summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-08-02 02:11:55 +0000
committerJeremy Allison <jra@samba.org>2000-08-02 02:11:55 +0000
commit17dcd9a834fc915fb1ff2d8042a23000eeb7acfa (patch)
tree18a9a8cfa2883baf163da29265fd08b8a3b81c9f /source3/nsswitch
parent7f36df301e28dc8ca0e5bfadc109d6e907d9ba2b (diff)
downloadsamba-17dcd9a834fc915fb1ff2d8042a23000eeb7acfa.tar.gz
samba-17dcd9a834fc915fb1ff2d8042a23000eeb7acfa.tar.bz2
samba-17dcd9a834fc915fb1ff2d8042a23000eeb7acfa.zip
Started to canonicalize our handling of uid -> sid code in order to
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/wb_client.c106
1 files changed, 83 insertions, 23 deletions
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c
index 78de466636..47f1520efa 100644
--- a/source3/nsswitch/wb_client.c
+++ b/source3/nsswitch/wb_client.c
@@ -29,7 +29,6 @@
BOOL winbind_lookup_name(char *name, DOM_SID *sid, uint8 *name_type)
{
- extern pstring global_myname;
struct winbindd_request request;
struct winbindd_response response;
enum nss_status result;
@@ -47,14 +46,6 @@ BOOL winbind_lookup_name(char *name, DOM_SID *sid, uint8 *name_type)
&response)) == NSS_STATUS_SUCCESS) {
string_to_sid(sid, response.data.sid.sid);
*name_type = response.data.sid.type;
- } else {
-
- /*
- * Try a local lookup - winbindd may not
- * be running.
- */
-
- return lookup_local_name(global_myname, name, sid, name_type);
}
return result == NSS_STATUS_SUCCESS;
@@ -85,7 +76,7 @@ BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name,
if (sid_equal(&global_sam_sid, &tmp_sid)) {
return map_domain_sid_to_name(&tmp_sid, dom_name) &&
- lookup_local_rid(rid, name, name_type);
+ local_lookup_rid(rid, name, name_type);
}
}
@@ -106,15 +97,6 @@ BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name,
if (result == NSS_STATUS_SUCCESS) {
parse_domain_user(response.data.name.name, dom_name, name);
*name_type = response.data.name.type;
- } else {
-
- DEBUG(10,("winbind_lookup_sid: winbind lookup for %s failed - trying builtin.\n",
- sid_str));
-
- sid_copy(&tmp_sid, sid);
- sid_split_rid(&tmp_sid, &rid);
- return map_domain_sid_to_name(&tmp_sid, dom_name) &&
- lookup_known_rid(&tmp_sid, rid, name, name_type);
}
return (result == NSS_STATUS_SUCCESS);
@@ -122,13 +104,14 @@ BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name,
/* Call winbindd to convert uid to sid */
-BOOL winbind_uid_to_sid(uid_t uid, DOM_SID *sid)
+BOOL winbind_uid_to_sid(DOM_SID *sid, uid_t uid)
{
struct winbindd_request request;
struct winbindd_response response;
int result;
- if (!sid) return False;
+ if (!sid)
+ return False;
/* Initialise request */
@@ -154,13 +137,14 @@ BOOL winbind_uid_to_sid(uid_t uid, DOM_SID *sid)
/* Call winbindd to convert uid to sid */
-BOOL winbind_gid_to_sid(gid_t gid, DOM_SID *sid)
+BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
{
struct winbindd_request request;
struct winbindd_response response;
int result;
- if (!sid) return False;
+ if (!sid)
+ return False;
/* Initialise request */
@@ -183,3 +167,79 @@ BOOL winbind_gid_to_sid(gid_t gid, DOM_SID *sid)
return (result == NSS_STATUS_SUCCESS);
}
+
+
+
+/*****************************************************************
+ *THE CANNONICAL* convert name to SID function.
+ Tries winbind first - then uses local lookup.
+*****************************************************************/
+
+BOOL lookup_name(char *name, DOM_SID *psid, uint8 *name_type)
+{
+ extern pstring global_myname;
+
+ if (!winbind_lookup_name(name, psid, name_type)) {
+
+ DEBUG(10,("lookup_name: winbind lookup for %s failed - trying local\n", name ));
+
+ return local_lookup_name(global_myname, name, psid, name_type);
+ }
+ return True;
+}
+
+/*****************************************************************
+ *THE CANNONICAL* convert SID to name function.
+ Tries winbind first - then uses local lookup.
+*****************************************************************/
+
+BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, uint8 *name_type)
+{
+ if (!winbind_lookup_sid(sid, dom_name, name, name_type)) {
+ fstring sid_str;
+ DOM_SID tmp_sid;
+ uint32 rid;
+
+ DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str, sid) ));
+
+ sid_copy(&tmp_sid, sid);
+ sid_split_rid(&tmp_sid, &rid);
+ return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+ lookup_known_rid(&tmp_sid, rid, name, name_type);
+ }
+ return True;
+}
+
+/*****************************************************************
+ *THE CANNONICAL* convert uid_t to SID function.
+ Tries winbind first - then uses local lookup.
+ Returns SID pointer.
+*****************************************************************/
+
+DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
+{
+ if (!winbind_uid_to_sid(psid, uid)) {
+ DEBUG(10,("uid_to_sid: winbind lookup for uid %u failed - trying local.\n", (unsigned int)uid ));
+
+ return local_uid_to_sid(psid, uid);
+ }
+
+ return psid;
+}
+
+/*****************************************************************
+ *THE CANNONICAL* convert gid_t to SID function.
+ Tries winbind first - then uses local lookup.
+ Returns SID pointer.
+*****************************************************************/
+
+DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
+{
+ if (!winbind_gid_to_sid(psid, gid)) {
+ DEBUG(10,("gid_to_sid: winbind lookup for gid %u failed - trying local.\n", (unsigned int)gid ));
+
+ return local_gid_to_sid(psid, gid);
+ }
+
+ return psid;
+}