Fix to allow smbd to call winbindd if it is running for all group enumeration,

falling back to the UNIX calls on error. This should fix all problems with
smbd enumerating all users in all groups in all trusted domains via winbindd.
Also changed GETDC to query 1C name rather than 1b name as only the PDC
registers 1b.
Jeremy.
(This used to be commit 5b0038a2afd8abbd6fd4a58f5477a40d1926d498)

1 files changed, 51 insertions, 196 deletions

diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c
index 436bbc7bcc..d2762674aa 100644
--- a/source3/nsswitch/wb_client.c
+++ b/source3/nsswitch/wb_client.c
@@ -58,27 +58,8 @@ BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_N
 	struct winbindd_request request;
 	struct winbindd_response response;
 	enum nss_status result;
-	DOM_SID tmp_sid;
-	uint32 rid;
 	fstring sid_str;
 	
-	if (!name_type)
-		return False;
-
-	/* Check if this is our own sid.  This should perhaps be done by
-	   winbind?  For the moment handle it here. */
-
-	if (sid->num_auths == 5) {
-		sid_copy(&tmp_sid, sid);
-		sid_split_rid(&tmp_sid, &rid);
-
-		if (sid_equal(&global_sam_sid, &tmp_sid)) {
-
-		return map_domain_sid_to_name(&tmp_sid, dom_name) &&
-			local_lookup_rid(rid, name, name_type);
-		}
-	}
-
 	/* Initialise request */
 
 	ZERO_STRUCT(request);
@@ -103,7 +84,7 @@ BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_N
 
 /* Call winbindd to convert SID to uid */
 
-static BOOL winbind_sid_to_uid(uid_t *puid, DOM_SID *sid)
+BOOL winbind_sid_to_uid(uid_t *puid, DOM_SID *sid)
 {
 	struct winbindd_request request;
 	struct winbindd_response response;
@@ -136,7 +117,7 @@ static BOOL winbind_sid_to_uid(uid_t *puid, DOM_SID *sid)
 
 /* Call winbindd to convert uid to sid */
 
-static BOOL winbind_uid_to_sid(DOM_SID *sid, uid_t uid)
+BOOL winbind_uid_to_sid(DOM_SID *sid, uid_t uid)
 {
 	struct winbindd_request request;
 	struct winbindd_response response;
@@ -169,7 +150,7 @@ static BOOL winbind_uid_to_sid(DOM_SID *sid, uid_t uid)
 
 /* Call winbindd to convert SID to gid */
 
-static BOOL winbind_sid_to_gid(gid_t *pgid, DOM_SID *sid)
+BOOL winbind_sid_to_gid(gid_t *pgid, DOM_SID *sid)
 {
 	struct winbindd_request request;
 	struct winbindd_response response;
@@ -202,7 +183,7 @@ static BOOL winbind_sid_to_gid(gid_t *pgid, DOM_SID *sid)
 
 /* Call winbindd to convert gid to sid */
 
-static BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
+BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
 {
 	struct winbindd_request request;
 	struct winbindd_response response;
@@ -361,208 +342,82 @@ int winbind_getgroups(char *user, int size, gid_t *list)
 	return result;
 }
 
-/*****************************************************************
- *THE CANONICAL* convert name to SID function.
- Tries winbind first - then uses local lookup.
-*****************************************************************/  
+/**********************************************************************************
+ Utility function. Convert a uid_t to a name if possible.
+**********************************************************************************/
 
-BOOL lookup_name(char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
+BOOL winbind_uidtoname(fstring name, uid_t uid)
 {
-	extern pstring global_myname;
-	fstring sid;
-
-	if (!winbind_lookup_name(name, psid, name_type)) {
-		BOOL ret;
-
-		DEBUG(10,("lookup_name: winbind lookup for %s failed - trying local\n", name ));
-
-		ret = local_lookup_name(global_myname, name, psid, name_type);
-		if (ret)
-			DEBUG(10,("lookup_name : (local) %s -> SID %s (type %u)\n",
-				name, sid_to_string(sid,psid),
-				(unsigned int)*name_type ));
-		else
-			DEBUG(10,("lookup name : (local) %s failed.\n",
-					name ));
-		return ret;
-	}
-
-	DEBUG(10,("lookup_name (winbindd): %s -> SID %s (type %u)\n",
-		name, sid_to_string(sid,psid), (unsigned int)*name_type ));
-	return True;
-}
-
-/*****************************************************************
- *THE CANONICAL* convert SID to name function.
- Tries winbind first - then uses local lookup.
-*****************************************************************/  
+	DOM_SID sid;
+	fstring dom_name;
+	enum SID_NAME_USE name_type;
 
-BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
-{
-	if (!winbind_lookup_sid(sid, dom_name, name, name_type)) {
-		fstring sid_str;
-		DOM_SID tmp_sid;
-		uint32 rid;
+	if (!winbind_uid_to_sid(&sid, uid))
+		return False;
+	if (!winbind_lookup_sid(&sid, dom_name, name, &name_type))
+		return False;
 
-		DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str, sid) ));
+	if (name_type != SID_NAME_USER)
+		return False;
 
-		sid_copy(&tmp_sid, sid);
-		sid_split_rid(&tmp_sid, &rid);
-		return map_domain_sid_to_name(&tmp_sid, dom_name) &&
-				lookup_known_rid(&tmp_sid, rid, name, name_type);
-	}
 	return True;
 }
 
