diff options
author | Volker Lendecke <vlendec@samba.org> | 2004-09-15 08:55:01 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:52:40 -0500 |
commit | 7f53bb13da939016ced8555922bb79a3f4cb267e (patch) | |
tree | eba87db5aafb703ac632497e01519aeb96ded8e0 /source3/nsswitch | |
parent | 3a6c8a8ae7cd97a9f9e33f193033f1ab96ea2784 (diff) | |
download | samba-7f53bb13da939016ced8555922bb79a3f4cb267e.tar.gz samba-7f53bb13da939016ced8555922bb79a3f4cb267e.tar.bz2 samba-7f53bb13da939016ced8555922bb79a3f4cb267e.zip |
r2340: Solve the problem of user sids ending up with gid's and vice versa: This
belongs into winbind itself, not into wbinfo.
Volker
(This used to be commit 75e5c13d5d4c1da9bbb60f4e93183995c05a89ac)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/wbinfo.c | 41 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_sid.c | 78 |
2 files changed, 59 insertions, 60 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 0028982d20..b6a09bf2a1 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -398,27 +398,6 @@ static BOOL wbinfo_sid_to_uid(char *sid) ZERO_STRUCT(request); ZERO_STRUCT(response); - /* First see whether the SID is actually a user -- otherwise - * winbind might end up a uid number for a group SID and this - * is asking for trouble later. */ - - fstrcpy(request.data.sid, sid); - - if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) != - NSS_STATUS_SUCCESS) { - d_printf("Could not lookup sid %s\n", sid); - return False; - } - - if (response.data.name.type != SID_NAME_USER) { - d_printf("SID is of type %s\n", - sid_type_lookup(response.data.name.type)); - return False; - } - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - /* Send request */ fstrcpy(request.data.sid, sid); @@ -442,26 +421,6 @@ static BOOL wbinfo_sid_to_gid(char *sid) ZERO_STRUCT(request); ZERO_STRUCT(response); - /* First see whether the SID is actually a group -- otherwise - * winbind might end up a gid number for a user SID and this - * is asking for trouble later. */ - - fstrcpy(request.data.sid, sid); - - if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) != - NSS_STATUS_SUCCESS) { - d_printf("Could not lookup sid %s\n", sid); - return False; - } - - if ((response.data.name.type != SID_NAME_DOM_GRP) && - (response.data.name.type != SID_NAME_ALIAS) && - (response.data.name.type != SID_NAME_WKN_GRP)) { - d_printf("SID is of type %s\n", - sid_type_lookup(response.data.name.type)); - return False; - } - /* Send request */ fstrcpy(request.data.sid, sid); diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index 61da9b3d92..c6e503bef3 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -119,7 +119,7 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) { DOM_SID sid; - uint32 flags = 0x0; + NTSTATUS result; /* Ensure null termination */ state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; @@ -166,8 +166,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) /* But first check and see if we don't already have a mapping */ - flags = ID_QUERY_ONLY; - if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) ) + if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), ID_QUERY_ONLY)) ) return WINBINDD_OK; /* now fall back to the hard way */ @@ -191,17 +190,37 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) } - if ( state->request.flags & WBFLAG_QUERY_ONLY ) - flags = ID_QUERY_ONLY; - /* Find uid for this sid and return it */ - - if ( !NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) ) { - DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid)); + + result = idmap_sid_to_uid(&sid, &(state->response.data.uid), + ID_QUERY_ONLY); + + if (NT_STATUS_IS_OK(result)) + return WINBINDD_OK; + + if (state->request.flags & WBFLAG_QUERY_ONLY) return WINBINDD_ERROR; + + /* The query-only did not work, allocate a new uid *if* it's a user */ + + { + fstring dom_name, name; + enum SID_NAME_USE type; + + if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) + return WINBINDD_ERROR; + + if ((type != SID_NAME_USER) && (type != SID_NAME_COMPUTER)) + return WINBINDD_ERROR; } + + result = idmap_sid_to_uid(&sid, &(state->response.data.uid), 0); - return WINBINDD_OK; + if (NT_STATUS_IS_OK(result)) + return WINBINDD_OK; + + DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid)); + return WINBINDD_ERROR; } /* Convert a sid to a gid. We assume we only have one rid attached to the @@ -210,7 +229,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) { DOM_SID sid; - uint32 flags = 0x0; + NTSTATUS result; /* Ensure null termination */ state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; @@ -256,8 +275,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) /* But first check and see if we don't already have a mapping */ - flags = ID_QUERY_ONLY; - if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) ) + if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), ID_QUERY_ONLY)) ) return WINBINDD_OK; /* now fall back to the hard way */ @@ -281,16 +299,38 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) } - if ( state->request.flags & WBFLAG_QUERY_ONLY ) - flags = ID_QUERY_ONLY; - /* Find gid for this sid and return it */ - if ( !NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) ) { - DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid)); + + result = idmap_sid_to_gid(&sid, &(state->response.data.gid), + ID_QUERY_ONLY); + + if (NT_STATUS_IS_OK(result)) + return WINBINDD_OK; + + if (state->request.flags & WBFLAG_QUERY_ONLY) return WINBINDD_ERROR; + + /* The query-only did not work, allocate a new gid *if* it's a group */ + + { + fstring dom_name, name; + enum SID_NAME_USE type; + + if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) + return WINBINDD_ERROR; + + if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) && + (type != SID_NAME_WKN_GRP)) + return WINBINDD_ERROR; } + + result = idmap_sid_to_gid(&sid, &(state->response.data.gid), 0); - return WINBINDD_OK; + if (NT_STATUS_IS_OK(result)) + return WINBINDD_OK; + + DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid)); + return WINBINDD_ERROR; } /* Convert a uid to a sid */ |