* pointless (and slow).
*/
- if (strchr(gname,*lp_winbind_separator())) {
+ if (strchr(gname,*lp_winbind_separator()) || lp_winbind_use_default_domain()) {
if ((gptr = (struct group *)getgrnam(gname)) == NULL)
return NULL;
return add_members_to_userlist(list_head, gptr);
NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
POLICY_HND *pol, int num_sids, DOM_SID *sids,
- char ***names, uint32 **types, int *num_names)
+ char ***domains, char ***names, uint32 **types, int *num_names)
{
prs_struct qbuf, rbuf;
LSA_Q_LOOKUP_SIDS q;
(*num_names) = r.mapped_count;
result = NT_STATUS_OK;
+ if (!((*domains) = (char **)talloc(mem_ctx, sizeof(char *) * r.mapped_count))) {
+ DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
if (!((*names) = (char **)talloc(mem_ctx, sizeof(char *) * r.mapped_count))) {
DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
result = NT_STATUS_UNSUCCESSFUL;
}
for (i = 0; i < r.mapped_count; i++) {
- fstring name, dom_name, full_name;
+ fstring name, dom_name;
uint32 dom_idx = t_names.name[i].domain_idx;
/* Translate optimised name through domain index array */
rpcstr_pull_unistr2_fstring(
name, &t_names.uni_name[i]);
- slprintf(full_name, sizeof(full_name) - 1,
- "%s%s%s", dom_name,
- (dom_name[0] && name[0]) ?
- lp_winbind_separator() : "", name);
-
- (*names)[i] = talloc_strdup(mem_ctx, full_name);
+ (*names)[i] = talloc_strdup(mem_ctx, name);
+ (*domains)[i] = talloc_strdup(mem_ctx, dom_name);
(*types)[i] = t_names.name[i].sid_name_use;
+
+ if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) {
+ DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
} else {
(*names)[i] = NULL;
/** Lookup a list of names */
NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, int num_names, const char **names,
+ POLICY_HND *pol, int num_names, const char **dom_names, const char **names,
DOM_SID **sids, uint32 **types, int *num_sids)
{
prs_struct qbuf, rbuf;
/* Marshall data and send request */
- init_q_lookup_names(mem_ctx, &q, pol, num_names, names);
+ init_q_lookup_names(mem_ctx, &q, pol, num_names, dom_names, names);
if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) ||
!rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) {
struct winbindd_request request;
struct winbindd_response response;
- /*
- * Don't do the lookup if the name has no separator.
- */
-
- if (!strchr(name, get_winbind_separator()))
- return False;
-
/* Send off request */
ZERO_STRUCT(request);
fstring pass;
char *p;
- /*
- * Don't do the lookup if the name has no separator.
- */
-
/* Send off request */
ZERO_STRUCT(request);
void *res = NULL;
char *exp;
uint32 t;
- fstring name2, dom2, fullname2;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- /* sigh. Need to fix interface to give us a raw name */
- fstrcpy(fullname2, name);
- fstring_sub(fullname2, "\\", lp_winbind_separator());
- if (!parse_domain_user(fullname2, dom2, name2)) {
- goto done;
- }
-
DEBUG(3,("ads: name_to_sid\n"));
ads = ads_cached_connection(domain);
if (!ads) goto done;
- asprintf(&exp, "(sAMAccountName=%s)", name2);
+ asprintf(&exp, "(sAMAccountName=%s)", name);
rc = ads_search_retry(ads, &res, exp, attrs);
free(exp);
if (!ADS_ERR_OK(rc)) {
}
s = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName");
- *name = talloc_asprintf(mem_ctx, "%s%s%s", domain->name, lp_winbind_separator(), s);
+ *name = talloc_strdup(mem_ctx, s);
*type = ads_atype_map(atype);
status = NT_STATUS_OK;
/* Fill a grent structure from various other information */
-static BOOL fill_grent(struct winbindd_gr *gr, char *gr_name,
