summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2003-04-29 03:31:00 +0000
committerSimo Sorce <idra@samba.org>2003-04-29 03:31:00 +0000
commit67a5f62e43f802149e6d2761b0d9f93a1b084a27 (patch)
treeec9015cc519923a104fc77504714e338018cdc7d /source3
parente64b34cd47e046e9804b9e7774ee8316e9729413 (diff)
downloadsamba-67a5f62e43f802149e6d2761b0d9f93a1b084a27.tar.gz
samba-67a5f62e43f802149e6d2761b0d9f93a1b084a27.tar.bz2
samba-67a5f62e43f802149e6d2761b0d9f93a1b084a27.zip
ok next_rid out as well local_*id_to*id functions
reverted user making function, did not pass the abartlet test :-) idmap is now fully integrated, we only miss user creation and removal of uid and gid from SAM_ACCOUNT (This used to be commit 67af8c26586c4829166795813a373bf9be27b753)
Diffstat (limited to 'source3')
-rw-r--r--source3/include/passdb.h4
-rw-r--r--source3/passdb/passdb.c348
-rw-r--r--source3/passdb/pdb_smbpasswd.c1
-rw-r--r--source3/passdb/pdb_tdb.c47
-rw-r--r--source3/smbd/uid.c271
5 files changed, 141 insertions, 530 deletions
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 06409aa34e..35399758b2 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -51,7 +51,7 @@ typedef struct pdb_context
NTSTATUS (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username);
NTSTATUS (*pdb_getsampwsid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid);
-
+
NTSTATUS (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
@@ -104,7 +104,7 @@ typedef struct pdb_methods
NTSTATUS (*getsampwnam)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const char *username);
- NTSTATUS (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const DOM_SID *Sid);
+ NTSTATUS (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid);
NTSTATUS (*add_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass);
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 99f5c228ef..15756b7e22 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -163,13 +163,7 @@ NTSTATUS pdb_init_sam(SAM_ACCOUNT **user)
NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
{
- GROUP_MAP map;
-
- const char *guest_account = lp_guestaccount();
- if (!(guest_account && *guest_account)) {
- DEBUG(1, ("NULL guest account!?!?\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
+ NTSTATUS ret;
if (!pwd) {
return NT_STATUS_UNSUCCESSFUL;
@@ -197,37 +191,8 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
-- abartlet 11-May-02
*/
-
- /* Ensure this *must* be set right */
- if (strcmp(pwd->pw_name, guest_account) == 0) {
- if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- } else {
-
- if (!pdb_set_user_sid_from_rid(sam_account,
- fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
- DEBUG(0,("Can't set User SID from RID!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- /* call the mapping code here */
- if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) {
- if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){
- DEBUG(0,("Can't set Group SID!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- else {
- if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
- DEBUG(0,("Can't set Group SID\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- }
+ ret = pdb_set_sam_sids(sam_account, pwd);
+ if (NT_STATUS_IS_ERR(ret)) return ret;
/* check if this is a user account or a machine account */
if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$')
@@ -371,102 +336,77 @@ NTSTATUS pdb_free_sam(SAM_ACCOUNT **user)
/**************************************************************************
* This function will take care of all the steps needed to correctly
* allocate and set the user SID, please do use this function to create new
- * users and don't add the account to the passdb directly unless you know
- * what are you doing, messing with SIDs is not good.
- *
- * account_data must be provided initialized. But values may be discarded if
- * free RIDs are not in use.
- *
- * ATTENTION: Please pay attention to leave any ID field to NULL unless you
- * really know what you are doing
+ * users, messing with SIDs is not good.
*
+ * account_data must be provided initialized, pwd may be null.
