summaryrefslogtreecommitdiffstats
path: root/source/nsswitch/idmap_rid.c
diff options
context:
space:
mode:
Diffstat (limited to 'source/nsswitch/idmap_rid.c')
-rw-r--r--source/nsswitch/idmap_rid.c86
1 files changed, 9 insertions, 77 deletions
diff --git a/source/nsswitch/idmap_rid.c b/source/nsswitch/idmap_rid.c
index 298d6fed355..8e016879b8c 100644
--- a/source/nsswitch/idmap_rid.c
+++ b/source/nsswitch/idmap_rid.c
@@ -37,7 +37,7 @@ struct idmap_rid_context {
we support multiple domains in the new idmap
*****************************************************************************/
-static NTSTATUS idmap_rid_initialize(struct idmap_domain *dom, const char *compat_params)
+static NTSTATUS idmap_rid_initialize(struct idmap_domain *dom)
{
NTSTATUS ret;
struct idmap_rid_context *ctx;
@@ -86,9 +86,6 @@ failed:
static NTSTATUS idmap_rid_id_to_sid(TALLOC_CTX *memctx, struct idmap_rid_context *ctx, struct id_map *map)
{
- const char *domname, *name;
- enum lsa_SidType sid_type;
- BOOL ret;
struct winbindd_domain *domain;
/* apply filters before checking */
@@ -104,45 +101,9 @@ static NTSTATUS idmap_rid_id_to_sid(TALLOC_CTX *memctx, struct idmap_rid_context
sid_compose(map->sid, &domain->sid, map->xid.id - ctx->low_id + ctx->base_rid);
- /* by default calls to winbindd are disabled
- the following call will not recurse so this is safe */
- winbind_on();
- ret = winbind_lookup_sid(memctx, map->sid, &domname, &name, &sid_type);
- winbind_off();
-
- if (ret) {
- switch (sid_type) {
- case SID_NAME_USER:
- if (map->xid.type != ID_TYPE_UID) {
- /* wrong type */
- map->status = ID_UNMAPPED;
- DEBUG(5, ("Resulting SID is of wrong ID type\n"));
- return NT_STATUS_NONE_MAPPED;
- }
- break;
- case SID_NAME_DOM_GRP:
- case SID_NAME_ALIAS:
- case SID_NAME_WKN_GRP:
- if (map->xid.type != ID_TYPE_GID) {
- /* wrong type */
- map->status = ID_UNMAPPED;
- DEBUG(5, ("Resulting SID is of wrong ID type\n"));
- return NT_STATUS_NONE_MAPPED;
- }
- break;
- default:
- /* invalid sid?? */
- map->status = ID_UNKNOWN;
- DEBUG(10, ("SID %s is UNKNOWN, skip mapping\n", sid_string_static(map->sid)));
- return NT_STATUS_NONE_MAPPED;
- }
- } else {
- /* TODO: how do we known if the lookup was negative
- * or something just failed? */
- map->status = ID_UNMAPPED;
- DEBUG(2, ("Failed: to resolve SID\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
+ /* We **really** should have some way of validating
+ the SID exists and is the correct type here. But
+ that is a deficiency in the idmap_rid design. */
map->status = ID_MAPPED;
@@ -155,46 +116,13 @@ static NTSTATUS idmap_rid_id_to_sid(TALLOC_CTX *memctx, struct idmap_rid_context
static NTSTATUS idmap_rid_sid_to_id(TALLOC_CTX *memctx, struct idmap_rid_context *ctx, struct id_map *map)
{
- const char *domname, *name;
- enum lsa_SidType sid_type;
uint32_t rid;
- BOOL ret;
sid_peek_rid(map->sid, &rid);
map->xid.id = rid - ctx->base_rid + ctx->low_id;
- /* by default calls to winbindd are disabled
- the following call will not recurse so this is safe */
- winbind_on();
- /* check if this is a valid SID and set the type */
- ret = winbind_lookup_sid(memctx, map->sid, &domname, &name, &sid_type);
- winbind_off();
-
- if (ret) {
- switch (sid_type) {
- case SID_NAME_USER:
- map->xid.type = ID_TYPE_UID;
- break;
- case SID_NAME_DOM_GRP:
- case SID_NAME_ALIAS:
- case SID_NAME_WKN_GRP:
- map->xid.type = ID_TYPE_GID;
- break;
- default:
- /* invalid sid, let's just leave it unmapped */
- DEBUG(10, ("SID %s is UNKNOWN, skip mapping\n", sid_string_static(map->sid)));
- map->status = ID_UNKNOWN;
- return NT_STATUS_NONE_MAPPED;
- }
- } else {
- /* TODO: how do we known if the lookup was negative
- * or something just failed? */
- map->status = ID_UNMAPPED;
- DEBUG(2, ("Failed: to resolve SID\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
/* apply filters before returning result */
+
if ((map->xid.id < ctx->low_id) || (map->xid.id > ctx->high_id)) {
DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
map->xid.id, ctx->low_id, ctx->high_id));
@@ -202,6 +130,10 @@ static NTSTATUS idmap_rid_sid_to_id(TALLOC_CTX *memctx, struct idmap_rid_context
return NT_STATUS_NONE_MAPPED;
}
+ /* We **really** should have some way of validating
+ the SID exists and is the correct type here. But
+ that is a deficiency in the idmap_rid design. */
+
map->status = ID_MAPPED;
return NT_STATUS_OK;
generated by cgit (git 2.34.1) at 2024-06-07 15:48:50 +0000