summaryrefslogtreecommitdiff
path: root/source3/sam/idmap_util.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/sam/idmap_util.c')
-rw-r--r--source3/sam/idmap_util.c61
1 files changed, 48 insertions, 13 deletions
diff --git a/source3/sam/idmap_util.c b/source3/sam/idmap_util.c
index 5d7adcdc04..e0c492542b 100644
--- a/source3/sam/idmap_util.c
+++ b/source3/sam/idmap_util.c
@@ -62,6 +62,24 @@ BOOL idmap_check_rid_is_in_free_range(uint32 rid)
return True;
}
+/* if it is a foreign SID or if the SID is in the free range, return true */
+
+BOOL idmap_check_sid_is_in_free_range(const DOM_SID *sid)
+{
+ if (sid_compare_domain(get_global_sam_sid(), sid) == 0) {
+
+ uint32 rid;
+
+ if (sid_peek_rid(sid, &rid)) {
+ return idmap_check_rid_is_in_free_range(rid);
+ }
+
+ return False;
+ }
+
+ return True;
+}
+
/******************************************************************
* Get the the non-algorithmic RID range if idmap range are defined
******************************************************************/
@@ -196,7 +214,6 @@ NTSTATUS sid_to_uid(const DOM_SID *sid, uid_t *uid)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
BOOL fallback = False;
- uint32 rid;
unid_t id;
int flags;
@@ -204,20 +221,30 @@ NTSTATUS sid_to_uid(const DOM_SID *sid, uid_t *uid)
flags = ID_USERID;
if (!lp_idmap_only()) {
- if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
- if (!idmap_check_rid_is_in_free_range(rid)) {
- flags |= ID_NOMAP;
- fallback = True;
- }
+ if (!idmap_check_sid_is_in_free_range(sid)) {
+ flags |= ID_NOMAP;
+ fallback = True;
}
}
if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &flags, sid))) {
+
DEBUG(10,("sid_to_uid: uid = [%d]\n", id.uid));
+
*uid = id.uid;
ret = NT_STATUS_OK;
+
} else if (fallback) {
+ uint32 rid;
+
+ if (!sid_peek_rid(sid, &rid)) {
+ DEBUG(10,("sid_to_uid: invalid SID!\n"));
+ ret = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
DEBUG(10,("sid_to_uid: Fall back to algorithmic mapping\n"));
+
if (!fallback_pdb_rid_is_user(rid)) {
DEBUG(3, ("sid_to_uid: SID %s is *NOT* a user\n", sid_string_static(sid)));
ret = NT_STATUS_UNSUCCESSFUL;
@@ -228,6 +255,7 @@ NTSTATUS sid_to_uid(const DOM_SID *sid, uid_t *uid)
}
}
+done:
return ret;
}
@@ -252,21 +280,26 @@ NTSTATUS sid_to_gid(const DOM_SID *sid, gid_t *gid)
flags = ID_GROUPID;
if (!lp_idmap_only()) {
- if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
- if (!idmap_check_rid_is_in_free_range(rid)) {
- flags |= ID_NOMAP;
- fallback = True;
- }
+ if (!idmap_check_sid_is_in_free_range(sid)) {
+ flags |= ID_NOMAP;
+ fallback = True;
}
}
if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &flags, sid))) {
+
DEBUG(10,("sid_to_gid: gid = [%d]\n", id.gid));
*gid = id.gid;
ret = NT_STATUS_OK;
+
} else if (fallback) {
- GROUP_MAP map;
- BOOL result;
+ uint32 rid;
+
+ if (!sid_peek_rid(sid, &rid)) {
+ DEBUG(10,("sid_to_uid: invalid SID!\n"));
+ ret = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
DEBUG(10,("sid_to_gid: Fall back to algorithmic mapping\n"));
@@ -280,6 +313,7 @@ NTSTATUS sid_to_gid(const DOM_SID *sid, gid_t *gid)
}
}
+done:
return ret;
}
@@ -338,5 +372,6 @@ BOOL idmap_init_wellknown_sids(void)
}
}
+ passwd_free(&pass);
return True;
}