* SSS
***************************************************************************/
-NTSTATUS pdb_create_new_user_account(char *username, SAM_ACCOUNT *account_data)
+NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd)
{
+ const char *guest_account = lp_guestaccount();
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- SAM_ACCOUNT test;
- DOM_SID u_sid, g_sid;
- struct passwd *pw;
- if (!username || !account_data) {
+ if (!account_data || (!pwd && !(pdb_get_free_rid_base() && lp_idmap_only()))) {
return NT_STATUS_INVALID_PARAMETER;
}
- if (pdb_getsampwnam(&test, username)) {
- DEBUG(3, ("pdb_create_new_user_account: User already exist in SAM! Aborting...\n"));
+ /* this is a hack this thing should not be set
+ this way --SSS */
+ if (!(guest_account && *guest_account)) {
+ DEBUG(1, ("NULL guest account!?!?\n"));
return NT_STATUS_UNSUCCESSFUL;
+ } else {
+ /* Ensure this *must* be set right */
+ if (strcmp(pwd->pw_name, guest_account) == 0) {
+ if (!pdb_set_user_sid_from_rid(account_data, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ if (!pdb_set_group_sid_from_rid(account_data, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return NT_STATUS_OK;
+ }
}
- pw = getpwnam_alloc(username);
-
- if (pdb_get_free_rid_base()) {
- unid_t idval;
- int idtype;
+ if (pwd) {
+ GROUP_MAP map;
- if (!pdb_set_username(account_data, username, PDB_CHANGED)) {
- goto done;
+ if (!pdb_set_user_sid_from_rid(account_data, fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
+ DEBUG(0,("Can't set User SID from RID!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
}
-
- if (lp_idmap_only() || !pw) {
- if (pdb_get_init_flags(account_data, PDB_USERSID) == PDB_DEFAULT) {
- if (!pdb_get_next_sid(&u_sid)) {
- goto done;
- }
- pdb_set_user_sid(account_data, &u_sid, PDB_SET);
- }
- /* make a mapping in idmap */
- idtype = ID_USERID;
- idmap_get_id_from_sid(&idval, &idtype, &u_sid);
- if (pdb_get_init_flags(account_data, PDB_GROUPSID) == PDB_DEFAULT) {
- /* set Domain Users by default ! */
- sid_copy(&g_sid, get_global_sam_sid());
- sid_append_rid(&u_sid, DOMAIN_GROUP_RID_USERS);
- pdb_set_group_sid(account_data, &g_sid, PDB_SET);
- }
- /* make a mapping in idmap */
- idtype = ID_GROUPID;
- idmap_get_id_from_sid(&idval, &idtype, &g_sid);
- } else {
- GROUP_MAP map;
-
- if (!pdb_set_user_sid_from_rid(account_data, fallback_pdb_uid_to_user_rid(pw->pw_uid), PDB_SET)) {
- DEBUG(0,("Can't set User SID from RID!\n"));
- ret = NT_STATUS_INVALID_PARAMETER;
- goto done;
+ /* call the mapping code here */
+ if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) {
+ if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){
+ DEBUG(0,("Can't set Group SID!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
}
-
- /* call the mapping code here */
- if(pdb_getgrgid(&map, pw->pw_gid, MAPPING_WITHOUT_PRIV)) {
- if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){
- DEBUG(0,("Can't set Group SID!\n"));
- ret = NT_STATUS_INVALID_PARAMETER;
- goto done;
- }
- }
- else {
- if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pw->pw_gid), PDB_SET)) {
- DEBUG(0,("Can't set Group SID\n"));
- ret = NT_STATUS_INVALID_PARAMETER;
- goto done;
- }
+ }
+ else {
+ if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
+ DEBUG(0,("Can't set Group SID\n"));
+ return NT_STATUS_INVALID_PARAMETER;
}
- }
- } else {
- if (!pw || NT_STATUS_IS_ERR(pdb_fill_sam_pw(account_data, pw))) {
- goto done;
}
- }
+ } else {
+ unid_t idval;
+ int idtype;
- if (pdb_add_sam_account(account_data)) {
- ret = NT_STATUS_OK;
+ /* this is a hack this thing should not be set
+ here --SSS */
+ if (pdb_get_init_flags(account_data, PDB_GROUPSID) == PDB_DEFAULT) {
+ DOM_SID g_sid;
+
+ /* set Domain Users by default ! */
+ sid_copy(&g_sid, get_global_sam_sid());
+ sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS);
+ pdb_set_group_sid(account_data, &g_sid, PDB_SET);
+ }
}
-done:
- passwd_free(&pw);
- return ret;
+ return NT_STATUS_OK;
}
/******************************************************************
@@ -957,190 +897,6 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
return True;
}
-/****************************************************************************
- Convert a uid to SID - locally.
