winbindd: pass domain SID to wbint_UnixIDs2Sids

author Ralph Boehme <slow@samba.org>

Mon, 25 Sep 2017 13:39:39 +0000 (15:39 +0200)

committer Ralph Boehme <slow@samba.org>

Tue, 10 Oct 2017 13:51:27 +0000 (15:51 +0200)
author Ralph Boehme <slow@samba.org>
Mon, 25 Sep 2017 13:39:39 +0000 (15:39 +0200)
committer Ralph Boehme <slow@samba.org>
Tue, 10 Oct 2017 13:51:27 +0000 (15:51 +0200)
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl

index 737d66abe701f757ba934358a61a56b23b051c77..f5e3507bff528dfd21a3e46c4abb77320f0336a0 100644 (file)
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -58,6 +58,7 @@ interface winbind
  
      NTSTATUS wbint_UnixIDs2Sids(
         [in,string,charset(UTF8)] char *domain_name,
+       [in] dom_sid domain_sid,
         [in] uint32 num_ids,
         [in,out] unixid xids[num_ids],
         [out] dom_sid sids[num_ids]
diff --git a/source3/include/idmap.h b/source3/include/idmap.h

index 75d2e45b17429d4bad511ddadd4cfa8baf85fdbe..8d80643e6e91ac81ba9c617aab996e4aa61c7b57 100644 (file)
--- a/source3/include/idmap.h
+++ b/source3/include/idmap.h
@@ -37,6 +37,11 @@ struct wbint_userinfo;
  
  struct idmap_domain {
         const char *name;
+       /*
+        * dom_sid is currently only initialized in the unixids_to_sids request,
+        * so don't rely on this being filled out everywhere!
+        */
+       struct dom_sid dom_sid;
         struct idmap_methods *methods;
         NTSTATUS (*query_user)(struct idmap_domain *domain,
                                struct wbint_userinfo *info);
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c

index 6e70b44c425f65caecd0f14da0b90a43717ab0dc..bfac7f86432d3bc16f2517fbc01d3fc7c7419d3f 100644 (file)
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -600,7 +600,8 @@ NTSTATUS idmap_allocate_gid(struct unixid *id)
  }
  
  NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps,
-                                      const char *domain_name)
+                                      const char *domain_name,
+                                      struct dom_sid domain_sid)
  {
         struct idmap_domain *dom = NULL;
         NTSTATUS status;
@@ -621,6 +622,7 @@ NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps,
                 return NT_STATUS_NONE_MAPPED;
         }
  
+       dom->dom_sid = domain_sid;
         status = dom->methods->unixids_to_sids(dom, maps);
  
         DBG_DEBUG("unixid_to_sids for domain %s returned %s\n",
diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h

index f4fc2c22739cad3ccfda0dc3391df516da8b264f..a36d6c2f5bbcbcadaa8d5eb777663cbceddac216 100644 (file)
--- a/source3/winbindd/idmap_proto.h
+++ b/source3/winbindd/idmap_proto.h
@@ -34,7 +34,8 @@ void idmap_close(void);
  NTSTATUS idmap_allocate_uid(struct unixid *id);
  NTSTATUS idmap_allocate_gid(struct unixid *id);
  NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps,
-                                      const char *domain_name);
+                                      const char *domain_name,
+                                      struct dom_sid domain_sid);
  struct idmap_domain *idmap_find_domain(const char *domname);
  
  /* The following definitions come from winbindd/idmap_nss.c  */
diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c

index 8850e63c8b406a7f7e8f37d4811d312733c648b5..a2a4493bde80a4038822ebae3066b765f0851290 100644 (file)
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -306,7 +306,7 @@ static struct tevent_req *wb_xids2sids_dom_send(
  
         child = idmap_child();
         subreq = dcerpc_wbint_UnixIDs2Sids_send(
-               state, ev, child->binding_handle, dom_map->name,
+               state, ev, child->binding_handle, dom_map->name, dom_map->sid,
                 state->num_dom_xids, state->dom_xids, state->dom_sids);
         if (tevent_req_nomem(subreq, req)) {
                 return tevent_req_post(req, ev);
@@ -409,7 +409,8 @@ static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq)
         child = idmap_child();
         subreq = dcerpc_wbint_UnixIDs2Sids_send(
                 state, state->ev, child->binding_handle, state->dom_map->name,
-               state->num_dom_xids, state->dom_xids, state->dom_sids);
+               state->dom_map->sid, state->num_dom_xids,
+               state->dom_xids, state->dom_sids);
         if (tevent_req_nomem(subreq, req)) {
                 return;
         }
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c

index f79915c7e692fb74e82c27046231481e5b160b20..9fb15e9b0ab28c72f8418afd3beb1d450782a626 100644 (file)
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -230,7 +230,8 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p,
                 maps[i]->xid = r->in.xids[i];
         }
  
-       status = idmap_backend_unixids_to_sids(maps, r->in.domain_name);
+       status = idmap_backend_unixids_to_sids(maps, r->in.domain_name,
+                                              r->in.domain_sid);
         if (!NT_STATUS_IS_OK(status)) {
                 TALLOC_FREE(maps);
                 return status;
author	Ralph Boehme <slow@samba.org>
	Mon, 25 Sep 2017 13:39:39 +0000 (15:39 +0200)
committer	Ralph Boehme <slow@samba.org>
	Tue, 10 Oct 2017 13:51:27 +0000 (15:51 +0200)
librpc/idl/winbind.idl		patch \| blob \| history
source3/include/idmap.h		patch \| blob \| history
source3/winbindd/idmap.c		patch \| blob \| history
source3/winbindd/idmap_proto.h		patch \| blob \| history
source3/winbindd/wb_xids2sids.c		patch \| blob \| history
source3/winbindd/winbindd_dual_srv.c		patch \| blob \| history