summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2003-05-12 18:12:31 +0000
committerSimo Sorce <idra@samba.org>2003-05-12 18:12:31 +0000
commitc823b191ab476fc2583d6d6aaa1e2edb09cbb88e (patch)
treede7a7bc704024faf8e9b5dc750eed0cec6684ebb /source3/smbd
parent9308eaf77d53b2d86c071ef07a8e32d9d83b6d12 (diff)
downloadsamba-c823b191ab476fc2583d6d6aaa1e2edb09cbb88e.tar.gz
samba-c823b191ab476fc2583d6d6aaa1e2edb09cbb88e.tar.bz2
samba-c823b191ab476fc2583d6d6aaa1e2edb09cbb88e.zip
And finally IDMAP in 3_0
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/chgpasswd.c13
-rw-r--r--source3/smbd/ntquotas.c8
-rw-r--r--source3/smbd/nttrans.c8
-rw-r--r--source3/smbd/password.c11
-rw-r--r--source3/smbd/posix_acls.c10
-rw-r--r--source3/smbd/server.c6
-rw-r--r--source3/smbd/uid.c419
7 files changed, 27 insertions, 448 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 31c4fa7cc9..3d25f33f45 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -478,6 +478,12 @@ BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL
if (!name) {
DEBUG(1, ("NULL username specfied to chgpasswd()!\n"));
}
+
+ pass = Get_Pwnam(name);
+ if (!pass) {
+ DEBUG(1, ("Username does not exist in system passwd!\n"));
+ return False;
+ }
if (!oldpass) {
oldpass = "";
@@ -528,8 +534,6 @@ BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL
}
}
- pass = Get_Pwnam(name);
-
#ifdef WITH_PAM
if (lp_pam_password_change()) {
BOOL ret;
@@ -983,9 +987,8 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
* to touch the unix db unless we have admin permission.
*/
- if(lp_unix_password_sync() && IS_SAM_UNIX_USER(hnd)
- && !chgpasswd(pdb_get_username(hnd),
- old_passwd, new_passwd, False)) {
+ if(lp_unix_password_sync() &&
+ !chgpasswd(pdb_get_username(hnd), old_passwd, new_passwd, False)) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/smbd/ntquotas.c b/source3/smbd/ntquotas.c
index f34d61541c..a23b480627 100644
--- a/source3/smbd/ntquotas.c
+++ b/source3/smbd/ntquotas.c
@@ -74,7 +74,6 @@ int vfs_get_ntquota(files_struct *fsp, enum SMB_QUOTA_TYPE qtype, DOM_SID *psid,
int ret;
SMB_DISK_QUOTA D;
unid_t id;
- enum SID_NAME_USE sid_use = SID_NAME_USE_NONE;
ZERO_STRUCT(D);
@@ -85,7 +84,7 @@ int vfs_get_ntquota(files_struct *fsp, enum SMB_QUOTA_TYPE qtype, DOM_SID *psid,
id.uid = -1;
- if (psid && !sid_to_uid(psid, &id.uid, &sid_use)) {
+ if (psid && NT_STATUS_IS_ERR(sid_to_uid(psid, &id.uid))) {
DEBUG(0,("sid_to_uid: failed, SID[%s]\n",
sid_string_static(psid)));
}
@@ -113,7 +112,6 @@ int vfs_set_ntquota(files_struct *fsp, enum SMB_QUOTA_TYPE qtype, DOM_SID *psid,
int ret;
SMB_DISK_QUOTA D;
unid_t id;
- enum SID_NAME_USE sid_use = SID_NAME_USE_NONE;
ZERO_STRUCT(D);
if (!fsp||!fsp->conn||!qt)
@@ -133,7 +131,7 @@ int vfs_set_ntquota(files_struct *fsp, enum SMB_QUOTA_TYPE qtype, DOM_SID *psid,
D.isoftlimit = limit_blk2inodes(D.softlimit);
D.ihardlimit = limit_blk2inodes(D.hardlimit);
- if (psid && !sid_to_uid(psid, &id.uid, &sid_use)) {
+ if (psid && NT_STATUS_IS_ERR(sid_to_uid(psid, &id.uid))) {
DEBUG(0,("sid_to_uid: failed, SID[%s]\n",
sid_string_static(psid)));
}
@@ -187,7 +185,7 @@ int vfs_get_user_ntquota_list(files_struct *fsp, SMB_NTQUOTA_LIST **qt_list)
continue;
}
- if (uid_to_sid(&sid,usr->pw_uid)==NULL) {
+ if (NT_STATUS_IS_ERR(uid_to_sid(&sid, usr->pw_uid))) {
DEBUG(0,("uid_to_sid failed for %d\n",usr->pw_uid));
continue;
}
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index e7c834f531..fef176cae1 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1780,7 +1780,6 @@ static int call_nt_transact_ioctl(connection_struct *conn,
DOM_SID sid;
uid_t uid;
- enum SID_NAME_USE sid_use = 0;
size_t sid_len=SID_MAX_SIZE;
DEBUG(1,("FSCTL_FIND_FILES_BY_SID: fnum=%d control=0x%08x\n",fnum,control));
@@ -1792,10 +1791,9 @@ static int call_nt_transact_ioctl(connection_struct *conn,
sid_parse(pdata+4,sid_len,&sid);
DEBUGADD(2,("SID: %s\n",sid_string_static(&sid)));
- if (!sid_to_uid(&sid, &uid, &sid_use)
- ||sid_use!=SID_NAME_USER) {
- DEBUG(0,("sid_to_uid: failed, sid[%s] sid_use: %d\n",
