mirror of
https://github.com/samba-team/samba.git
synced 2025-10-25 19:33:18 +03:00
610 lines
15 KiB
C
610 lines
15 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
|
|
mapping routines for SID <-> unix uid/gid
|
|
|
|
Copyright (C) Andrew Tridgell 2004
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
#include "system/passwd.h"
|
|
#include "dsdb/common/flags.h"
|
|
#include "dsdb/samdb/samdb.h"
|
|
#include "auth/auth.h"
|
|
#include "libcli/ldap/ldap_ndr.h"
|
|
#include "lib/ldb/include/ldb.h"
|
|
#include "util/util_ldb.h"
|
|
#include "libcli/security/security.h"
|
|
#include "param/param.h"
|
|
|
|
/*
|
|
these are used for the fallback local uid/gid to sid mapping
|
|
code.
|
|
*/
|
|
#define SIDMAP_LOCAL_USER_BASE 0x80000000
|
|
#define SIDMAP_LOCAL_GROUP_BASE 0xC0000000
|
|
#define SIDMAP_MAX_LOCAL_UID 0x3fffffff
|
|
#define SIDMAP_MAX_LOCAL_GID 0x3fffffff
|
|
|
|
/*
|
|
private context for sid mapping routines
|
|
*/
|
|
struct sidmap_context {
|
|
struct ldb_context *samctx;
|
|
};
|
|
|
|
/*
|
|
open a sidmap context - use talloc_free to close
|
|
*/
|
|
_PUBLIC_ struct sidmap_context *sidmap_open(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
|
|
{
|
|
struct sidmap_context *sidmap;
|
|
sidmap = talloc(mem_ctx, struct sidmap_context);
|
|
if (sidmap == NULL) {
|
|
return NULL;
|
|
}
|
|
sidmap->samctx = samdb_connect(sidmap, lp_ctx, system_session(sidmap, lp_ctx));
|
|
if (sidmap->samctx == NULL) {
|
|
talloc_free(sidmap);
|
|
return NULL;
|
|
}
|
|
|
|
return sidmap;
|
|
}
|
|
|
|
|
|
/*
|
|
check the sAMAccountType field of a search result to see if
|
|
the account is a user account
|
|
*/
|
|
static bool is_user_account(struct ldb_message *res)
|
|
{
|
|
uint_t atype = samdb_result_uint(res, "sAMAccountType", 0);
|
|
if (atype && (!(atype & ATYPE_ACCOUNT))) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
check the sAMAccountType field of a search result to see if
|
|
the account is a group account
|
|
*/
|
|
static bool is_group_account(struct ldb_message *res)
|
|
{
|
|
uint_t atype = samdb_result_uint(res, "sAMAccountType", 0);
|
|
if (atype && atype == ATYPE_NORMAL_ACCOUNT) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
return the dom_sid of our primary domain
|
|
*/
|
|
static NTSTATUS sidmap_primary_domain_sid(struct sidmap_context *sidmap,
|
|
TALLOC_CTX *mem_ctx, struct dom_sid **sid)
|
|
{
|
|
const char *attrs[] = { "objectSid", NULL };
|
|
int ret;
|
|
struct ldb_message **res = NULL;
|
|
|
|
ret = gendb_search_dn(sidmap->samctx, mem_ctx, NULL, &res, attrs);
|
|
if (ret != 1) {
|
|
talloc_free(res);
|
|
return NT_STATUS_NO_SUCH_DOMAIN;
|
|
}
|
|
|
|
*sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
|
|
talloc_free(res);
|
|
if (*sid == NULL) {
|
|
return NT_STATUS_NO_MEMORY;
|
|
}
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
|
|
/*
|
|
map a sid to a unix uid
|
|
*/
|
|
_PUBLIC_ NTSTATUS sidmap_sid_to_unixuid(struct sidmap_context *sidmap,
|
|
struct dom_sid *sid, uid_t *uid)
|
|
{
|
|
const char *attrs[] = { "sAMAccountName", "uidNumber",
|
|
"sAMAccountType", "unixName", NULL };
|
|
int ret;
|
|
const char *s;
|
|
TALLOC_CTX *tmp_ctx;
|
|
struct ldb_message **res;
