1 files changed, 60 insertions, 7 deletions

diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c
index dc07bc42e7..c49c41687b 100644
--- a/source3/nsswitch/winbindd_user.c
+++ b/source3/nsswitch/winbindd_user.c
@@ -5,6 +5,7 @@
 
    Copyright (C) Tim Potter 2000
    Copyright (C) Jeremy Allison 2001.
+   Copyright (C) Gerald (Jerry) Carter 2003.
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -26,13 +27,14 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
 
+extern userdom_struct current_user_info;
+
 /* Fill a pwent structure with information we have obtained */
 
 static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, 
 				DOM_SID *user_sid, DOM_SID *group_sid,
 				char *full_name, struct winbindd_pw *pw)
 {
-	extern userdom_struct current_user_info;
 	fstring output_username;
 	pstring homedir;
 	fstring sid_string;
@@ -42,14 +44,14 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name,
 	
 	/* Resolve the uid number */
 
-	if (NT_STATUS_IS_ERR(sid_to_uid(user_sid, &(pw->pw_uid)))) {
+	if (!NT_STATUS_IS_OK(idmap_sid_to_uid(user_sid, &(pw->pw_uid), 0))) {
 		DEBUG(1, ("error getting user id for sid %s\n", sid_to_string(sid_string, user_sid)));
 		return False;
 	}
 	
 	/* Resolve the gid number */   
 
-	if (NT_STATUS_IS_ERR(sid_to_gid(group_sid, &(pw->pw_gid)))) {
+	if (!NT_STATUS_IS_OK(idmap_sid_to_gid(group_sid, &(pw->pw_gid), 0))) {
 		DEBUG(1, ("error getting group id for sid %s\n", sid_to_string(sid_string, group_sid)));
 		return False;
 	}
@@ -95,6 +97,7 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name,
 enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) 
 {
 	WINBIND_USERINFO user_info;
+	WINBINDD_PW *pw;
 	DOM_SID user_sid;
 	NTSTATUS status;
 	fstring name_domain, name_user;
@@ -110,9 +113,28 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
 	
 	/* Parse domain and username */
 
-	if (!parse_domain_user(state->request.data.username, name_domain, 
-			       name_user))
+	parse_domain_user(state->request.data.username, 
+		name_domain, name_user);
+	
+	/* if this is our local domain (or no domain), the do a local tdb search */
+	
+	if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) {
+		if ( !(pw = wb_getpwnam(name_user)) ) {
+			DEBUG(5,("winbindd_getpwnam: lookup for %s\\%s failed\n",
+				name_domain, name_user));
+			return WINBINDD_ERROR;
+		}
+		memcpy( &state->response.data.pw, pw, sizeof(WINBINDD_PW) );
+		return WINBINDD_OK;
+	}
+
+	/* should we deal with users for our domain? */
+	
+	if ( lp_winbind_trusted_domains_only() && strequal(name_domain, lp_workgroup())) {
+		DEBUG(7,("winbindd_getpenam: My domain -- rejecting getpwnam() for %s\\%s.\n", 
+			name_domain, name_user));
 		return WINBINDD_ERROR;
+	}	
 	
 	if ((domain = find_domain_from_name(name_domain)) == NULL) {
 		DEBUG(5, ("no such domain: %s\n", name_domain));
@@ -172,6 +194,7 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
 {
 	DOM_SID user_sid;
 	struct winbindd_domain *domain;
+	WINBINDD_PW *pw;
 	fstring dom_name;
 	fstring user_name;
 	enum SID_NAME_USE name_type;
@@ -188,10 +211,17 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
 
 	DEBUG(3, ("[%5d]: getpwuid %d\n", state->pid, 
 		  state->request.data.uid));
+
+	/* always try local tdb first */
+	
+	if ( (pw = wb_getpwuid(state->request.data.uid)) != NULL ) {
+		memcpy( &state->response.data.pw, pw, sizeof(WINBINDD_PW) );
+		return WINBINDD_OK;
+	}
 	
 	/* Get rid from uid */
 
-	if (NT_STATUS_IS_ERR(uid_to_sid(&user_sid, state->request.data.uid))) {
+	if (!NT_STATUS_IS_OK(idmap_uid_to_sid(&user_sid, state->request.data.uid))) {
 		DEBUG(1, ("could not convert uid %d to SID\n", 
 			  state->request.data.uid));
 		return WINBINDD_ERROR;
@@ -235,7 +265,7 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
 	
 	/* Check group has a gid number */
 
-	if (NT_STATUS_IS_ERR(sid_to_gid(user_info.group_sid, &gid))) {
+	if (!NT_STATUS_IS_OK(idmap_sid_to_gid(user_info.group_sid, &gid, 0))) {
 		DEBUG(1, ("error getting group id for user %s\n", user_name));
 		talloc_destroy(mem_ctx);
 		return WINBINDD_ERROR;
@@ -278,12 +308,35 @@ enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state)
 		free_getent_state(state->getpwent_state);
 		state->getpwent_state = NULL;
 	}
+
+#if 0	/* JERRY */
+	/* add any local users we have */
+	        
+	if ( (domain_state = (struct getent_state *)malloc(sizeof(struct getent_state))) == NULL )
+		return WINBINDD_ERROR;
+                
+	ZERO_STRUCTP(domain_state);
+
+	/* Add to list of open domains */
+                
+	DLIST_ADD(state->getpwent_state, domain_state);
+#endif
         
 	/* Create sam pipes for each domain we know about */
         
 	for(domain = domain_list(); domain != NULL; domain = domain->next) {
 		struct getent_state *domain_state;
                 
+		
+		/* don't add our domaina if we are a PDC or if we 
+		   are a member of a Samba domain */
+		
+		if ( (IS_DC || lp_winbind_trusted_domains_only())
+			&& strequal(domain->name, lp_workgroup()) )
+		{
+			continue;
+		}
+						
 		/* Create a state record for this domain */
                 
 		if ((domain_state = (struct getent_state *)