diff options
| -rw-r--r-- | source3/nsswitch/idmap.c | 11 | ||||
| -rw-r--r-- | source3/nsswitch/idmap_nss.c | 53 | ||||
| -rw-r--r-- | source3/nsswitch/idmap_rid.c | 22 |
3 files changed, 50 insertions, 36 deletions
diff --git a/source3/nsswitch/idmap.c b/source3/nsswitch/idmap.c index e2d2712f48..bd81d1e83f 100644 --- a/source3/nsswitch/idmap.c +++ b/source3/nsswitch/idmap.c @@ -707,16 +707,23 @@ static NTSTATUS idmap_new_mapping(TALLOC_CTX *ctx, struct id_map *map) { NTSTATUS ret; struct idmap_domain *dom; - char *domname, *name; + const char *domname, *name; enum lsa_SidType sid_type; + BOOL wbret; ret = idmap_can_map(map, &dom); if ( ! NT_STATUS_IS_OK(ret)) { return NT_STATUS_NONE_MAPPED; } + /* by default calls to winbindd are disabled + the following call will not recurse so this is safe */ + winbind_on(); + wbret =winbind_lookup_sid(ctx, map->sid, &domname, &name, &sid_type); + winbind_off(); + /* check if this is a valid SID and then map it */ - if (winbindd_lookup_name_by_sid(ctx, map->sid, &domname, &name, &sid_type)) { + if (wbret) { switch (sid_type) { case SID_NAME_USER: ret = idmap_allocate_uid(&map->xid); diff --git a/source3/nsswitch/idmap_nss.c b/source3/nsswitch/idmap_nss.c index 2748141d3b..6c513fd120 100644 --- a/source3/nsswitch/idmap_nss.c +++ b/source3/nsswitch/idmap_nss.c @@ -43,7 +43,6 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma { TALLOC_CTX *ctx; struct winbindd_domain *wdom; - BOOL winbind_env; int i; wdom = find_lookup_domain_from_name(dom->name); @@ -51,6 +50,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma DEBUG(2, ("Can't lookup domain %s\n", dom->name)); return NT_STATUS_NO_SUCH_DOMAIN; } + wdom->initialized = False; ctx = talloc_new(dom); if ( ! ctx) { @@ -58,21 +58,17 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma return NT_STATUS_NO_MEMORY; } - /* avoid any possible recursion in winbindd, - * these calls are aimed at getting info - * out of alternative nss dbs anyway */ - winbind_env = winbind_env_set(); - winbind_off(); - for (i = 0; ids[i]; i++) { struct passwd *pw; struct group *gr; const char *name; enum lsa_SidType type; + BOOL ret; switch (ids[i]->xid.type) { case ID_TYPE_UID: pw = getpwuid((uid_t)ids[i]->xid.id); + if (!pw) { ids[i]->mapped = False; continue; @@ -81,6 +77,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma break; case ID_TYPE_GID: gr = getgrgid((gid_t)ids[i]->xid.id); + if (!gr) { ids[i]->mapped = False; continue; @@ -92,8 +89,14 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma continue; } + /* by default calls to winbindd are disabled + the following call will not recurse so this is safe */ + winbind_on(); /* Lookup name from PDC using lsa_lookup_names() */ - if (!winbindd_lookup_sid_by_name(ctx, wdom, dom->name, name, ids[i]->sid, &type)) { + ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type); + winbind_off(); + + if (!ret) { ids[i]->mapped = False; continue; } @@ -121,10 +124,6 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma } } - /* allow winbindd calls again, if they were enabled */ - if (!winbind_env) { - winbind_on(); - } talloc_free(ctx); return NT_STATUS_OK; @@ -137,7 +136,6 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids) { TALLOC_CTX *ctx; - BOOL winbind_env; int i; ctx = talloc_new(dom); @@ -146,20 +144,21 @@ static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_ma return NT_STATUS_NO_MEMORY; } - /* avoid any possible recursion in winbindd, - * these calls are aimed at getting info - * out of alternative nss dbs anyway */ - winbind_env = winbind_env_set(); - winbind_off(); - for (i = 0; ids[i]; i++) { struct passwd *pw; struct group *gr; enum lsa_SidType type; - char *dom_name = NULL; - char *name = NULL; + const char *dom_name = NULL; + const char *name = NULL; + BOOL ret; - if (!winbindd_lookup_name_by_sid(ctx, ids[i]->sid, &dom_name, &name, &type)) { + /* by default calls to winbindd are disabled + the following call will not recurse so this is safe */ + winbind_on(); + ret =winbind_lookup_sid(ctx, ids[i]->sid, &dom_name, &name, &type); + winbind_off(); + + if (!ret) { ids[i]->mapped = False; continue; } @@ -171,6 +170,7 @@ static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_ma case SID_NAME_USER: /* this will find also all lower case name and use username level */ + pw = Get_Pwnam(name); if (pw) { ids[i]->xid.id = pw->pw_uid; @@ -192,16 +192,9 @@ static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_ma break; default: + ids[i]->mapped = False; break; } - - TALLOC_FREE(dom_name); - TALLOC_FREE(name); - } - - /* allow winbindd calls again, if they were enabled */ - if (!winbind_env) { - winbind_on(); } talloc_free(ctx); diff --git a/source3/nsswitch/idmap_rid.c b/source3/nsswitch/idmap_rid.c index 83818711a2..e74283e22e 100644 --- a/source3/nsswitch/idmap_rid.c +++ b/source3/nsswitch/idmap_rid.c @@ -83,8 +83,9 @@ failed: static NTSTATUS idmap_rid_id_to_sid(TALLOC_CTX *memctx, struct idmap_rid_context *ctx, struct id_map *map) { - char *domname, *name; + const char *domname, *name; enum lsa_SidType sid_type; + BOOL ret; /* apply filters before checking */ if ((map->xid.id < ctx->low_id) || (map->xid.id > ctx->high_id)) { @@ -95,7 +96,13 @@ static NTSTATUS idmap_rid_id_to_sid(TALLOC_CTX *memctx, struct idmap_rid_context sid_compose(map->sid, &ctx->dom_sid, map->xid.id - ctx->low_id + ctx->base_rid); - if (winbindd_lookup_name_by_sid(memctx, map->sid, &domname, &name, &sid_type)) { + /* by default calls to winbindd are disabled + the following call will not recurse so this is safe */ + winbind_on(); + ret = winbind_lookup_sid(memctx, map->sid, &domname, &name, &sid_type); + winbind_off(); + + if (ret) { switch (sid_type) { case SID_NAME_USER: if (map->xid.type != ID_TYPE_UID) { @@ -134,15 +141,22 @@ static NTSTATUS idmap_rid_id_to_sid(TALLOC_CTX *memctx, struct idmap_rid_context static NTSTATUS idmap_rid_sid_to_id(TALLOC_CTX *memctx, struct idmap_rid_context *ctx, struct id_map *map) { - char *domname, *name; + const char *domname, *name; enum lsa_SidType sid_type; uint32_t rid; + BOOL ret; sid_peek_rid(map->sid, &rid); map->xid.id = rid - ctx->base_rid + ctx->low_id; + /* by default calls to winbindd are disabled + the following call will not recurse so this is safe */ + winbind_on(); /* check if this is a valid SID and set the type */ - if (winbindd_lookup_name_by_sid(memctx, map->sid, &domname, &name, &sid_type)) { + ret = winbind_lookup_sid(memctx, map->sid, &domname, &name, &sid_type); + winbind_off(); + + if (ret) { switch (sid_type) { case SID_NAME_USER: map->xid.type = ID_TYPE_UID; |