|
|
struct dom_sid *domain_sid;
|
|
NTSTATUS status;
|
|
|
|
tmp_ctx = talloc_new(sidmap);
|
|
|
|
ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
|
|
"objectSid=%s", ldap_encode_ndr_dom_sid(tmp_ctx, sid));
|
|
if (ret != 1) {
|
|
goto allocated_sid;
|
|
}
|
|
|
|
/* make sure its a user, not a group */
|
|
if (!is_user_account(res[0])) {
|
|
DEBUG(0,("sid_to_unixuid: sid %s is not an account!\n",
|
|
dom_sid_string(tmp_ctx, sid)));
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_INVALID_SID;
|
|
}
|
|
|
|
/* first try to get the uid directly */
|
|
s = samdb_result_string(res[0], "uidNumber", NULL);
|
|
if (s != NULL) {
|
|
*uid = strtoul(s, NULL, 0);
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/* next try via the UnixName attribute */
|
|
s = samdb_result_string(res[0], "unixName", NULL);
|
|
if (s != NULL) {
|
|
struct passwd *pwd = getpwnam(s);
|
|
if (!pwd) {
|
|
DEBUG(0,("unixName %s for sid %s does not exist as a local user\n", s,
|
|
dom_sid_string(tmp_ctx, sid)));
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_NO_SUCH_USER;
|
|
}
|
|
*uid = pwd->pw_uid;
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/* finally try via the sAMAccountName attribute */
|
|
s = samdb_result_string(res[0], "sAMAccountName", NULL);
|
|
if (s != NULL) {
|
|
struct passwd *pwd = getpwnam(s);
|
|
if (!pwd) {
|
|
DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local user\n",
|
|
s, dom_sid_string(tmp_ctx, sid)));
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_NO_SUCH_USER;
|
|
}
|
|
*uid = pwd->pw_uid;
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
|
|
allocated_sid:
|
|
status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_NO_SUCH_DOMAIN;
|
|
}
|
|
|
|
if (dom_sid_in_domain(domain_sid, sid)) {
|
|
uint32_t rid = sid->sub_auths[sid->num_auths-1];
|
|
if (rid >= SIDMAP_LOCAL_USER_BASE &&
|
|
rid < SIDMAP_LOCAL_GROUP_BASE) {
|
|
*uid = rid - SIDMAP_LOCAL_USER_BASE;
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_OK;
|
|
}
|
|
}
|
|
|
|
|
|
DEBUG(0,("sid_to_unixuid: no uidNumber, unixName or sAMAccountName for sid %s\n",
|
|
dom_sid_string(tmp_ctx, sid)));
|
|
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_NONE_MAPPED;
|
|
}
|
|
|
|
|
|
/*
|
|
see if a sid is a group - very inefficient!
|
|
*/
|
|
_PUBLIC_ bool sidmap_sid_is_group(struct sidmap_context *sidmap, struct dom_sid *sid)
|
|
{
|
|
const char *attrs[] = { "sAMAccountType", NULL };
|
|
int ret;
|
|
TALLOC_CTX *tmp_ctx;
|
|
struct ldb_message **res;
|
|
NTSTATUS status;
|
|
struct dom_sid *domain_sid;
|
|
bool is_group;
|
|
|
|
tmp_ctx = talloc_new(sidmap);
|
|
|
|
ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
|
|
"objectSid=%s", ldap_encode_ndr_dom_sid(tmp_ctx, sid));
|
|
if (ret == 1) {
|
|
is_group = is_group_account(res[0]);
|
|
talloc_free(tmp_ctx);
|
|
return is_group;
|
|
}
|
|
|
|
status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
talloc_free(tmp_ctx);
|
|
return false;
|
|
}
|
|
|
|
if (dom_sid_in_domain(domain_sid, sid)) {
|
|
uint32_t rid = sid->sub_auths[sid->num_auths-1];
|
|
if (rid >= SIDMAP_LOCAL_GROUP_BASE) {
|
|
talloc_free(tmp_ctx);
|
|
return true;
|
|
}
|
|
}
|
|
