r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm

reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
author: Volker Lendecke <vlendec@samba.org> 2005-12-03 18:34:13 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 11:05:43 -0500
commit: 05ac2de0df78d22ad5afb42ea5c72ba17bef8395 (patch)
tree: f4968eaab779b3f09dfac41e34f6088f32c38463 /source3/passdb/passdb.c
parent: 678f13c761bea7b4dc4b96c4c1a7d65ee143181c (diff)
download: samba-05ac2de0df78d22ad5afb42ea5c72ba17bef8395.tar.gz
samba-05ac2de0df78d22ad5afb42ea5c72ba17bef8395.tar.bz2
samba-05ac2de0df78d22ad5afb42ea5c72ba17bef8395.zip
1 files changed, 76 insertions, 59 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index e073db3499..3ca26a57c7 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -735,7 +735,7 @@ BOOL algorithmic_pdb_rid_is_user(uint32 rid)
  Look up a rid in the SAM we're responsible for (i.e. passdb)
  ********************************************************************/
 
-BOOL lookup_global_sam_rid(uint32 rid, fstring name,
+BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, char **name,
 			   enum SID_NAME_USE *psid_name_use)
 {
 	SAM_ACCOUNT *sam_account = NULL;
@@ -760,7 +760,7 @@ BOOL lookup_global_sam_rid(uint32 rid, fstring name,
 	become_root();
 	if (pdb_getsampwsid(sam_account, &sid)) {
 		unbecome_root();		/* -----> EXIT BECOME_ROOT() */
-		fstrcpy(name, pdb_get_username(sam_account));
+		*name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
 		*psid_name_use = SID_NAME_USER;
 
 		pdb_free_sam(&sam_account);
@@ -784,14 +784,14 @@ BOOL lookup_global_sam_rid(uint32 rid, fstring name,
 				 map.nt_name));
 		}
 
-		fstrcpy(name, map.nt_name);
+		*name = talloc_strdup(mem_ctx, map.nt_name);
 		*psid_name_use = map.sid_name_use;
 		return True;
 	}
 
 	if (rid == DOMAIN_USER_RID_ADMIN) {
 		*psid_name_use = SID_NAME_USER;
-		fstrcpy(name, "Administrator");
+		*name = talloc_strdup(mem_ctx, "Administrator");
 		return True;
 	}
 
@@ -807,13 +807,15 @@ BOOL lookup_global_sam_rid(uint32 rid, fstring name,
 		DEBUG(5,("lookup_global_sam_rid: looking up uid %u %s\n",
 			 (unsigned int)uid, pw ? "succeeded" : "failed" ));
 			 
-		if ( !pw )
-			fstr_sprintf(name, "unix_user.%u", (unsigned int)uid);
-		else 
-			fstrcpy( name, pw->pw_name );
+		if ( !pw ) {
+			*name  = talloc_asprintf(mem_ctx, "unix_user.%u",
+						 (unsigned int)uid);
+		} else {
+			*name = talloc_strdup(mem_ctx, pw->pw_name );
+		}
 			
 		DEBUG(5,("lookup_global_sam_rid: found user %s for rid %u\n",
-			 name, (unsigned int)rid ));
+			 *name, (unsigned int)rid ));
 			 
 		*psid_name_use = SID_NAME_USER;
 		
@@ -830,13 +832,15 @@ BOOL lookup_global_sam_rid(uint32 rid, fstring name,
 		DEBUG(5,("lookup_global_sam_rid: looking up gid %u %s\n",
 			 (unsigned int)gid, gr ? "succeeded" : "failed" ));
 			
-		if( !gr )
-			fstr_sprintf(name, "unix_group.%u", (unsigned int)gid);
-		else
-			fstrcpy( name, gr->gr_name);
+		if( !gr ) {
+			*name = talloc_asprintf(mem_ctx, "unix_group.%u",
+					       (unsigned int)gid);
+		} else {
+			*name = talloc_strdup(mem_ctx, gr->gr_name);
+		}
 			
 		DEBUG(5,("lookup_global_sam_rid: found group %s for rid %u\n",
-			 name, (unsigned int)rid ));
+			 *name, (unsigned int)rid ));
 		
 		/* assume algorithmic groups are domain global groups */
 		
@@ -850,17 +854,13 @@ BOOL lookup_global_sam_rid(uint32 rid, fstring name,
  Convert a name into a SID. Used in the lookup name rpc.
  ********************************************************************/
 
-BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psid_name_use)
+BOOL lookup_global_sam_name(const char *c_user, uint32_t *rid, enum SID_NAME_USE *type)
 {
-	DOM_SID local_sid;
-	DOM_SID sid;
 	fstring user;
 	SAM_ACCOUNT *sam_account = NULL;
 	struct group *grp;
 	GROUP_MAP map;
 
