r11920: Rename local_lookup_rid to lookup_global_sam_rid, add lookup_builtin_rid.

Volker

source/passdb/lookup_sid.c

@@ -66,7 +66,8 @@ BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_N
  Tries local lookup first - for local sids, then tries winbind.
 *****************************************************************/  
 
-BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
+BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name,
+		enum SID_NAME_USE *name_type)
 {
 	if (!name_type)
 		return False;
@@ -83,6 +84,15 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM
 		return True;
 	}
 
+	if (sid_check_is_in_our_domain(sid)) {
+		uint32 rid;
+		SMB_ASSERT(sid_peek_rid(sid, &rid));
+
+		/* For our own domain passdb is responsible */
+		fstrcpy(dom_name, get_global_sam_name());
+		return lookup_global_sam_rid(rid, name, name_type);
+	}
+
 	if (sid_check_is_builtin(sid)) {
 
 		/* Got through map_domain_sid_to_name here so that the mapping
@@ -97,13 +107,21 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM
 		return True;
 	}
 
-	if (sid_check_is_in_our_domain(sid)) {
+	if (sid_check_is_in_builtin(sid)) {
 		uint32 rid;
+
 		SMB_ASSERT(sid_peek_rid(sid, &rid));
 
-		/* For our own domain passdb is responsible */
-		fstrcpy(dom_name, get_global_sam_name());
-		return local_lookup_rid(rid, name, name_type);
+		/* Got through map_domain_sid_to_name here so that the mapping
+		 * of S-1-5-32 to the name "BUILTIN" in as few places as
+		 * possible. We might add i18n... */
+		SMB_ASSERT(map_domain_sid_to_name(&global_sid_Builtin,
+						  dom_name));
+
+		/* There's only aliases in S-1-5-32 */
+		*name_type = SID_NAME_ALIAS;
+
+		return lookup_builtin_rid(rid, name);
 	}
 
 	if (winbind_lookup_sid(sid, dom_name, name, name_type)) {

source/passdb/passdb.c

@@ -732,10 +732,11 @@ BOOL algorithmic_pdb_rid_is_user(uint32 rid)
 }
 
 /*******************************************************************
- Convert a rid into a name. Used in the lookup SID rpc.
+ Look up a rid in the SAM we're responsible for (i.e. passdb)
  ********************************************************************/
 
-BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
+BOOL lookup_global_sam_rid(uint32 rid, fstring name,
+			   enum SID_NAME_USE *psid_name_use)
 {
 	SAM_ACCOUNT *sam_account = NULL;
 	GROUP_MAP map;
@@ -744,7 +745,8 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 
 	*psid_name_use = SID_NAME_UNKNOWN;
 	
-	DEBUG(5,("local_lookup_rid: looking up RID %u.\n", (unsigned int)rid));
+	DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
+		 (unsigned int)rid));
 
 	sid_copy(&sid, get_global_sam_sid());
 	sid_append_rid(&sid, rid);
@@ -757,7 +759,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 	/* BEING ROOT BLLOCK */
 	become_root();
 	if (pdb_getsampwsid(sam_account, &sid)) {
-		unbecome_root();			/* -----> EXIT BECOME_ROOT() */
+		unbecome_root();		/* -----> EXIT BECOME_ROOT() */
 		fstrcpy(name, pdb_get_username(sam_account));
 		*psid_name_use = SID_NAME_USER;
 
@@ -773,9 +775,13 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 	
 	if ( ret ) {
 		if (map.gid!=(gid_t)-1) {
-			DEBUG(5,("local_lookup_rid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
+			DEBUG(5,("lookup_global_sam_rid: mapped group %s to "
+				 "gid %u\n", map.nt_name,
+				 (unsigned int)map.gid));
 		} else {
-			DEBUG(5,("local_lookup_rid: mapped group %s to no unix gid.  Returning name.\n", map.nt_name));
+			DEBUG(5,("lookup_global_sam_rid: mapped group %s to "
+				 "no unix gid.  Returning name.\n",
+				 map.nt_name));
 		}
 
 		fstrcpy(name, map.nt_name);
@@ -798,16 +804,16 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
        		uid = algorithmic_pdb_user_rid_to_uid(rid);
 		pw = sys_getpwuid( uid );
 		
-		DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid,
-			 pw ? "succeeded" : "failed" ));
+		DEBUG(5,("lookup_global_sam_rid: looking up uid %u %s\n",
+			 (unsigned int)uid, pw ? "succeeded" : "failed" ));
 			 
 		if ( !pw )
-			fstr_sprintf(name, "unix_user.%u", (unsigned int)uid);	
+			fstr_sprintf(name, "unix_user.%u", (unsigned int)uid);
 		else 
 			fstrcpy( name, pw->pw_name );
 			
-		DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name,
-			 (unsigned int)rid ));
+		DEBUG(5,("lookup_global_sam_rid: found user %s for rid %u\n",
+			 name, (unsigned int)rid ));
 			 
 		*psid_name_use = SID_NAME_USER;
 		
@@ -821,16 +827,16 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 		gid = pdb_group_rid_to_gid(rid);
 		gr = getgrgid(gid);
 			
-		DEBUG(5,("local_lookup_rid: looking up gid %u %s\n", (unsigned int)gid,
-			 gr ? "succeeded" : "failed" ));
+		DEBUG(5,("lookup_global_sam_rid: looking up gid %u %s\n",
+			 (unsigned int)gid, gr ? "succeeded" : "failed" ));
 			
 		if( !gr )
 			fstr_sprintf(name, "unix_group.%u", (unsigned int)gid);
 		else
 			fstrcpy( name, gr->gr_name);
 			
-		DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name,
-			 (unsigned int)rid ));
+		DEBUG(5,("lookup_global_sam_rid: found group %s for rid %u\n",
+			 name, (unsigned int)rid ));
 		
 		/* assume algorithmic groups are domain global groups */
 		

source/passdb/util_sam_sid.c

@@ -164,6 +164,24 @@ BOOL lookup_special_sid(const DOM_SID *sid, const char **domain,
 	return False;
 }
 
+/*******************************************************************
+ Look up a rid in the BUILTIN domain
+ ********************************************************************/
+BOOL lookup_builtin_rid(uint32 rid, fstring name)
+{
+	const known_sid_users *aliases = builtin_groups;
+	int i;
+
+	for (i=0; aliases[i].known_user_name != NULL; i++) {
+		if (rid == aliases[i].rid) {
+			fstrcpy(name, aliases[i].known_user_name);
+			return True;
+		}
+	}
+
+	return False;
+}
+
 /*****************************************************************
  Check if the SID is our domain SID (S-1-5-21-x-y-z).
 *****************************************************************/