diff options
-rw-r--r-- | source3/passdb/lookup_sid.c | 28 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 36 | ||||
-rw-r--r-- | source3/passdb/util_sam_sid.c | 18 |
3 files changed, 62 insertions, 20 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 5c0bf0aef8..b397e084c3 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -66,7 +66,8 @@ BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_N Tries local lookup first - for local sids, then tries winbind. *****************************************************************/ -BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type) +BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, + enum SID_NAME_USE *name_type) { if (!name_type) return False; @@ -83,6 +84,15 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM return True; } + if (sid_check_is_in_our_domain(sid)) { + uint32 rid; + SMB_ASSERT(sid_peek_rid(sid, &rid)); + + /* For our own domain passdb is responsible */ + fstrcpy(dom_name, get_global_sam_name()); + return lookup_global_sam_rid(rid, name, name_type); + } + if (sid_check_is_builtin(sid)) { /* Got through map_domain_sid_to_name here so that the mapping @@ -97,13 +107,21 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM return True; } - if (sid_check_is_in_our_domain(sid)) { + if (sid_check_is_in_builtin(sid)) { uint32 rid; + SMB_ASSERT(sid_peek_rid(sid, &rid)); - /* For our own domain passdb is responsible */ - fstrcpy(dom_name, get_global_sam_name()); - return local_lookup_rid(rid, name, name_type); + /* Got through map_domain_sid_to_name here so that the mapping + * of S-1-5-32 to the name "BUILTIN" in as few places as + * possible. We might add i18n... */ + SMB_ASSERT(map_domain_sid_to_name(&global_sid_Builtin, + dom_name)); + + /* There's only aliases in S-1-5-32 */ + *name_type = SID_NAME_ALIAS; + + return lookup_builtin_rid(rid, name); } if (winbind_lookup_sid(sid, dom_name, name, name_type)) { diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 7d07e4ceba..7f9cc7df9f 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -732,10 +732,11 @@ BOOL algorithmic_pdb_rid_is_user(uint32 rid) } /******************************************************************* - Convert a rid into a name. Used in the lookup SID rpc. + Look up a rid in the SAM we're responsible for (i.e. passdb) ********************************************************************/ -BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) +BOOL lookup_global_sam_rid(uint32 rid, fstring name, + enum SID_NAME_USE *psid_name_use) { SAM_ACCOUNT *sam_account = NULL; GROUP_MAP map; @@ -744,7 +745,8 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) *psid_name_use = SID_NAME_UNKNOWN; - DEBUG(5,("local_lookup_rid: looking up RID %u.\n", (unsigned int)rid)); + DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n", + (unsigned int)rid)); sid_copy(&sid, get_global_sam_sid()); sid_append_rid(&sid, rid); @@ -757,7 +759,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) /* BEING ROOT BLLOCK */ become_root(); if (pdb_getsampwsid(sam_account, &sid)) { - unbecome_root(); /* -----> EXIT BECOME_ROOT() */ + unbecome_root(); /* -----> EXIT BECOME_ROOT() */ fstrcpy(name, pdb_get_username(sam_account)); *psid_name_use = SID_NAME_USER; @@ -773,9 +775,13 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) if ( ret ) { if (map.gid!=(gid_t)-1) { - DEBUG(5,("local_lookup_rid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid)); + DEBUG(5,("lookup_global_sam_rid: mapped group %s to " + "gid %u\n", map.nt_name, + (unsigned int)map.gid)); } else { - DEBUG(5,("local_lookup_rid: mapped group %s to no unix gid. Returning name.\n", map.nt_name)); + DEBUG(5,("lookup_global_sam_rid: mapped group %s to " + "no unix gid. Returning name.\n", + map.nt_name)); } fstrcpy(name, map.nt_name); @@ -798,16 +804,16 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) uid = algorithmic_pdb_user_rid_to_uid(rid); pw = sys_getpwuid( uid ); - DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid, - pw ? "succeeded" : "failed" )); + DEBUG(5,("lookup_global_sam_rid: looking up uid %u %s\n", + (unsigned int)uid, pw ? "succeeded" : "failed" )); if ( !pw ) - fstr_sprintf(name, "unix_user.%u", (unsigned int)uid); + fstr_sprintf(name, "unix_user.%u", (unsigned int)uid); else fstrcpy( name, pw->pw_name ); - DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name, - (unsigned int)rid )); + DEBUG(5,("lookup_global_sam_rid: found user %s for rid %u\n", + name, (unsigned int)rid )); *psid_name_use = SID_NAME_USER; @@ -821,16 +827,16 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) gid = pdb_group_rid_to_gid(rid); gr = getgrgid(gid); - DEBUG(5,("local_lookup_rid: looking up gid %u %s\n", (unsigned int)gid, - gr ? "succeeded" : "failed" )); + DEBUG(5,("lookup_global_sam_rid: looking up gid %u %s\n", + (unsigned int)gid, gr ? "succeeded" : "failed" )); if( !gr ) fstr_sprintf(name, "unix_group.%u", (unsigned int)gid); else fstrcpy( name, gr->gr_name); - DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name, - (unsigned int)rid )); + DEBUG(5,("lookup_global_sam_rid: found group %s for rid %u\n", + name, (unsigned int)rid )); /* assume algorithmic groups are domain global groups */ diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c index afbc2edcde..822b7f6a34 100644 --- a/source3/passdb/util_sam_sid.c +++ b/source3/passdb/util_sam_sid.c @@ -164,6 +164,24 @@ BOOL lookup_special_sid(const DOM_SID *sid, const char **domain, return False; } +/******************************************************************* + Look up a rid in the BUILTIN domain + ********************************************************************/ +BOOL lookup_builtin_rid(uint32 rid, fstring name) +{ + const known_sid_users *aliases = builtin_groups; + int i; + + for (i=0; aliases[i].known_user_name != NULL; i++) { + if (rid == aliases[i].rid) { + fstrcpy(name, aliases[i].known_user_name); + return True; + } + } + + return False; +} + /***************************************************************** Check if the SID is our domain SID (S-1-5-21-x-y-z). *****************************************************************/ |