sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-09 08:58:35 +03:00
Code

fix sid_to_[uid|gid] (spotted by Volker).

Browse Source 
Still testing this, but I'm checking it in
so Volker can test it as well.  Should be right.
(This used to be commit 8edf193722f699cc33baed410917a78a5e28d0a4)
This commit is contained in:
Gerald Carter 2003-07-11 16:37:23 +00:00
parent 24ce328662
commit 733f767b94
3 changed files with 114 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
source3/nsswitch/wb_client.c
View File

@ -168,41 +168,6 @@ BOOL winbind_uid_to_sid(DOM_SID *sid, uid_t uid)
return (result == NSS_STATUS_SUCCESS);
}
/* Call winbindd to convert SID to uid. Do not allocate */
BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid)
{
struct winbindd_request request;
struct winbindd_response response;
int result;
fstring sid_str;
if (!puid)
return False;
/* Initialise request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
sid_to_string(sid_str, sid);
fstrcpy(request.data.sid, sid_str);
request.flags = WBFLAG_QUERY_ONLY;
/* Make request */
result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
/* Copy out result */
if (result == NSS_STATUS_SUCCESS) {
*puid = response.data.uid;
}
return (result == NSS_STATUS_SUCCESS);
}
/* Call winbindd to convert SID to gid */
BOOL winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid)
@ -236,41 +201,6 @@ BOOL winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid)
return (result == NSS_STATUS_SUCCESS);
}
/* Call winbindd to convert SID to gid. Do not allocate */
BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid)
{
struct winbindd_request request;
struct winbindd_response response;
int result;
fstring sid_str;
if (!pgid)
return False;
/* Initialise request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
sid_to_string(sid_str, sid);
fstrcpy(request.data.sid, sid_str);
request.flags = WBFLAG_QUERY_ONLY;
/* Make request */
result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
/* Copy out result */
if (result == NSS_STATUS_SUCCESS) {
*pgid = response.data.gid;
}
return (result == NSS_STATUS_SUCCESS);
}
/* Call winbindd to convert gid to sid */
BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
@ -580,4 +510,80 @@ BOOL winbind_delete_group( const char *group )
return result == NSS_STATUS_SUCCESS;
}
/***********************************************************************/
#if 0 /* not needed currently since winbindd_acct was added -- jerry */
/* Call winbindd to convert SID to uid. Do not allocate */
BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid)
{
struct winbindd_request request;
struct winbindd_response response;
int result;
fstring sid_str;
if (!puid)
return False;
/* Initialise request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
sid_to_string(sid_str, sid);
fstrcpy(request.data.sid, sid_str);
request.flags = WBFLAG_QUERY_ONLY;
/* Make request */
result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
/* Copy out result */
if (result == NSS_STATUS_SUCCESS) {
*puid = response.data.uid;
}
return (result == NSS_STATUS_SUCCESS);
}
/* Call winbindd to convert SID to gid. Do not allocate */
BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid)
{
struct winbindd_request request;
struct winbindd_response response;
int result;
fstring sid_str;
if (!pgid)
return False;
/* Initialise request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
sid_to_string(sid_str, sid);
fstrcpy(request.data.sid, sid_str);
request.flags = WBFLAG_QUERY_ONLY;
/* Make request */
result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
/* Copy out result */
if (result == NSS_STATUS_SUCCESS) {
*pgid = response.data.gid;
}
return (result == NSS_STATUS_SUCCESS);
}
#endif /* JERRY */
/***********************************************************************/

2
source3/passdb/passdb.c
View File

@ -1195,7 +1195,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_
*name_type = SID_NAME_UNKNOWN;
/* This call can enumerate grou mappings for foreign sids as well.
/* This call can enumerate group mappings for foreign sids as well.
So don't check for a match against our domain SID */
/* we don't need to disable winbindd since the gid is stored in

