summaryrefslogtreecommitdiff
path: root/source4/dsdb/common
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2006-10-21 09:46:12 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:21:32 -0500
commit515c92a759ad30059f65d3e65dc9f642dc03852a (patch)
treedb338cf843e1beb2b7899103041f3dc2e52533b8 /source4/dsdb/common
parent9044f4aa905882485bf2b5c72d9836bdaa14c37a (diff)
downloadsamba-515c92a759ad30059f65d3e65dc9f642dc03852a.tar.gz
samba-515c92a759ad30059f65d3e65dc9f642dc03852a.tar.bz2
samba-515c92a759ad30059f65d3e65dc9f642dc03852a.zip
r19441: work in progress support for NFS4 ACLs in Samba4 on Linux. Still work
to do, particularly with getting the detailed bit mappings right, and on sid mapping. Does not pass RAW-ACLS yet (This used to be commit b92553481b534d0ef5277dbfe8c0d64a03f819eb)
Diffstat (limited to 'source4/dsdb/common')
-rw-r--r--source4/dsdb/common/sidmap.c41
1 files changed, 41 insertions, 0 deletions
diff --git a/source4/dsdb/common/sidmap.c b/source4/dsdb/common/sidmap.c
index 73bfde2794..67649c1218 100644
--- a/source4/dsdb/common/sidmap.c
+++ b/source4/dsdb/common/sidmap.c
@@ -216,6 +216,47 @@ allocated_sid:
/*
+ see if a sid is a group - very inefficient!
+*/
+_PUBLIC_ BOOL sidmap_sid_is_group(struct sidmap_context *sidmap, struct dom_sid *sid)
+{
+ const char *attrs[] = { "sAMAccountType", NULL };
+ int ret;
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_message **res;
+ NTSTATUS status;
+ struct dom_sid *domain_sid;
+ BOOL is_group;
+
+ tmp_ctx = talloc_new(sidmap);
+
+ ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
+ "objectSid=%s", ldap_encode_ndr_dom_sid(tmp_ctx, sid));
+ if (ret == 1) {
+ is_group = is_group_account(res[0]);
+ talloc_free(tmp_ctx);
+ return is_group;
+ }
+
+ status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
+ return False;
+ }
+
+ if (dom_sid_in_domain(domain_sid, sid)) {
+ uint32_t rid = sid->sub_auths[sid->num_auths-1];
+ if (rid >= SIDMAP_LOCAL_GROUP_BASE) {
+ talloc_free(tmp_ctx);
+ return True;
+ }
+ }
+
+ talloc_free(tmp_ctx);
+ return False;
+}
+
+/*
map a sid to a unix gid
*/
_PUBLIC_ NTSTATUS sidmap_sid_to_unixgid(struct sidmap_context *sidmap,