-
/*
- * Unix SMB/Netbios implementation.
- * Version 1.9.
+ * Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-1998
* Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
*/
#include "includes.h"
-#include "nterr.h"
-extern int DEBUGLEVEL;
-extern DOM_SID global_machine_sid;
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_RPC_SRV
/*
* A list of the rids of well known BUILTIN and Domain users
{ 0 , NULL }
};
-/**************************************************************************
- Check if a name matches any of the well known SID values.
-***************************************************************************/
-
-BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
-{
- rid_name *rnp;
- int i;
-
- for( i = 0; builtin_alias_rids[i].name != NULL; i++) {
- rnp = &builtin_alias_rids[i];
- if(strequal(rnp->name, windows_name)) {
- string_to_sid( psid, "S-1-5-32" );
- ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
- psid->sub_auths[psid->num_auths++] = rnp->rid;
- return True;
- }
- }
-
- for( i = 0; domain_user_rids[i].name != NULL; i++ ) {
- rnp = &domain_user_rids[i];
- if(strequal(rnp->name, windows_name)) {
- *psid = global_machine_sid;
- ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
- psid->sub_auths[psid->num_auths++] = rnp->rid;
- return True;
- }
- }
-
- for( i = 0; domain_group_rids[i].name != NULL; i++ ) {
- rnp = &domain_group_rids[i];
- if(strequal(rnp->name, windows_name)) {
- *psid = global_machine_sid;
- ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
- psid->sub_auths[psid->num_auths++] = rnp->rid;
- return True;
- }
- }
-
- return False;
-}
-
-int make_dom_gids(char *gids_str, DOM_GID **ppgids)
-{
- char *ptr;
- pstring s2;
- int count;
- DOM_GID *gids;
-
- *ppgids = NULL;
-
- DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
- if (gids_str == NULL || *gids_str == 0)
- return 0;
-
- for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++)
- ;
-
- gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
- if(!gids)
- {
- DEBUG(0,("make_dom_gids: malloc fail !\n"));
- return 0;
- }
-
- for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) &&
- count < LSA_MAX_GROUPS; count++)
- {
- /* the entries are of the form GID/ATTR, ATTR being optional.*/
- char *attr;
- uint32 rid = 0;
- int i;
-
- attr = strchr(s2,'/');
- if (attr)
- *attr++ = 0;
-
- if (!attr || !*attr)
- attr = "7"; /* default value for attribute is 7 */
-
- /* look up the RID string and see if we can turn it into a rid number */
- for (i = 0; builtin_alias_rids[i].name != NULL; i++)
- {
- if (strequal(builtin_alias_rids[i].name, s2))
- {
- rid = builtin_alias_rids[i].rid;
- break;
- }
- }
-
- if (rid == 0)
- rid = atoi(s2);
-
- if (rid == 0)
- {
- DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
- count--;
- }
- else
- {
- gids[count].g_rid = rid;
- gids[count].attr = atoi(attr);
-
- DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
- }
- }
-
- *ppgids = gids;
- return count;
-}
-
/*******************************************************************
- turns a DCE/RPC request into a DCE/RPC reply
-
- this is where the data really should be split up into an array of
- headers and data sections.
-
+ gets a domain user's groups
********************************************************************/
-BOOL create_rpc_reply(pipes_struct *p,
- uint32 data_start, uint32 data_end)
+NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
{
- DEBUG(5,("create_rpc_reply: data_start: %d data_end: %d max_tsize: %d\n",
- data_start, data_end, p->hdr_ba.bba.max_tsize));
-
- mem_buf_init(&(p->rhdr.data), 0);
- mem_alloc_data(p->rhdr.data, 0x18);
-
- p->rhdr.align = 4;
- p->rhdr.io = False;
-
- p->hdr_resp.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
- p->hdr.pkt_type = RPC_RESPONSE; /* mark header as an rpc response */
-
- /* set up rpc header (fragmentation issues) */
- if (data_start == 0)
- {
- p->hdr.flags = RPC_FLG_FIRST;
- }
- else
- {
- p->hdr.flags = 0;
+ SAM_ACCOUNT *sam_pass=NULL;
+ int i, cur_rid=0;
+ gid_t gid;
+ gid_t *groups = NULL;
+ int num_groups;
+ GROUP_MAP map;
+ DOM_SID tmp_sid;
+ fstring user_name;
+ fstring str_domsid, str_qsid;
+ uint32 rid,grid;
+ uint32 *rids=NULL, *new_rids=NULL;
+ gid_t winbind_gid_low, winbind_gid_high;
+ BOOL ret;
+ BOOL winbind_groups_exist;
+
+ /*
+ * this code is far from perfect.
