From: Ralph Boehme Date: Mon, 25 Sep 2017 13:39:39 +0000 (+0200) Subject: winbindd: pass domain SID to wbint_UnixIDs2Sids X-Git-Tag: samba-4.6.12~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96cc7e0fe30a747bf5cb49dcbf4953b4d659e038;p=thirdparty%2Fsamba.git winbindd: pass domain SID to wbint_UnixIDs2Sids This makes the domain SID available to the idmap child for wbint_UnixIDs2Sids mapping request. It's not used yet anywhere, this comes in the next commit. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit 71f99cb132f4c26f9febac6cb7dcd79f4940216a) --- diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl index 05db6b96b81..ab9af2d1509 100644 --- a/librpc/idl/winbind.idl +++ b/librpc/idl/winbind.idl @@ -58,6 +58,7 @@ interface winbind NTSTATUS wbint_UnixIDs2Sids( [in,string,charset(UTF8)] char *domain_name, + [in] dom_sid domain_sid, [in] uint32 num_ids, [in,out] unixid xids[num_ids], [out] dom_sid sids[num_ids] diff --git a/source3/include/idmap.h b/source3/include/idmap.h index c379eba3700..1ca79cca2cc 100644 --- a/source3/include/idmap.h +++ b/source3/include/idmap.h @@ -36,6 +36,11 @@ struct wbint_userinfo; struct idmap_domain { const char *name; + /* + * dom_sid is currently only initialized in the unixids_to_sids request, + * so don't rely on this being filled out everywhere! + */ + struct dom_sid dom_sid; struct idmap_methods *methods; NTSTATUS (*query_user)(struct idmap_domain *domain, struct wbint_userinfo *info); diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 6a5263358d2..4809e4512eb 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -589,7 +589,8 @@ NTSTATUS idmap_allocate_gid(struct unixid *id) } NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps, - const char *domain_name) + const char *domain_name, + struct dom_sid domain_sid) { struct idmap_domain *dom = NULL; NTSTATUS status; @@ -610,6 +611,7 @@ NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps, return NT_STATUS_NONE_MAPPED; } + dom->dom_sid = domain_sid; status = dom->methods->unixids_to_sids(dom, maps); DBG_DEBUG("unixid_to_sids for domain %s returned %s\n", diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h index 0e25963f209..f1b2267f903 100644 --- a/source3/winbindd/idmap_proto.h +++ b/source3/winbindd/idmap_proto.h @@ -35,7 +35,8 @@ void idmap_close(void); NTSTATUS idmap_allocate_uid(struct unixid *id); NTSTATUS idmap_allocate_gid(struct unixid *id); NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps, - const char *domain_name); + const char *domain_name, + struct dom_sid domain_sid); struct idmap_domain *idmap_find_domain(const char *domname); /* The following definitions come from winbindd/idmap_nss.c */ diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 03a6fce652c..cb206b19304 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -314,7 +314,7 @@ static struct tevent_req *wb_xids2sids_dom_send( child = idmap_child(); subreq = dcerpc_wbint_UnixIDs2Sids_send( - state, ev, child->binding_handle, dom_map->name, + state, ev, child->binding_handle, dom_map->name, dom_map->sid, state->num_dom_xids, state->dom_xids, state->dom_sids); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); @@ -417,7 +417,8 @@ static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq) child = idmap_child(); subreq = dcerpc_wbint_UnixIDs2Sids_send( state, state->ev, child->binding_handle, state->dom_map->name, - state->num_dom_xids, state->dom_xids, state->dom_sids); + state->dom_map->sid, state->num_dom_xids, + state->dom_xids, state->dom_sids); if (tevent_req_nomem(subreq, req)) { return; } diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index d083534aed7..df380955a00 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -226,7 +226,8 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p, maps[i]->xid = r->in.xids[i]; } - status = idmap_backend_unixids_to_sids(maps, r->in.domain_name); + status = idmap_backend_unixids_to_sids(maps, r->in.domain_name, + r->in.domain_sid); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(maps); return status;