sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-01 04:58:35 +03:00
Code

r2340: Solve the problem of user sids ending up with gid's and vice versa: This

Browse Source 
belongs into winbind itself, not into wbinfo.

Volker
(This used to be commit 75e5c13d5d4c1da9bbb60f4e93183995c05a89ac)
This commit is contained in:
Volker Lendecke 2004-09-15 08:55:01 +00:00 committed by Gerald (Jerry) Carter
parent 3a6c8a8ae7
commit 7f53bb13da
2 changed files with 63 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
source3/nsswitch/wbinfo.c
View File

@ -398,27 +398,6 @@ static BOOL wbinfo_sid_to_uid(char *sid)
ZERO_STRUCT(request);
ZERO_STRUCT(response);
/* First see whether the SID is actually a user -- otherwise
* winbind might end up a uid number for a group SID and this
* is asking for trouble later. */
fstrcpy(request.data.sid, sid);
if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
NSS_STATUS_SUCCESS) {
d_printf("Could not lookup sid %s\n", sid);
return False;
}
if (response.data.name.type != SID_NAME_USER) {
d_printf("SID is of type %s\n",
sid_type_lookup(response.data.name.type));
return False;
}
ZERO_STRUCT(request);
ZERO_STRUCT(response);
/* Send request */
fstrcpy(request.data.sid, sid);
@ -442,26 +421,6 @@ static BOOL wbinfo_sid_to_gid(char *sid)
ZERO_STRUCT(request);
ZERO_STRUCT(response);
/* First see whether the SID is actually a group -- otherwise
* winbind might end up a gid number for a user SID and this
* is asking for trouble later. */
fstrcpy(request.data.sid, sid);
if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
NSS_STATUS_SUCCESS) {
d_printf("Could not lookup sid %s\n", sid);
return False;
}
if ((response.data.name.type != SID_NAME_DOM_GRP) &&
(response.data.name.type != SID_NAME_ALIAS) &&
(response.data.name.type != SID_NAME_WKN_GRP)) {
d_printf("SID is of type %s\n",
sid_type_lookup(response.data.name.type));
return False;
}
/* Send request */
fstrcpy(request.data.sid, sid);

86
source3/nsswitch/winbindd_sid.c
View File

@ -119,7 +119,7 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state)
enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
{
DOM_SID sid;
uint32 flags = 0x0;
NTSTATUS result;
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@ -166,8 +166,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
/* But first check and see if we don't already have a mapping */
flags = ID_QUERY_ONLY;
if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) )
if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), ID_QUERY_ONLY)) )
return WINBINDD_OK;
/* now fall back to the hard way */
@ -191,17 +190,37 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
}
if ( state->request.flags & WBFLAG_QUERY_ONLY )
flags = ID_QUERY_ONLY;
/* Find uid for this sid and return it */
if ( !NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) ) {
DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
return WINBINDD_ERROR;
}
return WINBINDD_OK;
result = idmap_sid_to_uid(&sid, &(state->response.data.uid),
ID_QUERY_ONLY);
if (NT_STATUS_IS_OK(result))
return WINBINDD_OK;
if (state->request.flags & WBFLAG_QUERY_ONLY)
return WINBINDD_ERROR;
/* The query-only did not work, allocate a new uid *if* it's a user */
{
fstring dom_name, name;
enum SID_NAME_USE type;
if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type))
return WINBINDD_ERROR;
if ((type != SID_NAME_USER) && (type != SID_NAME_COMPUTER))
return WINBINDD_ERROR;
}
result = idmap_sid_to_uid(&sid, &(state->response.data.uid), 0);
if (NT_STATUS_IS_OK(result))
return WINBINDD_OK;
DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
return WINBINDD_ERROR;
}
/* Convert a sid to a gid. We assume we only have one rid attached to the
@ -210,7 +229,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
{
DOM_SID sid;
uint32 flags = 0x0;
NTSTATUS result;
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@ -256,8 +275,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
/* But first check and see if we don't already have a mapping */
flags = ID_QUERY_ONLY;
if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) )
if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), ID_QUERY_ONLY)) )
return WINBINDD_OK;
/* now fall back to the hard way */
@ -281,16 +299,38 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
}
if ( state->request.flags & WBFLAG_QUERY_ONLY )
flags = ID_QUERY_ONLY;
/* Find gid for this sid and return it */
if ( !NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) ) {
DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
return WINBINDD_ERROR;
}
return WINBINDD_OK;
result = idmap_sid_to_gid(&sid, &(state->response.data.gid),
ID_QUERY_ONLY);
if (NT_STATUS_IS_OK(result))
return WINBINDD_OK;
if (state->request.flags & WBFLAG_QUERY_ONLY)
return WINBINDD_ERROR;
/* The query-only did not work, allocate a new gid *if* it's a group */
{
fstring dom_name, name;
enum SID_NAME_USE type;
if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type))
return WINBINDD_ERROR;
if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
(type != SID_NAME_WKN_GRP))
return WINBINDD_ERROR;
}
result = idmap_sid_to_gid(&sid, &(state->response.data.gid), 0);
if (NT_STATUS_IS_OK(result))
return WINBINDD_OK;
DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
return WINBINDD_ERROR;
}
/* Convert a uid to a sid */