svn commit: samba r3992 - in branches/SAMBA_4_0/source: ntvfs/common rpc_server/lsa

tridge at samba.org tridge at samba.org
Mon Nov 29 04:24:50 GMT 2004 

Author: tridge
Date: 2004-11-29 04:24:50 +0000 (Mon, 29 Nov 2004)
New Revision: 3992

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=3992

Log:
provide hooks for lsa to lookup sids allocated using the linear id->sid mapping

Modified:
   branches/SAMBA_4_0/source/ntvfs/common/sidmap.c
   branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c


Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/common/sidmap.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/common/sidmap.c	2004-11-29 03:23:31 UTC (rev 3991)
+++ branches/SAMBA_4_0/source/ntvfs/common/sidmap.c	2004-11-29 04:24:50 UTC (rev 3992)
@@ -540,3 +540,64 @@
 
 	return NT_STATUS_OK;
 }
+
+/*
+  check if a sid is in the range of auto-allocated SIDs from our primary domain,
+  and if it is, then return the name and atype
+*/
+NTSTATUS sidmap_allocated_sid_lookup(struct sidmap_context *sidmap, 
+				     TALLOC_CTX *mem_ctx, 
+				     const struct dom_sid *sid,
+				     const char **name,
+				     uint32_t *atype)
+{
+	NTSTATUS status;
+	struct dom_sid *domain_sid;
+	void *ctx = talloc(mem_ctx, 0);
+	uint32_t rid;
+
+	status = sidmap_primary_domain_sid(sidmap, ctx, &domain_sid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	if (!dom_sid_in_domain(domain_sid, sid)) {
+		talloc_free(ctx);
+		return NT_STATUS_INVALID_SID;
+	}
+
+	talloc_free(ctx);
+
+	rid = sid->sub_auths[sid->num_auths-1];
+	if (rid < SIDMAP_LOCAL_USER_BASE) {
+		return NT_STATUS_INVALID_SID;
+	}
+
+	if (rid < SIDMAP_LOCAL_GROUP_BASE) {
+		struct passwd *pwd;
+		uid_t uid = rid - SIDMAP_LOCAL_USER_BASE;
+		*atype = ATYPE_NORMAL_ACCOUNT;
+		pwd = getpwuid(uid);
+		if (pwd == NULL) {
+			*name = talloc_asprintf(mem_ctx, "uid%u", uid);
+		} else {
+			*name = talloc_strdup(mem_ctx, pwd->pw_name);
+		}
+	} else {
+		struct group *grp;
+		gid_t gid = rid - SIDMAP_LOCAL_GROUP_BASE;
+		*atype = ATYPE_LOCAL_GROUP;
+		grp = getgrgid(gid);
+		if (grp == NULL) {
+			*name = talloc_asprintf(mem_ctx, "gid%u", gid);
+		} else {
+			*name = talloc_strdup(mem_ctx, grp->gr_name);
+		}
+	}
+
+	if (*name == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
+}

Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2004-11-29 03:23:31 UTC (rev 3991)
+++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2004-11-29 04:24:50 UTC (rev 3992)
@@ -42,6 +42,7 @@
 struct lsa_policy_state {
 	int reference_count;
 	void *sam_ctx;
+	struct sidmap_context *sidmap;
 	uint32_t access_mask;
 	const char *domain_dn;
 	const char *domain_name;
@@ -166,6 +167,12 @@
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
 
+	state->sidmap = sidmap_open(state);
+	if (state->sidmap == NULL) {
+		talloc_free(state);
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
 	/* work out the domain_dn - useful for so many calls its worth
 	   fetching here */
 	state->domain_dn = samdb_search_string(state->sam_ctx, state, NULL,
@@ -423,6 +430,9 @@
 	return NT_STATUS_OK;
 }
 
+/*
+  add to the lsa_RefDomainList for LookupSids and LookupNames
+*/
 static NTSTATUS lsa_authority_list(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx, 
 				   struct dom_sid *sid, 
 				   struct lsa_RefDomainList *domains)
@@ -461,7 +471,37 @@
 	return NT_STATUS_OK;
 }
 
+/*
+  lookup a name for 1 SID
+*/
+static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
+			       struct dom_sid *sid, const char *sid_str,
+			       const char **name, uint32_t *atype)
+{
+	int ret;
+	struct ldb_message **res;
+	const char * const attrs[] = { "sAMAccountName", "sAMAccountType", NULL};
+	NTSTATUS status;
 
+	ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, 
+			   "objectSid=%s", sid_str);
+	if (ret == 1) {
+		*name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
+		if (*name == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	
+		*atype = samdb_result_uint(res[0], "sAMAccountType", 0);
+
+		return NT_STATUS_OK;
+	}
+
+	status = sidmap_allocated_sid_lookup(state->sidmap, mem_ctx, sid, name, atype);
+
+	return status;
+}
+
+
 /*
   lsa_LookupSids2
 */
@@ -499,11 +539,8 @@
 	}
 
 	for (i=0;i<r->in.sids->num_sids;i++) {
-		const char * const attrs[] = { "sAMAccountName", "sAMAccountType", NULL};
 		struct dom_sid *sid = r->in.sids->sids[i].sid;
 		char *sid_str = dom_sid_string(mem_ctx, sid);
-		int ret;
-		struct ldb_message **res;
 		const char *name;
 		uint32_t atype, rtype;
 		NTSTATUS status2;
@@ -528,24 +565,13 @@
 			return status2;
 		}
 
-		ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, "objectSid=%s", sid_str);
-		if (ret != 1) {
+		status2 = lsa_lookup_sid(state, mem_ctx, sid, sid_str, 
+					 &name, &atype);
+		if (!NT_STATUS_IS_OK(status2)) {
 			status = STATUS_SOME_UNMAPPED;
 			continue;
 		}
 
-		name = ldb_msg_find_string(res[0], "sAMAccountName", NULL);
-		if (name == NULL) {
-			status = STATUS_SOME_UNMAPPED;
-			continue;
-		}
-
-		atype = samdb_result_uint(res[0], "sAMAccountType", 0);
-		if (atype == 0) {
-			status = STATUS_SOME_UNMAPPED;
-			continue;
-		}
-
 		rtype = samdb_atype_map(atype);
 		if (rtype == SID_NAME_UNKNOWN) {
 			status = STATUS_SOME_UNMAPPED;

More information about the samba-cvs mailing list