2 Unix SMB/CIFS implementation.
4 mapping routines for SID <-> unix uid/gid
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 private context for sid mapping routines
28 struct sidmap_context {
33 open a sidmap context - use talloc_free to close
35 struct sidmap_context *sidmap_open(TALLOC_CTX *mem_ctx)
37 struct sidmap_context *sidmap;
38 sidmap = talloc_p(mem_ctx, struct sidmap_context);
42 sidmap->samctx = samdb_connect(sidmap);
43 if (sidmap->samctx == NULL) {
52 map a sid to a unix uid
54 NTSTATUS sidmap_sid_to_unixuid(struct sidmap_context *sidmap,
55 struct dom_sid *sid, uid_t *uid)
57 const char *attrs[] = { "sAMAccountName", "unixID",
58 "unixName", "sAMAccountType", NULL };
62 struct ldb_message **res;
66 ctx = talloc(sidmap, 0);
67 sidstr = dom_sid_string(ctx, sid);
70 return NT_STATUS_NO_MEMORY;
73 ret = samdb_search(sidmap->samctx, ctx, NULL, &res, attrs,
74 "objectSid=%s", sidstr);
76 DEBUG(0,("sid_to_unixuid: unable to find sam record for sid %s\n", sidstr));
78 return NT_STATUS_ACCESS_DENIED;
81 /* make sure its a user, not a group */
82 atype = samdb_result_uint(res[0], "sAMAccountType", 0);
83 if (atype && (!(atype & ATYPE_ACCOUNT))) {
84 DEBUG(0,("sid_to_unixuid: sid %s is not an account!\n", sidstr));
86 return NT_STATUS_ACCESS_DENIED;
89 /* first try to get the uid directly */
90 s = samdb_result_string(res[0], "unixID", NULL);
92 *uid = strtoul(s, NULL, 0);
97 /* next try via the UnixName attribute */
98 s = samdb_result_string(res[0], "unixName", NULL);
100 struct passwd *pwd = getpwnam(s);
102 DEBUG(0,("unixName %s for sid %s does not exist as a local user\n", s, sidstr));
104 return NT_STATUS_ACCESS_DENIED;
111 /* finally try via the sAMAccountName attribute */
112 s = samdb_result_string(res[0], "sAMAccountName", NULL);
114 struct passwd *pwd = getpwnam(s);
116 DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local user\n", s, sidstr));
118 return NT_STATUS_ACCESS_DENIED;
125 DEBUG(0,("sid_to_unixuid: no unixID, unixName or sAMAccountName for sid %s\n", sidstr));
128 return NT_STATUS_ACCESS_DENIED;
133 map a sid to a unix gid
135 NTSTATUS sidmap_sid_to_unixgid(struct sidmap_context *sidmap,
136 struct dom_sid *sid, gid_t *gid)
138 const char *attrs[] = { "sAMAccountName", "unixID",
139 "unixName", "sAMAccountType", NULL };
143 struct ldb_message **res;
147 ctx = talloc(sidmap, 0);
148 sidstr = dom_sid_string(ctx, sid);
149 if (sidstr == NULL) {
151 return NT_STATUS_NO_MEMORY;
154 ret = samdb_search(sidmap->samctx, ctx, NULL, &res, attrs,
155 "objectSid=%s", sidstr);
157 DEBUG(0,("sid_to_unixgid: unable to find sam record for sid %s\n", sidstr));
159 return NT_STATUS_ACCESS_DENIED;
162 /* make sure its not a user */
163 atype = samdb_result_uint(res[0], "sAMAccountType", 0);
164 if (atype && atype == ATYPE_NORMAL_ACCOUNT) {
165 DEBUG(0,("sid_to_unixgid: sid %s is a ATYPE_NORMAL_ACCOUNT\n", sidstr));
167 return NT_STATUS_ACCESS_DENIED;
170 /* first try to get the gid directly */
171 s = samdb_result_string(res[0], "unixID", NULL);
173 *gid = strtoul(s, NULL, 0);
178 /* next try via the UnixName attribute */
179 s = samdb_result_string(res[0], "unixName", NULL);
181 struct group *grp = getgrnam(s);
183 DEBUG(0,("unixName '%s' for sid %s does not exist as a local group\n",
186 return NT_STATUS_ACCESS_DENIED;
193 /* finally try via the sAMAccountName attribute */
194 s = samdb_result_string(res[0], "sAMAccountName", NULL);
196 struct group *grp = getgrnam(s);
198 DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local group\n", s, sidstr));
200 return NT_STATUS_ACCESS_DENIED;
207 DEBUG(0,("sid_to_unixgid: no unixID, unixName or sAMAccountName for sid %s\n",
211 return NT_STATUS_ACCESS_DENIED;