- gid_t unix_gid)
+static BOOL fill_grent(struct winbindd_gr *gr, const char *dom_name,
+ const char *gr_name, gid_t unix_gid)
{
+ fstring full_group_name;
/* Fill in uid/gid */
+ fill_domain_username(full_group_name, dom_name, gr_name);
gr->gr_gid = unix_gid;
/* Group name and password */
- safe_strcpy(gr->gr_name, gr_name, sizeof(gr->gr_name) - 1);
+ safe_strcpy(gr->gr_name, full_group_name, sizeof(gr->gr_name) - 1);
safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1);
return True;
struct winbindd_domain *domain;
enum SID_NAME_USE name_type;
uint32 group_rid;
- fstring name_domain, name_group, name;
+ fstring name_domain, name_group;
char *tmp, *gr_mem;
gid_t gid;
int gr_mem_len;
return WINBINDD_ERROR;
}
- snprintf(name, sizeof(name), "%s\\%s", name_domain, name_group);
-
/* Get rid and name type from name */
- if (!winbindd_lookup_sid_by_name(domain, name, &group_sid,
+ if (!winbindd_lookup_sid_by_name(domain, name_domain, name_group, &group_sid,
&name_type)) {
DEBUG(1, ("group %s in domain %s does not exist\n",
name_group, name_domain));
return WINBINDD_ERROR;
}
- if (!fill_grent(&state->response.data.gr,
- state->request.data.groupname, gid) ||
+ if (!fill_grent(&state->response.data.gr, name_domain,
+ name_group, gid) ||
!fill_grent_mem(domain, group_rid, name_type,
&state->response.data.gr.num_gr_mem,
&gr_mem, &gr_mem_len)) {
struct winbindd_domain *domain;
DOM_SID group_sid;
enum SID_NAME_USE name_type;
+ fstring dom_name;
fstring group_name;
uint32 group_rid;
int gr_mem_len;
sid_copy(&group_sid, &domain->sid);
sid_append_rid(&group_sid, group_rid);
- if (!winbindd_lookup_name_by_sid(&group_sid, group_name, &name_type)) {
+ if (!winbindd_lookup_name_by_sid(&group_sid, dom_name, group_name, &name_type)) {
DEBUG(1, ("could not lookup sid\n"));
return WINBINDD_ERROR;
}
- if (strcmp(lp_winbind_separator(),"\\"))
- string_sub(group_name, "\\", lp_winbind_separator(),
- sizeof(fstring));
- strip_domain_name_if_needed(&group_name);
-
if (!((name_type == SID_NAME_ALIAS) ||
(name_type == SID_NAME_DOM_GRP))) {
DEBUG(1, ("name '%s' is not a local or domain group: %d\n",
/* Fill in group structure */
- if (!fill_grent(&state->response.data.gr, group_name,
+ if (!fill_grent(&state->response.data.gr, dom_name, group_name,
state->request.data.gid) ||
!fill_grent_mem(domain, group_rid, name_type,
&state->response.data.gr.num_gr_mem,
struct getent_state *ent;
struct winbindd_gr *group_list = NULL;
int num_groups, group_list_ndx = 0, i, gr_mem_list_len = 0;
- char *sep, *new_extra_data, *gr_mem_list = NULL;
+ char *new_extra_data, *gr_mem_list = NULL;
DEBUG(3, ("[%5d]: getgrent\n", state->pid));
state->response.data.num_entries = 0;
group_list = (struct winbindd_gr *)state->response.extra_data;
- sep = lp_winbind_separator();
if (!(ent = state->getgrent_state))
return WINBINDD_ERROR;
name_list[ent->sam_entry_index].acct_name);
result = fill_grent(&group_list[group_list_ndx],
- domain_group_name, group_gid);
+ ent->domain_name,
+ name_list[ent->sam_entry_index].acct_name,
+ group_gid);
/* Fill in group membership entry */
fstring name;
fill_domain_username(name, domain->name, group_name);
-
/* Append to extra data */
memcpy(&extra_data[extra_data_len], name,
strlen(name));
enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
{
- fstring name_domain, name_user, name;
+ fstring name_domain, name_user;
DOM_SID user_sid;
enum SID_NAME_USE name_type;
uint32 user_rid, num_groups, num_gids;
goto done;
}
- slprintf(name, sizeof(name) - 1, "%s\\%s", name_domain, name_user);
-
