summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2000-06-14 10:02:48 +0000
committerTim Potter <tpot@samba.org>2000-06-14 10:02:48 +0000
commit7b89d2b93fdcc96e99036e539cac161c6d3c6bb5 (patch)
treee7db68c5d02ccaadee1e24e40d6225e96ce10e01
parente868d0b37263bd946ea589416f672cb1fcd58ec5 (diff)
downloadsamba-7b89d2b93fdcc96e99036e539cac161c6d3c6bb5.tar.gz
samba-7b89d2b93fdcc96e99036e539cac161c6d3c6bb5.tar.bz2
samba-7b89d2b93fdcc96e99036e539cac161c6d3c6bb5.zip
Changed server side lsa_lookup_sids function to look up SIDs that we are
not authoritative for using winbindd. (This used to be commit a39cdffb141a8e4188b00dfb6eb3317f134cddda)
-rw-r--r--source3/rpc_server/srv_lsa.c102
1 files changed, 74 insertions, 28 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 71162ac782..047c02eb3e 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -279,6 +279,68 @@ static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
r_l->status = 0x0;
}
+/* Call winbindd to convert sid to name */
+
+static BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name,
+ uint8 *name_type)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ enum winbindd_result result;
+ DOM_SID tmp_sid;
+ uint32 rid;
+ fstring sid_str;
+
+ if (!name_type) return False;
+
+ /* Check if this is our own sid. This should perhaps be done by
+ winbind? For the moment handle it here. */
+
+ sid_to_string(sid_str, sid);
+ DEBUG(0, ("*** looking up sid %s\n", sid_str));
+
+ if (sid->num_auths == 5) {
+ sid_copy(&tmp_sid, sid);
+ sid_split_rid(&tmp_sid, &rid);
+
+ if (sid_equal(&global_sam_sid, &tmp_sid)) {
+
+ sid_to_string(sid_str, &tmp_sid);
+ DEBUG(0, ("*** split up sid %s with rid %d\n", sid_str,
+ rid));
+
+ sid_to_string(sid_str, &global_sam_sid);
+ DEBUG(0, ("*** my sid is %s\n", sid_str));
+
+ return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+ lookup_local_rid(rid, name, name_type);
+ }
+ }
+
+ DEBUG(0, ("*** calling winbindd\n"));
+
+ /* Initialise request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ sid_to_string(sid_str, sid);
+ fstrcpy(request.data.sid, sid_str);
+
+ /* Make request */
+
+ result = generic_request(WINBINDD_LOOKUPSID, &request, &response);
+
+ /* Copy out result */
+
+ if (result == WINBINDD_OK) {
+ parse_domain_user(response.data.name.name, dom_name, name);
+ *name_type = response.data.name.type;
+ }
+
+ return (result == WINBINDD_OK);
+}
+
/***************************************************************************
Init lsa_trans_names.
***************************************************************************/
@@ -286,7 +348,6 @@ static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], uint32 *mapped_count)
{
- extern DOM_SID global_sid_S_1_5_0x20; /* BUILTIN sid. */
int i;
int total = 0;
*mapped_count = 0;
@@ -298,44 +359,29 @@ static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
DOM_SID find_sid = sid[i].sid;
uint32 rid = 0xffffffff;
int dom_idx = -1;
- fstring name;
- fstring dom_name;
+ fstring name, dom_name;
uint8 sid_name_use = 0;
+ /* Lookup sid from winbindd */
+
memset(dom_name, '\0', sizeof(dom_name));
memset(name, '\0', sizeof(name));
- /*
- * First, check to see if the SID is one of the well
- * known ones (this includes our own domain SID).
- * Next, check if the domain prefix is one of the
- * well known ones. If so and the domain prefix was
- * either BUILTIN or our own global sid, then lookup
- * the RID as a user or group id and translate to
- * a name.
- */
+ status = winbind_lookup_sid(&find_sid, dom_name, name,
+ &sid_name_use);
- if (map_domain_sid_to_name(&find_sid, dom_name)) {
- sid_name_use = SID_NAME_DOMAIN;
- } else if (sid_split_rid(&find_sid, &rid) && map_domain_sid_to_name(&find_sid, dom_name)) {
- if (sid_equal(&find_sid, &global_sam_sid) ||
- sid_equal(&find_sid, &global_sid_S_1_5_0x20)) {
- status = lookup_local_rid(rid, name, &sid_name_use);
- } else {
- status = lookup_known_rid(&find_sid, rid, name, &sid_name_use);
- }
+ if (!status) {
+ sid_name_use = SID_NAME_UNKNOWN;
}
- DEBUG(10,("init_lsa_trans_names: adding domain '%s' sid %s to referenced list.\n",
- dom_name, name ));
-
- dom_idx = init_dom_ref(ref, dom_name, &find_sid);
+ /* Store domain sid in ref array */
- if(!status) {
- slprintf(name, sizeof(name)-1, "unix.%08x", rid);
- sid_name_use = SID_NAME_UNKNOWN;
+ if (find_sid.num_auths == 5) {
+ sid_split_rid(&find_sid, &rid);
}
+ dom_idx = init_dom_ref(ref, dom_name, &find_sid);
+
DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to referenced list.\n", dom_name, name ));
(*mapped_count)++;