0;
idmap_alloc_ldap->high_uid = 0;
idmap_alloc_ldap->low_gid = 0;
idmap_alloc_ldap->high_gid = 0;
range = lp_parm_const_string(-1, "idmap alloc config", "range", NULL);
if (range && range[0]) {
unsigned low_id, high_id;
if (sscanf(range, "%u - %u", &low_id, &high_id) == 2) {
if (low_id < high_id) {
idmap_alloc_ldap->low_gid = low_id;
idmap_alloc_ldap->low_uid = low_id;
idmap_alloc_ldap->high_gid = high_id;
idmap_alloc_ldap->high_uid = high_id;
} else {
DEBUG(1, ("ERROR: invalid idmap alloc range "
"[%s]", range));
}
} else {
DEBUG(1, ("ERROR: invalid syntax for idmap alloc "
"config:range [%s]", range));
}
}
if (lp_idmap_uid(&low_uid, &high_uid)) {
idmap_alloc_ldap->low_uid = low_uid;
idmap_alloc_ldap->high_uid = high_uid;
}
if (lp_idmap_gid(&low_gid, &high_gid)) {
idmap_alloc_ldap->low_gid = low_gid;
idmap_alloc_ldap->high_gid= high_gid;
}
if (idmap_alloc_ldap->high_uid <= idmap_alloc_ldap->low_uid) {
DEBUG(1, ("idmap uid range missing or invalid\n"));
DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
if (idmap_alloc_ldap->high_gid <= idmap_alloc_ldap->low_gid) {
DEBUG(1, ("idmap gid range missing or invalid\n"));
DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
if (params && *params) {
/* assume location is the only parameter */
idmap_alloc_ldap->url = talloc_strdup(idmap_alloc_ldap, params);
} else {
tmp = lp_parm_const_string(-1, "idmap alloc config",
"ldap_url", NULL);
if ( ! tmp) {
DEBUG(1, ("ERROR: missing idmap ldap url\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
idmap_alloc_ldap->url = talloc_strdup(idmap_alloc_ldap, tmp);
}
CHECK_ALLOC_DONE( idmap_alloc_ldap->url );
tmp = lp_parm_const_string(-1, "idmap alloc config",
"ldap_base_dn", NULL);
if ( ! tmp || ! *tmp) {
tmp = lp_ldap_idmap_suffix();
if ( ! tmp) {
DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
}
idmap_alloc_ldap->suffix = talloc_strdup(idmap_alloc_ldap, tmp);
CHECK_ALLOC_DONE( idmap_alloc_ldap->suffix );
ret = smbldap_init(idmap_alloc_ldap, winbind_event_context(),
idmap_alloc_ldap->url,
&idmap_alloc_ldap->smbldap_state);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n",
idmap_alloc_ldap->url));
goto done;
}
ret = get_credentials( idmap_alloc_ldap,
idmap_alloc_ldap->smbldap_state,
"idmap alloc config", NULL,
&idmap_alloc_ldap->user_dn );
if ( !NT_STATUS_IS_OK(ret) ) {
DEBUG(1,("idmap_ldap_alloc_init: Failed to get connection "
"credentials (%s)\n", nt_errstr(ret)));
goto done;
}
/* see if the idmap suffix and sub entries exists */
ret = verify_idpool();
done:
if ( !NT_STATUS_IS_OK( ret ) )
TALLOC_FREE( idmap_alloc_ldap );
return ret;
}
