summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/passdb.h3
-rw-r--r--source3/passdb/pdb_interface.c48
2 files changed, 35 insertions, 16 deletions
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 5202bd3af4..908631de31 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -908,6 +908,9 @@ NTSTATUS pdb_set_secret(const char *secret_name,
DATA_BLOB *secret_old,
struct security_descriptor *sd);
NTSTATUS pdb_delete_secret(const char *secret_name);
+bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid,
+ struct unixid *id);
+
/* The following definitions come from passdb/pdb_util.c */
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 1527b39b7f..436e774302 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -1421,6 +1421,32 @@ static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
return true;
}
+/**
+ * The "Unix User" and "Unix Group" domains have a special
+ * id mapping that is a rid-algorithm with range starting at 0.
+ */
+_PRIVATE_ bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid,
+ struct unixid *id)
+{
+ uint32_t rid;
+
+ id->id = -1;
+
+ if (sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid)) {
+ id->id = rid;
+ id->type = ID_TYPE_UID;
+ return true;
+ }
+
+ if (sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid)) {
+ id->id = rid;
+ id->type = ID_TYPE_GID;
+ return true;
+ }
+
+ return false;
+}
+
static bool pdb_default_sid_to_id(struct pdb_methods *methods,
const struct dom_sid *sid,
struct unixid *id)
@@ -1467,22 +1493,12 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods,
goto done;
}
- /* check for "Unix User" */
-
- if ( sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid) ) {
- id->id = rid;
- id->type = ID_TYPE_UID;
- ret = True;
- goto done;
- }
-
- /* check for "Unix Group" */
-
- if ( sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid) ) {
- id->id = rid;
- id->type = ID_TYPE_GID;
- ret = True;
- goto done;
+ /*
+ * "Unix User" and "Unix Group"
+ */
+ ret = pdb_sid_to_id_unix_users_and_groups(sid, id);
+ if (ret == true) {
+ goto done;
}
/* BUILTIN */