summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_util.c17
-rw-r--r--source3/auth/token_util.c7
-rw-r--r--source3/include/proto.h4
-rw-r--r--source3/passdb/lookup_sid.c171
-rw-r--r--source3/winbindd/winbindd_passdb.c28
5 files changed, 110 insertions, 117 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5b2c3045c3..9220df01c0 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1086,6 +1086,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
NTSTATUS status;
struct samu *sampass = NULL;
gid_t *gids;
+ char *qualified_name = NULL;
TALLOC_CTX *mem_ctx = NULL;
DOM_SID u_sid;
enum lsa_SidType type;
@@ -1151,10 +1152,18 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
return NT_STATUS_NO_MEMORY;
}
- if (!lookup_domain_name(mem_ctx,
- unix_users_domain_name(), unix_username,
- LOOKUP_NAME_ALL,
- NULL, NULL, &u_sid, &type)) {
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ unix_users_domain_name(),
+ unix_username );
+ if (!qualified_name) {
+ TALLOC_FREE(result);
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL,
+ NULL, NULL,
+ &u_sid, &type)) {
TALLOC_FREE(result);
TALLOC_FREE(mem_ctx);
return NT_STATUS_NO_SUCH_USER;
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index 2b55af779e..d6cd2ea3a8 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -291,6 +291,7 @@ NTSTATUS create_builtin_administrators(const DOM_SID *dom_sid)
{
NTSTATUS status;
DOM_SID dom_admins, root_sid;
+ fstring root_name;
enum lsa_SidType type;
TALLOC_CTX *ctx;
bool ret;
@@ -316,9 +317,9 @@ NTSTATUS create_builtin_administrators(const DOM_SID *dom_sid)
if ( (ctx = talloc_init("create_builtin_administrators")) == NULL ) {
return NT_STATUS_NO_MEMORY;
}
- ret = lookup_domain_name(ctx, get_global_sam_name(), "root",
- LOOKUP_NAME_DOMAIN,
- NULL, NULL, &root_sid, &type);
+ fstr_sprintf( root_name, "%s\\root", get_global_sam_name() );
+ ret = lookup_name(ctx, root_name, LOOKUP_NAME_DOMAIN, NULL, NULL,
+ &root_sid, &type);
TALLOC_FREE( ctx );
if ( ret ) {
diff --git a/source3/include/proto.h b/source3/include/proto.h
index a81375c2db..291afac44d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6199,10 +6199,6 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
const char *full_name, int flags,
const char **ret_domain, const char **ret_name,
DOM_SID *ret_sid, enum lsa_SidType *ret_type);
-bool lookup_domain_name(TALLOC_CTX *mem_ctx,
- const char *domain, const char *name, int flags,
- const char **ret_domain, const char **ret_name,
- DOM_SID *ret_sid, enum lsa_SidType *ret_type);
bool lookup_name_smbconf(TALLOC_CTX *mem_ctx,
const char *full_name, int flags,
const char **ret_domain, const char **ret_name,
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 9813101bc1..3861c8e229 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -29,72 +29,44 @@
to do guesswork.
*****************************************************************/
-#define LN_CHECK_TALLOC(var, memctx) do { \
- if (var == NULL) { \
- DEBUG(0, ("talloc failed\n")); \
- TALLOC_FREE(memctx); \
- return false; \
- } \
-} while(0)
-
bool lookup_name(TALLOC_CTX *mem_ctx,
const char *full_name, int flags,
const char **ret_domain, const char **ret_name,
DOM_SID *ret_sid, enum lsa_SidType *ret_type)
{
- char *domain, *name;
- bool res;
char *p;
+ const char *tmp;
+ const char *domain = NULL;
+ const char *name = NULL;
+ uint32 rid;
+ DOM_SID sid;
+ enum lsa_SidType type;
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+
+ if (tmp_ctx == NULL) {
+ DEBUG(0, ("talloc_new failed\n"));
+ return false;
+ }
p = strchr_m(full_name, '\\');
if (p != NULL) {
- domain = talloc_strndup(mem_ctx, full_name,
+ domain = talloc_strndup(tmp_ctx, full_name,
PTR_DIFF(p, full_name));
- name = talloc_strdup(mem_ctx, p+1);
+ name = talloc_strdup(tmp_ctx, p+1);
} else {
- domain = NULL;
- name = talloc_strdup(mem_ctx, full_name);
+ domain = talloc_strdup(tmp_ctx, "");
+ name = talloc_strdup(tmp_ctx, full_name);
}
- if (((p != NULL) && (domain == NULL)) || (name == NULL)) {
+ if ((domain == NULL) || (name == NULL)) {
DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(tmp_ctx);
return false;
}