- sid_string_static(&sid),sid_use));
+ if (NT_STATUS_IS_ERR(sid_to_uid(&sid, &uid))) {
+ DEBUG(0,("sid_to_uid: failed, sid[%s]\n",
+ sid_string_static(&sid)));
uid = (-1);
}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 415025f649..81849b709a 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -68,7 +68,6 @@ void invalidate_vuid(uint16 vuid)
SAFE_FREE(vuser->logon_script);
session_yield(vuser);
- SAFE_FREE(vuser->session_keystr);
free_server_info(&vuser->server_info);
@@ -142,15 +141,9 @@ int register_vuid(auth_serversupplied_info *server_info, const char *smb_name)
/* the next functions should be done by a SID mapping system (SMS) as
* the new real sam db won't have reference to unix uids or gids
*/
- if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
- DEBUG(0,("Attempted session setup with invalid user. No uid/gid in SAM_ACCOUNT\n"));
- free(vuser);
- free_server_info(&server_info);
- return UID_FIELD_INVALID;
- }
- vuser->uid = pdb_get_uid(server_info->sam_account);
- vuser->gid = pdb_get_gid(server_info->sam_account);
+ vuser->uid = server_info->uid;
+ vuser->gid = server_info->gid;
vuser->n_groups = server_info->n_groups;
if (vuser->n_groups) {
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 34c33af473..228322dc42 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -443,7 +443,6 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp,
{
DOM_SID owner_sid;
DOM_SID grp_sid;
- enum SID_NAME_USE sid_type;
*puser = (uid_t)-1;
*pgrp = (gid_t)-1;
@@ -469,7 +468,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp,
if (security_info_sent & OWNER_SECURITY_INFORMATION) {
sid_copy(&owner_sid, psd->owner_sid);
- if (!sid_to_uid( &owner_sid, puser, &sid_type)) {
+ if (NT_STATUS_IS_ERR(sid_to_uid(&owner_sid, puser))) {
#if ACL_FORCE_UNMAPPABLE
/* this allows take ownership to work reasonably */
extern struct current_user current_user;
@@ -489,7 +488,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp,
if (security_info_sent & GROUP_SECURITY_INFORMATION) {
sid_copy(&grp_sid, psd->grp_sid);
- if (!sid_to_gid( &grp_sid, pgrp, &sid_type)) {
+ if (NT_STATUS_IS_ERR(sid_to_gid( &grp_sid, pgrp))) {
#if ACL_FORCE_UNMAPPABLE
/* this allows take group ownership to work reasonably */
extern struct current_user current_user;
@@ -938,7 +937,6 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
}
for(i = 0; i < dacl->num_aces; i++) {
- enum SID_NAME_USE sid_type;
SEC_ACE *psa = &dacl->ace[i];
/*
@@ -1003,10 +1001,10 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
if (nt4_compatible_acls())
psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
- } else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid, &sid_type)) {
+ } else if (NT_STATUS_IS_OK(sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid))) {
current_ace->owner_type = GID_ACE;
current_ace->type = SMB_ACL_GROUP;
- } else if (sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid, &sid_type)) {
+ } else if (NT_STATUS_IS_OK(sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid))) {
current_ace->owner_type = UID_ACE;
current_ace->type = SMB_ACL_USER;
} else {
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index d46be42eba..edc7b57ba3 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -839,6 +839,12 @@ static BOOL init_structs(void )
if(!initialize_password_db(False))
exit(1);
+ if (!idmap_init())
+ exit(1);
+
+ if (!idmap_init_wellknown_sids())
+ exit(1);
+
static_init_rpc;
init_modules();
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index b9cf0de3bd..c68d00025c 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -405,10 +405,9 @@ void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER
memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t));
for (i = 0; i < ptok->num_sids; i++) {
- enum SID_NAME_USE sid_type;
gid_t new_grp;
- if (sid_to_gid(&ptok->user_sids[i], &new_grp, &sid_type)) {
+ if (NT_STATUS_IS_OK(sid_to_gid(&ptok->user_sids[i], &new_grp))) {
/*
* Don't add the gid_t if it is already in the current group
* list. Some UNIXen don't like the same group more than once.