-/*****************************************************************
- *THE CANONICAL* convert uid_t to SID function.
- Tries winbind first - then uses local lookup.
- Returns SID pointer.
-*****************************************************************/  
+/**********************************************************************************
+ Utility function. Convert a gid_t to a name if possible.
+**********************************************************************************/
 
-DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
+BOOL winbind_gidtoname(fstring name, gid_t gid)
 {
-	fstring sid;
-
-	if (!winbind_uid_to_sid(psid, uid)) {
-		DEBUG(10,("uid_to_sid: winbind lookup for uid %u failed - trying local.\n", (unsigned int)uid ));
-
-		return local_uid_to_sid(psid, uid);
-	}
-
-	DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
-		(unsigned int)uid, sid_to_string(sid, psid) ));
-
-	return psid;
-}
-
-/*****************************************************************
- *THE CANONICAL* convert gid_t to SID function.
- Tries winbind first - then uses local lookup.
- Returns SID pointer.
-*****************************************************************/  
-
-DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
-{
-	fstring sid;
-
-	if (!winbind_gid_to_sid(psid, gid)) {
-		DEBUG(10,("gid_to_sid: winbind lookup for gid %u failed - trying local.\n", (unsigned int)gid ));
-
-		return local_gid_to_sid(psid, gid);
-	}
-
-	DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
-		(unsigned int)gid, sid_to_string(sid,psid) ));
-
-	return psid;
-}
-
-/*****************************************************************
- *THE CANONICAL* convert SID to uid function.
- Tries winbind first - then uses local lookup.
- Returns True if this name is a user sid and the conversion
- was done correctly, False if not.
-*****************************************************************/  
-
-BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
-{
-	fstring dom_name, name, sid_str;
+	DOM_SID sid;
+	fstring dom_name;
 	enum SID_NAME_USE name_type;
 
-	*sidtype = SID_NAME_UNKNOWN;
-
-	/*
-	 * First we must look up the name and decide if this is a user sid.
-	 */
-
-	if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
-		DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
-				sid_to_string(sid_str, psid) ));
-
-		return local_sid_to_uid(puid, psid, sidtype);
-	}
-
-	/*
-	 * Ensure this is a user sid.
-	 */
-
-	if (name_type != SID_NAME_USER) {
-		DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
-				(unsigned int)name_type ));
+	if (!winbind_gid_to_sid(&sid, gid))
 		return False;
-	}
-
-	*sidtype = SID_NAME_USER;
-
-	/*
-	 * Get the uid for this SID.
-	 */
-
-	if (!winbind_sid_to_uid(puid, psid)) {
-		DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
-				sid_to_string(sid_str, psid) ));
+	if (!winbind_lookup_sid(&sid, dom_name, name, &name_type))
 		return False;
-	}
 
-	DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
-		sid_to_string(sid_str, psid),
-		(unsigned int)*puid ));
+	if (name_type != SID_NAME_USER)
+		return False;
 
 	return True;
 }
 
-/*****************************************************************
- *THE CANONICAL* convert SID to gid function.
- Tries winbind first - then uses local lookup.
- Returns True if this name is a user sid and the conversion
- was done correctly, False if not.
-*****************************************************************/  
+/**********************************************************************************
+ Utility function. Convert a name to a uid_t if possible.
+**********************************************************************************/
 
-BOOL sid_to_gid(DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
+BOOL winbind_nametouid(uid_t *puid, char *name)
 {
-	fstring dom_name, name, sid_str;
+	DOM_SID sid;
 	enum SID_NAME_USE name_type;
 
-	*sidtype = SID_NAME_UNKNOWN;
-
-	/*
-	 * First we must look up the name and decide if this is a group sid.
-	 */
+	if (!winbind_lookup_name(name, &sid, &name_type)) {
+        return False;
+    }
 
-	if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
-		DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed - trying local.\n",
-				sid_to_string(sid_str, psid) ));
-
-		return local_sid_to_gid(pgid, psid, sidtype);
-	}
-
-	/*
-	 * Ensure this is a group sid.
-	 */
+	if (name_type != SID_NAME_USER)
+		return False;
 
-	if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
-		DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a know group (%u)\n",
-				(unsigned int)name_type ));
+	return winbind_sid_to_uid(puid, &sid);
+}
 
-		return local_sid_to_gid(pgid, psid, sidtype);
-	}
+/**********************************************************************************
+ Utility function. Convert a name to a gid_t if possible.
+**********************************************************************************/
 
-	*sidtype = name_type;
+BOOL winbind_nametogid(gid_t *pgid, char *gname)
+{
+	DOM_SID g_sid;
+	enum SID_NAME_USE name_type;
 
-	/*
-	 * Get the gid for this SID.
-	 */
+	if (!winbind_lookup_name(gname, &g_sid, &name_type)) {
+        return False;
+    }
 
-	if (!winbind_sid_to_gid(pgid, psid)) {
-		DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
-				sid_to_string(sid_str, psid) ));
+	if (name_type != SID_NAME_DOM_GRP)
 		return False;
-	}
-
-	DEBUG(10,("gid_to_uid: winbindd %s -> %u\n",
-		sid_to_string(sid_str, psid),
-		(unsigned int)*pgid ));
 
-	return True;
+	return winbind_sid_to_gid(pgid, &g_sid);
 }