svn commit: samba r2340 - in branches/SAMBA_3_0/source/nsswitch: .

vlendec at samba.org vlendec at samba.org
Wed Sep 15 08:55:02 GMT 2004


Author: vlendec
Date: 2004-09-15 08:55:01 +0000 (Wed, 15 Sep 2004)
New Revision: 2340

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_3_0/source/nsswitch&rev=2340&nolog=1

Log:
Solve the problem of user sids ending up with gid's and vice versa: This
belongs into winbind itself, not into wbinfo.

Volker

Modified:
   branches/SAMBA_3_0/source/nsswitch/wbinfo.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/wbinfo.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/wbinfo.c	2004-09-15 04:36:13 UTC (rev 2339)
+++ branches/SAMBA_3_0/source/nsswitch/wbinfo.c	2004-09-15 08:55:01 UTC (rev 2340)
@@ -398,27 +398,6 @@
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
-	/* First see whether the SID is actually a user -- otherwise
-	 * winbind might end up a uid number for a group SID and this
-	 * is asking for trouble later. */
-
-	fstrcpy(request.data.sid, sid);
-
-	if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
-	    NSS_STATUS_SUCCESS) {
-		d_printf("Could not lookup sid %s\n", sid);
-		return False;
-	}
-
-	if (response.data.name.type != SID_NAME_USER) {
-		d_printf("SID is of type %s\n",
-			 sid_type_lookup(response.data.name.type));
-		return False;
-	}
-
-	ZERO_STRUCT(request);
-	ZERO_STRUCT(response);
-
 	/* Send request */
 
 	fstrcpy(request.data.sid, sid);
@@ -442,26 +421,6 @@
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
-	/* First see whether the SID is actually a group -- otherwise
-	 * winbind might end up a gid number for a user SID and this
-	 * is asking for trouble later. */
-
-	fstrcpy(request.data.sid, sid);
-
-	if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
-	    NSS_STATUS_SUCCESS) {
-		d_printf("Could not lookup sid %s\n", sid);
-		return False;
-	}
-
-	if ((response.data.name.type != SID_NAME_DOM_GRP) &&
-	    (response.data.name.type != SID_NAME_ALIAS) &&
-	    (response.data.name.type != SID_NAME_WKN_GRP)) {
-		d_printf("SID is of type %s\n",
-			 sid_type_lookup(response.data.name.type));
-		return False;
-	}
-
 	/* Send request */
 
 	fstrcpy(request.data.sid, sid);

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c	2004-09-15 04:36:13 UTC (rev 2339)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c	2004-09-15 08:55:01 UTC (rev 2340)
@@ -119,7 +119,7 @@
 enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
 {
 	DOM_SID sid;
-	uint32 flags = 0x0;
+	NTSTATUS result;
 
 	/* Ensure null termination */
 	state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@@ -166,8 +166,7 @@
 			
 			/* But first check and see if we don't already have a mapping */
 			   
-			flags = ID_QUERY_ONLY;
-			if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) )
+			if ( NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), ID_QUERY_ONLY)) )
 				return WINBINDD_OK;
 				
 			/* now fall back to the hard way */
@@ -191,17 +190,37 @@
 
 	}
 	
-	if ( state->request.flags & WBFLAG_QUERY_ONLY ) 
-		flags = ID_QUERY_ONLY;
-	
 	/* Find uid for this sid and return it */
-	
-	if ( !NT_STATUS_IS_OK(idmap_sid_to_uid(&sid, &(state->response.data.uid), flags)) ) {
-		DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
+
+	result = idmap_sid_to_uid(&sid, &(state->response.data.uid),
+				  ID_QUERY_ONLY);
+
+	if (NT_STATUS_IS_OK(result))
+		return WINBINDD_OK;
+
+	if (state->request.flags & WBFLAG_QUERY_ONLY)
 		return WINBINDD_ERROR;
+
+	/* The query-only did not work, allocate a new uid *if* it's a user */
+
+	{
+		fstring dom_name, name;
+		enum SID_NAME_USE type;
+
+		if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type))
+			return WINBINDD_ERROR;
+
+		if ((type != SID_NAME_USER) && (type != SID_NAME_COMPUTER))
+			return WINBINDD_ERROR;
 	}
+	
+	result = idmap_sid_to_uid(&sid, &(state->response.data.uid), 0);
 
-	return WINBINDD_OK;
+	if (NT_STATUS_IS_OK(result))
+		return WINBINDD_OK;
+
+	DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
+	return WINBINDD_ERROR;
 }
 
 /* Convert a sid to a gid.  We assume we only have one rid attached to the
@@ -210,7 +229,7 @@
 enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
 {
 	DOM_SID sid;
-	uint32 flags = 0x0;
+	NTSTATUS result;
 
 	/* Ensure null termination */
 	state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@@ -256,8 +275,7 @@
 			
 			/* But first check and see if we don't already have a mapping */
 			   
-			flags = ID_QUERY_ONLY;
-			if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) )
+			if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), ID_QUERY_ONLY)) )
 				return WINBINDD_OK;
 				
 			/* now fall back to the hard way */
@@ -281,16 +299,38 @@
 
 	}
 	
-	if ( state->request.flags & WBFLAG_QUERY_ONLY ) 
-		flags = ID_QUERY_ONLY;
-		
 	/* Find gid for this sid and return it */
-	if ( !NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) ) {
-		DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
+
+	result = idmap_sid_to_gid(&sid, &(state->response.data.gid),
+				  ID_QUERY_ONLY);
+
+	if (NT_STATUS_IS_OK(result))
+		return WINBINDD_OK;
+
+	if (state->request.flags & WBFLAG_QUERY_ONLY)
 		return WINBINDD_ERROR;
+
+	/* The query-only did not work, allocate a new gid *if* it's a group */
+
+	{
+		fstring dom_name, name;
+		enum SID_NAME_USE type;
+
+		if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type))
+			return WINBINDD_ERROR;
+
+		if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) &&
+		    (type != SID_NAME_WKN_GRP))
+			return WINBINDD_ERROR;
 	}
+	
+	result = idmap_sid_to_gid(&sid, &(state->response.data.gid), 0);
 
-	return WINBINDD_OK;
+	if (NT_STATUS_IS_OK(result))
+		return WINBINDD_OK;
+
+	DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
+	return WINBINDD_ERROR;
 }
 
 /* Convert a uid to a sid */



More information about the samba-cvs mailing list