+ * first it enumerates the full /etc/group and that can be slow.
+ * second, it works only with users' SIDs
+ * whereas the day we support nested groups, it will have to
+ * support both users's SIDs and domain groups' SIDs
+ *
+ * having our own ldap backend would be so much faster !
+ * we're far from that, but hope one day ;-) JFM.
+ */
+
+ *prids=NULL;
+ *numgroups=0;
+
+ winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
+
+
+ DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
+ sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
+
+ pdb_init_sam(&sam_pass);
+ become_root();
+ ret = pdb_getsampwsid(sam_pass, q_sid);
+ unbecome_root();
+ if (ret == False) {
+ pdb_free_sam(&sam_pass);
+ return NT_STATUS_NO_SUCH_USER;
}
- if (p->hdr_resp.alloc_hint + 0x18 <= p->hdr_ba.bba.max_tsize)
- {
- p->hdr.flags |= RPC_FLG_LAST;
- p->hdr.frag_len = p->hdr_resp.alloc_hint + 0x18;
- }
- else
- {
- p->hdr.frag_len = p->hdr_ba.bba.max_tsize;
+ fstrcpy(user_name, pdb_get_username(sam_pass));
+ grid=pdb_get_group_rid(sam_pass);
+ gid=pdb_get_gid(sam_pass);
+
+ become_root();
+ /* on some systems this must run as root */
+ num_groups = getgroups_user(user_name, &groups);
+ unbecome_root();
+ if (num_groups == -1) {
+ /* this should never happen */
+ DEBUG(2,("get_alias_user_groups: getgroups_user failed\n"));
+ pdb_free_sam(&sam_pass);
+ return NT_STATUS_UNSUCCESSFUL;
}
- p->rhdr.data->offset.start = 0;
- p->rhdr.data->offset.end = 0x18;
-
- /* store the header in the data stream */
- p->rhdr.offset = 0;
- smb_io_rpc_hdr ("hdr", &(p->hdr ), &(p->rhdr), 0);
- smb_io_rpc_hdr_resp("resp", &(p->hdr_resp), &(p->rhdr), 0);
-
- return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
-}
-
+ for (i=0;i<num_groups;i++) {
+ if(!get_group_from_gid(groups[i], &map, MAPPING_WITHOUT_PRIV)) {
+ DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
+ continue;
+ }
+
+ /* if it's not an alias, continue */
+ if (map.sid_name_use!=SID_NAME_ALIAS) {
+ DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+ continue;
+ }
-/*******************************************************************
- receives a netlogon pipe and responds.