|
|
talloc_free(tmp_ctx);
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
map a sid to a unix gid
|
|
*/
|
|
_PUBLIC_ NTSTATUS sidmap_sid_to_unixgid(struct sidmap_context *sidmap,
|
|
struct dom_sid *sid, gid_t *gid)
|
|
{
|
|
const char *attrs[] = { "sAMAccountName", "gidNumber",
|
|
"unixName", "sAMAccountType", NULL };
|
|
int ret;
|
|
const char *s;
|
|
TALLOC_CTX *tmp_ctx;
|
|
struct ldb_message **res;
|
|
NTSTATUS status;
|
|
struct dom_sid *domain_sid;
|
|
|
|
tmp_ctx = talloc_new(sidmap);
|
|
|
|
ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
|
|
"objectSid=%s", ldap_encode_ndr_dom_sid(tmp_ctx, sid));
|
|
if (ret != 1) {
|
|
goto allocated_sid;
|
|
}
|
|
|
|
/* make sure its not a user */
|
|
if (!is_group_account(res[0])) {
|
|
DEBUG(0,("sid_to_unixgid: sid %s is a ATYPE_NORMAL_ACCOUNT\n",
|
|
dom_sid_string(tmp_ctx, sid)));
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_INVALID_SID;
|
|
}
|
|
|
|
/* first try to get the gid directly */
|
|
s = samdb_result_string(res[0], "gidNumber", NULL);
|
|
if (s != NULL) {
|
|
*gid = strtoul(s, NULL, 0);
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/* next try via the UnixName attribute */
|
|
s = samdb_result_string(res[0], "unixName", NULL);
|
|
if (s != NULL) {
|
|
struct group *grp = getgrnam(s);
|
|
if (!grp) {
|
|
DEBUG(0,("unixName '%s' for sid %s does not exist as a local group\n",
|
|
s, dom_sid_string(tmp_ctx, sid)));
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_NO_SUCH_GROUP;
|
|
}
|
|
*gid = grp->gr_gid;
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/* finally try via the sAMAccountName attribute */
|
|
s = samdb_result_string(res[0], "sAMAccountName", NULL);
|
|
if (s != NULL) {
|
|
struct group *grp = getgrnam(s);
|
|
if (!grp) {
|
|
DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local group\n", s, dom_sid_string(tmp_ctx, sid)));
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_NO_SUCH_GROUP;
|
|
}
|
|
*gid = grp->gr_gid;
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
allocated_sid:
|
|
status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_NO_SUCH_DOMAIN;
|
|
}
|
|
|
|
if (dom_sid_in_domain(domain_sid, sid)) {
|
|
uint32_t rid = sid->sub_auths[sid->num_auths-1];
|
|
if (rid >= SIDMAP_LOCAL_GROUP_BASE) {
|
|
*gid = rid - SIDMAP_LOCAL_GROUP_BASE;
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_OK;
|
|
}
|
|
}
|
|
|
|
DEBUG(0,("sid_to_unixgid: no gidNumber, unixName or sAMAccountName for sid %s\n",
|
|
dom_sid_string(tmp_ctx, sid)));
|
|
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_NONE_MAPPED;
|
|
}
|
|
|
|
|
|
/*
|
|
map a unix uid to a dom_sid
|
|
the returned sid is allocated in the supplied mem_ctx
|
|
*/
|
|
_PUBLIC_ NTSTATUS sidmap_uid_to_sid(struct sidmap_context *sidmap,
|
|
TALLOC_CTX *mem_ctx,
|
|
uid_t uid, struct dom_sid **sid)
|
|
{
|
|
const char *attrs[] = { "sAMAccountName", "objectSid", "sAMAccountType", NULL };
|
|
int ret, i;
|
|
TALLOC_CTX *tmp_ctx;
|
|
struct ldb_message **res;
|
|
struct passwd *pwd;
|
|
struct dom_sid *domain_sid;
|
|
NTSTATUS status;
|
|
|
|
/*
|
|
we search for the mapping in the following order:
|
|
|
|