- DEBUG(10,("lookup_domain_name: %s => %s (domain), %s (name)\n",
- full_name, domain, name));
-
- res = lookup_domain_name(mem_ctx, domain, name, flags,
- ret_domain, ret_name, ret_sid, ret_type);
-
- talloc_free(domain);
- talloc_free(name);
-
- return res;
-}
-
-bool lookup_domain_name(TALLOC_CTX *mem_ctx,
- const char *domain, const char *name, int flags,
- const char **ret_domain, const char **ret_name,
- DOM_SID *ret_sid, enum lsa_SidType *ret_type)
-{
- const char *tmp;
- const char *domain_new = NULL;
- uint32 rid;
- DOM_SID sid;
- enum lsa_SidType type;
- TALLOC_CTX *tmp_ctx;
-
- tmp_ctx = talloc_new(mem_ctx);
- if (tmp_ctx == NULL) {
- DEBUG(0, ("talloc_new failed\n"));
- return false;
- }
-
- if (!domain) domain = talloc_strdup(tmp_ctx, "");
- LN_CHECK_TALLOC(domain, tmp_ctx);
-
+ DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n",
+ full_name, domain, name));
DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags));
if ((flags & LOOKUP_NAME_DOMAIN) &&
@@ -126,7 +98,7 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx,
}
/* Try the explicit winbind lookup first, don't let it guess the
- * domain at this point yet. This comes later. */
+ * domain yet at this point yet. This comes later. */
if ((domain[0] != '\0') &&
(flags & ~(LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED)) &&
@@ -165,10 +137,9 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx,
/* 1. well-known names */
if ((flags & LOOKUP_NAME_WKN) &&
- lookup_wellknown_name(tmp_ctx, name, &sid, &domain_new))
+ lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
{
type = SID_NAME_WKN_GRP;
- LN_CHECK_TALLOC(domain_new, tmp_ctx);
goto ok;
}
@@ -228,13 +199,12 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx,
goto ok;
}
- /* 6. Builtin aliases */
+ /* 6. Builtin aliases */
if ((flags & LOOKUP_NAME_BUILTIN) &&
lookup_builtin_name(name, &rid))
{
- domain_new = talloc_strdup(tmp_ctx, builtin_domain_name());
- LN_CHECK_TALLOC(domain_new, tmp_ctx);
+ domain = talloc_strdup(tmp_ctx, builtin_domain_name());
sid_copy(&sid, &global_sid_Builtin);
sid_append_rid(&sid, rid);
type = SID_NAME_ALIAS;
@@ -249,8 +219,7 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx,
if ((flags & LOOKUP_NAME_DOMAIN) &&
lookup_global_sam_name(name, flags, &rid, &type))
{
- domain_new = talloc_strdup(tmp_ctx, get_global_sam_name());
- LN_CHECK_TALLOC(domain_new, tmp_ctx);
+ domain = talloc_strdup(tmp_ctx, get_global_sam_name());
sid_copy(&sid, get_global_sam_sid());
sid_append_rid(&sid, rid);
goto ok;
@@ -268,8 +237,7 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx,
if (!IS_DC &&
(winbind_lookup_name(lp_workgroup(), name, &sid, &type))) {
- domain_new = talloc_strdup(tmp_ctx, lp_workgroup());
- LN_CHECK_TALLOC(domain_new, tmp_ctx);
+ domain = talloc_strdup(tmp_ctx, lp_workgroup());
goto ok;
}
@@ -282,7 +250,7 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx,
DOM_SID dom_sid;
uint32 tmp_rid;
enum lsa_SidType domain_type;
-
+
if (type == SID_NAME_DOMAIN) {
/* Swap name and type */
tmp = name; name = domain; domain = tmp;
@@ -304,7 +272,6 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx,
TALLOC_FREE(tmp_ctx);
return false;
}
- LN_CHECK_TALLOC(domain_new, tmp_ctx);
goto ok;
}
@@ -314,15 +281,13 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx,
Unmapped users and unmapped groups */
if (!(flags & LOOKUP_NAME_EXPLICIT) && lookup_unix_user_name(name, &sid)) {
- domain_new = talloc_strdup(tmp_ctx, unix_users_domain_name());
- LN_CHECK_TALLOC(domain_new, tmp_ctx);
+ domain = talloc_strdup(tmp_ctx, unix_users_domain_name());
type = SID_NAME_USER;
goto ok;
}
if (!(flags & LOOKUP_NAME_EXPLICIT) && lookup_unix_group_name(name, &sid)) {
- domain_new = talloc_strdup(tmp_ctx, unix_groups_domain_name());
- LN_CHECK_TALLOC(domain_new, tmp_ctx);
+ domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
type = SID_NAME_DOM_GRP;
goto ok;
}
@@ -335,6 +300,12 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx,
return false;
ok:
+ if ((domain == NULL) || (name == NULL)) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(tmp_ctx);
+ return false;
+ }
+
/*
* Hand over the results to the talloc context we've been given.