- ********************************************************************/
-static BOOL api_rpc_command(pipes_struct *p,
- char *rpc_name, struct api_struct *api_rpc_cmds,
- prs_struct *data)
-{
- int fn_num;
- DEBUG(4,("api_rpc_command: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
+ sid_copy(&tmp_sid, &map.sid);
+ sid_split_rid(&tmp_sid, &rid);
+
+ /* if the sid is not in the correct domain, continue */
+ if (!sid_equal(&tmp_sid, sid)) {
+ DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+ continue;
+ }
- for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++)
- {
- if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL)
- {
- DEBUG(3,("api_rpc_command: %s\n", api_rpc_cmds[fn_num].name));
- break;
+ /* Don't return winbind groups as they are not local! */
+ if (winbind_groups_exist && (groups[i] >= winbind_gid_low) && (groups[i] <= winbind_gid_high)) {
+ DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
+ continue;
}
- }
- if (api_rpc_cmds[fn_num].name == NULL)
- {
- DEBUG(4, ("unknown\n"));
- return False;
+ /* Don't return user private groups... */
+ if (Get_Pwnam(map.nt_name) != 0) {
+ DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
+ continue;
+ }
+
+ new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
+ if (new_rids==NULL) {
+ DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+ pdb_free_sam(&sam_pass);
+ free(groups);
+ return NT_STATUS_NO_MEMORY;
+ }
+ rids=new_rids;
+
+ sid_peek_rid(&map.sid, &(rids[cur_rid]));
+ cur_rid++;
+ break;
}
- /* start off with 1024 bytes, and a large safety margin too */
- mem_buf_init(&(p->rdata.data), SAFETY_MARGIN);
- mem_alloc_data(p->rdata.data, 1024);
-
- p->rdata.io = False;
- p->rdata.align = 4;
+ free(groups);
- p->rdata.data->offset.start = 0;
- p->rdata.data->offset.end = 0xffffffff;
+ /* now check for the user's gid (the primary group rid) */
+ for (i=0; i<cur_rid && grid!=rids[i]; i++)
+ ;
- /* do the actual command */
- p->rdata.offset = 0;
- api_rpc_cmds[fn_num].fn(p->uid, data, &(p->rdata));
-
- if (p->rdata.data == NULL || p->rdata.offset == 0)
- {
- mem_free_data(p->rdata.data);
- return False;
+ /* the user's gid is already there */
+ if (i!=cur_rid) {
+ DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n"));
+ goto done;
}
- mem_realloc_data(p->rdata.data, p->rdata.offset);
+ DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
- DEBUG(10,("called %s\n", rpc_name));
+ if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+ DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
+ goto done;
+ }
- return True;
-}
+ /* the primary group isn't an alias */
+ if (map.sid_name_use!=SID_NAME_ALIAS) {
+ DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+ goto done;
+ }
+ sid_copy(&tmp_sid, &map.sid);
+ sid_split_rid(&tmp_sid, &rid);
-/*******************************************************************
- receives a netlogon pipe and responds.
- ********************************************************************/
-BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds,
- prs_struct *data)
-{
- if (data == NULL || data->data == NULL)
- {
- DEBUG(2,("%s: NULL data received\n", rpc_name));
- return False;
+ /* if the sid is not in the correct domain, continue */
+ if (!sid_equal(&tmp_sid, sid)) {
+ DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+ goto done;
}
- /* read the rpc header */
- smb_io_rpc_hdr_req("req", &(p->hdr_req), data, 0);
+ /* Don't return winbind groups as they are not local! */
+ if (winbind_groups_exist && (gid >= winbind_gid_low) && (gid <= winbind_gid_high)) {
+ DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
+ goto done;
+ }
- /* interpret the command */
- if (!api_rpc_command(p, rpc_name, api_rpc_cmds, data))
- {
- return False;
+ /* Don't return user private groups... */
+ if (Get_Pwnam(map.nt_name) != 0) {
+ DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
+ goto done;
}
- /* create the rpc header */
- if (!create_rpc_reply(p, 0, p->rdata.offset))
- {
- return False;
+ new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
+ if (new_rids==NULL) {
+ DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+ pdb_free_sam(&sam_pass);
+ return NT_STATUS_NO_MEMORY;
}
+ rids=new_rids;
- p->frag_len_left = p->hdr.frag_len - p->file_offset;
- p->next_frag_start = p->hdr.frag_len;
-
- /* set up the data chain */
- p->rhdr.data->offset.start = 0;
- p->rhdr.data->offset.end = p->rhdr.offset;
- p->rhdr.data->next = p->rdata.data;
