static NTSTATUS name_to_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_SID *sid, const char *name) { POLICY_HND pol; uint32 *sid_types; NTSTATUS result; DOM_SID *sids; /* maybe its a raw SID */ if ( strncmp(name, "S-", 2) == 0 && string_to_sid(sid, name) ) { return NT_STATUS_OK; } result = cli_lsa_open_policy(cli, mem_ctx, True, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); if ( !NT_STATUS_IS_OK(result) ) return result; result = cli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, &sids, &sid_types); if ( NT_STATUS_IS_OK(result) ) sid_copy( sid, &sids[0] ); cli_lsa_close(cli, mem_ctx, &pol); return result; }
/* convert a single name to a sid in a domain */ NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, const char *domain_name, const char *name, DOM_SID *sid, enum SID_NAME_USE *type) { CLI_POLICY_HND *hnd; NTSTATUS result; DOM_SID *sids = NULL; uint32 *types = NULL; const char *full_name; int retry; DEBUG(3,("rpc: name_to_sid name=%s\n", name)); full_name = talloc_asprintf(mem_ctx, "%s\\%s", domain_name, name); if (!full_name) { DEBUG(0, ("talloc_asprintf failed!\n")); return NT_STATUS_NO_MEMORY; } DEBUG(3,("name_to_sid [rpc] %s for domain %s\n", name, domain_name )); retry = 0; do { if (!NT_STATUS_IS_OK(result = cm_get_lsa_handle(domain, &hnd))) { return result; } result = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1, &full_name, &sids, &types); } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); /* Return rid and type if lookup successful */ if (NT_STATUS_IS_OK(result)) { sid_copy(sid, &sids[0]); *type = (enum SID_NAME_USE)types[0]; } return result; }
static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID *sids; uint32 *types; int i; if (argc == 1) { printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]); return NT_STATUS_OK; } result = cli_lsa_open_policy(cli, mem_ctx, True, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1, (const char**)(argv + 1), &sids, &types); if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) goto done; result = NT_STATUS_OK; /* Print results */ for (i = 0; i < (argc - 1); i++) { fstring sid_str; sid_to_string(sid_str, &sids[i]); printf("%s %s (%s: %d)\n", argv[i + 1], sid_str, sid_type_lookup(types[i]), types[i]); } cli_lsa_close(cli, mem_ctx, &pol); done: return result; }
/* convert a string to a SID, either numeric or username/group */ static BOOL StringToSid(DOM_SID *sid, const char *str) { uint32 *types = NULL; DOM_SID *sids = NULL; BOOL result = True; if (strncmp(str, "S-", 2) == 0) { return string_to_sid(sid, str); } if (!cli_open_policy_hnd() || !NT_STATUS_IS_OK(cli_lsa_lookup_names(cli_ipc, cli_ipc->mem_ctx, &pol, 1, &str, &sids, &types))) { result = False; goto done; } sid_copy(sid, &sids[0]); done: return result; }