*/
@@ -348,14 +319,11 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx,
if (ret_domain != NULL) {
char *tmp_dom;
-
- if (domain_new) {
- tmp_dom = talloc_steal(mem_ctx, (char *)domain_new);
- } else {
- tmp_dom = talloc_strdup(mem_ctx, domain);
+ if (!(tmp_dom = talloc_strdup(mem_ctx, domain))) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(tmp_ctx);
+ return false;
}
- LN_CHECK_TALLOC(tmp_dom, tmp_ctx);
-
strupper_m(tmp_dom);
*ret_domain = tmp_dom;
}
@@ -383,42 +351,59 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx,
const char **ret_domain, const char **ret_name,
DOM_SID *ret_sid, enum lsa_SidType *ret_type)
{
- char *p;
+ char *qualified_name;
+ const char *p;
- p = strchr_m(full_name, *lp_winbind_separator());
- if (p != NULL) {
- char *name;
- bool res;
+ /* NB. No winbindd_separator here as lookup_name needs \\' */
+ if ((p = strchr_m(full_name, *lp_winbind_separator())) != NULL) {
- name = talloc_strdup(mem_ctx, full_name);
- if (!name) {
- DEBUG(0, ("Out of memory!\n"));
- return false;
+ /* The name is already qualified with a domain. */
+
+ if (*lp_winbind_separator() != '\\') {
+ char *tmp;
+
+ /* lookup_name() needs '\\' as a separator */
+
+ tmp = talloc_strdup(mem_ctx, full_name);
+ if (!tmp) {
+ return false;
+ }
+ tmp[p - full_name] = '\\';
+ full_name = tmp;
}
- name[PTR_DIFF(p, full_name)] = '\\';
- res = lookup_name(mem_ctx, name, flags,
- ret_domain, ret_name,
- ret_sid, ret_type);
- talloc_free(name);
- return res;
+ return lookup_name(mem_ctx, full_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type);
}
/* Try with our own SAM name. */
- if (lookup_domain_name(mem_ctx,
- get_global_sam_name(), full_name, flags,
- ret_domain, ret_name, ret_sid, ret_type)) {
- return true;
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
+ get_global_sam_name(),
+ full_name );
+ if (!qualified_name) {
+ return false;
}
+ if (lookup_name(mem_ctx, qualified_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type)) {
+ return true;
+ }
+
/* Finally try with "Unix Users" or "Unix Group" */
- return lookup_domain_name(mem_ctx,
+ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
flags & LOOKUP_NAME_GROUP ?
unix_groups_domain_name() :
unix_users_domain_name(),
- full_name, flags,
- ret_domain, ret_name, ret_sid, ret_type);
+ full_name );
+ if (!qualified_name) {
+ return false;
+ }
+ return lookup_name(mem_ctx, qualified_name, flags,
+ ret_domain, ret_name,
+ ret_sid, ret_type);
}
static bool wb_lookup_rids(TALLOC_CTX *mem_ctx,
diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index fbe4a27abf..5677c01be1 100644
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -94,8 +94,8 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
DOM_SID *sid,
enum lsa_SidType *type)
{
+ const char *fullname;
uint32 flags = LOOKUP_NAME_ALL;
- bool res;
switch ( original_cmd ) {
case WINBINDD_LOOKUPNAME:
@@ -107,26 +107,28 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
DEBUG(10,("winbindd_passdb: limiting name_to_sid() to explicit mappings\n"));
break;
}
-
- DEBUG(10, ("looking up name [%s\\%s] (domain\\name) \n",
- domain_name?domain_name:"(NULL)", name));
-
- if (strchr_m(name, '\\')) {
- res = lookup_name(mem_ctx, name, flags, NULL, NULL, sid, type);
+
+ if (domain_name && domain_name[0] && strchr_m(name, '\\') == NULL) {
+ fullname = talloc_asprintf(mem_ctx, "%s\\%s",
+ domain_name, name);
+ if (fullname == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
} else {
- res = lookup_domain_name(mem_ctx, domain_name, name, flags,
- NULL, NULL, sid, type);
+ fullname = name;
}
- if (!res) {
+ DEBUG(10, ("Finding fullname %s\n", fullname));
+
+ if ( !lookup_name( mem_ctx, fullname, flags, NULL, NULL, sid, type ) ) {
return NT_STATUS_NONE_MAPPED;
}
- DEBUG(10, ("name_to_sid for [%s\\%s] returned %s (%s)\n",
- domain_name?domain_name:"(NULL)", name,
+ DEBUG(10, ("name_to_sid for %s returned %s (%s)\n",
+ fullname,
sid_string_dbg(sid),
sid_type_lookup((uint32)*type)));
-
+
return NT_STATUS_OK;
}