+ sid_peek_rid(&map.sid, &(rids[cur_rid]));
+ cur_rid++;
- p->rdata.data->offset.start = p->rhdr.data->offset.end;
- p->rdata.data->offset.end = p->rhdr.data->offset.end + p->rdata.offset;
- p->rdata.data->next = NULL;
+done:
+ *prids=rids;
+ *numgroups=cur_rid;
+ pdb_free_sam(&sam_pass);
- return True;
+ return NT_STATUS_OK;
}
/*******************************************************************
gets a domain user's groups
********************************************************************/
-void get_domain_user_groups(char *domain_groups, char *user)
+BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
{
- pstring tmp;
+ GROUP_MAP *map=NULL;
+ int i, num, num_entries, cur_gid=0;
+ struct group *grp;
+ DOM_GID *gids;
+ fstring user_name;
+ uint32 grid;
+ uint32 tmp_rid;
- if (domain_groups == NULL || user == NULL) return;
+ *numgroups= 0;
- /* any additional groups this user is in. e.g power users */
- pstrcpy(domain_groups, lp_domain_groups());
+ fstrcpy(user_name, pdb_get_username(sam_pass));
+ grid=pdb_get_group_rid(sam_pass);
- /* can only be a user or a guest. cannot be guest _and_ admin */
- if (user_in_list(user, lp_domain_guest_group()))
- {
- slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
- pstrcat(domain_groups, tmp);
+ DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
- DEBUG(3,("domain guest group access %s granted\n", tmp));
- }
- else
- {
- slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
- pstrcat(domain_groups, tmp);
+ /* first get the list of the domain groups */
+ if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+ return False;
+ DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
+
+ /*
+ * alloc memory. In the worse case, we alloc memory for nothing.
+ * but I prefer to alloc for nothing
+ * than reallocing everytime.
+ */
+ gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * num_entries);
+
+ /* for each group, check if the user is a member of*/
+ for(i=0; i<num_entries; i++) {
+ if ((grp=getgrgid(map[i].gid)) == NULL) {
+ /* very weird !!! */
+ DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
+ continue;
+ }
- DEBUG(3,("domain group access %s granted\n", tmp));
+ for(num=0; grp->gr_mem[num]!=NULL; num++) {
+ if(strcmp(grp->gr_mem[num], user_name)==0) {
+ /* we found the user, add the group to the list */
+ sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
+ gids[cur_gid].attr=7;
+ DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
+ cur_gid++;
+ break;
+ }
+ }
+ }
- if (user_in_list(user, lp_domain_admin_group()))
- {
- slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
- pstrcat(domain_groups, tmp);
+ /* we have checked the groups */
+ /* we must now check the gid of the user or the primary group rid, that's the same */
+ for (i=0; i<cur_gid && grid!=gids[i].g_rid; i++)
+ ;
+
+ /* the user's gid is already there */
+ if (i!=cur_gid) {
+ /*
+ * the primary group of the user but be the first one in the list
+ * don't ask ! JFM.
+ */
+ gids[i].g_rid=gids[0].g_rid;
+ gids[0].g_rid=grid;
+ goto done;
+ }
- DEBUG(3,("domain admin group access %s granted\n", tmp));
+ for(i=0; i<num_entries; i++) {
+ sid_peek_rid(&map[i].sid, &tmp_rid);
+ if (tmp_rid==grid) {
+ /*
+ * the primary group of the user but be the first one in the list
+ * don't ask ! JFM.
+ */
+ gids[cur_gid].g_rid=gids[0].g_rid;
+ gids[0].g_rid=tmp_rid;
+ gids[cur_gid].attr=7;
+ DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
+ cur_gid++;
+ goto done; /* leave the loop early */
}
}
-}
+ DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
+ DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
+
+ done:
+ *pgids=gids;
+ *numgroups=cur_gid;
+ safe_free(map);
+
+ return True;
+}
/*******************************************************************
- lookup_group_name
+ Look up a local (domain) rid and return a name and type.
********************************************************************/
-uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
+NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)
{
int i = 0;
(*type) = SID_NAME_DOM_GRP;
{
fstrcpy(group_name, domain_group_rids[i].name);
DEBUG(5,(" = %s\n", group_name));
- return 0x0;
+ return NT_STATUS_OK;
}
DEBUG(5,(" none mapped\n"));
- return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ return NT_STATUS_NONE_MAPPED;
}
/*******************************************************************
- lookup_alias_name
+ Look up a local alias rid and return a name and type.
