static bool is_internal_domain(const struct dom_sid *sid)
{
	if (sid == NULL)
		return False;

	return (sid_check_is_our_sam(sid) || sid_check_is_builtin(sid));
}
Ejemplo n.º 2
0
bool sid_check_is_in_our_sam(const struct dom_sid *sid)
{
	struct dom_sid dom_sid;

	sid_copy(&dom_sid, sid);
	sid_split_rid(&dom_sid, NULL);
	return sid_check_is_our_sam(&dom_sid);
}
Ejemplo n.º 3
0
/**
 * Iterator for winbindd's domain list.
 * To be used (e.g.) in tevent based loops.
 */
struct winbindd_domain *wb_next_domain(struct winbindd_domain *domain)
{
	if (domain == NULL) {
		domain = domain_list();
	} else {
		domain = domain->next;
	}

	if ((domain != NULL) &&
	    (lp_server_role() != ROLE_ACTIVE_DIRECTORY_DC) &&
	    sid_check_is_our_sam(&domain->sid))
	{
		domain = domain->next;
	}

	return domain;
}
Ejemplo n.º 4
0
/**
 * check whether this is an object- or domain-sid that should
 * be treated by the passdb, e.g. for id-mapping.
 */
bool sid_check_is_for_passdb(const struct dom_sid *sid)
{
	if (sid_check_is_our_sam(sid) && pdb_is_responsible_for_our_sam()) {
		return true;
	}

	if (sid_check_is_in_our_sam(sid) && pdb_is_responsible_for_our_sam()) {
		return true;
	}

	if (sid_check_is_builtin(sid) && pdb_is_responsible_for_builtin()) {
		return true;
	}

	if (sid_check_is_in_builtin(sid) && pdb_is_responsible_for_builtin()) {
		return true;
	}

	if (sid_check_is_wellknown_domain(sid, NULL) &&
	    pdb_is_responsible_for_wellknown())
	{
		return true;
	}

	if (sid_check_is_in_wellknown_domain(sid) &&
	    pdb_is_responsible_for_wellknown())
	{
		return true;
	}

	if (sid_check_is_unix_users(sid) &&
	    pdb_is_responsible_for_unix_users())
	{
		return true;
	}

	if (sid_check_is_in_unix_users(sid) &&
	    pdb_is_responsible_for_unix_users())
	{
		return true;
	}

	if (sid_check_is_unix_groups(sid) &&
	    pdb_is_responsible_for_unix_groups())
	{
		return true;
	}

	if (sid_check_is_in_unix_groups(sid) &&
	    pdb_is_responsible_for_unix_groups())
	{
		return true;
	}

	if (pdb_is_responsible_for_everything_else())
	{
		return true;
	}

	return false;
}
Ejemplo n.º 5
0
static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
				  TALLOC_CTX *mem_ctx,
				  const struct dom_sid *domain_sid,
				  uint32 *rids,
				  size_t num_rids,
				  char **pdomain_name,
				  char ***pnames,
				  enum lsa_SidType **ptypes)
{
	struct rpc_pipe_client *lsa_pipe;
	struct policy_handle lsa_policy;
	enum lsa_SidType *types = NULL;
	char *domain_name = NULL;
	char **names = NULL;
	TALLOC_CTX *tmp_ctx;
	NTSTATUS status, result;
	struct dcerpc_binding_handle *b = NULL;

	DEBUG(3,("sam_rids_to_names for %s\n", domain->name));

	ZERO_STRUCT(lsa_policy);

	/* Paranoia check */
	if (!sid_check_is_builtin(domain_sid) &&
	    !sid_check_is_our_sam(domain_sid) &&
	    !sid_check_is_unix_users(domain_sid) &&
	    !sid_check_is_unix_groups(domain_sid) &&
	    !sid_check_is_in_wellknown_domain(domain_sid)) {
		DEBUG(0, ("sam_rids_to_names: possible deadlock - trying to "
			  "lookup SID %s\n", sid_string_dbg(domain_sid)));
		return NT_STATUS_NONE_MAPPED;
	}

	tmp_ctx = talloc_stackframe();
	if (tmp_ctx == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	status = open_internal_lsa_conn(tmp_ctx, &lsa_pipe, &lsa_policy);
	if (!NT_STATUS_IS_OK(status)) {
		goto done;
	}

	b = lsa_pipe->binding_handle;

	status = rpc_rids_to_names(tmp_ctx,
				   lsa_pipe,
				   &lsa_policy,
				   domain,
				   domain_sid,
				   rids,
				   num_rids,
				   &domain_name,
				   &names,
				   &types);
	if (!NT_STATUS_IS_OK(status)) {
		goto done;
	}

	if (pdomain_name) {
		*pdomain_name = talloc_move(mem_ctx, &domain_name);
	}

	if (ptypes) {
		*ptypes = talloc_move(mem_ctx, &types);
	}

	if (pnames) {
		*pnames = talloc_move(mem_ctx, &names);
	}

done:
	if (b && is_valid_policy_hnd(&lsa_policy)) {
		dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result);
	}

	TALLOC_FREE(tmp_ctx);
	return status;
}