/* convert a SID to a string, either numeric or username/group */
static void SidToString(fstring str, DOM_SID *sid)
{
char **domains = NULL;
char **names = NULL;
uint32 *types = NULL;
sid_to_string(str, sid);
if (numeric) return;
if (strcmp(str, "S-1-1-0") == 0) {
fstrcpy(str, "everyone");
return;
}
/* Ask LSA to convert the sid to a name */
if (!cacls_open_policy_hnd() ||
!NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx,
&pol, 1, sid, &domains,
&names, &types)) ||
!domains || !domains[0] || !names || !names[0]) {
return;
}
/* Converted OK */
slprintf(str, sizeof(fstring) - 1, "%s%s%s",
domains[0], lp_winbind_separator(),
names[0]);
}
static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
int argc, char **argv)
{
POLICY_HND pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DOM_SID *sids;
char **domains;
char **names;
uint32 *types;
int i;
if (argc == 1) {
printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
return NT_STATUS_OK;
}
result = cli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
goto done;
/* Convert arguments to sids */
sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (argc - 1));
if (!sids) {
printf("could not allocate memory for %d sids\n", argc - 1);
goto done;
}
for (i = 0; i < argc - 1; i++)
string_to_sid(&sids[i], argv[i + 1]);
/* Lookup the SIDs */
result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
&domains, &names, &types);
if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
NT_STATUS_V(STATUS_SOME_UNMAPPED))
goto done;
result = NT_STATUS_OK;
/* Print results */
for (i = 0; i < (argc - 1); i++) {
fstring sid_str;
sid_to_string(sid_str, &sids[i]);
printf("%s %s\\%s (%d)\n", sid_str,
domains[i] ? domains[i] : "*unknown*",
names[i] ? names[i] : "*unknown*", types[i]);
}
done:
return result;
}
static NTSTATUS sid_to_name(struct cli_state *cli,
TALLOC_CTX *mem_ctx,
DOM_SID *sid, fstring name)
{
POLICY_HND pol;
uint32 *sid_types;
NTSTATUS result;
char **domains, **names;
result = cli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
if ( !NT_STATUS_IS_OK(result) )
return result;
result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, 1, sid, &domains, &names, &sid_types);
if ( NT_STATUS_IS_OK(result) ) {
if ( *domains[0] )
fstr_sprintf( name, "%s\\%s", domains[0], names[0] );
else
fstrcpy( name, names[0] );
}
cli_lsa_close(cli, mem_ctx, &pol);
return result;
}
/* convert a SID to a string, either numeric or username/group */
static void SidToString(fstring str, DOM_SID *sid, BOOL _numeric)
{
char **domains = NULL;
char **names = NULL;
uint32 *types = NULL;
sid_to_string(str, sid);
if (_numeric) return;
/* Ask LSA to convert the sid to a name */
if (!cli_open_policy_hnd() ||
!NT_STATUS_IS_OK(cli_lsa_lookup_sids(cli_ipc, cli_ipc->mem_ctx,
&pol, 1, sid, &domains,
&names, &types)) ||
!domains || !domains[0] || !names || !names[0]) {
return;
}
/* Converted OK */
slprintf(str, sizeof(fstring) - 1, "%s%s%s",
domains[0], lp_winbind_separator(),
names[0]);
}
/*
convert a domain SID to a user or group name
*/
NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const DOM_SID *sid,
char **domain_name,
char **name,
enum SID_NAME_USE *type)
{
CLI_POLICY_HND *hnd;
char **domains;
char **names;
uint32 *types;
NTSTATUS result;
int retry;
DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_static(sid),
domain->name ));
retry = 0;
do {
if (!NT_STATUS_IS_OK(result = cm_get_lsa_handle(domain, &hnd)))
return result;
result = cli_lsa_lookup_sids(hnd->cli, mem_ctx, &hnd->pol,
1, sid, &domains, &names, &types);
} while (!NT_STATUS_IS_OK(result) && (retry++ < 1) &&
hnd && hnd->cli && hnd->cli->fd == -1);
if (NT_STATUS_IS_OK(result)) {
*type = (enum SID_NAME_USE)types[0];
*domain_name = domains[0];
*name = names[0];
DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name));
}
return result;
}