********************************************************************/
-uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
+NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
{
int i = 0;
(*type) = SID_NAME_WKN_GRP;
{
fstrcpy(alias_name, builtin_alias_rids[i].name);
DEBUG(5,(" = %s\n", alias_name));
- return 0x0;
+ return NT_STATUS_OK;
}
DEBUG(5,(" none mapped\n"));
- return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ return NT_STATUS_NONE_MAPPED;
}
+
+#if 0 /*Nobody uses this function just now*/
/*******************************************************************
- lookup_user_name
+ Look up a local user rid and return a name and type.
********************************************************************/
-uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
+NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
{
- struct sam_disp_info *disp_info;
+ SAM_ACCOUNT *sampwd=NULL;
int i = 0;
+ BOOL ret;
+
(*type) = SID_NAME_USER;
DEBUG(5,("lookup_user_name: rid: %d", rid));
i++;
}
- if (domain_user_rids[i].rid != 0)
- {
+ if (domain_user_rids[i].rid != 0) {
fstrcpy(user_name, domain_user_rids[i].name);
DEBUG(5,(" = %s\n", user_name));
- return 0x0;
+ return NT_STATUS_OK;
}
+ pdb_init_sam(&sampwd);
+
/* ok, it's a user. find the user account */
- become_root(True);
- disp_info = getsamdisprid(rid);
- unbecome_root(True);
+ become_root();
+ ret = pdb_getsampwrid(sampwd, rid);
+ unbecome_root();
- if (disp_info != NULL)
- {
- fstrcpy(user_name, disp_info->smb_name);
+ if (ret == True) {
+ fstrcpy(user_name, pdb_get_username(sampwd) );
DEBUG(5,(" = %s\n", user_name));
- return 0x0;
+ pdb_free_sam(&sampwd);
+ return NT_STATUS_OK;
}
DEBUG(5,(" none mapped\n"));
- return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ pdb_free_sam(&sampwd);
+ return NT_STATUS_NONE_MAPPED;
}
+#endif
+
/*******************************************************************
- lookup_group_rid
+ Look up a local (domain) group name and return a rid
********************************************************************/
-uint32 lookup_group_rid(char *group_name, uint32 *rid)
+NTSTATUS local_lookup_group_rid(char *group_name, uint32 *rid)
{
- char *grp_name;
+ const char *grp_name;
int i = -1; /* start do loop at -1 */
do /* find, if it exists, a group rid for the group name*/
} while (grp_name != NULL && !strequal(grp_name, group_name));
- return (grp_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ return (grp_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
}
/*******************************************************************
- lookup_alias_rid
+ Look up a local (BUILTIN) alias name and return a rid
********************************************************************/
-uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
+NTSTATUS local_lookup_alias_rid(const char *alias_name, uint32 *rid)
{
- char *als_name;
+ const char *als_name;
int i = -1; /* start do loop at -1 */
do /* find, if it exists, a alias rid for the alias name*/
} while (als_name != NULL && !strequal(als_name, alias_name));
- return (als_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ return (als_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
}
/*******************************************************************
- lookup_user_rid
+ Look up a local user name and return a rid
********************************************************************/
-uint32 lookup_user_rid(char *user_name, uint32 *rid)
+NTSTATUS local_lookup_user_rid(char *user_name, uint32 *rid)
{
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass=NULL;
+ BOOL ret;
+
(*rid) = 0;
- /* find the user account */
- become_root(True);
- smb_pass = getsmbpwnam(user_name);
- unbecome_root(True);
+ pdb_init_sam(&sampass);
- if (smb_pass != NULL)
- {
- /* lkclXXXX SHOULD use name_to_rid() here! */
- (*rid) = smb_pass->smb_userid;
- return 0x0;
+ /* find the user account */
+ become_root();
+ ret = pdb_getsampwnam(sampass, user_name);
+ unbecome_root();
+
+ if (ret == True) {
+ (*rid) = pdb_get_user_rid(sampass);
+ pdb_free_sam(&sampass);
+ return NT_STATUS_OK;
}
- return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ pdb_free_sam(&sampass);
+ return NT_STATUS_NONE_MAPPED;
}