-	*psid_name_use = SID_NAME_UNKNOWN;
-
 	/*
 	 * user may be quoted a const string, and map_username and
 	 * friends can modify it. Make a modifiable copy. JRA.
@@ -868,17 +868,6 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
 
 	fstrcpy(user, c_user);
 
-	sid_copy(&local_sid, get_global_sam_sid());
-
-	if (map_name_to_wellknown_sid(&sid, psid_name_use, user)){
-		fstring sid_str;
-		sid_copy( psid, &sid);
-		sid_to_string(sid_str, &sid);
-		DEBUG(10,("lookup_name: name %s = SID %s, type = %u\n", user, sid_str,
-			(unsigned int)*psid_name_use ));
-		return True;
-	}
-
 	(void)map_username(user);
 
 	if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
@@ -889,10 +878,28 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
 	
 	become_root();
 	if (pdb_getsampwnam(sam_account, user)) {
+		const DOM_SID *user_sid;
+
 		unbecome_root();
-		sid_copy(psid, pdb_get_user_sid(sam_account));
-		*psid_name_use = SID_NAME_USER;
-		
+
+		user_sid = pdb_get_user_sid(sam_account);
+
+		if (!sid_check_is_in_our_domain(user_sid)) {
+			DEBUG(0, ("User %s with invalid SID %s in passdb\n",
+				  user, sid_string_static(user_sid)));
+			return False;
+		}
+
+		sid_peek_rid(user_sid, rid);
+
+		if (pdb_get_acct_ctrl(sam_account) &
+		    (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST)) {
+			/* We have to filter them out in lsa_lookupnames,
+			 * indicate that this is not a real user.  */
+			*type = SID_NAME_COMPUTER;
+		} else {
+			*type = SID_NAME_USER;
+		}
 		pdb_free_sam(&sam_account);
 		return True;
 	}
@@ -905,41 +912,51 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
 
 	/* check if it's a mapped group */
 	if (pdb_getgrnam(&map, user)) {
-		/* yes it's a mapped group */
-		sid_copy(&local_sid, &map.sid);
-		*psid_name_use = map.sid_name_use;
-	} else {
-		/* it's not a mapped group */
-		grp = getgrnam(user);
-		if(!grp) {
-			unbecome_root();		/* ---> exit form block */	
+
+		unbecome_root();
+
+		/* BUILTIN groups are looked up elsewhere */
+		if (!sid_check_is_in_our_domain(&map.sid)) {
+			DEBUG(10, ("Found group %s (%s) not in our domain -- "
+				   "ignoring.", user,
+				   sid_string_static(&map.sid)));
 			return False;
 		}
 		
-		/* 
-		 *check if it's mapped, if it is reply it doesn't exist
-		 *
-		 * that's to prevent this case:
-		 *
-		 * unix group ug is mapped to nt group ng
-		 * someone does a lookup on ug
-		 * we must not reply as it doesn't "exist" anymore
-		 * for NT. For NT only ng exists.
-		 * JFM, 30/11/2001
-		 */
+		/* yes it's a mapped group */
+		sid_peek_rid(&map.sid, rid);
+		*type = map.sid_name_use;
+		return True;
+	}
+
+	/* it's not a mapped group */
+	grp = getgrnam(user);
+	if(!grp) {
+		unbecome_root();		/* ---> exit form block */	
+		return False;
+	}
 		
-		if (pdb_getgrgid(&map, grp->gr_gid)){
-			unbecome_root();		/* ---> exit form block */
-			return False;
-		}
+	/* 
+	 *check if it's mapped, if it is reply it doesn't exist
+	 *
+	 * that's to prevent this case:
+	 *
+	 * unix group ug is mapped to nt group ng
+	 * someone does a lookup on ug
+	 * we must not reply as it doesn't "exist" anymore
+	 * for NT. For NT only ng exists.
+	 * JFM, 30/11/2001
+	 */
 		
-		sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
-		*psid_name_use = SID_NAME_ALIAS;
+	if (pdb_getgrgid(&map, grp->gr_gid)) {
+		unbecome_root();		/* ---> exit form block */
+		return False;
 	}
 	unbecome_root();
 	/* END ROOT BLOCK */
 
-	sid_copy( psid, &local_sid);
+	*rid = pdb_gid_to_group_rid(grp->gr_gid);
+	*type = SID_NAME_ALIAS;
 
 	return True;
 }
author	Volker Lendecke <vlendec@samba.org>	2005-12-03 18:34:13 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 11:05:43 -0500
commit	05ac2de0df78d22ad5afb42ea5c72ba17bef8395 (patch)
tree	f4968eaab779b3f09dfac41e34f6088f32c38463 /source3/passdb/passdb.c
parent	678f13c761bea7b4dc4b96c4c1a7d65ee143181c (diff)
download	samba-05ac2de0df78d22ad5afb42ea5c72ba17bef8395.tar.gz samba-05ac2de0df78d22ad5afb42ea5c72ba17bef8395.tar.bz2 samba-05ac2de0df78d22ad5afb42ea5c72ba17bef8395.zip