/* Get rid and name type from name. The following costs 1 packet */
- if (!winbindd_lookup_sid_by_name(domain, name, &user_sid,
+ if (!winbindd_lookup_sid_by_name(domain, name_domain, name_user, &user_sid,
&name_type)) {
DEBUG(1, ("user '%s' does not exist\n", name_user));
goto done;
struct winbindd_domain *find_domain_from_name(char *domain_name);
struct winbindd_domain *find_domain_from_sid(DOM_SID *sid);
BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain,
+ const char *dom_name,
const char *name, DOM_SID *sid,
enum SID_NAME_USE *type);
BOOL winbindd_lookup_name_by_sid(DOM_SID *sid,
+ fstring dom_name,
fstring name,
enum SID_NAME_USE *type);
void free_getent_state(struct getent_state *state);
BOOL winbindd_param_init(void);
BOOL check_domain_env(char *domain_env, char *domain);
BOOL parse_domain_user(const char *domuser, fstring domain, fstring user);
-void strip_domain_name_if_needed(fstring *name);
void fill_domain_username(fstring name, const char *domain, const char *user);
#endif /* _PROTO_H_ */
DOM_SID *sids = NULL;
uint32 *types = NULL;
int num_sids;
+ const char *domain_name = domain->name;
if (!(mem_ctx = talloc_init_named("name_to_sid[rpc]")))
return NT_STATUS_NO_MEMORY;
if (!(hnd = cm_get_lsa_handle(domain->name)))
return NT_STATUS_UNSUCCESSFUL;
- status = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1, &name,
+ status = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1,
+ &domain_name, &name,
&sids, &types, &num_sids);
/* Return rid and type if lookup successful */
enum SID_NAME_USE *type)
{
CLI_POLICY_HND *hnd;
+ char **domains;
char **names;
uint32 *types;
int num_names;
return NT_STATUS_UNSUCCESSFUL;
status = cli_lsa_lookup_sids(hnd->cli, mem_ctx, &hnd->pol,
- 1, sid, &names, &types,
+ 1, sid, &domains, &names, &types,
&num_names);
if (NT_STATUS_IS_OK(status)) {
*type = types[0];
*name = names[0];
- DEBUG(5,("Mapped sid to %s\n", *name));
- }
+ DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name));
+ /* Parinoia */
+ if (strcasecmp(domain->name, domains[0]) != 0) {
+ DEBUG(1, ("domain name from domain param and PDC lookup return differ! (%s vs %s)\n", domain->name, domains[0]));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
return status;
}
DOM_SID sid, tmp_sid;
uint32 rid;
fstring name;
+ fstring dom_name;
DEBUG(3, ("[%5d]: lookupsid %s\n", state->pid,
state->request.data.sid));
/* Lookup the sid */
- if (!winbindd_lookup_name_by_sid(&sid, name, &type)) {
+ if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) {
return WINBINDD_ERROR;
}
- string_sub(name, "\\", lp_winbind_separator(), sizeof(fstring));
- fstrcpy(state->response.data.name.name, name);
+ fill_domain_username(state->response.data.name.name, dom_name, name);
state->response.data.name.type = type;
return WINBINDD_OK;
enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state)
{
enum SID_NAME_USE type;
- fstring sid_str, name_domain, name_user, name;
+ fstring sid_str, name_domain, name_user;
DOM_SID sid;
struct winbindd_domain *domain;
DEBUG(3, ("[%5d]: lookupname %s\n", state->pid,
if (!parse_domain_user(state->request.data.name, name_domain, name_user))
return WINBINDD_ERROR;
- snprintf(name, sizeof(name), "%s\\%s", name_domain, name_user);
-
if ((domain = find_domain_from_name(name_domain)) == NULL) {
DEBUG(0, ("could not find domain entry for domain %s\n",
name_domain));
}
/* Lookup name from PDC using lsa_lookup_names() */
- if (!winbindd_lookup_sid_by_name(domain, name, &sid, &type)) {
+ if (!winbindd_lookup_sid_by_name(domain, name_domain, name_user, &sid, &type)) {