- check if the uid is in the dynamic uid range assigned for winbindd
|
|
use. If it is, then look in winbindd sid mapping
|
|
database (not implemented yet)
|
|
- look for a user account in samdb that has uidNumber set to the
|
|
given uid
|
|
- look for a user account in samdb that has unixName or
|
|
sAMAccountName set to the name given by getpwuid()
|
|
- assign a SID by adding the uid to SIDMAP_LOCAL_USER_BASE in the local
|
|
domain
|
|
*/
|
|
|
|
|
|
tmp_ctx = talloc_new(mem_ctx);
|
|
|
|
|
|
/*
|
|
step 2: look for a user account in samdb that has uidNumber set to the
|
|
given uid
|
|
*/
|
|
|
|
ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
|
|
"uidNumber=%u", (unsigned int)uid);
|
|
for (i=0;i<ret;i++) {
|
|
if (!is_user_account(res[i])) continue;
|
|
|
|
*sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
|
|
talloc_free(tmp_ctx);
|
|
NT_STATUS_HAVE_NO_MEMORY(*sid);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/*
|
|
step 3: look for a user account in samdb that has unixName
|
|
or sAMAccountName set to the name given by getpwuid()
|
|
*/
|
|
pwd = getpwuid(uid);
|
|
if (pwd == NULL) {
|
|
goto allocate_sid;
|
|
}
|
|
|
|
ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
|
|
"(|(unixName=%s)(sAMAccountName=%s))",
|
|
pwd->pw_name, pwd->pw_name);
|
|
for (i=0;i<ret;i++) {
|
|
if (!is_user_account(res[i])) continue;
|
|
|
|
*sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
|
|
talloc_free(tmp_ctx);
|
|
NT_STATUS_HAVE_NO_MEMORY(*sid);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
|
|
/*
|
|
step 4: assign a SID by adding the uid to
|
|
SIDMAP_LOCAL_USER_BASE in the local domain
|
|
*/
|
|
allocate_sid:
|
|
if (uid > SIDMAP_MAX_LOCAL_UID) {
|
|
return NT_STATUS_NONE_MAPPED;
|
|
}
|
|
|
|
status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
talloc_free(tmp_ctx);
|
|
return status;
|
|
}
|
|
|
|
*sid = dom_sid_add_rid(mem_ctx, domain_sid, SIDMAP_LOCAL_USER_BASE + uid);
|
|
talloc_free(tmp_ctx);
|
|
|
|
if (*sid == NULL) {
|
|
return NT_STATUS_NO_MEMORY;
|
|
}
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
|
|
/*
|
|
map a unix gid to a dom_sid
|
|
the returned sid is allocated in the supplied mem_ctx
|
|
*/
|
|
_PUBLIC_ NTSTATUS sidmap_gid_to_sid(struct sidmap_context *sidmap,
|
|
TALLOC_CTX *mem_ctx,
|
|
gid_t gid, struct dom_sid **sid)
|
|
{
|
|
const char *attrs[] = { "sAMAccountName", "objectSid", "sAMAccountType", NULL };
|
|
int ret, i;
|
|
TALLOC_CTX *tmp_ctx;
|
|
struct ldb_message **res;
|
|
struct group *grp;
|
|
struct dom_sid *domain_sid;
|
|
NTSTATUS status;
|
|
|
|
/*
|
|
we search for the mapping in the following order:
|
|
|
|
- check if the gid is in the dynamic gid range assigned for winbindd
|
|
use. If it is, then look in winbindd sid mapping
|
|
database (not implemented yet)
|
|
- look for a group account in samdb that has gidNumber set to the
|
|
given gid
|
|
- look for a group account in samdb that has unixName or
|
|
sAMAccountName set to the name given by getgrgid()
|
|
- assign a SID by adding the gid to SIDMAP_LOCAL_GROUP_BASE in the local
|
|
domain
|
|
*/
|
|
|
|
|
|
tmp_ctx = talloc_new(sidmap);
|
|
|
|
|
|
/*
|
|
step 2: look for a group account in samdb that has gidNumber set to the
