summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-01-20 01:24:59 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-01-20 01:24:59 +0000
commit93a8358910d2b8788ffea33c04244ffd5ffecabf (patch)
treeb087c75b8cdf4818a8355e678b1e212cc3f9052d /source3/utils
parenta6541401b03e0a97dc7e265b223289cad7160b75 (diff)
downloadsamba-93a8358910d2b8788ffea33c04244ffd5ffecabf.tar.gz
samba-93a8358910d2b8788ffea33c04244ffd5ffecabf.tar.bz2
samba-93a8358910d2b8788ffea33c04244ffd5ffecabf.zip
This patch makes the 'winbind use default domain' code interact better with
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/smbcacls.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 94eada5c3d..d62907e14b 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -106,6 +106,7 @@ static BOOL cacls_open_policy_hnd(void)
/* convert a SID to a string, either numeric or username/group */
static void SidToString(fstring str, DOM_SID *sid)
{
+ char **domains = NULL;
char **names = NULL;
uint32 *types = NULL;
int num_names;
@@ -117,15 +118,19 @@ static void SidToString(fstring str, DOM_SID *sid)
/* Ask LSA to convert the sid to a name */
if (!cacls_open_policy_hnd() ||
- !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, sid, &names,
+ !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx,
+ &pol, 1, sid, &domains, &names,
&types, &num_names)) ||
- !names || !names[0]) {
+ !domains || !domains[0] || !names || !names[0]) {
return;
}
/* Converted OK */
+
+ slprintf(str, sizeof(fstring) - 1, "%s%s%s",
+ domains[0], lp_winbind_separator(),
+ names[0]);
- fstrcpy(str, names[0]);
}
/* convert a string to a SID, either numeric or username/group */
@@ -135,14 +140,18 @@ static BOOL StringToSid(DOM_SID *sid, const char *str)
DOM_SID *sids = NULL;
int num_sids;
BOOL result = True;
+ fstring name, domain;
if (strncmp(str, "S-", 2) == 0) {
return string_to_sid(sid, str);
}
+ split_domain_name(str, domain, name);
+
if (!cacls_open_policy_hnd() ||
- !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, &str,
- &sids, &types, &num_sids))) {
+ !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, &pol, 1,
+ (const char **)&domain, (const char **)&name,
+ &sids, &types, &num_sids))) {
result = False;
goto done;
}