+/************************************************************************
+ Routine to look up a remote nt name
+*************************************************************************/
+static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type)
+{
+ struct cli_state cli;
+ POLICY_HND lsa_pol;
+ uint16 fnum_lsa;
+ fstring srv_name;
+
+ BOOL res3 = True;
+ BOOL res4 = True;
+ uint32 num_sids;
+ DOM_SID *sids;
+ uint8 *types;
+ const char *names[1];
+
+ if (!cli_connect_serverlist(&cli, lp_passwordserver()))
+ {
+ return False;
+ }
+
+ names[0] = ntname;
+
+ fstrcpy(srv_name, "\\\\");
+ fstrcat(srv_name, cli.desthost);
+ strupper(srv_name);
+
+ /* open LSARPC session. */
+ res3 = res3 ? cli_nt_session_open(&cli, PIPE_LSARPC, &fnum_lsa) : False;
+
+ /* lookup domain controller; receive a policy handle */
+ res3 = res3 ? lsa_open_policy(&cli, fnum_lsa,
+ srv_name,
+ &lsa_pol, True) : False;
+
+ /* send lsa lookup sids call */
+ res4 = res3 ? lsa_lookup_names(&cli, fnum_lsa,
+ &lsa_pol,
+ 1, names,
+ &sids, &types, &num_sids) : False;
+
+ res3 = res3 ? lsa_close(&cli, fnum_lsa, &lsa_pol) : False;
+
+ cli_nt_session_close(&cli, fnum_lsa);
+
+ if (res4 && res3 && sids != NULL && types != NULL)
+ {
+ sid_copy(sid, &sids[0]);
+ *type = types[0];
+ }
+ else
+ {
+ res3 = False;
+ }
+ if (types != NULL)
+ {
+ free(types);
+ }
+
+ if (sids != NULL)
+ {
+ free(sids);
+ }
+
+ return res3 && res4;
+}
+
+/************************************************************************
+ Routine to look up a remote nt name
+*************************************************************************/
+static BOOL get_sid_and_type(const char *fullntname, uint8 expected_type,
+ DOM_NAME_MAP *gmep)
+{
+ /*
+ * check with the PDC to see if it owns the name. if so,
+ * the SID is resolved with the PDC database.
+ */
+
+ if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+ {
+ if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type))
+ {
+ if (sid_front_equal(&gmep->sid, &global_member_sid) &&
+ strequal(gmep->nt_domain, global_myworkgroup) &&
+ gmep->type == expected_type)
+ {
+ return True;
+ }
+ return False;
+ }
+ }
+
+ /*
+ * ... otherwise, it's one of ours. map the sid ourselves,
+ * which can only happen in our own SAM database.
+ */
+
+ if (!strequal(gmep->nt_domain, global_sam_name))
+ {
+ return False;
+ }
+ if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid))
+ {
+ return False;
+ }
+
+ return True;
+}
+