-****************************************************************************/
-
-DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
-{
- struct passwd *pass;
- SAM_ACCOUNT *sam_user = NULL;
- fstring str; /* sid string buffer */
-
- sid_copy(psid, get_global_sam_sid());
-
- if((pass = getpwuid_alloc(uid))) {
-
- if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) {
- passwd_free(&pass);
- return NULL;
- }
-
- if (pdb_getsampwnam(sam_user, pass->pw_name)) {
- sid_copy(psid, pdb_get_user_sid(sam_user));
- } else {
- sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
- }
-
- DEBUG(10,("local_uid_to_sid: uid %u -> SID (%s) (%s).\n",
- (unsigned)uid, sid_to_string( str, psid),
- pass->pw_name ));
-
- passwd_free(&pass);
- pdb_free_sam(&sam_user);
-
- } else {
- sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
-
- DEBUG(10,("local_uid_to_sid: uid %u -> SID (%s) (unknown user).\n",
- (unsigned)uid, sid_to_string( str, psid)));
- }
-
- return psid;
-}
-
-/****************************************************************************
- Convert a SID to uid - locally.
-****************************************************************************/
-
-BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_type)
-{
- fstring str;
- SAM_ACCOUNT *sam_user = NULL;
-
- *name_type = SID_NAME_UNKNOWN;
-
- if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
- return False;
-
- if (pdb_getsampwsid(sam_user, psid)) {
-
- if (!IS_SAM_SET(sam_user,PDB_UID)&&!IS_SAM_CHANGED(sam_user,PDB_UID)) {
- pdb_free_sam(&sam_user);
- return False;
- }
-
- *puid = pdb_get_uid(sam_user);
-
- DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
- (unsigned int)*puid, pdb_get_username(sam_user)));
- pdb_free_sam(&sam_user);
- } else {
-
- DOM_SID dom_sid;
- uint32 rid;
- GROUP_MAP map;
-
- pdb_free_sam(&sam_user);
-
- if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
- DEBUG(3, ("local_sid_to_uid: SID '%s' is a group, not a user... \n", sid_to_string(str, psid)));
- /* It's a group, not a user... */
- return False;
- }
-
- sid_copy(&dom_sid, psid);
- if (!sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
- DEBUG(3, ("sid_peek_rid failed - sid '%s' is not in our domain\n", sid_to_string(str, psid)));
- return False;
- }
-
- if (!pdb_rid_is_user(rid)) {
- DEBUG(3, ("local_sid_to_uid: sid '%s' cannot be mapped to a uid algorithmicly becouse it is a group\n", sid_to_string(str, psid)));
- return False;
- }
-
- *puid = fallback_pdb_user_rid_to_uid(rid);
-
- DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n",
- sid_to_string(str, psid), (signed long int)(*puid)));
- }
-
- *name_type = SID_NAME_USER;
-
- return True;
-}
-
-/****************************************************************************
- Convert a gid to SID - locally.
-****************************************************************************/
-
-DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
-{
- GROUP_MAP map;
-
- sid_copy(psid, get_global_sam_sid());
-
- if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
- sid_copy(psid, &map.sid);
- }
- else {
- sid_append_rid(psid, pdb_gid_to_group_rid(gid));
- }
-
- return psid;
-}
-
-/****************************************************************************
- Convert a SID to gid - locally.
-****************************************************************************/
-
-BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_type)
-{
- fstring str;
- GROUP_MAP map;
-
- *name_type = SID_NAME_UNKNOWN;
-
- /*
- * We can only convert to a gid if this is our local
- * Domain SID (ie. we are the controling authority).