return WINBINDD_ERROR;
}
/* Fill a pwent structure with information we have obtained */
-static BOOL winbindd_fill_pwent(char *domain_name, char *name,
+static BOOL winbindd_fill_pwent(char *dom_name, char *user_name,
uint32 user_rid, uint32 group_rid,
char *full_name, struct winbindd_pw *pw)
{
extern userdom_struct current_user_info;
- fstring name_domain, name_user;
+ fstring output_username;
pstring homedir;
- if (!pw || !name)
+ if (!pw || !dom_name || !user_name)
return False;
/* Resolve the uid number */
- if (!winbindd_idmap_get_uid_from_rid(domain_name, user_rid,
+ if (!winbindd_idmap_get_uid_from_rid(dom_name, user_rid,
&pw->pw_uid)) {
DEBUG(1, ("error getting user id for rid %d\n", user_rid));
return False;
/* Resolve the gid number */
- if (!winbindd_idmap_get_gid_from_rid(domain_name, group_rid,
+ if (!winbindd_idmap_get_gid_from_rid(dom_name, group_rid,
&pw->pw_gid)) {
DEBUG(1, ("error getting group id for rid %d\n", group_rid));
return False;
}
/* Username */
-
- safe_strcpy(pw->pw_name, name, sizeof(pw->pw_name) - 1);
+
+ fill_domain_username(output_username, dom_name, user_name);
+
+ safe_strcpy(pw->pw_name, output_username, sizeof(pw->pw_name) - 1);
/* Full name (gecos) */
defaults are /tmp for the home directory and /bin/false for
shell. */
- if (!parse_domain_user(name, name_domain, name_user)) {
- DEBUG(1, ("error parsing domain user for %s\n", name_user ));
- return False;
- }
-
/* The substitution of %U and %D in the 'template homedir' is done
by lp_string() calling standard_sub_basic(). */
- fstrcpy(current_user_info.smb_name, name_user);
- fstrcpy(current_user_info.domain, name_domain);
+ fstrcpy(current_user_info.smb_name, user_name);
+ fstrcpy(current_user_info.domain, dom_name);
pstrcpy(homedir, lp_template_homedir());
sizeof(pw->pw_shell) - 1);
/* Password - set to "x" as we can't generate anything useful here.
- Authentication can be done using the pam_ntdom module. */
+ Authentication can be done using the pam_winbind module. */
safe_strcpy(pw->pw_passwd, "x", sizeof(pw->pw_passwd) - 1);
WINBIND_USERINFO user_info;
DOM_SID user_sid;
NTSTATUS status;
- fstring name_domain, name_user, name;
+ fstring name_domain, name_user;
enum SID_NAME_USE name_type;
struct winbindd_domain *domain;
TALLOC_CTX *mem_ctx;
/* Parse domain and username */
if (!parse_domain_user(state->request.data.username, name_domain,
- name_user))
+ name_user))
return WINBINDD_ERROR;
if ((domain = find_domain_from_name(name_domain)) == NULL) {
DEBUG(5, ("no such domain: %s\n", name_domain));
return WINBINDD_ERROR;
}
-
- slprintf(name, sizeof(name) - 1, "%s\\%s", name_domain, name_user);
/* Get rid and name type from name */
- if (!winbindd_lookup_sid_by_name(domain, name, &user_sid, &name_type)) {
+ if (!winbindd_lookup_sid_by_name(domain, name_domain, name_user, &user_sid, &name_type)) {
DEBUG(1, ("user '%s' does not exist\n", name_user));
return WINBINDD_ERROR;
}
from the winbind_lookup_by_name() call and use it in a
winbind_lookup_userinfo() */
- if (!(mem_ctx = talloc_init_named("winbindd_getpwnam(%s)",
- name_user))) {
+ if (!(mem_ctx = talloc_init_named("winbindd_getpwnam([%s]\\[%s])",
+ name_domain, name_user))) {
DEBUG(1, ("out of memory\n"));
return WINBINDD_ERROR;
}
&user_info);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("error getting user info for user '%s'\n",
- name_user));
+ DEBUG(1, ("error getting user info for user '[%s]\\[%s]'\n",
+ name_domain, name_user));
talloc_destroy(mem_ctx);
return WINBINDD_ERROR;
}
/* Now take all this information and fill in a passwd structure */
