/*******************************************************************
gets a domain user's groups from their already-calculated NT_USER_TOKEN
********************************************************************/
NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
const NT_USER_TOKEN *nt_token,
int *numgroups, DOM_GID **pgids)
{
DOM_GID *gids;
int i;
gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids);
if (!gids) {
return NT_STATUS_NO_MEMORY;
}
*numgroups=0;
for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) {
if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) {
sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid));
gids[*numgroups].attr=7;
(*numgroups)++;
}
}
*pgids = gids;
return NT_STATUS_OK;
}
bool sid_peek_check_rid(const DOM_SID *exp_dom_sid, const DOM_SID *sid, uint32 *rid)
{
if (!exp_dom_sid || !sid || !rid)
return False;
if (sid->num_auths != (exp_dom_sid->num_auths+1)) {
return False;
}
if (sid_compare_domain(exp_dom_sid, sid)!=0){
*rid=(-1);
return False;
}
return sid_peek_rid(sid, rid);
}
static int collect_map(struct db_record *rec, void *private_data)
{
struct enum_map_state *state = (struct enum_map_state *)private_data;
GROUP_MAP map;
GROUP_MAP *tmp;
if (!dbrec2map(rec, &map)) {
return 0;
}
/* list only the type or everything if UNKNOWN */
if (state->sid_name_use != SID_NAME_UNKNOWN
&& state->sid_name_use != map.sid_name_use) {
DEBUG(11,("enum_group_mapping: group %s is not of the "
"requested type\n", map.nt_name));
return 0;
}
if ((state->unix_only == ENUM_ONLY_MAPPED) && (map.gid == -1)) {
DEBUG(11,("enum_group_mapping: group %s is non mapped\n",
map.nt_name));
return 0;
}
if ((state->domsid != NULL) &&
(sid_compare_domain(state->domsid, &map.sid) != 0)) {
DEBUG(11,("enum_group_mapping: group %s is not in domain\n",
sid_string_dbg(&map.sid)));
return 0;
}
if (!(tmp = SMB_REALLOC_ARRAY(state->maps, GROUP_MAP,
state->num_maps+1))) {
DEBUG(0,("enum_group_mapping: Unable to enlarge group "
"map!\n"));
return 1;
}
state->maps = tmp;
state->maps[state->num_maps] = map;
state->num_maps++;
return 0;
}
static BOOL mappable_sid(const DOM_SID *sid)
{
DOM_SID domain_sid;
if (sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
return True;
if (sid_compare(sid, &global_sid_World) == 0)
return True;
if (sid_compare(sid, &global_sid_Authenticated_Users) == 0)
return True;
if (sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
return True;
string_to_sid(&domain_sid, "S-1-5-21");
if (sid_compare_domain(sid, &domain_sid) == 0)
return True;
return False;
}
BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
{
fstring dom_name, name, sid_str;
enum SID_NAME_USE name_type;
BOOL ret;
if (fetch_uid_from_cache(puid, psid, *sidtype))
return True;
/* if we know its local then don't try winbindd */
if (sid_compare_domain(&global_sam_sid, psid) == 0) {
ret = local_sid_to_uid(puid, psid, sidtype);
if (ret)
store_uid_sid_cache(psid, *sidtype, *puid);
return ret;
}
*sidtype = SID_NAME_UNKNOWN;
/*
* First we must look up the name and decide if this is a user sid.
*/
if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
sid_to_string(sid_str, psid) ));
ret = local_sid_to_uid(puid, psid, sidtype);
if (ret)
store_uid_sid_cache(psid, *sidtype, *puid);
return ret;
}
/*
* Ensure this is a user sid.
*/
if (name_type != SID_NAME_USER) {
DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
(unsigned int)name_type ));
return False;
}
*sidtype = SID_NAME_USER;
/*
* Get the uid for this SID.
*/
if (!winbind_sid_to_uid(puid, psid)) {
DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
sid_to_string(sid_str, psid) ));
ret = local_sid_to_uid(puid, psid, sidtype);;
if (ret)
store_uid_sid_cache(psid, *sidtype, *puid);
return ret;
}
DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
sid_to_string(sid_str, psid),
(unsigned int)*puid ));
store_uid_sid_cache(psid, *sidtype, *puid);
return True;
}