summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/passdb/pdb_ads.c74
1 files changed, 45 insertions, 29 deletions
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index ba2193b263..5afad1cc0f 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -2203,46 +2203,62 @@ static bool pdb_ads_sid_to_id(struct pdb_methods *m, const struct dom_sid *sid,
{
struct pdb_ads_state *state = talloc_get_type_abort(
m->private_data, struct pdb_ads_state);
+ const char *attrs[4] = { "objectClass", "samAccountType",
+ "uidNumber", "gidNumber" };
struct tldap_message **msg;
- char *sidstr;
- uint32_t rid;
+ char *sidstr, *base;
+ uint32_t atype;
int rc;
+ bool ret = false;
- /*
- * This is a big, big hack: Just hard-code the rid as uid/gid.
- */
-
- sid_peek_rid(sid, &rid);
-
- sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
+ sidstr = sid_binstring_hex(sid);
if (sidstr == NULL) {
return false;
}
+ base = talloc_asprintf(talloc_tos(), "<SID=%s>", sidstr);
+ SAFE_FREE(sidstr);
rc = pdb_ads_search_fmt(
- state, state->domaindn, TLDAP_SCOPE_SUB,
- NULL, 0, 0, talloc_tos(), &msg,
- "(&(objectsid=%s)(objectclass=user))", sidstr);
- if ((rc == TLDAP_SUCCESS) && (talloc_array_length(msg) > 0)) {
- id->uid = rid;
- *type = SID_NAME_USER;
- TALLOC_FREE(sidstr);
- return true;
- }
+ state, base, TLDAP_SCOPE_BASE,
+ attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &msg,
+ "(objectclass=*)");
+ TALLOC_FREE(base);
- rc = pdb_ads_search_fmt(
- state, state->domaindn, TLDAP_SCOPE_SUB,
- NULL, 0, 0, talloc_tos(), &msg,
- "(&(objectsid=%s)(objectclass=group))", sidstr);
- if ((rc == TLDAP_SUCCESS) && (talloc_array_length(msg) > 0)) {
- id->gid = rid;
+ if (rc != TLDAP_SUCCESS) {
+ DEBUG(10, ("pdb_ads_search_fmt failed: %s\n",
+ tldap_errstr(talloc_tos(), state->ld, rc)));
+ return false;
+ }
+ if (talloc_array_length(msg) != 1) {
+ DEBUG(10, ("Got %d objects, expected 1\n",
+ talloc_array_length(msg)));
+ goto fail;
+ }
+ if (!tldap_pull_uint32(msg[0], "samAccountType", &atype)) {
+ DEBUG(10, ("samAccountType not found\n"));
+ goto fail;
+ }
+ if (atype == ATYPE_ACCOUNT) {
+ uint32_t uid;
+ *type = SID_NAME_USER;
+ if (!tldap_pull_uint32(msg[0], "uidNumber", &uid)) {
+ DEBUG(10, ("Did not find uidNumber\n"));
+ goto fail;
+ }
+ id->uid = uid;
+ } else {
+ uint32_t gid;
*type = SID_NAME_DOM_GRP;
- TALLOC_FREE(sidstr);
- return true;
+ if (!tldap_pull_uint32(msg[0], "gidNumber", &gid)) {
+ DEBUG(10, ("Did not find gidNumber\n"));
+ goto fail;
+ }
+ id->gid = gid;
}
-
- TALLOC_FREE(sidstr);
- return false;
+ ret = true;
+fail:
+ TALLOC_FREE(msg);
+ return ret;
}
static uint32_t pdb_ads_capabilities(struct pdb_methods *m)