@@ -530,419 +529,3 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE
}
return True;
}
-
-/*****************************************************************
- Id mapping cache. This is to avoid Winbind mappings already
- seen by smbd to be queried too frequently, keeping winbindd
- busy, and blocking smbd while winbindd is busy with other
- stuff. Written by Michael Steffens <michael.steffens@hp.com>,
- modified to use linked lists by jra.
-*****************************************************************/
-
-#define MAX_UID_SID_CACHE_SIZE 100
-#define TURNOVER_UID_SID_CACHE_SIZE 10
-#define MAX_GID_SID_CACHE_SIZE 100
-#define TURNOVER_GID_SID_CACHE_SIZE 10
-
-static size_t n_uid_sid_cache = 0;
-static size_t n_gid_sid_cache = 0;
-
-static struct uid_sid_cache {
- struct uid_sid_cache *next, *prev;
- uid_t uid;
- DOM_SID sid;
- enum SID_NAME_USE sidtype;
-} *uid_sid_cache_head;
-
-static struct gid_sid_cache {
- struct gid_sid_cache *next, *prev;
- gid_t gid;
- DOM_SID sid;
- enum SID_NAME_USE sidtype;
-} *gid_sid_cache_head;
-
-/*****************************************************************
- Find a SID given a uid.
-*****************************************************************/
-
-static BOOL fetch_sid_from_uid_cache(DOM_SID *psid, enum SID_NAME_USE *psidtype, uid_t uid)
-{
- struct uid_sid_cache *pc;
-
- for (pc = uid_sid_cache_head; pc; pc = pc->next) {
- if (pc->uid == uid) {
- fstring sid;
- *psid = pc->sid;
- *psidtype = pc->sidtype;
- DEBUG(3,("fetch sid from uid cache %u -> %s\n",
- (unsigned int)uid, sid_to_string(sid, psid)));
- DLIST_PROMOTE(uid_sid_cache_head, pc);
- return True;
- }
- }
- return False;
-}
-
-/*****************************************************************
- Find a uid given a SID.
-*****************************************************************/
-
-static BOOL fetch_uid_from_cache(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE sidtype)
-{
- struct uid_sid_cache *pc;
-
- for (pc = uid_sid_cache_head; pc; pc = pc->next) {
- if (sid_compare(&pc->sid, psid) == 0) {
- fstring sid;
- *puid = pc->uid;
- DEBUG(3,("fetch uid from cache %u -> %s\n",
- (unsigned int)*puid, sid_to_string(sid, psid)));
- DLIST_PROMOTE(uid_sid_cache_head, pc);
- return True;
- }
- }
- return False;
-}
-
-/*****************************************************************
- Store uid to SID mapping in cache.
-*****************************************************************/
-
-static void store_uid_sid_cache(const DOM_SID *psid, const enum SID_NAME_USE sidtype, uid_t uid)
-{
- struct uid_sid_cache *pc;
-
- if (n_uid_sid_cache >= MAX_UID_SID_CACHE_SIZE && n_uid_sid_cache > TURNOVER_UID_SID_CACHE_SIZE) {
- /* Delete the last TURNOVER_UID_SID_CACHE_SIZE entries. */
- struct uid_sid_cache *pc_next;
- size_t i;
-
- for (i = 0, pc = uid_sid_cache_head; i < (n_uid_sid_cache - TURNOVER_UID_SID_CACHE_SIZE); i++, pc = pc->next)
- ;
- for(; pc; pc = pc_next) {
- pc_next = pc->next;
- DLIST_REMOVE(uid_sid_cache_head,pc);
- SAFE_FREE(pc);
- n_uid_sid_cache--;
- }
- }
-
- pc = (struct uid_sid_cache *)malloc(sizeof(struct uid_sid_cache));
- if (!pc)
- return;
- pc->uid = uid;
- sid_copy(&pc->sid, psid);
- pc->sidtype = sidtype;
- DLIST_ADD(uid_sid_cache_head, pc);
- n_uid_sid_cache++;
-}
-
-/*****************************************************************
- Find a SID given a gid.