- *
- * Or in the Builtin SID too. JFM, 11/30/2001
- */
-
- if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
-
- /* the SID is in the mapping table but not mapped */
- if (map.gid==(gid_t)-1)
- return False;
-
- *pgid = map.gid;
- *name_type = map.sid_name_use;
- DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n",
- sid_to_string( str, psid),
- map.nt_name, (unsigned int)*pgid));
-
- } else {
- uint32 rid;
- SAM_ACCOUNT *sam_user = NULL;
- if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
- return False;
-
- if (pdb_getsampwsid(sam_user, psid)) {
- return False;
- pdb_free_sam(&sam_user);
- }
-
- pdb_free_sam(&sam_user);
-
- if (!sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
- DEBUG(3, ("sid_peek_rid failed - sid '%s' is not in our domain\n", sid_to_string(str, psid)));
- return False;
- }
-
- if (pdb_rid_is_user(rid))
- return False;
-
- *pgid = pdb_group_rid_to_gid(rid);
- *name_type = SID_NAME_ALIAS;
- DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u).\n", sid_to_string( str, psid),
- (unsigned int)*pgid));
- }
-
- return True;
-}
-
/*************************************************************
Change a password entry in the local smbpasswd file.
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 38bb61957c..637f40f8c6 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1507,7 +1507,6 @@ static void free_private_data(void **vp)
/* No need to free any further, as it is talloc()ed */
}
-
NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 41c6bbd429..32ddd189db 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -874,6 +874,49 @@ done:
return (ret);
}
+#if 0
+/***************************************************************************
+ Allocates a new RID and returns it to the caller as a domain sid
+
+ NOTE: Use carefullt, do not waste RIDs they are a limited resource!
+ - SSS
+ ***************************************************************************/
+
+static NTSTATUS tdbsam_get_next_sid (struct pdb_methods *my_methods, DOM_SID *sid)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
+ TDB_CONTEXT *pwd_tdb;
+ uint32 rid;
+
+ if (sid == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
+ if (!pwd_tdb)
+ {
+ DEBUG(0, ("tdbsam_get_next_sid: Unable to open TDB passwd (%s)!\n", tdb_state->tdbsam_location));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ rid = BASE_RID;
+ if (tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &rid, 1)) {
+
+ sid_copy(sid, get_global_sam_sid());
+ if (!sid_append_rid(sid, rid)) {
+ goto done;
+ }
+
+ ret = NT_STATUS_OK;
+ }
+
+done:
+ tdb_close (pwd_tdb);
+ return ret;
+}
+#endif
+
/***************************************************************************
Modifies an existing SAM_ACCOUNT
****************************************************************************/
@@ -946,8 +989,6 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile);
}
- tdb_state->algorithmic_rids = True;
-
(*pdb_method)->private_data = tdb_state;
(*pdb_method)->free_private_data = free_private_data;
@@ -961,6 +1002,8 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid);
+ } else {
+ tdb_state->algorithmic_rids = True;
}
return NT_STATUS_OK;
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 0b67b53c71..353ae8f50d 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -722,7 +722,6 @@ static void store_gid_sid_cache(const DOM_SID *psid, const enum SID_NAME_USE sid
DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
{
-#ifdef WITH_IDMAP
unid_t id;
DEBUG(10,("uid_to_sid: uid = [%d]\n", uid));
@@ -738,47 +737,13 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
We may add a switch in future to allow smooth migrations to
idmap-only db ---Simo */
- become_root();
- psid = local_uid_to_sid(psid, uid);
- unbecome_root();
+ sid_copy(psid, get_global_sam_sid());
+ sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
DEBUG(10,("uid_to_sid: algorithmic %u -> %s\n", (unsigned int)uid, sid_string_static(psid)));
