/* convert a SID to a string, either numeric or username/group */ static void SidToString(fstring str, DOM_SID *sid) { char **domains = NULL; char **names = NULL; uint32 *types = NULL; sid_to_string(str, sid); if (numeric) return; if (strcmp(str, "S-1-1-0") == 0) { fstrcpy(str, "everyone"); return; } /* Ask LSA to convert the sid to a name */ if (!cacls_open_policy_hnd() || !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, sid, &domains, &names, &types)) || !domains || !domains[0] || !names || !names[0]) { return; } /* Converted OK */ slprintf(str, sizeof(fstring) - 1, "%s%s%s", domains[0], lp_winbind_separator(), names[0]); }
static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID *sids; char **domains; char **names; uint32 *types; int i; if (argc == 1) { printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]); return NT_STATUS_OK; } result = cli_lsa_open_policy(cli, mem_ctx, True, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; /* Convert arguments to sids */ sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (argc - 1)); if (!sids) { printf("could not allocate memory for %d sids\n", argc - 1); goto done; } for (i = 0; i < argc - 1; i++) string_to_sid(&sids[i], argv[i + 1]); /* Lookup the SIDs */ result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids, &domains, &names, &types); if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) goto done; result = NT_STATUS_OK; /* Print results */ for (i = 0; i < (argc - 1); i++) { fstring sid_str; sid_to_string(sid_str, &sids[i]); printf("%s %s\\%s (%d)\n", sid_str, domains[i] ? domains[i] : "*unknown*", names[i] ? names[i] : "*unknown*", types[i]); } done: return result; }
static NTSTATUS sid_to_name(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_SID *sid, fstring name) { POLICY_HND pol; uint32 *sid_types; NTSTATUS result; char **domains, **names; result = cli_lsa_open_policy(cli, mem_ctx, True, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); if ( !NT_STATUS_IS_OK(result) ) return result; result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, 1, sid, &domains, &names, &sid_types); if ( NT_STATUS_IS_OK(result) ) { if ( *domains[0] ) fstr_sprintf( name, "%s\\%s", domains[0], names[0] ); else fstrcpy( name, names[0] ); } cli_lsa_close(cli, mem_ctx, &pol); return result; }
/* convert a SID to a string, either numeric or username/group */ static void SidToString(fstring str, DOM_SID *sid, BOOL _numeric) { char **domains = NULL; char **names = NULL; uint32 *types = NULL; sid_to_string(str, sid); if (_numeric) return; /* Ask LSA to convert the sid to a name */ if (!cli_open_policy_hnd() || !NT_STATUS_IS_OK(cli_lsa_lookup_sids(cli_ipc, cli_ipc->mem_ctx, &pol, 1, sid, &domains, &names, &types)) || !domains || !domains[0] || !names || !names[0]) { return; } /* Converted OK */ slprintf(str, sizeof(fstring) - 1, "%s%s%s", domains[0], lp_winbind_separator(), names[0]); }
/* convert a domain SID to a user or group name */ NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **domain_name, char **name, enum SID_NAME_USE *type) { CLI_POLICY_HND *hnd; char **domains; char **names; uint32 *types; NTSTATUS result; int retry; DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_static(sid), domain->name )); retry = 0; do { if (!NT_STATUS_IS_OK(result = cm_get_lsa_handle(domain, &hnd))) return result; result = cli_lsa_lookup_sids(hnd->cli, mem_ctx, &hnd->pol, 1, sid, &domains, &names, &types); } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); if (NT_STATUS_IS_OK(result)) { *type = (enum SID_NAME_USE)types[0]; *domain_name = domains[0]; *name = names[0]; DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name)); } return result; }