-*****************************************************************/
-
-static BOOL fetch_sid_from_gid_cache(DOM_SID *psid, enum SID_NAME_USE *psidtype, gid_t gid)
-{
- struct gid_sid_cache *pc;
-
- for (pc = gid_sid_cache_head; pc; pc = pc->next) {
- if (pc->gid == gid) {
- fstring sid;
- *psid = pc->sid;
- *psidtype = pc->sidtype;
- DEBUG(3,("fetch sid from gid cache %u -> %s\n",
- (unsigned int)gid, sid_to_string(sid, psid)));
- DLIST_PROMOTE(gid_sid_cache_head, pc);
- return True;
- }
- }
- return False;
-}
-
-/*****************************************************************
- Find a gid given a SID.
-*****************************************************************/
-
-static BOOL fetch_gid_from_cache(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE sidtype)
-{
- struct gid_sid_cache *pc;
-
- for (pc = gid_sid_cache_head; pc; pc = pc->next) {
- if (sid_compare(&pc->sid, psid) == 0) {
- fstring sid;
- *pgid = pc->gid;
- DEBUG(3,("fetch uid from cache %u -> %s\n",
- (unsigned int)*pgid, sid_to_string(sid, psid)));
- DLIST_PROMOTE(gid_sid_cache_head, pc);
- return True;
- }
- }
- return False;
-}
-
-/*****************************************************************
- Store gid to SID mapping in cache.
-*****************************************************************/
-
-static void store_gid_sid_cache(const DOM_SID *psid, const enum SID_NAME_USE sidtype, gid_t gid)
-{
- struct gid_sid_cache *pc;
-
- if (n_gid_sid_cache >= MAX_GID_SID_CACHE_SIZE && n_gid_sid_cache > TURNOVER_GID_SID_CACHE_SIZE) {
- /* Delete the last TURNOVER_GID_SID_CACHE_SIZE entries. */
- struct gid_sid_cache *pc_next;
- size_t i;
-
- for (i = 0, pc = gid_sid_cache_head; i < (n_gid_sid_cache - TURNOVER_GID_SID_CACHE_SIZE); i++, pc = pc->next)
- ;
- for(; pc; pc = pc_next) {
- pc_next = pc->next;
- DLIST_REMOVE(gid_sid_cache_head,pc);
- SAFE_FREE(pc);
- n_gid_sid_cache--;
- }
- }
-
- pc = (struct gid_sid_cache *)malloc(sizeof(struct gid_sid_cache));
- if (!pc)
- return;
- pc->gid = gid;
- sid_copy(&pc->sid, psid);
- pc->sidtype = sidtype;
- DLIST_ADD(gid_sid_cache_head, pc);
- n_gid_sid_cache++;
-}
-
-
-/*****************************************************************
- *THE CANONICAL* convert uid_t to SID function.
- Tries winbind first - then uses local lookup.
- Returns SID pointer.
-*****************************************************************/
-
-DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
-{
- uid_t low, high;
- enum SID_NAME_USE sidtype;
- fstring sid;
-
- if (fetch_sid_from_uid_cache(psid, &sidtype, uid))
- return psid;
-
- if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
- if (winbind_uid_to_sid(psid, uid)) {
-
- DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
- (unsigned int)uid, sid_to_string(sid, psid)));
-
- if (psid)
- store_uid_sid_cache(psid, SID_NAME_USER, uid);
- return psid;
- }
- }
-
- /* Make sure we report failure, (when psid == NULL) */
- become_root();
- psid = local_uid_to_sid(psid, uid);
- unbecome_root();
-
- DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid)));
- if (psid)
- store_uid_sid_cache(psid, SID_NAME_USER, uid);
-
- return psid;
-}
-
-/*****************************************************************
- *THE CANONICAL* convert gid_t to SID function.
- Tries winbind first - then uses local lookup.
- Returns SID pointer.
