sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-09-06 17:44:20 +03:00
Code Activity

r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping

Browse Source 
(This used to be commit e611405109)
This commit is contained in:
Andrew Tridgell
2004-11-29 04:24:50 +00:00
committed by Gerald (Jerry) Carter
parent 7da22310e7
commit b393de7f05
2 changed files with 104 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
source4/ntvfs/common/sidmap.c
View File

@@ -540,3 +540,64 @@ allocate_sid:
return NT_STATUS_OK; return NT_STATUS_OK;
} }
/*
check if a sid is in the range of auto-allocated SIDs from our primary domain,
and if it is, then return the name and atype
*/
NTSTATUS sidmap_allocated_sid_lookup(struct sidmap_context *sidmap,
TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
const char **name,
uint32_t *atype)
{
NTSTATUS status;
struct dom_sid *domain_sid;
void *ctx = talloc(mem_ctx, 0);
uint32_t rid;
status = sidmap_primary_domain_sid(sidmap, ctx, &domain_sid);
if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
if (!dom_sid_in_domain(domain_sid, sid)) {
talloc_free(ctx);
return NT_STATUS_INVALID_SID;
}
talloc_free(ctx);
rid = sid->sub_auths[sid->num_auths-1];
if (rid < SIDMAP_LOCAL_USER_BASE) {
return NT_STATUS_INVALID_SID;
}
if (rid < SIDMAP_LOCAL_GROUP_BASE) {
struct passwd *pwd;
uid_t uid = rid - SIDMAP_LOCAL_USER_BASE;
*atype = ATYPE_NORMAL_ACCOUNT;
pwd = getpwuid(uid);
if (pwd == NULL) {
*name = talloc_asprintf(mem_ctx, "uid%u", uid);
} else {
*name = talloc_strdup(mem_ctx, pwd->pw_name);
}
} else {
struct group *grp;
gid_t gid = rid - SIDMAP_LOCAL_GROUP_BASE;
*atype = ATYPE_LOCAL_GROUP;
grp = getgrgid(gid);
if (grp == NULL) {
*name = talloc_asprintf(mem_ctx, "gid%u", gid);
} else {
*name = talloc_strdup(mem_ctx, grp->gr_name);
}
}
if (*name == NULL) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}

60
source4/rpc_server/lsa/dcesrv_lsa.c
View File

@@ -42,6 +42,7 @@ enum lsa_handle {
struct lsa_policy_state { struct lsa_policy_state {
int reference_count; int reference_count;
void *sam_ctx; void *sam_ctx;
struct sidmap_context *sidmap;
uint32_t access_mask; uint32_t access_mask;
const char *domain_dn; const char *domain_dn;
const char *domain_name; const char *domain_name;
@@ -166,6 +167,12 @@ static NTSTATUS lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *
return NT_STATUS_INVALID_SYSTEM_SERVICE; return NT_STATUS_INVALID_SYSTEM_SERVICE;
} }
state->sidmap = sidmap_open(state);
if (state->sidmap == NULL) {
talloc_free(state);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
/* work out the domain_dn - useful for so many calls its worth /* work out the domain_dn - useful for so many calls its worth
fetching here */ fetching here */
state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL, state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL,
@@ -423,6 +430,9 @@ static NTSTATUS lsa_authority_name(struct lsa_policy_state *state,
return NT_STATUS_OK; return NT_STATUS_OK;
} }
/*
add to the lsa_RefDomainList for LookupSids and LookupNames
*/
static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx, static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
struct dom_sid *sid, struct dom_sid *sid,
struct lsa_RefDomainList *domains) struct lsa_RefDomainList *domains)
@@ -461,6 +471,36 @@ static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *m
return NT_STATUS_OK; return NT_STATUS_OK;
} }
/*
lookup a name for 1 SID
*/
static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
struct dom_sid *sid, const char *sid_str,
const char **name, uint32_t *atype)
{
int ret;
struct ldb_message **res;
const char * const attrs[] = { "sAMAccountName", "sAMAccountType", NULL};
NTSTATUS status;
ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs,
"objectSid=%s", sid_str);
if (ret == 1) {
*name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
if (*name == NULL) {
return NT_STATUS_NO_MEMORY;
}
*atype = samdb_result_uint(res[0], "sAMAccountType", 0);
return NT_STATUS_OK;
}
status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype);
return status;
}
/* /*
lsa_LookupSids2 lsa_LookupSids2
@@ -499,11 +539,8 @@ static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
} }
for (i=0;i<r->in.sids->num_sids;i++) { for (i=0;i<r->in.sids->num_sids;i++) {
const char * const attrs[] = { "sAMAccountName", "sAMAccountType", NULL};
struct dom_sid *sid = r->in.sids->sids[i].sid; struct dom_sid *sid = r->in.sids->sids[i].sid;
char *sid_str = dom_sid_string(mem_ctx, sid); char *sid_str = dom_sid_string(mem_ctx, sid);
int ret;
struct ldb_message **res;
const char *name; const char *name;
uint32_t atype, rtype; uint32_t atype, rtype;
NTSTATUS status2; NTSTATUS status2;
@@ -528,20 +565,9 @@ static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
return status2; return status2;
} }
ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "objectSid=%s", sid_str); status2 = lsa_lookup_sid(state, mem_ctx, sid, sid_str,
if (ret != 1) { &name, &atype);
status = STATUS_SOME_UNMAPPED; if (!NT_STATUS_IS_OK(status2)) {
continue;
}
name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
if (name == NULL) {
status = STATUS_SOME_UNMAPPED;
continue;
}
atype = samdb_result_uint(res[0], "sAMAccountType", 0);
if (atype == 0) {
status = STATUS_SOME_UNMAPPED; status = STATUS_SOME_UNMAPPED;
continue; continue;
} }