svn commit: samba r2340 - in branches/SAMBA_3_0/source/nsswitch: .
vlendec at samba.org
vlendec at samba.org
Wed Sep 15 08:55:02 GMT 2004
Author: vlendec
Date: 2004-09-15 08:55:01 +0000 (Wed, 15 Sep 2004)
New Revision: 2340
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_3_0/source/nsswitch&rev=2340&nolog=1
Log:
Solve the problem of user sids ending up with gid's and vice versa: This
belongs into winbind itself, not into wbinfo.
Volker
Modified:
branches/SAMBA_3_0/source/nsswitch/wbinfo.c
branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/wbinfo.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/wbinfo.c 2004-09-15 04:36:13 UTC (rev 2339)
+++ branches/SAMBA_3_0/source/nsswitch/wbinfo.c 2004-09-15 08:55:01 UTC (rev 2340)
@@ -398,27 +398,6 @@
ZERO_STRUCT(request);
ZERO_STRUCT(response);
- /* First see whether the SID is actually a user -- otherwise
- * winbind might end up a uid number for a group SID and this
- * is asking for trouble later. */
-
- fstrcpy(request.data.sid, sid);
-
- if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
- NSS_STATUS_SUCCESS) {
- d_printf("Could not lookup sid %s\n", sid);
- return False;
- }
-
- if (response.data.name.type != SID_NAME_USER) {
- d_printf("SID is of type %s\n",
- sid_type_lookup(response.data.name.type));
- return False;
- }
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
/* Send request */
fstrcpy(request.data.sid, sid);
@@ -442,26 +421,6 @@
ZERO_STRUCT(request);
ZERO_STRUCT(response);
- /* First see whether the SID is actually a group -- otherwise
- * winbind might end up a gid number for a user SID and this
- * is asking for trouble later. */
-
- fstrcpy(request.data.sid, sid);
-
- if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
- NSS_STATUS_SUCCESS) {
- d_printf("Could not lookup sid %s\n", sid);
- return False;
- }
-
- if ((response.data.name.type != SID_NAME_DOM_GRP) &&
- (response.data.name.type != SID_NAME_ALIAS) &&
- (response.data.name.type != SID_NAME_WKN_GRP)) {
- d_printf("SID is of type %s\n",
- sid_type_lookup(response.data.name.type));
- return False;
- }
-
/* Send request */
fstrcpy(request.data.sid, sid);
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c 2004-09-15 04:36:13 UTC (rev 2339)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c 2004-09-15 08:55:01 UTC (rev 2340)
@@ -119,7 +119,7 @@
enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
{
DOM_SID sid;
- uint32 flags = 0x0;
+ NTSTATUS result;
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@@ -166,8 +166,7 @@
/* But first check and see if we don't already have a mapping */
- flags = ID_QUERY_ONLY;
- if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) )
+ if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), ID_QUERY_ONLY)) )
return WINBINDD_OK;
/* now fall back to the hard way */
@@ -191,17 +190,37 @@
}
- if ( state->request.flags & WBFLAG_QUERY_ONLY )
- flags = ID_QUERY_ONLY;
-
/* Find uid for this sid and return it */
-
- if ( !NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) ) {
- DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
+
+ result = idmap_sid_to_uid(&sid, &(state->response.data.uid),
+ ID_QUERY_ONLY);
+
+ if (NT_STATUS_IS_OK(result))
+ return WINBINDD_OK;
+
+ if (state->request.flags & WBFLAG_QUERY_ONLY)
return WINBINDD_ERROR;
+
+ /* The query-only did not work, allocate a new uid *if* it's a user */
+
+ {
+ fstring dom_name, name;
+ enum SID_NAME_USE type;
+
+ if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type))
+ return WINBINDD_ERROR;
+
+ if ((type != SID_NAME_USER) && (type != SID_NAME_COMPUTER))
+ return WINBINDD_ERROR;
}
+
+ result = idmap_sid_to_uid(&sid, &(state->response.data.uid), 0);
- return WINBINDD_OK;
+ if (NT_STATUS_IS_OK(result))
+ return WINBINDD_OK;
+
+ DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
+ return WINBINDD_ERROR;
}
/* Convert a sid to a gid. We assume we only have one rid attached to the
@@ -210,7 +229,7 @@
enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
{
DOM_SID sid;
- uint32 flags = 0x0;
+ NTSTATUS result;
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@@ -256,8 +275,7 @@
/* But first check and see if we don't already have a mapping */
- flags = ID_QUERY_ONLY;
- if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) )
+ if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), ID_QUERY_ONLY)) )
return WINBINDD_OK;
/* now fall back to the hard way */
@@ -281,16 +299,38 @@
}
- if ( state->request.flags & WBFLAG_QUERY_ONLY )
- flags = ID_QUERY_ONLY;
-
/* Find gid for this sid and return it */
- if ( !NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) ) {
- DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
+
+ result = idmap_sid_to_gid(&sid, &(state->response.data.gid),
+ ID_QUERY_ONLY);
+
+ if (NT_STATUS_IS_OK(result))
+ return WINBINDD_OK;
+
+ if (state->request.flags & WBFLAG_QUERY_ONLY)
return WINBINDD_ERROR;
+
+ /* The query-only did not work, allocate a new gid *if* it's a group */
+
+ {
+ fstring dom_name, name;
+ enum SID_NAME_USE type;
+
+ if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type))
+ return WINBINDD_ERROR;
+
+ if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
+ (type != SID_NAME_WKN_GRP))
+ return WINBINDD_ERROR;
}
+
+ result = idmap_sid_to_gid(&sid, &(state->response.data.gid), 0);
- return WINBINDD_OK;
+ if (NT_STATUS_IS_OK(result))
+ return WINBINDD_OK;
+
+ DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
+ return WINBINDD_ERROR;
}
/* Convert a uid to a sid */
More information about the samba-cvs
mailing list