]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
r2340: Solve the problem of user sids ending up with gid's and vice versa: This
authorVolker Lendecke <vlendec@samba.org>
Wed, 15 Sep 2004 08:55:01 +0000 (08:55 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 15:52:40 +0000 (10:52 -0500)
belongs into winbind itself, not into wbinfo.

Volker
(This used to be commit 75e5c13d5d4c1da9bbb60f4e93183995c05a89ac)

source3/nsswitch/wbinfo.c
source3/nsswitch/winbindd_sid.c

index 0028982d201f83b277b862b53cdea0ecd8d5d354..b6a09bf2a1f38d54d922fa53df618988a55d4444 100644 (file)
@@ -398,27 +398,6 @@ static BOOL wbinfo_sid_to_uid(char *sid)
        ZERO_STRUCT(request);
        ZERO_STRUCT(response);
 
-       /* First see whether the SID is actually a user -- otherwise
-        * winbind might end up a uid number for a group SID and this
-        * is asking for trouble later. */
-
-       fstrcpy(request.data.sid, sid);
-
-       if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
-           NSS_STATUS_SUCCESS) {
-               d_printf("Could not lookup sid %s\n", sid);
-               return False;
-       }
-
-       if (response.data.name.type != SID_NAME_USER) {
-               d_printf("SID is of type %s\n",
-                        sid_type_lookup(response.data.name.type));
-               return False;
-       }
-
-       ZERO_STRUCT(request);
-       ZERO_STRUCT(response);
-
        /* Send request */
 
        fstrcpy(request.data.sid, sid);
@@ -442,26 +421,6 @@ static BOOL wbinfo_sid_to_gid(char *sid)
        ZERO_STRUCT(request);
        ZERO_STRUCT(response);
 
-       /* First see whether the SID is actually a group -- otherwise
-        * winbind might end up a gid number for a user SID and this
-        * is asking for trouble later. */
-
-       fstrcpy(request.data.sid, sid);
-
-       if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
-           NSS_STATUS_SUCCESS) {
-               d_printf("Could not lookup sid %s\n", sid);
-               return False;
-       }
-
-       if ((response.data.name.type != SID_NAME_DOM_GRP) &&
-           (response.data.name.type != SID_NAME_ALIAS) &&
-           (response.data.name.type != SID_NAME_WKN_GRP)) {
-               d_printf("SID is of type %s\n",
-                        sid_type_lookup(response.data.name.type));
-               return False;
-       }
-
        /* Send request */
 
        fstrcpy(request.data.sid, sid);
index 61da9b3d92f097050d0db9e3898800018fa8ebc3..c6e503bef39d6651a142a1895ec65e1b8a9e0947 100644 (file)
@@ -119,7 +119,7 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state)
 enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
 {
        DOM_SID sid;
-       uint32 flags = 0x0;
+       NTSTATUS result;
 
        /* Ensure null termination */
        state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@@ -166,8 +166,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
                        
                        /* But first check and see if we don't already have a mapping */
                           
-                       flags = ID_QUERY_ONLY;
-                       if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) )
+                       if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), ID_QUERY_ONLY)) )
                                return WINBINDD_OK;
                                
                        /* now fall back to the hard way */
@@ -191,17 +190,37 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
 
        }
        
-       if ( state->request.flags & WBFLAG_QUERY_ONLY ) 
-               flags = ID_QUERY_ONLY;
-       
        /* Find uid for this sid and return it */
-       
-       if ( !NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) ) {
-               DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
+
+       result = idmap_sid_to_uid(&sid, &(state->response.data.uid),
+                                 ID_QUERY_ONLY);
+
+       if (NT_STATUS_IS_OK(result))
+               return WINBINDD_OK;
+
+       if (state->request.flags & WBFLAG_QUERY_ONLY)
                return WINBINDD_ERROR;
+
+       /* The query-only did not work, allocate a new uid *if* it's a user */
+
+       {
+               fstring dom_name, name;
+               enum SID_NAME_USE type;
+
+               if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type))
+                       return WINBINDD_ERROR;
+
+               if ((type != SID_NAME_USER) && (type != SID_NAME_COMPUTER))
+                       return WINBINDD_ERROR;
        }
+       
+       result = idmap_sid_to_uid(&sid, &(state->response.data.uid), 0);
 
-       return WINBINDD_OK;
+       if (NT_STATUS_IS_OK(result))
+               return WINBINDD_OK;
+
+       DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
+       return WINBINDD_ERROR;
 }
 
 /* Convert a sid to a gid.  We assume we only have one rid attached to the
@@ -210,7 +229,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
 enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
 {
        DOM_SID sid;
-       uint32 flags = 0x0;
+       NTSTATUS result;
 
        /* Ensure null termination */
        state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@@ -256,8 +275,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
                        
                        /* But first check and see if we don't already have a mapping */
                           
-                       flags = ID_QUERY_ONLY;
-                       if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) )
+                       if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), ID_QUERY_ONLY)) )
                                return WINBINDD_OK;
                                
                        /* now fall back to the hard way */
@@ -281,16 +299,38 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
 
        }
        
-       if ( state->request.flags & WBFLAG_QUERY_ONLY ) 
-               flags = ID_QUERY_ONLY;
-               
        /* Find gid for this sid and return it */
-       if ( !NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) ) {
-               DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
+
+       result = idmap_sid_to_gid(&sid, &(state->response.data.gid),
+                                 ID_QUERY_ONLY);
+
+       if (NT_STATUS_IS_OK(result))
+               return WINBINDD_OK;
+
+       if (state->request.flags & WBFLAG_QUERY_ONLY)
                return WINBINDD_ERROR;
+
+       /* The query-only did not work, allocate a new gid *if* it's a group */
+
+       {
+               fstring dom_name, name;
+               enum SID_NAME_USE type;
+
+               if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type))
+                       return WINBINDD_ERROR;
+
+               if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
+                   (type != SID_NAME_WKN_GRP))
+                       return WINBINDD_ERROR;
        }
+       
+       result = idmap_sid_to_gid(&sid, &(state->response.data.gid), 0);
 
-       return WINBINDD_OK;
+       if (NT_STATUS_IS_OK(result))
+               return WINBINDD_OK;
+
+       DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
+       return WINBINDD_ERROR;
 }
 
 /* Convert a uid to a sid */