124
source3/smbd/uid.c
View File

@ -711,10 +711,6 @@ static void store_gid_sid_cache(const DOM_SID *psid, gid_t gid)
/*****************************************************************
*THE CANONICAL* convert uid_t to SID function.
check idmap if uid is in idmap range, otherwise falls back to
the legacy algorithmic mapping.
A special cache is used for uids that maps to Wellknown SIDs
Returns SID pointer.
*****************************************************************/
NTSTATUS uid_to_sid(DOM_SID *psid, uid_t uid)
@ -752,10 +748,6 @@ NTSTATUS uid_to_sid(DOM_SID *psid, uid_t uid)
/*****************************************************************
*THE CANONICAL* convert gid_t to SID function.
check idmap if gid is in idmap range, otherwise falls back to
the legacy algorithmic mapping.
Group mapping is used for gids that maps to Wellknown SIDs
Returns SID pointer.
*****************************************************************/
NTSTATUS gid_to_sid(DOM_SID *psid, gid_t gid)
@ -793,79 +785,56 @@ NTSTATUS gid_to_sid(DOM_SID *psid, gid_t gid)
/*****************************************************************
*THE CANONICAL* convert SID to uid function.
if it is a foreign sid or it is in idmap rid range check idmap,
otherwise falls back to the legacy algorithmic mapping.
A special cache is used for uids that maps to Wellknown SIDs
Returns True if this name is a user sid and the conversion
was done correctly, False if not.
*****************************************************************/
NTSTATUS sid_to_uid(const DOM_SID *psid, uid_t *puid)
{
fstring dom_name, name, sid_str;
enum SID_NAME_USE name_type;
BOOL ret;
if (fetch_uid_from_cache(puid, psid))
return NT_STATUS_OK;
/* if this is our DIS then go straight to a local lookup */
/* if this is our SID then go straight to a local lookup */
if ( sid_compare_domain(get_global_sam_sid(), psid) == 0 ) {
DEBUG(10,("sid_to_uid: my domain (%s) - trying local.\n",
sid_string_static(psid) ));
if ( (ret = local_sid_to_uid(puid, psid, &name_type)) == True )
store_uid_sid_cache(psid, *puid);
if ( local_sid_to_uid(puid, psid, &name_type) )
goto success;
DEBUG(10,("sid_to_uid: local lookup failed\n"));
return (ret ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL);
return NT_STATUS_UNSUCCESSFUL;
}
/* If it is not our local domain, only hope is winbindd */
/* look up the name and decide if this is a user sid */
if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
if ( !winbind_lookup_sid(psid, dom_name, name, &name_type) ) {
DEBUG(10,("sid_to_uid: winbind lookup for non-local sid %s failed\n",
sid_string_static(psid) ));
if ( (ret = local_sid_to_uid(puid, psid, &name_type)) == True )
store_uid_sid_cache(psid, *puid);
return (ret ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL);
return NT_STATUS_UNSUCCESSFUL;
}
/*
* Ensure this is a user sid.
*/
/* If winbindd does know the SID, ensure this is a user */
if (name_type != SID_NAME_USER) {
DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a user (%u)\n",
(unsigned int)name_type ));
return NT_STATUS_INVALID_PARAMETER;
}
/* query only first */
if ( !winbind_sid_to_uid_query(puid, psid) ) {
DEBUG(10,("sid_to_uid: winbind query for sid %s failed.\n",
sid_to_string(sid_str, psid) ));
/* see if we have a local mapping */
if ( local_sid_to_uid(puid, psid, &name_type) ) {
store_uid_sid_cache(psid, *puid);
return NT_STATUS_OK;
}
/* Call back to winbind to allocate a new uid */
/* get the uid. Has to work or else we are dead in the water */
if ( !winbind_sid_to_uid(puid, psid) ) {
DEBUG(10,("sid_to_uid: winbind failed to allocate a new uid for sid %s\n",
sid_to_string(sid_str, psid) ));
return NT_STATUS_UNSUCCESSFUL;
}
if ( !winbind_sid_to_uid(puid, psid) ) {
DEBUG(10,("sid_to_uid: winbind failed to allocate a new uid for sid %s\n",
sid_to_string(sid_str, psid) ));
return NT_STATUS_UNSUCCESSFUL;
}
success:
DEBUG(10,("sid_to_uid: %s -> %u\n", sid_to_string(sid_str, psid),
(unsigned int)*puid ));
@ -875,75 +844,56 @@ NTSTATUS sid_to_uid(const DOM_SID *psid, uid_t *puid)
}
/*****************************************************************
*THE CANONICAL* convert SID to gid function.
if it is a foreign sid or it is in idmap rid range check idmap,
otherwise falls back to the legacy algorithmic mapping.
Group mapping is used for gids that maps to Wellknown SIDs
Returns True if this name is a user sid and the conversion
was done correctly, False if not.
*****************************************************************/
NTSTATUS sid_to_gid(const DOM_SID *psid, gid_t *pgid)
{
fstring dom_name, name, sid_str;
enum SID_NAME_USE name_type;
BOOL ret;
if (fetch_gid_from_cache(pgid, psid))
return NT_STATUS_OK;
/*
* First we must look up the name and decide if this is a group sid.
* Group mapping can deal with foreign SIDs
*/
if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed - trying local.\n",
sid_to_string(sid_str, psid) ));
ret = local_sid_to_gid(pgid, psid, &name_type);
if (ret)
store_gid_sid_cache(psid, *pgid);
if ( local_sid_to_gid(pgid, psid, &name_type) )
goto success;
return (ret ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL);
DEBUG(10,("sid_to_gid: no one knows this SID\n"));
return NT_STATUS_UNSUCCESSFUL;
}
/*
* Ensure this is a group sid.
*/
/* winbindd knows it; Ensure this is a group sid */
if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
(unsigned int)name_type ));
ret = local_sid_to_gid(pgid, psid, &name_type);
if (ret)
store_gid_sid_cache(psid, *pgid);
return (ret ? NT_STATUS_OK : NT_STATUS_INVALID_PARAMETER);
/* winbindd is running and knows about this SID. Just the wrong type.
Don't fallback to a local lookup here */
return NT_STATUS_INVALID_PARAMETER;
}
/* query only first */
if ( !winbind_sid_to_gid_query(pgid, psid) ) {
DEBUG(10,("sid_to_gid: winbind query for sid %s failed.\n",
sid_to_string(sid_str, psid) ));
/* see if we have a local mapping */
if ( local_sid_to_gid(pgid, psid, &name_type) ) {
store_gid_sid_cache(psid, *pgid);
return NT_STATUS_OK;
}
/* Call back to winbind to allocate a new uid */
/* winbindd knows it and it is a type of group; sid_to_gid must succeed
or we are dead in the water */
if ( !winbind_sid_to_gid(pgid, psid) ) {
DEBUG(10,("sid_to_uid: winbind failed to allocate a new gid for sid %s\n",
sid_to_string(sid_str, psid) ));
return NT_STATUS_UNSUCCESSFUL;
}
else
return NT_STATUS_UNSUCCESSFUL;
if ( !winbind_sid_to_gid(pgid, psid) ) {
DEBUG(10,("sid_to_uid: winbind failed to allocate a new gid for sid %s\n",
sid_to_string(sid_str, psid) ));
return NT_STATUS_UNSUCCESSFUL;
}
success:
DEBUG(10,("sid_to_gid: %s -> %u\n", sid_to_string(sid_str, psid),
(unsigned int)*pgid ));