- if (!winbindd_fill_pwent(name_domain, state->request.data.username,
+ if (!winbindd_fill_pwent(name_domain, name_user,
user_rid, user_info.group_rid,
user_info.full_name,
&state->response.data.pw)) {
DOM_SID user_sid;
struct winbindd_domain *domain;
uint32 user_rid;
+ fstring dom_name;
fstring user_name;
enum SID_NAME_USE name_type;
WINBIND_USERINFO user_info;
sid_copy(&user_sid, &domain->sid);
sid_append_rid(&user_sid, user_rid);
- if (!winbindd_lookup_name_by_sid(&user_sid, user_name, &name_type)) {
+ if (!winbindd_lookup_name_by_sid(&user_sid, dom_name, user_name, &name_type)) {
fstring temp;
sid_to_string(temp, &user_sid);
return WINBINDD_ERROR;
}
- if (strcmp("\\", lp_winbind_separator()))
- string_sub(user_name, "\\", lp_winbind_separator(),
- sizeof(fstring));
- strip_domain_name_if_needed(&user_name);
-
/* Get some user info */
if (!(mem_ctx = talloc_init_named("winbind_getpwuid(%d)",
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("error getting user info for user '%s'\n",
user_name));
+ talloc_destroy(mem_ctx);
return WINBINDD_ERROR;
}
if (!winbindd_idmap_get_gid_from_rid(domain->name, user_info.group_rid, &gid)) {
DEBUG(1, ("error getting group id for user %s\n", user_name));
+ talloc_destroy(mem_ctx);
return WINBINDD_ERROR;
}
if (!winbindd_fill_pwent(domain->name, user_name, user_rid, user_info.group_rid,
user_info.full_name, &state->response.data.pw)) {
+ talloc_destroy(mem_ctx);
return WINBINDD_ERROR;
}
struct getent_state *ent;
struct winbindd_pw *user_list;
int num_users, user_list_ndx = 0, i;
- char *sep;
DEBUG(3, ("[%5d]: getpwent\n", state->pid));
sizeof(struct winbindd_pw));
user_list = (struct winbindd_pw *)state->response.extra_data;
- sep = lp_winbind_separator();
if (!(ent = state->getpwent_state))
return WINBINDD_ERROR;
/* Lookup user info */
- fill_domain_username(domain_user_name, ent->domain_name,
- name_list[ent->sam_entry_index].name);
-
result = winbindd_fill_pwent(
ent->domain_name,
- domain_user_name,
+ name_list[ent->sam_entry_index].name,
name_list[ent->sam_entry_index].user_rid,
name_list[ent->sam_entry_index].group_rid,
name_list[ent->sam_entry_index].gecos,
/* Lookup a sid in a domain from a name */
BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain,
+ const char *dom_name,
const char *name, DOM_SID *sid,
enum SID_NAME_USE *type)
{
*
* @param name On success, set to the name corresponding to @p sid.
*
+ * @param dom_name On success, set to the 'domain name' corresponding to @p sid.
+ *
* @param type On success, contains the type of name: alias, group or
* user.
*
* are set, otherwise False.
**/
BOOL winbindd_lookup_name_by_sid(DOM_SID *sid,
+ fstring dom_name,
fstring name,
enum SID_NAME_USE *type)
{
/* Return name and type if successful */
if ((rv = NT_STATUS_IS_OK(result))) {
+ fstrcpy(dom_name, domain->name);
fstrcpy(name, names);
} else {
*type = SID_NAME_UNKNOWN;
return True;
}
-/*
- Strip domain name if it is same as default domain name and
- winbind use default domain = true
-
- it assumes that name is actually fstring so that memory management
- isn't needed.
-*/
-void strip_domain_name_if_needed(fstring *name)
-{
- if(lp_winbind_use_default_domain()) {
- char *sep = lp_winbind_separator();
- char *new_name = strchr(*name, *sep);
- if(new_name) {
- *new_name = 0;
- if (!strcmp(global_myworkgroup, *name)) {
- new_name++;
- safe_strcpy(*name, new_name, sizeof(fstring));
- } else *new_name = *sep;
- }
- }
-}
-
/*
Fill DOMAIN\\USERNAME entry accounting 'winbind use default domain' and
'winbind separator' options.
