lib: Introduce winbind_xid_to_sid

This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
index a072166ce1899c693212d9140ddec61051ab3e91..46c95ca3a28cdc86fc08bb17b95147cde8754797 100644 (file)
--- a/source3/lib/winbind_util.c
+++ b/source3/lib/winbind_util.c
@@ -198,6 +198,36 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
        return (result == WBC_ERR_SUCCESS);
 }
 
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
+{
+       struct wbcUnixId wbc_xid;
+       struct wbcDomainSid dom_sid;
+       wbcErr result;
+
+       switch (xid->type) {
+       case ID_TYPE_UID:
+               wbc_xid = (struct wbcUnixId) {
+                       .type = WBC_ID_TYPE_UID, .id.uid = xid->id
+               };
+               break;
+       case ID_TYPE_GID:
+               wbc_xid = (struct wbcUnixId) {
+                       .type = WBC_ID_TYPE_GID, .id.gid = xid->id
+               };
+               break;
+       default:
+               return false;
+       }
+
+       result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
+       if (result != WBC_ERR_SUCCESS) {
+               return false;
+       }
+
+       memcpy(sid, &dom_sid, sizeof(struct dom_sid));
+       return true;
+}
+
 /* Check for a trusted domain */
 
 wbcErr wb_is_trusted_domain(const char *domain)

diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
index c2bf0e02d76cee0d4d77f79b34fe1bb58473b930..5ecda5a7b09e686a475455058d609c30a800ba61 100644 (file)
--- a/source3/lib/winbind_util.h
+++ b/source3/lib/winbind_util.h
@@ -22,6 +22,7 @@
 #define __LIB__WINBIND_UTIL_H__
 
 #include "../librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/idmap.h"
 
 /* needed for wbcErr below */
 #include "nsswitch/libwbclient/wbclient.h"
@@ -38,6 +39,7 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
 bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid);
 bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
 bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid);
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
 struct passwd * winbind_getpwnam(const char * sname);
 struct passwd * winbind_getpwsid(const struct dom_sid *sid);
 wbcErr wb_is_trusted_domain(const char *domain);