diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-01-20 01:24:59 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-01-20 01:24:59 +0000 |
| commit | e870f0e727952aeb8599cf93ad2650ae56eca033 (patch) | |
| tree | 7d1bd14caac6b16a428aedf8d34eea3b230b5ab4 /source/utils | |
| parent | 7c5c035e417b45acebc3580c4fdc80a7ef3306ce (diff) | |
| download | samba-e870f0e727952aeb8599cf93ad2650ae56eca033.tar.gz samba-e870f0e727952aeb8599cf93ad2650ae56eca033.tar.xz samba-e870f0e727952aeb8599cf93ad2650ae56eca033.zip | |
This patch makes the 'winbind use default domain' code interact better with
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
Diffstat (limited to 'source/utils')
| -rw-r--r-- | source/utils/smbcacls.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/source/utils/smbcacls.c b/source/utils/smbcacls.c index 94eada5c3d6..d62907e14be 100644 --- a/source/utils/smbcacls.c +++ b/source/utils/smbcacls.c @@ -106,6 +106,7 @@ static BOOL cacls_open_policy_hnd(void) /* convert a SID to a string, either numeric or username/group */ static void SidToString(fstring str, DOM_SID *sid) { + char **domains = NULL; char **names = NULL; uint32 *types = NULL; int num_names; @@ -117,15 +118,19 @@ static void SidToString(fstring str, DOM_SID *sid) /* Ask LSA to convert the sid to a name */ if (!cacls_open_policy_hnd() || - !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, sid, &names, + !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx, + &pol, 1, sid, &domains, &names, &types, &num_names)) || - !names || !names[0]) { + !domains || !domains[0] || !names || !names[0]) { return; } /* Converted OK */ + + slprintf(str, sizeof(fstring) - 1, "%s%s%s", + domains[0], lp_winbind_separator(), + names[0]); - fstrcpy(str, names[0]); } /* convert a string to a SID, either numeric or username/group */ @@ -135,14 +140,18 @@ static BOOL StringToSid(DOM_SID *sid, const char *str) DOM_SID *sids = NULL; int num_sids; BOOL result = True; + fstring name, domain; if (strncmp(str, "S-", 2) == 0) { return string_to_sid(sid, str); } + split_domain_name(str, domain, name); + if (!cacls_open_policy_hnd() || - !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, &str, - &sids, &types, &num_sids))) { + !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, + (const char **)&domain, (const char **)&name, + &sids, &types, &num_sids))) { result = False; goto done; } |