********************************************************************/
void init_q_lookup_names(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_NAMES *q_l,
- POLICY_HND *hnd, int num_names, const char **names)
+ POLICY_HND *hnd, int num_names, const char **dom_names, const char **names)
{
int i;
for (i = 0; i < num_names; i++) {
const char *name = names[i];
- int len = strlen(name);
+ const char *dom_name = dom_names[i];
+ char *full_name;
+ int len;
+
+ full_name = talloc_asprintf(mem_ctx, "%s\\%s", dom_name, name);
+ if (!full_name) {
+ DEBUG(0, ("init_q_lookup_names(): out of memory doing talloc_asprintf\n"));
+ return;
+ }
+
+ len = strlen(full_name);
init_uni_hdr(&q_l->hdr_name[i], len);
- init_unistr2(&q_l->uni_name[i], name, len);
+ init_unistr2(&q_l->uni_name[i], full_name, len);
}
}
SAFE_FREE(map);
} else if (sid_equal(sid, &global_sam_sid) && !lp_hide_local_users()) {
- char *sep;
struct sys_grent *glist;
struct sys_grent *grp;
struct passwd *pw;
+ gid_t winbind_gid_low, winbind_gid_high;
- sep = lp_winbind_separator();
+ lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
/* local aliases */
/* we return the UNIX groups here. This seems to be the right */
continue;
/* Don't return winbind groups as they are not local! */
- if (strchr_m(smap.nt_name, *sep) != NULL) {
+ if ((grp->gr_gid >= winbind_gid_low)&&(grp->gr_gid <= winbind_gid_high)) {
DEBUG(10,("get_group_alias_entries: not returing %s, not local.\n", smap.nt_name ));
continue;
}
NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
{
SAM_ACCOUNT *sam_pass=NULL;
- char *sep;
struct sys_grent *glist;
struct sys_grent *grp;
int i, num, cur_rid=0;
fstring str_domsid, str_qsid;
uint32 rid,grid;
uint32 *rids=NULL, *new_rids=NULL;
+ gid_t winbind_gid_low, winbind_gid_high;
BOOL ret;
/*
*prids=NULL;
*numgroups=0;
- sep = lp_winbind_separator();
+ lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
}
/* Don't return winbind groups as they are not local! */
- if (strchr_m(map.nt_name, *sep) != NULL) {
+ if ((grp->gr_gid >= winbind_gid_low) && (grp->gr_gid <= winbind_gid_high)) {
DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
continue;
}
}
/* Don't return winbind groups as they are not local! */
- if (strchr_m(map.nt_name, *sep) != NULL) {
+ if ((gid >= winbind_gid_low) && (gid <= winbind_gid_high)) {
DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
goto done;
}
uint32 grid;
uint32 tmp_rid;
- *numgroups=0;
+ *numgroups= 0;
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
DOM_SID *sids;
uint32 *types;
int num_names, i;
+ fstring name, domain;
if (argc == 1) {
printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
/* Lookup the names */
+ split_domain_name(argv[1], domain, name);
+
result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
- (const char **)&argv[1], &sids,
+ (const char**)&domain, (const char**)&name, &sids,
&types, &num_names);
if (!NT_STATUS_IS_OK(result))
POLICY_HND pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DOM_SID *sids;
+ char **domains;
char **names;
uint32 *types;
int num_names, i;
/* Lookup the SIDs */
result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
- &names, &types, &num_names);
+ &domains, &names, &types, &num_names);
if (!NT_STATUS_IS_OK(result))
goto done;
fstring sid_str;
sid_to_string(sid_str, &sids[i]);
- printf("%s %s (%d)\n", sid_str, names[i] ? names[i] :
- "*unknown*", types[i]);
+ printf("%s [%s]\\[%s] (%d)\n", sid_str,
+ domains[i] ? domains[i] : "*unknown*",
+ names[i] ? names[i] : "*unknown*", types[i]);
}
done:
/* If we are looking up a domain user, make sure it is
for the local machine only */
- if (strchr_m(name, sep[0]) || strchr_m(name, '\\')) {
+ if (strchr_m(name, sep[0]) || strchr_m(name, '\\') || lp_winbind_use_default_domain()) {
fstring domain, username;
split_domain_name(name, domain, username);
/* convert a SID to a string, either numeric or username/group */
static void SidToString(fstring str, DOM_SID *sid)
{
+ char **domains = NULL;
char **names = NULL;
uint32 *types = NULL;
int num_names;
/* Ask LSA to convert the sid to a name */
if (!cacls_open_policy_hnd() ||
- !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, sid, &names,
+ !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx,
+ &pol, 1, sid, &domains, &names,
&types, &num_names)) ||
- !names || !names[0]) {
+ !domains || !domains[0] || !names || !names[0]) {
return;
}
/* Converted OK */
+
+ slprintf(str, sizeof(fstring) - 1, "%s%s%s",
+ domains[0], lp_winbind_separator(),
+ names[0]);
- fstrcpy(str, names[0]);
}
/* convert a string to a SID, either numeric or username/group */
DOM_SID *sids = NULL;
int num_sids;
BOOL result = True;
+ fstring name, domain;
if (strncmp(str, "S-", 2) == 0) {
return string_to_sid(sid, str);
}
+ split_domain_name(str, domain, name);
+
if (!cacls_open_policy_hnd() ||
- !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, &str,
- &sids, &types, &num_sids))) {
+ !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, &pol, 1,
+ (const char **)&domain, (const char **)&name,
+ &sids, &types, &num_sids))) {
result = False;
goto done;
}