|
|
given gid
|
|
*/
|
|
|
|
ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
|
|
"gidNumber=%u", (unsigned int)gid);
|
|
for (i=0;i<ret;i++) {
|
|
if (!is_group_account(res[i])) continue;
|
|
|
|
*sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
|
|
talloc_free(tmp_ctx);
|
|
NT_STATUS_HAVE_NO_MEMORY(*sid);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/*
|
|
step 3: look for a group account in samdb that has unixName
|
|
or sAMAccountName set to the name given by getgrgid()
|
|
*/
|
|
grp = getgrgid(gid);
|
|
if (grp == NULL) {
|
|
goto allocate_sid;
|
|
}
|
|
|
|
ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs,
|
|
"(|(unixName=%s)(sAMAccountName=%s))",
|
|
grp->gr_name, grp->gr_name);
|
|
for (i=0;i<ret;i++) {
|
|
if (!is_group_account(res[i])) continue;
|
|
|
|
*sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
|
|
talloc_free(tmp_ctx);
|
|
NT_STATUS_HAVE_NO_MEMORY(*sid);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
|
|
/*
|
|
step 4: assign a SID by adding the gid to
|
|
SIDMAP_LOCAL_GROUP_BASE in the local domain
|
|
*/
|
|
allocate_sid:
|
|
if (gid > SIDMAP_MAX_LOCAL_GID) {
|
|
return NT_STATUS_NONE_MAPPED;
|
|
}
|
|
|
|
status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
talloc_free(tmp_ctx);
|
|
return status;
|
|
}
|
|
|
|
*sid = dom_sid_add_rid(mem_ctx, domain_sid, SIDMAP_LOCAL_GROUP_BASE + gid);
|
|
talloc_free(tmp_ctx);
|
|
|
|
if (*sid == NULL) {
|
|
return NT_STATUS_NO_MEMORY;
|
|
}
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/*
|
|
check if a sid is in the range of auto-allocated SIDs from our primary domain,
|
|
and if it is, then return the name and atype
|
|
*/
|
|
_PUBLIC_ NTSTATUS sidmap_allocated_sid_lookup(struct sidmap_context *sidmap,
|
|
TALLOC_CTX *mem_ctx,
|
|
const struct dom_sid *sid,
|
|
const char **name,
|
|
enum lsa_SidType *rtype)
|
|
{
|
|
NTSTATUS status;
|
|
struct dom_sid *domain_sid;
|
|
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
|
|
uint32_t rid, atype;
|
|
|
|
status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
return NT_STATUS_NO_SUCH_DOMAIN;
|
|
}
|
|
|
|
if (!dom_sid_in_domain(domain_sid, sid)) {
|
|
talloc_free(tmp_ctx);
|
|
return NT_STATUS_NONE_MAPPED;
|
|
}
|
|
|
|
talloc_free(tmp_ctx);
|
|
|
|
rid = sid->sub_auths[sid->num_auths-1];
|
|
if (rid < SIDMAP_LOCAL_USER_BASE) {
|
|
return NT_STATUS_NONE_MAPPED;
|
|
}
|
|
|
|
if (rid < SIDMAP_LOCAL_GROUP_BASE) {
|
|
struct passwd *pwd;
|
|
uid_t uid = rid - SIDMAP_LOCAL_USER_BASE;
|
|
atype = ATYPE_NORMAL_ACCOUNT;
|
|
*rtype = samdb_atype_map(atype);
|
|
|
|
pwd = getpwuid(uid);
|
|
if (pwd == NULL) {
|
|
*name = talloc_asprintf(mem_ctx, "uid%u", uid);
|
|
} else {
|
|
*name = talloc_strdup(mem_ctx, pwd->pw_name);
|
|
}
|
|
} else {
|
|
struct group *grp;
|
|
gid_t gid = rid - SIDMAP_LOCAL_GROUP_BASE;
|
|
atype = ATYPE_LOCAL_GROUP;
|
|
*rtype = samdb_atype_map(atype);
|
|
grp = getgrgid(gid);
|
|
if (grp == NULL) {
|
|
*name = talloc_asprintf(mem_ctx, "gid%u", gid);
|
|
} else {
|
|
*name = talloc_strdup(mem_ctx, grp->gr_name);
|
|
}
|
|
}
|
|
|
|
if (*name == NULL) {
|
|
return NT_STATUS_NO_MEMORY;
|
|
}
|
|
|
|
return NT_STATUS_OK;
|
|
}
|