- if (psid)
- idmap_set_mapping(psid, id, ID_USERID);
return psid;
-#else
- uid_t low, high;
- enum SID_NAME_USE sidtype;
- fstring sid;
-
- if (fetch_sid_from_uid_cache(psid, &sidtype, uid))
- return psid;
-
- if (lp_idmap_uid(&low, &high) && uid >= low && uid <= high) {
- if (winbind_uid_to_sid(psid, uid)) {
-
- DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
- (unsigned int)uid, sid_to_string(sid, psid)));
-
- if (psid)
- store_uid_sid_cache(psid, SID_NAME_USER, uid);
- return psid;
- }
- }
-
- /* Make sure we report failure, (when psid == NULL) */
- become_root();
- psid = local_uid_to_sid(psid, uid);
- unbecome_root();
-
- DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid)));
- if (psid)
- store_uid_sid_cache(psid, SID_NAME_USER, uid);
-
- return psid;
-#endif
}
/*****************************************************************
@@ -789,7 +754,7 @@ DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
{
-#ifdef WITH_IDMAP
+ GROUP_MAP map;
unid_t id;
DEBUG(10,("gid_to_sid: gid = [%d]\n", gid));
@@ -805,46 +770,16 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
We may add a switch in future to allow smooth migrations to
idmap-only db ---Simo */
- become_root();
- psid = local_gid_to_sid(psid, gid);
- unbecome_root();
-
- DEBUG(10,("gid_to_sid: algorithmic %u -> %s\n", (unsigned int)gid, sid_string_static(psid)));
- if (psid)
- idmap_set_mapping(psid, id, ID_GROUPID);
-
- return psid;
-
-#else
- gid_t low, high;
- enum SID_NAME_USE sidtype;
- fstring sid;
-
- if (fetch_sid_from_gid_cache(psid, &sidtype, gid))
- return psid;
-
- if (lp_idmap_gid(&low, &high) && gid >= low && gid <= high) {
- if (winbind_gid_to_sid(psid, gid)) {
-
- DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
- (unsigned int)gid, sid_to_string(sid, psid)));
-
- if (psid)
- store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid);
- return psid;
- }
+ if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
+ sid_copy(psid, &map.sid);
+ } else {
+ sid_copy(psid, get_global_sam_sid());
+ sid_append_rid(psid, pdb_gid_to_group_rid(gid));
}
- /* Make sure we report failure, (when psid == NULL) */
- become_root();
- psid = local_gid_to_sid(psid, gid);
- unbecome_root();
- DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid)));
- if (psid)
- store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid);
+ DEBUG(10,("gid_to_sid: algorithmic %u -> %s\n", (unsigned int)gid, sid_string_static(psid)));
return psid;
-#endif
}
/*****************************************************************
@@ -856,7 +791,6 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
{
-#ifdef WITH_IDMAP
unid_t id;
int type;
@@ -873,94 +807,22 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
BOOL result;
+ uint32 rid;
DEBUG(10,("sid_to_uid: sid is local [%s]\n", sid_string_static(get_global_sam_sid())));
- become_root();
- result = local_sid_to_uid(puid, psid, sidtype);
- unbecome_root();
- if (result) {
- id.uid = *puid;
- DEBUG(10,("sid_to_uid: uid = [%d]\n", id.uid));
- idmap_set_mapping(psid, id, ID_USERID);
- return True;
- }
- }
- return False;
-#else
- fstring sid_str;
- if (fetch_uid_from_cache(puid, psid, *sidtype))
+ if (!sid_peek_rid(psid, &rid)) {
+ DEBUG(0, ("sid_to_uid: Error extracting RID from SID\n!"));
+ return False;
+ }
+ if (!pdb_rid_is_user(rid)) {
+ DEBUG(3, ("sid_to_uid: RID %u is *NOT* a user\n", (unsigned)rid));
+ return False;
+ }
+ *puid = fallback_pdb_user_rid_to_uid(rid);
return True;
-
- /* if we know its local then don't try winbindd */
- if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
- BOOL result;
- become_root();
- result = local_sid_to_uid(puid, psid, sidtype);
- unbecome_root();
- if (result)
- store_uid_sid_cache(psid, *sidtype, *puid);
- return result;
- }
-
-/* (tridge) I commented out the slab of code below in order to support foreign SIDs
- Do we really need to validate the type of SID we have in this case?
