diff options
Diffstat (limited to 'source4/rpc_server')
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 60 |
1 files changed, 43 insertions, 17 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index adfbda5504..4cebc3f5aa 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -42,6 +42,7 @@ enum lsa_handle { struct lsa_policy_state { int reference_count; void *sam_ctx; + struct sidmap_context *sidmap; uint32_t access_mask; const char *domain_dn; const char *domain_name; @@ -166,6 +167,12 @@ static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * return NT_STATUS_INVALID_SYSTEM_SERVICE; } + state->sidmap = sidmap_open(state); + if (state->sidmap == NULL) { + talloc_free(state); + return NT_STATUS_INVALID_SYSTEM_SERVICE; + } + /* work out the domain_dn - useful for so many calls its worth fetching here */ state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL, @@ -423,6 +430,9 @@ static NTSTATUS lsa_authority_name(struct lsa_policy_state *state, return NT_STATUS_OK; } +/* + add to the lsa_RefDomainList for LookupSids and LookupNames +*/ static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx, struct dom_sid *sid, struct lsa_RefDomainList *domains) @@ -461,6 +471,36 @@ static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *m return NT_STATUS_OK; } +/* + lookup a name for 1 SID +*/ +static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx, + struct dom_sid *sid, const char *sid_str, + const char **name, uint32_t *atype) +{ + int ret; + struct ldb_message **res; + const char * const attrs[] = { "sAMAccountName", "sAMAccountType", NULL}; + NTSTATUS status; + + ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, + "objectSid=%s", sid_str); + if (ret == 1) { + *name = ldb_msg_find_string(res[0], "sAMAccountName", NULL); + if (*name == NULL) { + return NT_STATUS_NO_MEMORY; + } + + *atype = samdb_result_uint(res[0], "sAMAccountType", 0); + + return NT_STATUS_OK; + } + + status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype); + + return status; +} + /* lsa_LookupSids2 @@ -499,11 +539,8 @@ static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call, } for (i=0;i<r->in.sids->num_sids;i++) { - const char * const attrs[] = { "sAMAccountName", "sAMAccountType", NULL}; struct dom_sid *sid = r->in.sids->sids[i].sid; char *sid_str = dom_sid_string(mem_ctx, sid); - int ret; - struct ldb_message **res; const char *name; uint32_t atype, rtype; NTSTATUS status2; @@ -528,20 +565,9 @@ static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call, return status2; } - ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "objectSid=%s", sid_str); - if (ret != 1) { - status = STATUS_SOME_UNMAPPED; - continue; - } - - name = ldb_msg_find_string(res[0], "sAMAccountName", NULL); - if (name == NULL) { - status = STATUS_SOME_UNMAPPED; - continue; - } - - atype = samdb_result_uint(res[0], "sAMAccountType", 0); - if (atype == 0) { + status2 = lsa_lookup_sid(state, mem_ctx, sid, sid_str, + &name, &atype); + if (!NT_STATUS_IS_OK(status2)) { status = STATUS_SOME_UNMAPPED; continue; } |