Add and delete aliases via srv_samr_nt. For that I added a RID allocation call

to winbindd. idmap_allocate_rid wants information about whether this will be a
user or a group, I did not export this to the winbind interface.

The reason for idmap to get that info is to keep consistent with the
algorithmic convention to alloc only even rids for users and odd rids for
groups. I'm not fully convinced that this really gains us anything. Any real
good arguments?

Volker
(This used to be commit 7f62cf933cad69799204bfdc773e08ff0dde0b20)

5 files changed, 67 insertions, 6 deletions

diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c
index 90e4584dab..32dfc8deca 100644
--- a/source3/nsswitch/wb_client.c
+++ b/source3/nsswitch/wb_client.c
@@ -235,6 +235,30 @@ BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
 	return (result == NSS_STATUS_SUCCESS);
 }
 
+BOOL winbind_allocate_rid(uint32 *rid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	int result;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Make request */
+
+	result = winbindd_request(WINBINDD_ALLOCATE_RID, &request, &response);
+
+	if (result != NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Copy out result */
+	*rid = response.data.rid;
+
+	return True;
+}
+
 /* Fetch the list of groups a user is a member of from winbindd.  This is
    used by winbind_getgroups. */
 
@@ -595,8 +619,6 @@ BOOL winbind_delete_group( const char *group )
 }
 
 /***********************************************************************/
-#if 0	/* not needed currently since winbindd_acct was added -- jerry */
-
 /* Call winbindd to convert SID to uid. Do not allocate */
 
 BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid)
@@ -667,7 +689,5 @@ BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid)
 	return (result == NSS_STATUS_SUCCESS);
 }
 
-#endif 	/* JERRY */
-
 /***********************************************************************/
 
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 772332ee59..af2a0ce7c6 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -436,6 +436,18 @@ static BOOL wbinfo_sid_to_gid(char *sid)
 	return True;
 }
 
+static BOOL wbinfo_allocate_rid(void)
+{
+	uint32 rid;
+
+	if (!winbind_allocate_rid(&rid))
+		return False;
+
+	d_printf("New rid: %d\n", rid);
+
+	return True;
+}
+
 /* Convert sid to string */
 
 static BOOL wbinfo_lookupsid(char *sid)
@@ -983,6 +995,7 @@ int main(int argc, char **argv)
 		{ "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
 		{ "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
 		{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
+		{ "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" },
 		{ "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" },
 		{ "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" },
 		{ "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" },
@@ -1102,6 +1115,12 @@ int main(int argc, char **argv)
 				goto done;
 			}
 			break;
+		case 'A':
+			if (!wbinfo_allocate_rid()) {
+				d_printf("Could not allocate a RID\n");
+				goto done;
+			}
+			break;
 		case 't':
 			if (!wbinfo_check_secret()) {
 				d_printf("Could not check secret\n");
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 8a0d0f7573..c4319d493a 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -255,6 +255,7 @@ static struct dispatch_table dispatch_table[] = {
 	{ WINBINDD_SID_TO_GID, winbindd_sid_to_gid, "SID_TO_GID" },
 	{ WINBINDD_GID_TO_SID, winbindd_gid_to_sid, "GID_TO_SID" },
 	{ WINBINDD_UID_TO_SID, winbindd_uid_to_sid, "UID_TO_SID" },
+	{ WINBINDD_ALLOCATE_RID, winbindd_allocate_rid, "ALLOCATE_RID" },
 
 	/* Miscellaneous */
 
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
index 0d110b8afa..745a29facc 100644
--- a/source3/nsswitch/winbindd_nss.h
+++ b/source3/nsswitch/winbindd_nss.h
@@ -36,7 +36,7 @@
 
 /* Update this when you change the interface.  */
 
-#define WINBIND_INTERFACE_VERSION 9
+#define WINBIND_INTERFACE_VERSION 10
 
 /* Socket commands */
 
@@ -84,6 +84,7 @@ enum winbindd_cmd {
 	WINBINDD_SID_TO_GID,
 	WINBINDD_UID_TO_SID,
 	WINBINDD_GID_TO_SID,
+	WINBINDD_ALLOCATE_RID,
 
 	/* Miscellaneous other stuff */
 
@@ -266,7 +267,7 @@ struct winbindd_response {
 			char nt_session_key[16];
 			char first_8_lm_hash[8];
 		} auth;
-		uint32 rid;	/* create user or group */
+		uint32 rid;	/* create user or group or allocate rid */
 		struct {
 			fstring name;
 			fstring alt_name;
diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c
index 8ff6cfd271..d4206558c5 100644
--- a/source3/nsswitch/winbindd_sid.c
+++ b/source3/nsswitch/winbindd_sid.c
@@ -434,3 +434,23 @@ done:
 
 	return WINBINDD_OK;
 }
+
+enum winbindd_result winbindd_allocate_rid(struct winbindd_cli_state *state)
+{
+	if ( !state->privileged ) {
+		DEBUG(2, ("winbindd_allocate_rid: non-privileged access "
+			  "denied!\n"));
+		return WINBINDD_ERROR;
+	}
+
+	/* We tell idmap to always allocate a user RID. There might be a good
+	 * reason to keep RID allocation for users to even and groups to
+	 * odd. This needs discussion I think. For now only allocate user
+	 * rids. */
+
+	if (!NT_STATUS_IS_OK(idmap_allocate_rid(&state->response.data.rid,
+						USER_RID_TYPE)))
+		return WINBINDD_ERROR;
+
+	return WINBINDD_OK;
+}