svn commit: samba r6788 - in trunk/source/nsswitch: .
vlendec at samba.org
vlendec at samba.org
Sat May 14 18:28:34 GMT 2005
Author: vlendec
Date: 2005-05-14 18:28:33 +0000 (Sat, 14 May 2005)
New Revision: 6788
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6788
Log:
Correct/straighten winbindd_sid_to_gid.
Volker
Modified:
trunk/source/nsswitch/winbindd_sid.c
Changeset:
Modified: trunk/source/nsswitch/winbindd_sid.c
===================================================================
--- trunk/source/nsswitch/winbindd_sid.c 2005-05-14 16:41:53 UTC (rev 6787)
+++ trunk/source/nsswitch/winbindd_sid.c 2005-05-14 18:28:33 UTC (rev 6788)
@@ -153,15 +153,17 @@
DOM_SID sid;
NTSTATUS result;
- if (idmap_proxyonly())
- return WINBINDD_ERROR;
-
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
DEBUG(3, ("[%5lu]: sid to uid %s\n", (unsigned long)state->pid,
state->request.data.sid));
+ if (idmap_proxyonly()) {
+ DEBUG(8, ("IDMAP proxy only\n"));
+ return WINBINDD_ERROR;
+ }
+
if (!string_to_sid(&sid, state->request.data.sid)) {
DEBUG(1, ("Could not get convert sid %s from string\n",
state->request.data.sid));
@@ -173,8 +175,9 @@
result = idmap_sid_to_uid(&sid, &(state->response.data.uid),
ID_QUERY_ONLY|ID_CACHE_ONLY);
- if (NT_STATUS_IS_OK(result))
+ if (NT_STATUS_IS_OK(result)) {
return WINBINDD_OK;
+ }
winbindd_lookupsid_async(state->mem_ctx, &sid,
sid2uid_lookup_sid_recv, state);
@@ -188,12 +191,20 @@
struct winbindd_cli_state *state = private;
struct winbindd_request *request;
- if ((!success) ||
- ((type != SID_NAME_USER) && (type != SID_NAME_COMPUTER))) {
+ if (!success) {
+ DEBUG(5, ("Could not lookup sid %s\n",
+ state->request.data.sid));
state->response.result = WINBINDD_ERROR;
request_finished(state);
return;
}
+
+ if ((type != SID_NAME_USER) && (type != SID_NAME_COMPUTER)) {
+ DEBUG(5, ("SId %s is not a user\n", state->request.data.sid));
+ state->response.result = WINBINDD_ERROR;
+ request_finished(state);
+ return;
+ }
request = TALLOC_ZERO_P(state->mem_ctx, struct winbindd_request);
@@ -288,12 +299,14 @@
/* Convert a sid to a gid. We assume we only have one rid attached to the
sid.*/
-static void winbindd_sid2gid_recv(void *private, BOOL success,
- gid_t gid);
+static void sid2gid_lookup_sid_recv(void *private, BOOL success,
+ const char *dom_name, const char *name,
+ enum SID_NAME_USE type);
enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
{
DOM_SID sid;
+ NTSTATUS result;
/* Ensure null termination */
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
@@ -301,39 +314,72 @@
DEBUG(3, ("[%5lu]: sid to gid %s\n", (unsigned long)state->pid,
state->request.data.sid));
+ if (idmap_proxyonly()) {
+ DEBUG(8, ("IDMAP proxy only\n"));
+ return WINBINDD_ERROR;
+ }
+
if (!string_to_sid(&sid, state->request.data.sid)) {
DEBUG(1, ("Could not get convert sid %s from string\n",
state->request.data.sid));
return WINBINDD_ERROR;
}
- state->response.result = WINBINDD_PENDING;
+ /* Query only the local tdb, everything else might possibly block */
- winbindd_sid2gid_async(state->mem_ctx, &sid, winbindd_sid2gid_recv,
- state);
+ result = idmap_sid_to_gid(&sid, &(state->response.data.gid),
+ ID_QUERY_ONLY|ID_CACHE_ONLY);
- /* winbindd_sid2gid_recv might have been called directly from within
- winbindd_sid2gid_async and might have modified the result */
+ if (NT_STATUS_IS_OK(result)) {
+ return WINBINDD_OK;
+ }
- return state->response.result;
+ winbindd_lookupsid_async(state->mem_ctx, &sid,
+ sid2gid_lookup_sid_recv, state);
+ return WINBINDD_PENDING;
}
-static void winbindd_sid2gid_recv(void *private, BOOL success,
- gid_t gid)
+static void sid2gid_lookup_sid_recv(void *private, BOOL success,
+ const char *dom_name, const char *name,
+ enum SID_NAME_USE type)
{
struct winbindd_cli_state *state = private;
+ struct winbindd_request *request;
if (!success) {
+ DEBUG(5, ("Could not lookup sid %s\n",
+ state->request.data.sid));
state->response.result = WINBINDD_ERROR;
request_finished(state);
+ return;
}
- state->response.result = WINBINDD_OK;
- state->response.data.gid = gid;
- request_finished(state);
+ if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS)) {
+ DEBUG(5, ("SId %s is not a group\n", state->request.data.sid));
+ state->response.result = WINBINDD_ERROR;
+ request_finished(state);
+ return;
+ }
+
+ request = TALLOC_ZERO_P(state->mem_ctx, struct winbindd_request);
+
+ if (request == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ request_finished_cont(state, False);
+ return;
+ }
+
+ request->length = sizeof(*request);
+ request->cmd = WINBINDD_DUAL_SID2GID;
+ fstrcpy(request->data.dual_sid2id.sid, state->request.data.sid);
+ fstrcpy(request->data.dual_sid2id.name, name);
+
+ async_request(state->mem_ctx, idmap_child(),
+ request, &state->response,
+ request_finished_cont, state);
}
-/* Child part of winbindd_sid2gid. We already know for sure it's a user, as
+/* Child part of winbindd_sid2gid. We already know for sure it's a group, as
* well as the user's name */
enum winbindd_result winbindd_dual_sid2gid(struct winbindd_domain *domain,
@@ -431,6 +477,11 @@
DEBUG(3, ("[%5lu]: uid to sid %lu\n", (unsigned long)state->pid,
(unsigned long)state->request.data.uid));
+ if (idmap_proxyonly()) {
+ DEBUG(8, ("IDMAP proxy only\n"));
+ return WINBINDD_ERROR;
+ }
+
status = idmap_uid_to_sid(&sid, state->request.data.uid,
ID_QUERY_ONLY | ID_CACHE_ONLY);
@@ -549,6 +600,11 @@
DEBUG(3, ("[%5lu]: gid to sid %lu\n", (unsigned long)state->pid,
(unsigned long)state->request.data.gid));
+ if (idmap_proxyonly()) {
+ DEBUG(8, ("IDMAP proxy only\n"));
+ return WINBINDD_ERROR;
+ }
+
status = idmap_gid_to_sid(&sid, state->request.data.gid,
ID_QUERY_ONLY | ID_CACHE_ONLY);
More information about the samba-cvs
mailing list