static bool winbindd_fill_pwent(char *dom_name, char *user_name, DOM_SID *user_sid, DOM_SID *group_sid, char *full_name, char *homedir, char *shell, struct winbindd_pw *pw) { fstring output_username; if (!pw || !dom_name || !user_name) return False; /* Resolve the uid number */ if (!NT_STATUS_IS_OK(idmap_sid_to_uid(user_sid, &pw->pw_uid))) { DEBUG(1, ("error getting user id for sid %s\n", sid_string_dbg(user_sid))); return False; } /* Resolve the gid number */ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(group_sid, &pw->pw_gid))) { DEBUG(1, ("error getting group id for sid %s\n", sid_string_dbg(group_sid))); return False; } strlower_m(user_name); /* Username */ fill_domain_username(output_username, dom_name, user_name, True); safe_strcpy(pw->pw_name, output_username, sizeof(pw->pw_name) - 1); /* Full name (gecos) */ safe_strcpy(pw->pw_gecos, full_name, sizeof(pw->pw_gecos) - 1); /* Home directory and shell */ if (!fillup_pw_field(lp_template_homedir(), user_name, dom_name, pw->pw_uid, pw->pw_gid, homedir, pw->pw_dir)) return False; if (!fillup_pw_field(lp_template_shell(), user_name, dom_name, pw->pw_uid, pw->pw_gid, shell, pw->pw_shell)) return False; /* Password - set to "*" as we can't generate anything useful here. Authentication can be done using the pam_winbind module. */ safe_strcpy(pw->pw_passwd, "*", sizeof(pw->pw_passwd) - 1); return True; }
enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) { DOM_SID sid; uint32 flags = 0x0; /* Ensure null termination */ state->request.data.sid[sizeof(state->request.data.sid)-1]='\0'; DEBUG(3, ("[%5lu]: sid to gid %s\n", (unsigned long)state->pid, state->request.data.sid)); if (!string_to_sid(&sid, state->request.data.sid)) { DEBUG(1, ("Could not cvt string to sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; } /* This gets a little tricky. If we assume that usernames are syncd between /etc/passwd and the windows domain (such as a member of a Samba domain), the we need to get the uid from the OS and not alocate one ourselves */ if ( lp_winbind_trusted_domains_only() ) { struct winbindd_domain *domain = NULL; DOM_SID sid2; uint32 rid; unid_t id; domain = find_our_domain(); if ( !domain ) { DEBUG(0,("winbindd_sid_to_uid: can't find my own domain!\n")); return WINBINDD_ERROR; } sid_copy( &sid2, &sid ); sid_split_rid( &sid2, &rid ); if ( sid_equal( &sid2, &domain->sid ) ) { fstring domain_name; fstring group; enum SID_NAME_USE type; struct group *grp = NULL; /* ok...here's we know that we are dealing with our own domain (the one to which we are joined). And we know that there must be a UNIX account for this group. So we lookup the sid and the call getpwnam().*/ /* But first check and see if we don't already have a mapping */ flags = ID_QUERY_ONLY; if ( NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) ) return WINBINDD_OK; /* now fall back to the hard way */ if ( !winbindd_lookup_name_by_sid(&sid, domain_name, group, &type) ) return WINBINDD_ERROR; if ( !(grp = sys_getgrnam(group)) ) { DEBUG(0,("winbindd_sid_to_uid: 'winbind trusted domains only' is " "set but this group [%s] doesn't exist!\n", group)); return WINBINDD_ERROR; } state->response.data.gid = grp->gr_gid; id.gid = grp->gr_gid; idmap_set_mapping( &sid, id, ID_GROUPID ); return WINBINDD_OK; } } if ( state->request.flags & WBFLAG_QUERY_ONLY ) flags = ID_QUERY_ONLY; /* Find gid for this sid and return it */ if ( !NT_STATUS_IS_OK(idmap_sid_to_gid(&sid, &(state->response.data.gid), flags)) ) { DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; } return WINBINDD_OK; }