idmap.c for ldap caching and configuration

struct idmap_context contains configuration data (struct idmap_config), a cache for users, and a cache for groups. idmap_context is declared in idmap.c, and only available as an opaque pointer (nfs41_idmapper) elsewhere. similarly, Winldap.h is only included by idmap.c, and not needed elsewhere nfs41_idmap_create() allocates the idmap_context, loads the configuration from file, and calls ldap_init(). it does not call ldap_connect(); we'll still be able to start the daemon if ldap isn't configured, or the ldap server is down. calling ldap_connect() is optional, as any ldap operation that requires a connection will establish it internally. this behavior, along with the LDAP_OPT_AUTO_RECONNECT option (defaults to on), means that we shouldn't have to maintain a separate connection for each thread nfs41_idmap_*() functions return windows errors codes. LDAP_RETCODEs are mapped to windows errors with LdapMapErrorToWin32() the user and group caches share a common generic interface in struct idmap_cache, which uses a linked list for storage, and protects access with a SRWLOCK. expiration of cache entries can be adjusted by the config option 'cache_ttl' struct config_option g_options[] is a table of available config options and their default values. this patch adds a 'ms-nfs41-idmap.conf' file with all possible options set to default values, and commented out. the daemon expects to find this file under c:\etc\, and won't start if it can't be opened or parsed Signed-off-by: Casey Bodley <cbodley@citi.umich.edu>
2010-11-05 09:04:39 -04:00 · 2010-11-05 09:04:39 -04:00 · cd1251758d
commit cd1251758d
parent 8321939c90
6 changed files with 1160 additions and 5 deletions
--- a/daemon/idmap.h
+++ b/daemon/idmap.h
@ -0,0 +1,69 @@
+/* Copyright (c) 2010
+ * The Regents of the University of Michigan
+ * All Rights Reserved
+ *
+ * Permission is granted to use, copy and redistribute this software
+ * for noncommercial education and research purposes, so long as no
+ * fee is charged, and so long as the name of the University of Michigan
+ * is not used in any advertising or publicity pertaining to the use
+ * or distribution of this software without specific, written prior
+ * authorization.  Permission to modify or otherwise create derivative
+ * works of this software is not granted.
+ *
+ * This software is provided as is, without representation or warranty
+ * of any kind either express or implied, including without limitation
+ * the implied warranties of merchantability, fitness for a particular
+ * purpose, or noninfringement.  The Regents of the University of
+ * Michigan shall not be liable for any damages, including special,
+ * indirect, incidental, or consequential damages, with respect to any
+ * claim arising out of or in connection with the use of the software,
+ * even if it has been or is hereafter advised of the possibility of
+ * such damages.
+ */
+
+#ifndef IDMAP_H
+#define IDMAP_H
+
+#include "nfs41_types.h"
+
+
+/* idmap.c */
+typedef struct idmap_context nfs41_idmapper;
+
+int nfs41_idmap_create(
+    nfs41_idmapper **context_out);
+
+void nfs41_idmap_free(
+    nfs41_idmapper *context);
+
+
+int nfs41_idmap_name_to_ids(
+    nfs41_idmapper *context,
+    const char *username,
+    uid_t *uid_out,
+    gid_t *gid_out);
+
+int nfs41_idmap_uid_to_name(
+    nfs41_idmapper *context,
+    uid_t uid,
+    char *name_out,
+    size_t len);
+
+int nfs41_idmap_principal_to_ids(
+    nfs41_idmapper *context,
+    const char *principal,
+    uid_t *uid_out,
+    gid_t *gid_out);
+
+int nfs41_idmap_group_to_gid(
+    nfs41_idmapper *context,
+    const char *name,
+    gid_t *gid_out);
+
+int nfs41_idmap_gid_to_group(
+    nfs41_idmapper *context,
+    gid_t gid,
+    char *name_out,
+    size_t len);
+
+#endif /* !IDMAP_H */