summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2004-09-15 08:55:01 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:52:40 -0500
commit7f53bb13da939016ced8555922bb79a3f4cb267e (patch)
treeeba87db5aafb703ac632497e01519aeb96ded8e0 /source3/nsswitch
parent3a6c8a8ae7cd97a9f9e33f193033f1ab96ea2784 (diff)
downloadsamba-7f53bb13da939016ced8555922bb79a3f4cb267e.tar.gz
samba-7f53bb13da939016ced8555922bb79a3f4cb267e.tar.bz2
samba-7f53bb13da939016ced8555922bb79a3f4cb267e.zip
r2340: Solve the problem of user sids ending up with gid's and vice versa: This
belongs into winbind itself, not into wbinfo. Volker (This used to be commit 75e5c13d5d4c1da9bbb60f4e93183995c05a89ac)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/wbinfo.c41
-rw-r--r--source3/nsswitch/winbindd_sid.c78
2 files changed, 59 insertions, 60 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 0028982d20..b6a09bf2a1 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -398,27 +398,6 @@ static BOOL wbinfo_sid_to_uid(char *sid)
ZERO_STRUCT(request);
ZERO_STRUCT(response);
- /* First see whether the SID is actually a user -- otherwise
- * winbind might end up a uid number for a group SID and this
- * is asking for trouble later. */
-
- fstrcpy(request.data.sid, sid);
-
- if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
- NSS_STATUS_SUCCESS) {
- d_printf("Could not lookup sid %s\n", sid);
- return False;
- }
-
- if (response.data.name.type != SID_NAME_USER) {
- d_printf("SID is of type %s\n",
- sid_type_lookup(response.data.name.type));
- return False;
- }
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
/* Send request */
fstrcpy(request.data.sid, sid);
@@ -442,26 +421,6 @@ static BOOL wbinfo_sid_to_gid(char *sid)
ZERO_STRUCT(request);
ZERO_STRUCT(response);
- /* First see whether the SID is actually a group -- otherwise
- * winbind might end up a gid number for a user SID and this
- * is asking for trouble later. */
-
- fstrcpy(request.data.sid, sid);
-
- if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
- NSS_STATUS_SUCCESS) {
- d_printf("Could not lookup sid %s\n", sid);
- return False;
- }
-
- if ((response.data.name.type != SID_NAME_DOM_GRP) &&
- (response.data.name.type != SID_NAME_ALIAS) &&
- (response.data.name.type != SID_NAME_WKN_GRP)) {
- d_printf("SID is of type %s\n",
- sid_type_lookup(response.data.name.type));
- return False;
- }
-
/* Send request */
fstrcpy(request.data.sid, sid);
diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c
index 61da9b3d92..c6e503bef3 100644
--- a/source3/nsswitch/winbindd_sid.c
+++ b/source3/nsswitch/winbindd_sid.c
@@ -119,7 +119,7 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state)
enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
{
DOM_SID sid;
- uint32 flags = 0x0;
+ NTSTATUS result;
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@@ -166,8 +166,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
/* But first check and see if we don't already have a mapping */
- flags = ID_QUERY_ONLY;
- if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) )
+ if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), ID_QUERY_ONLY)) )
return WINBINDD_OK;
/* now fall back to the hard way */
@@ -191,17 +190,37 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
}
- if ( state->request.flags & WBFLAG_QUERY_ONLY )
- flags = ID_QUERY_ONLY;
-
/* Find uid for this sid and return it */
-
- if ( !NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) ) {
- DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
+
+ result = idmap_sid_to_uid(&sid, &(state->response.data.uid),
+ ID_QUERY_ONLY);
+
+ if (NT_STATUS_IS_OK(result))
+ return WINBINDD_OK;
+
+ if (state->request.flags & WBFLAG_QUERY_ONLY)
return WINBINDD_ERROR;
+
+ /* The query-only did not work, allocate a new uid *if* it's a user */
+
+ {
+ fstring dom_name, name;
+ enum SID_NAME_USE type;
+
+ if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type))
+ return WINBINDD_ERROR;
+
+ if ((type != SID_NAME_USER) && (type != SID_NAME_COMPUTER))
+ return WINBINDD_ERROR;
}
+
+ result = idmap_sid_to_uid(&sid, &(state->response.data.uid), 0);
- return WINBINDD_OK;
+ if (NT_STATUS_IS_OK(result))
+ return WINBINDD_OK;
+
+ DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
+ return WINBINDD_ERROR;
}
/* Convert a sid to a gid. We assume we only have one rid attached to the
@@ -210,7 +229,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
{
DOM_SID sid;
- uint32 flags = 0x0;
+ NTSTATUS result;
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@@ -256,8 +275,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
/* But first check and see if we don't already have a mapping */
- flags = ID_QUERY_ONLY;
- if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) )
+ if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), ID_QUERY_ONLY)) )
return WINBINDD_OK;
/* now fall back to the hard way */
@@ -281,16 +299,38 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
}
- if ( state->request.flags & WBFLAG_QUERY_ONLY )
- flags = ID_QUERY_ONLY;
-
/* Find gid for this sid and return it */
- if ( !NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) ) {
- DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
+
+ result = idmap_sid_to_gid(&sid, &(state->response.data.gid),
+ ID_QUERY_ONLY);
+
+ if (NT_STATUS_IS_OK(result))
+ return WINBINDD_OK;
+
+ if (state->request.flags & WBFLAG_QUERY_ONLY)
return WINBINDD_ERROR;
+
+ /* The query-only did not work, allocate a new gid *if* it's a group */
+
+ {
+ fstring dom_name, name;
+ enum SID_NAME_USE type;
+
+ if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type))
+ return WINBINDD_ERROR;
+
+ if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
+ (type != SID_NAME_WKN_GRP))
+ return WINBINDD_ERROR;
}
+
+ result = idmap_sid_to_gid(&sid, &(state->response.data.gid), 0);
- return WINBINDD_OK;
+ if (NT_STATUS_IS_OK(result))
+ return WINBINDD_OK;
+
+ DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
+ return WINBINDD_ERROR;
}
/* Convert a uid to a sid */