-*/
-#if 0
- fstring dom_name, name;
- enum SID_NAME_USE name_type;
-
- *sidtype = SID_NAME_UNKNOWN;
- /*
- * First we must look up the name and decide if this is a user sid.
- */
-
- if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
- BOOL result;
- DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
- sid_to_string(sid_str, psid) ));
-
- become_root();
- result = local_sid_to_uid(puid, psid, sidtype);
- unbecome_root();
- return result;
- }
-
- /*
- * Ensure this is a user sid.
- */
-
- if (name_type != SID_NAME_USER) {
- DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
- (unsigned int)name_type ));
- return False;
- }
-#endif
- *sidtype = SID_NAME_USER;
-
- /*
- * Get the uid for this SID.
- */
-
- if (!winbind_sid_to_uid(puid, psid)) {
- BOOL result;
- DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
- sid_to_string(sid_str, psid) ));
- become_root();
- result = local_sid_to_uid(puid, psid, sidtype);
- unbecome_root();
- if (result)
- store_uid_sid_cache(psid, *sidtype, *puid);
- return result;
}
-
- DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
- sid_to_string(sid_str, psid),
- (unsigned int)*puid ));
-
- store_uid_sid_cache(psid, *sidtype, *puid);
- return True;
-#endif
+ return False;
}
/*****************************************************************
@@ -972,7 +834,6 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
{
-#ifdef WITH_IDMAP
unid_t id;
int type;
@@ -988,81 +849,33 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
}
if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
+ GROUP_MAP map;
BOOL result;
- become_root();
- result = local_sid_to_gid(pgid, psid, sidtype);
- unbecome_root();
- if (result) {
- id.gid = *pgid;
- DEBUG(10,("sid_to_gid: gid = [%d]\n", id.gid));
- idmap_set_mapping(psid, id, ID_GROUPID);
+
+ if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
+ /* the SID is in the mapping table but not mapped */
+ if (map.gid==(gid_t)-1)
+ return False;
+
+ *pgid = map.gid;
+ *sidtype = map.sid_name_use;
return True;
+ } else {
+ uint32 rid;
+
+ if (!sid_peek_rid(psid, &rid)) {
+ DEBUG(0, ("sid_to_gid: Error extracting RID from SID\n!"));
+ return False;
+ }
+ if (pdb_rid_is_user(rid)) {
+ DEBUG(3, ("sid_to_gid: RID %u is *NOT* a group\n", (unsigned)rid));
+ return False;
+ }
+ *pgid = pdb_group_rid_to_gid(rid);
+ *sidtype = SID_NAME_ALIAS;
}
}
return False;
-
-#else
- fstring dom_name, name, sid_str;
- enum SID_NAME_USE name_type;
-
- *sidtype = SID_NAME_UNKNOWN;
-
- if (fetch_gid_from_cache(pgid, psid, *sidtype))
- return True;
-
- /*
- * First we must look up the name and decide if this is a group sid.
- */
-
- /* if we know its local then don't try winbindd */
- if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
- BOOL result;
- become_root();
- result = local_sid_to_gid(pgid, psid, sidtype);
- unbecome_root();
- if (result)
- store_gid_sid_cache(psid, *sidtype, *pgid);
- return result;
- }
-
- if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
- DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
- sid_to_string(sid_str, psid) ));
- /* this was probably a foreign sid - assume its a group rid
- and continue */
- name_type = SID_NAME_DOM_GRP;
- }
-
- /*
- * Ensure this is a group sid.
- */
-
- if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
- DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
- (unsigned int)name_type ));
-
- return False;
- }
-
- *sidtype = name_type;
-
- /*
- * Get the gid for this SID.
- */
-
- if (!winbind_sid_to_gid(pgid, psid)) {
- DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
- sid_to_string(sid_str, psid) ));
- return False;
- }
-
- DEBUG(10,("sid_to_gid: winbindd %s -> %u\n",
- sid_to_string(sid_str, psid),
- (unsigned int)*pgid ));
-
- store_gid_sid_cache(psid, *sidtype, *pgid);
- return True;
-#endif
}