diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-01-20 01:24:59 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-01-20 01:24:59 +0000 |
| commit | 93a8358910d2b8788ffea33c04244ffd5ffecabf (patch) | |
| tree | b087c75b8cdf4818a8355e678b1e212cc3f9052d /source3/nsswitch/winbindd_rpc.c | |
| parent | a6541401b03e0a97dc7e265b223289cad7160b75 (diff) | |
| download | samba-93a8358910d2b8788ffea33c04244ffd5ffecabf.tar.gz samba-93a8358910d2b8788ffea33c04244ffd5ffecabf.tar.bz2 samba-93a8358910d2b8788ffea33c04244ffd5ffecabf.zip | |
This patch makes the 'winbind use default domain' code interact better with
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
Diffstat (limited to 'source3/nsswitch/winbindd_rpc.c')
| -rw-r--r-- | source3/nsswitch/winbindd_rpc.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index badbd459a7..7d9a26f906 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -177,6 +177,7 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, DOM_SID *sids = NULL; uint32 *types = NULL; int num_sids; + const char *domain_name = domain->name; if (!(mem_ctx = talloc_init_named("name_to_sid[rpc]"))) return NT_STATUS_NO_MEMORY; @@ -184,7 +185,8 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, if (!(hnd = cm_get_lsa_handle(domain->name))) return NT_STATUS_UNSUCCESSFUL; - status = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1, &name, + status = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1, + &domain_name, &name, &sids, &types, &num_sids); /* Return rid and type if lookup successful */ @@ -207,6 +209,7 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, enum SID_NAME_USE *type) { CLI_POLICY_HND *hnd; + char **domains; char **names; uint32 *types; int num_names; @@ -216,15 +219,20 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, return NT_STATUS_UNSUCCESSFUL; status = cli_lsa_lookup_sids(hnd->cli, mem_ctx, &hnd->pol, - 1, sid, &names, &types, + 1, sid, &domains, &names, &types, &num_names); if (NT_STATUS_IS_OK(status)) { *type = types[0]; *name = names[0]; - DEBUG(5,("Mapped sid to %s\n", *name)); - } + DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name)); + /* Parinoia */ + if (strcasecmp(domain->name, domains[0]) != 0) { + DEBUG(1, ("domain name from domain param and PDC lookup return differ! (%s vs %s)\n", domain->name, domains[0])); + return NT_STATUS_UNSUCCESSFUL; + } + } return status; } |