From 53dfaac5fbaa137700ccc304f9f90e0b0d15e631 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Nov 2003 08:11:14 +0000 Subject: as discussed on irc, this is a small patch that allows a few more winbind functions to be accessed via NSS. This provides a much cleaner way for applications that need (for example) to provide name->sid mappings to do this via NSS rather than having to know the winbindd pipe protocol (as this might change). This patch also adds a varient of the winbindd_getgroups() call called winbindd_getusersids() that provides direct SID->SIDs listing of a users supplementary groups. This is enough to allow non-Samba applications to do ACL checking. A test program for the new functionality will be committed shortly. I also added the 'wbinfo --user-sids' option to expose the new function in wbinfo. (This used to be commit 702b35da0ac7c73aa5a6603f871d865565bbe278) --- source3/nsswitch/winbindd_sid.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'source3/nsswitch/winbindd_sid.c') diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index 6400a23b7b..7c4c8d804a 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -84,6 +84,7 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) char *name_domain, *name_user; DOM_SID sid; struct winbindd_domain *domain; + char *p; /* Ensure null termination */ state->request.data.sid[sizeof(state->request.data.name.dom_name)-1]='\0'; @@ -91,13 +92,19 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) /* Ensure null termination */ state->request.data.sid[sizeof(state->request.data.name.name)-1]='\0'; - DEBUG(3, ("[%5lu]: lookupname %s%s%s\n", (unsigned long)state->pid, - state->request.data.name.dom_name, - lp_winbind_separator(), - state->request.data.name.name)); + /* cope with the name being a fully qualified name */ + p = strstr(state->request.data.name.name, lp_winbind_separator()); + if (p) { + *p = 0; + name_domain = state->request.data.name.name; + name_user = p+1; + } else { + name_domain = state->request.data.name.dom_name; + name_user = state->request.data.name.name; + } - name_domain = state->request.data.name.dom_name; - name_user = state->request.data.name.name; + DEBUG(3, ("[%5lu]: lookupname %s%s%s\n", (unsigned long)state->pid, + name_domain, lp_winbind_separator(), name_user)); if ((domain = find_domain_from_name(name_domain)) == NULL) { DEBUG(0, ("could not find domain entry for domain %s\n", -- cgit