winbindd: pass domain SID to wbint_UnixIDs2Sids

author Ralph Boehme <slow@samba.org>

Mon, 25 Sep 2017 13:39:39 +0000 (15:39 +0200)

committer Karolin Seeger <kseeger@samba.org>

Thu, 14 Dec 2017 11:21:09 +0000 (12:21 +0100)
author Ralph Boehme <slow@samba.org>
Mon, 25 Sep 2017 13:39:39 +0000 (15:39 +0200)
committer Karolin Seeger <kseeger@samba.org>
Thu, 14 Dec 2017 11:21:09 +0000 (12:21 +0100)
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl

index 05db6b96b81c8ced9afd56311832282fbb501b17..ab9af2d1509fba8b38ec126a83be4a2141855533 100644 (file)
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -58,6 +58,7 @@ interface winbind
  
      NTSTATUS wbint_UnixIDs2Sids(
         [in,string,charset(UTF8)] char *domain_name,
+       [in] dom_sid domain_sid,
         [in] uint32 num_ids,
         [in,out] unixid xids[num_ids],
         [out] dom_sid sids[num_ids]
diff --git a/source3/include/idmap.h b/source3/include/idmap.h

index c379eba37005011dd0211541ca5f99f0809eeba4..1ca79cca2cc53a8d2864f2332943dc3168370d92 100644 (file)
--- a/source3/include/idmap.h
+++ b/source3/include/idmap.h
@@ -36,6 +36,11 @@ struct wbint_userinfo;
  
  struct idmap_domain {
         const char *name;
+       /*
+        * dom_sid is currently only initialized in the unixids_to_sids request,
+        * so don't rely on this being filled out everywhere!
+        */
+       struct dom_sid dom_sid;
         struct idmap_methods *methods;
         NTSTATUS (*query_user)(struct idmap_domain *domain,
                                struct wbint_userinfo *info);
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c

index 6a5263358d22bcbf6acd294a923457f63d4c0736..4809e4512eb8595da21bcebcde544ce5be494c5c 100644 (file)
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -589,7 +589,8 @@ NTSTATUS idmap_allocate_gid(struct unixid *id)
  }
  
  NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps,
-                                      const char *domain_name)
+                                      const char *domain_name,
+                                      struct dom_sid domain_sid)
  {
         struct idmap_domain *dom = NULL;
         NTSTATUS status;
@@ -610,6 +611,7 @@ NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps,
                 return NT_STATUS_NONE_MAPPED;
         }
  
+       dom->dom_sid = domain_sid;
         status = dom->methods->unixids_to_sids(dom, maps);
  
         DBG_DEBUG("unixid_to_sids for domain %s returned %s\n",
diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h

index 0e25963f209ec4d83baf872ad92bbdd5c70631ab..f1b2267f903f2acab0b1806d612f9cd610fce918 100644 (file)
--- a/source3/winbindd/idmap_proto.h
+++ b/source3/winbindd/idmap_proto.h
@@ -35,7 +35,8 @@ void idmap_close(void);
  NTSTATUS idmap_allocate_uid(struct unixid *id);
  NTSTATUS idmap_allocate_gid(struct unixid *id);
  NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps,
-                                      const char *domain_name);
+                                      const char *domain_name,
+                                      struct dom_sid domain_sid);
  struct idmap_domain *idmap_find_domain(const char *domname);
  
  /* The following definitions come from winbindd/idmap_nss.c  */
diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c

index 03a6fce652c3d1ec4565ad5fd56a17225622f28e..cb206b193048dcb6e92b934095023f323f1d2a72 100644 (file)
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -314,7 +314,7 @@ static struct tevent_req *wb_xids2sids_dom_send(
  
         child = idmap_child();
         subreq = dcerpc_wbint_UnixIDs2Sids_send(
-               state, ev, child->binding_handle, dom_map->name,
+               state, ev, child->binding_handle, dom_map->name, dom_map->sid,
                 state->num_dom_xids, state->dom_xids, state->dom_sids);
         if (tevent_req_nomem(subreq, req)) {
                 return tevent_req_post(req, ev);
@@ -417,7 +417,8 @@ static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq)
         child = idmap_child();
         subreq = dcerpc_wbint_UnixIDs2Sids_send(
                 state, state->ev, child->binding_handle, state->dom_map->name,
-               state->num_dom_xids, state->dom_xids, state->dom_sids);
+               state->dom_map->sid, state->num_dom_xids,
+               state->dom_xids, state->dom_sids);
         if (tevent_req_nomem(subreq, req)) {
                 return;
         }
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c

index d083534aed7e831bac92f1167f027ce0b01ed584..df380955a00b6c3f31f86b4e9b225c057361b41d 100644 (file)
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -226,7 +226,8 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p,
                 maps[i]->xid = r->in.xids[i];
         }
  
-       status = idmap_backend_unixids_to_sids(maps, r->in.domain_name);
+       status = idmap_backend_unixids_to_sids(maps, r->in.domain_name,
+                                              r->in.domain_sid);
         if (!NT_STATUS_IS_OK(status)) {
                 TALLOC_FREE(maps);
                 return status;
author	Ralph Boehme <slow@samba.org>
	Mon, 25 Sep 2017 13:39:39 +0000 (15:39 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 14 Dec 2017 11:21:09 +0000 (12:21 +0100)
librpc/idl/winbind.idl		patch \| blob \| blame \| history
source3/include/idmap.h		patch \| blob \| blame \| history
source3/winbindd/idmap.c		patch \| blob \| blame \| history
source3/winbindd/idmap_proto.h		patch \| blob \| blame \| history
source3/winbindd/wb_xids2sids.c		patch \| blob \| blame \| history
source3/winbindd/winbindd_dual_srv.c		patch \| blob \| blame \| history