s3:winbindd: add idmap_find_domain_with_sid()

This will return the passdb domain if the given sid is in our sam or builtin
or is the domain sid of those domains. Otherwise it returns the idmap domain
that results from the idmap configuration.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 07295e757a627728e330b75bc2d11381358ae3c7..065b7e67dbb820a9d4e8d5572db9d6e949872923 100644 (file)
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -422,6 +422,22 @@ struct idmap_domain *idmap_find_domain(const char *domname)
        return result;
 }
 
+struct idmap_domain *idmap_find_domain_with_sid(const char *domname,
+                                               const struct dom_sid *sid)
+{
+       idmap_init();
+
+       if (sid_check_is_in_builtin(sid) ||
+           sid_check_is_builtin(sid) ||
+           sid_check_is_in_our_sam(sid) ||
+           sid_check_is_our_sam(sid))
+       {
+               return idmap_passdb_domain(NULL);
+       }
+
+       return idmap_find_domain(domname);
+}
+
 void idmap_close(void)
 {
        TALLOC_FREE(default_idmap_domain);

diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 4e5fb7389cc49de193b18bfee01f5131492f6257..5952bf96bc4af51936a768299d67c4a9608c2b39 100644 (file)
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -317,6 +317,8 @@ NTSTATUS winbindd_print_groupmembers(struct talloc_dict *members,
 void init_idmap_child(void);
 struct winbindd_child *idmap_child(void);
 struct idmap_domain *idmap_find_domain(const char *domname);
+struct idmap_domain *idmap_find_domain_with_sid(const char *domname,
+                                               const struct dom_sid *sid);
 
 /* The following definitions come from winbindd/winbindd_locator.c  */