-*****************************************************************/
-
-DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
-{
- gid_t low, high;
- enum SID_NAME_USE sidtype;
- fstring sid;
-
- if (fetch_sid_from_gid_cache(psid, &sidtype, gid))
- return psid;
-
- if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
- if (winbind_gid_to_sid(psid, gid)) {
-
- DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
- (unsigned int)gid, sid_to_string(sid, psid)));
-
- if (psid)
- store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid);
- return psid;
- }
- }
-
- /* Make sure we report failure, (when psid == NULL) */
- become_root();
- psid = local_gid_to_sid(psid, gid);
- unbecome_root();
- DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid)));
- if (psid)
- store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid);
-
- return psid;
-}
-
-/*****************************************************************
- *THE CANONICAL* convert SID to uid function.
- Tries winbind first - then uses local lookup.
- Returns True if this name is a user sid and the conversion
- was done correctly, False if not. sidtype is set by this function.
-*****************************************************************/
-
-BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
-{
- fstring sid_str;
-
- if (fetch_uid_from_cache(puid, psid, *sidtype))
- return True;
-
- /* if we know its local then don't try winbindd */
- if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
- BOOL result;
- become_root();
- result = local_sid_to_uid(puid, psid, sidtype);
- unbecome_root();
- if (result)
- store_uid_sid_cache(psid, *sidtype, *puid);
- return result;
- }
-
-/* (tridge) I commented out the slab of code below in order to support foreign SIDs
- Do we really need to validate the type of SID we have in this case?
-*/
-#if 0
- fstring dom_name, name;
- enum SID_NAME_USE name_type;
-
- *sidtype = SID_NAME_UNKNOWN;
- /*
- * First we must look up the name and decide if this is a user sid.
- */
-
- if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
- BOOL result;
- DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
- sid_to_string(sid_str, psid) ));
-
- become_root();
- result = local_sid_to_uid(puid, psid, sidtype);
- unbecome_root();
- return result;
- }
-
- /*
- * Ensure this is a user sid.
- */
-
- if (name_type != SID_NAME_USER) {
- DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
- (unsigned int)name_type ));
- return False;
- }
-#endif
- *sidtype = SID_NAME_USER;
-
- /*
- * Get the uid for this SID.
- */
-
- if (!winbind_sid_to_uid(puid, psid)) {
- BOOL result;
- DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
- sid_to_string(sid_str, psid) ));
- become_root();
- result = local_sid_to_uid(puid, psid, sidtype);
- unbecome_root();
- if (result)
- store_uid_sid_cache(psid, *sidtype, *puid);
- return result;
- }
-
- DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
- sid_to_string(sid_str, psid),
- (unsigned int)*puid ));
-
- store_uid_sid_cache(psid, *sidtype, *puid);
- return True;
-}
-
-/*****************************************************************
- *THE CANONICAL* convert SID to gid function.
- Tries winbind first - then uses local lookup.
- Returns True if this name is a user sid and the conversion
- was done correctly, False if not.
-*****************************************************************/
-
-BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
-{
- fstring dom_name, name, sid_str;
- enum SID_NAME_USE name_type;
-
- *sidtype = SID_NAME_UNKNOWN;
-
- if (fetch_gid_from_cache(pgid, psid, *sidtype))
- return True;
-
- /*
- * First we must look up the name and decide if this is a group sid.
- */
-
- /* if we know its local then don't try winbindd */
- if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
- BOOL result;
- become_root();
- result = local_sid_to_gid(pgid, psid, sidtype);
- unbecome_root();
- if (result)
- store_gid_sid_cache(psid, *sidtype, *pgid);
- return result;
- }
-
- if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
- DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
- sid_to_string(sid_str, psid) ));
- /* this was probably a foreign sid - assume its a group rid
- and continue */
- name_type = SID_NAME_DOM_GRP;
- }
-
- /*
- * Ensure this is a group sid.
- */
-
- if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
- DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
- (unsigned int)name_type ));
-
- return False;
- }
-
- *sidtype = name_type;
-
- /*
- * Get the gid for this SID.
- */
-
- if (!winbind_sid_to_gid(pgid, psid)) {
- DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
- sid_to_string(sid_str, psid) ));
- return False;
- }
-
- DEBUG(10,("sid_to_gid: winbindd %s -> %u\n",
- sid_to_string(sid_str, psid),
- (unsigned int)*pgid ));
-
- store_gid_sid_cache(psid, *sidtype, *pgid);
- return True;
-}
-