summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/winbindd/winbindd_samr.c98
1 files changed, 41 insertions, 57 deletions
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index f69d0eb552..672ac40290 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -766,24 +766,35 @@ done:
}
/* convert a domain SID to a user or group name */
-static NTSTATUS common_sid_to_name(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
- char **domain_name,
- char **name,
- enum lsa_SidType *type)
+static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const struct dom_sid *sid,
+ char **pdomain_name,
+ char **pname,
+ enum lsa_SidType *ptype)
{
struct rpc_pipe_client *lsa_pipe;
struct policy_handle lsa_policy;
- char *mapped_name = NULL;
- char **domains = NULL;
- char **names = NULL;
- enum lsa_SidType *types = NULL;
+ char *domain_name = NULL;
+ char *name = NULL;
+ enum lsa_SidType type;
TALLOC_CTX *tmp_ctx;
- NTSTATUS map_status;
NTSTATUS status;
- DEBUG(3,("samr: sid to name\n"));
+ DEBUG(3,("sam_sid_to_name\n"));
+
+ /* Paranoia check */
+ if (!sid_check_is_in_builtin(sid) &&
+ !sid_check_is_in_our_domain(sid) &&
+ !sid_check_is_in_unix_users(sid) &&
+ !sid_check_is_unix_users(sid) &&
+ !sid_check_is_in_unix_groups(sid) &&
+ !sid_check_is_unix_groups(sid) &&
+ !sid_check_is_in_wellknown_domain(sid)) {
+ DEBUG(0, ("sam_sid_to_name: possible deadlock - trying to "
+ "lookup SID %s\n", sid_string_dbg(sid)));
+ return NT_STATUS_NONE_MAPPED;
+ }
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
@@ -792,58 +803,31 @@ static NTSTATUS common_sid_to_name(struct winbindd_domain *domain,
status = open_internal_lsa_conn(tmp_ctx, &lsa_pipe, &lsa_policy);
if (!NT_STATUS_IS_OK(status)) {
- goto error;
+ goto done;
}
- /*
- * We don't run into deadlocks here, cause winbind_off() is called in
- * the main function.
- */
- status = rpccli_lsa_lookup_sids(lsa_pipe,
- tmp_ctx,
- &lsa_policy,
- 1, /* num_sids */
- sid,
- &domains,
- &names,
- &types);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(2,("sid_to_name: failed to lookup sids: %s\n",
- nt_errstr(status)));
- goto error;
- }
+ status = rpc_sid_to_name(tmp_ctx,
+ lsa_pipe,
+ &lsa_policy,
+ domain,
+ sid,
+ &domain_name,
+ &name,
+ &type);
- if (type) {
- *type = (enum lsa_SidType) types[0];
+ if (ptype) {
+ *ptype = type;
}
- if (name) {
- map_status = normalize_name_map(tmp_ctx,
- domain,
- *name,
- &mapped_name);
- if (NT_STATUS_IS_OK(map_status) ||
- NT_STATUS_EQUAL(map_status, NT_STATUS_FILE_RENAMED)) {
- *name = talloc_strdup(mem_ctx, mapped_name);
- DEBUG(5,("returning mapped name -- %s\n", *name));
- } else {
- *name = talloc_strdup(mem_ctx, names[0]);
- }
- if (*name == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto error;
- }
+ if (pname) {
+ *pname = talloc_move(mem_ctx, &name);
}
- if (domain_name) {
- *domain_name = talloc_strdup(mem_ctx, domains[0]);
- if (*domain_name == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto error;
- }
+ if (pdomain_name) {
+ *pdomain_name = talloc_move(mem_ctx, &domain_name);
}
-error:
+done:
TALLOC_FREE(tmp_ctx);
return status;
}
@@ -1314,7 +1298,7 @@ struct winbindd_methods builtin_passdb_methods = {
.enum_dom_groups = builtin_enum_dom_groups,
.enum_local_groups = sam_enum_local_groups,
.name_to_sid = sam_name_to_sid,
- .sid_to_name = common_sid_to_name,
+ .sid_to_name = sam_sid_to_name,
.rids_to_names = common_rids_to_names,
.query_user = builtin_query_user,
.lookup_usergroups = common_lookup_usergroups,
@@ -1334,7 +1318,7 @@ struct winbindd_methods sam_passdb_methods = {
.enum_dom_groups = sam_enum_dom_groups,
.enum_local_groups = sam_enum_local_groups,
.name_to_sid = sam_name_to_sid,
- .sid_to_name = common_sid_to_name,
+ .sid_to_name = sam_sid_to_name,
.rids_to_names = common_rids_to_names,
.query_user = sam_query_user,
.lookup_usergroups = common_lookup_usergroups,