summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/lookup_sid.c28
-rw-r--r--source3/passdb/passdb.c36
-rw-r--r--source3/passdb/util_sam_sid.c18
3 files changed, 62 insertions, 20 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 5c0bf0aef8..b397e084c3 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -66,7 +66,8 @@ BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_N
Tries local lookup first - for local sids, then tries winbind.
*****************************************************************/
-BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
+BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name,
+ enum SID_NAME_USE *name_type)
{
if (!name_type)
return False;
@@ -83,6 +84,15 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM
return True;
}
+ if (sid_check_is_in_our_domain(sid)) {
+ uint32 rid;
+ SMB_ASSERT(sid_peek_rid(sid, &rid));
+
+ /* For our own domain passdb is responsible */
+ fstrcpy(dom_name, get_global_sam_name());
+ return lookup_global_sam_rid(rid, name, name_type);
+ }
+
if (sid_check_is_builtin(sid)) {
/* Got through map_domain_sid_to_name here so that the mapping
@@ -97,13 +107,21 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM
return True;
}
- if (sid_check_is_in_our_domain(sid)) {
+ if (sid_check_is_in_builtin(sid)) {
uint32 rid;
+
SMB_ASSERT(sid_peek_rid(sid, &rid));
- /* For our own domain passdb is responsible */
- fstrcpy(dom_name, get_global_sam_name());
- return local_lookup_rid(rid, name, name_type);
+ /* Got through map_domain_sid_to_name here so that the mapping
+ * of S-1-5-32 to the name "BUILTIN" in as few places as
+ * possible. We might add i18n... */
+ SMB_ASSERT(map_domain_sid_to_name(&global_sid_Builtin,
+ dom_name));
+
+ /* There's only aliases in S-1-5-32 */
+ *name_type = SID_NAME_ALIAS;
+
+ return lookup_builtin_rid(rid, name);
}
if (winbind_lookup_sid(sid, dom_name, name, name_type)) {
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 7d07e4ceba..7f9cc7df9f 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -732,10 +732,11 @@ BOOL algorithmic_pdb_rid_is_user(uint32 rid)
}
/*******************************************************************
- Convert a rid into a name. Used in the lookup SID rpc.
+ Look up a rid in the SAM we're responsible for (i.e. passdb)
********************************************************************/
-BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
+BOOL lookup_global_sam_rid(uint32 rid, fstring name,
+ enum SID_NAME_USE *psid_name_use)
{
SAM_ACCOUNT *sam_account = NULL;
GROUP_MAP map;
@@ -744,7 +745,8 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
*psid_name_use = SID_NAME_UNKNOWN;
- DEBUG(5,("local_lookup_rid: looking up RID %u.\n", (unsigned int)rid));
+ DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
+ (unsigned int)rid));
sid_copy(&sid, get_global_sam_sid());
sid_append_rid(&sid, rid);
@@ -757,7 +759,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
/* BEING ROOT BLLOCK */
become_root();
if (pdb_getsampwsid(sam_account, &sid)) {
- unbecome_root(); /* -----> EXIT BECOME_ROOT() */
+ unbecome_root(); /* -----> EXIT BECOME_ROOT() */
fstrcpy(name, pdb_get_username(sam_account));
*psid_name_use = SID_NAME_USER;
@@ -773,9 +775,13 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
if ( ret ) {
if (map.gid!=(gid_t)-1) {
- DEBUG(5,("local_lookup_rid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
+ DEBUG(5,("lookup_global_sam_rid: mapped group %s to "
+ "gid %u\n", map.nt_name,
+ (unsigned int)map.gid));
} else {
- DEBUG(5,("local_lookup_rid: mapped group %s to no unix gid. Returning name.\n", map.nt_name));
+ DEBUG(5,("lookup_global_sam_rid: mapped group %s to "
+ "no unix gid. Returning name.\n",
+ map.nt_name));
}
fstrcpy(name, map.nt_name);
@@ -798,16 +804,16 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
uid = algorithmic_pdb_user_rid_to_uid(rid);
pw = sys_getpwuid( uid );
- DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid,
- pw ? "succeeded" : "failed" ));
+ DEBUG(5,("lookup_global_sam_rid: looking up uid %u %s\n",
+ (unsigned int)uid, pw ? "succeeded" : "failed" ));
if ( !pw )
- fstr_sprintf(name, "unix_user.%u", (unsigned int)uid);
+ fstr_sprintf(name, "unix_user.%u", (unsigned int)uid);
else
fstrcpy( name, pw->pw_name );
- DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name,
- (unsigned int)rid ));
+ DEBUG(5,("lookup_global_sam_rid: found user %s for rid %u\n",
+ name, (unsigned int)rid ));
*psid_name_use = SID_NAME_USER;
@@ -821,16 +827,16 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
gid = pdb_group_rid_to_gid(rid);
gr = getgrgid(gid);
- DEBUG(5,("local_lookup_rid: looking up gid %u %s\n", (unsigned int)gid,
- gr ? "succeeded" : "failed" ));
+ DEBUG(5,("lookup_global_sam_rid: looking up gid %u %s\n",
+ (unsigned int)gid, gr ? "succeeded" : "failed" ));
if( !gr )
fstr_sprintf(name, "unix_group.%u", (unsigned int)gid);
else
fstrcpy( name, gr->gr_name);
- DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name,
- (unsigned int)rid ));
+ DEBUG(5,("lookup_global_sam_rid: found group %s for rid %u\n",
+ name, (unsigned int)rid ));
/* assume algorithmic groups are domain global groups */
diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c
index afbc2edcde..822b7f6a34 100644
--- a/source3/passdb/util_sam_sid.c
+++ b/source3/passdb/util_sam_sid.c
@@ -164,6 +164,24 @@ BOOL lookup_special_sid(const DOM_SID *sid, const char **domain,
return False;
}
+/*******************************************************************
+ Look up a rid in the BUILTIN domain
+ ********************************************************************/
+BOOL lookup_builtin_rid(uint32 rid, fstring name)
+{
+ const known_sid_users *aliases = builtin_groups;
+ int i;
+
+ for (i=0; aliases[i].known_user_name != NULL; i++) {
+ if (rid == aliases[i].rid) {
+ fstrcpy(name, aliases[i].known_user_name);
+ return True;
+ }
+ }
+
+ return False;
+}
+
/*****************************************************************
Check if the SID is our domain SID (S-1-5-21-x-y-z).
*****************************************************************/