s3: Read uidNumber/gidNumber in pdb_ads_sid_to_id

Question: How shall we allocate those? Something like the rid allocator?

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Mar 15 09:59:55 CET 2011 on sn-devel-104

diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index ba2193b2633606e426dbbed4ba0f5087df1a8324..5afad1cc0f04df625cd98467a186c9bd1e2d7404 100644 (file)
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -2203,46 +2203,62 @@ static bool pdb_ads_sid_to_id(struct pdb_methods *m, const struct dom_sid *sid,
 {
        struct pdb_ads_state *state = talloc_get_type_abort(
                m->private_data, struct pdb_ads_state);
+       const char *attrs[4] = { "objectClass", "samAccountType",
+                                "uidNumber", "gidNumber" };
        struct tldap_message **msg;
-       char *sidstr;
-       uint32_t rid;
+       char *sidstr, *base;
+       uint32_t atype;
        int rc;
+       bool ret = false;
 
-       /*
-        * This is a big, big hack: Just hard-code the rid as uid/gid.
-        */
-
-       sid_peek_rid(sid, &rid);
-
-       sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
+       sidstr = sid_binstring_hex(sid);
        if (sidstr == NULL) {
                return false;
        }
+       base = talloc_asprintf(talloc_tos(), "<SID=%s>", sidstr);
+       SAFE_FREE(sidstr);
 
        rc = pdb_ads_search_fmt(
-               state, state->domaindn, TLDAP_SCOPE_SUB,
-               NULL, 0, 0, talloc_tos(), &msg,
-               "(&(objectsid=%s)(objectclass=user))", sidstr);
-       if ((rc == TLDAP_SUCCESS) && (talloc_array_length(msg) > 0)) {
-               id->uid = rid;
-               *type = SID_NAME_USER;
-               TALLOC_FREE(sidstr);
-               return true;
-       }
+               state, base, TLDAP_SCOPE_BASE,
+               attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &msg,
+               "(objectclass=*)");
+       TALLOC_FREE(base);
 
-       rc = pdb_ads_search_fmt(
-               state, state->domaindn, TLDAP_SCOPE_SUB,
-               NULL, 0, 0, talloc_tos(), &msg,
-               "(&(objectsid=%s)(objectclass=group))", sidstr);
-       if ((rc == TLDAP_SUCCESS) && (talloc_array_length(msg) > 0)) {
-               id->gid = rid;
+       if (rc != TLDAP_SUCCESS) {
+               DEBUG(10, ("pdb_ads_search_fmt failed: %s\n",
+                          tldap_errstr(talloc_tos(), state->ld, rc)));
+               return false;
+       }
+       if (talloc_array_length(msg) != 1) {
+               DEBUG(10, ("Got %d objects, expected 1\n",
+                          talloc_array_length(msg)));
+               goto fail;
+       }
+       if (!tldap_pull_uint32(msg[0], "samAccountType", &atype)) {
+               DEBUG(10, ("samAccountType not found\n"));
+               goto fail;
+       }
+       if (atype == ATYPE_ACCOUNT) {
+               uint32_t uid;
+               *type = SID_NAME_USER;
+               if (!tldap_pull_uint32(msg[0], "uidNumber", &uid)) {
+                       DEBUG(10, ("Did not find uidNumber\n"));
+                       goto fail;
+               }
+               id->uid = uid;
+       } else {
+               uint32_t gid;
                *type = SID_NAME_DOM_GRP;
-               TALLOC_FREE(sidstr);
-               return true;
+               if (!tldap_pull_uint32(msg[0], "gidNumber", &gid)) {
+                       DEBUG(10, ("Did not find gidNumber\n"));
+                       goto fail;
+               }
+               id->gid = gid;
        }
-
-       TALLOC_FREE(sidstr);
-       return false;
+       ret = true;
+fail:
+       TALLOC_FREE(msg);
+       return ret;
 }
 
 static uint32_t pdb_ads_capabilities(struct pdb_methods *m)