passdb/lookup_sid.c

ソースコードを見る。

データ構造

struct  uid_sid_cache
struct  gid_sid_cache

関数

BOOL lookup_name (TALLOC_CTX *mem_ctx, const char *full_name, int flags, const char **ret_domain, const char **ret_name, DOM_SID *ret_sid, enum lsa_SidType *ret_type)
BOOL lookup_name_smbconf (TALLOC_CTX *mem_ctx, const char *full_name, int flags, const char **ret_domain, const char **ret_name, DOM_SID *ret_sid, enum lsa_SidType *ret_type)
static BOOL wb_lookup_rids (TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, int num_rids, uint32 *rids, const char **domain_name, const char **names, enum lsa_SidType *types)
static BOOL lookup_rids (TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, int num_rids, uint32_t *rids, const char **domain_name, const char ***names, enum lsa_SidType **types)
static BOOL lookup_as_domain (const DOM_SID *sid, TALLOC_CTX *mem_ctx, const char **name)
static BOOL check_dom_sid_to_level (const DOM_SID *sid, int level)
NTSTATUS lookup_sids (TALLOC_CTX *mem_ctx, int num_sids, const DOM_SID **sids, int level, struct lsa_dom_info **ret_domains, struct lsa_name_info **ret_names)
BOOL lookup_sid (TALLOC_CTX *mem_ctx, const DOM_SID *sid, const char **ret_domain, const char **ret_name, enum lsa_SidType *ret_type)
static BOOL fetch_sid_from_uid_cache (DOM_SID *psid, uid_t uid)
static BOOL fetch_uid_from_cache (uid_t *puid, const DOM_SID *psid)
void store_uid_sid_cache (const DOM_SID *psid, uid_t uid)
static BOOL fetch_sid_from_gid_cache (DOM_SID *psid, gid_t gid)
static BOOL fetch_gid_from_cache (gid_t *pgid, const DOM_SID *psid)
void store_gid_sid_cache (const DOM_SID *psid, gid_t gid)
static void legacy_uid_to_sid (DOM_SID *psid, uid_t uid)
static void legacy_gid_to_sid (DOM_SID *psid, gid_t gid)
static BOOL legacy_sid_to_uid (const DOM_SID *psid, uid_t *puid)
static BOOL legacy_sid_to_gid (const DOM_SID *psid, gid_t *pgid)
void uid_to_sid (DOM_SID *psid, uid_t uid)
void gid_to_sid (DOM_SID *psid, gid_t gid)
BOOL sid_to_uid (const DOM_SID *psid, uid_t *puid)
BOOL sid_to_gid (const DOM_SID *psid, gid_t *pgid)

変数

static size_t n_uid_sid_cache = 0
static size_t n_gid_sid_cache = 0
static struct uid_sid_cacheuid_sid_cache_head
static struct gid_sid_cachegid_sid_cache_head


関数

BOOL lookup_name ( TALLOC_CTX mem_ctx,
const char *  full_name,
int  flags,
const char **  ret_domain,
const char **  ret_name,
DOM_SID ret_sid,
enum lsa_SidType ret_type 
)

lookup_sid.c33 行で定義されています。

参照先 builtin_domain_name()get_global_sam_name()get_global_sam_sid()global_sid_Builtinlookup_builtin_name()lookup_global_sam_name()lookup_unix_group_name()lookup_unix_user_name()lookup_wellknown_name()lp_workgroup()namesecrets_fetch_domain_sid()secrets_fetch_trusted_domain_password()sid_append_rid()sid_copy()SID_NAME_ALIASSID_NAME_DOM_GRPSID_NAME_DOMAINSID_NAME_USERSID_NAME_WKN_GRPsid_split_rid()strchr_m()strequal()strupper_m()talloc_strdup()talloc_strndup()typeunix_groups_domain_name()unix_users_domain_name()winbind_lookup_name()winbind_lookup_sid().

参照元 api_NetUserGetGroups()can_create()create_builtin_administrators()lookup_lsa_rids()lookup_lsa_sids()lookup_name_smbconf()make_server_info_pw()map_unix_group()name_to_sid()net_lookup_name()net_sam_addmem()net_sam_createbuiltingroup()net_sam_delmem()net_sam_listmem()net_sam_set_comment()net_sam_set_pwdmustchangenow()net_sam_set_userflag()net_sam_show()net_sam_userset()new_afs_ace()pdb_default_create_alias()user_in_group().

00037 {
00038         char *p;
00039         const char *tmp;
00040         const char *domain = NULL;
00041         const char *name = NULL;
00042         uint32 rid;
00043         DOM_SID sid;
00044         enum lsa_SidType type;
00045         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
00046 
00047         if (tmp_ctx == NULL) {
00048                 DEBUG(0, ("talloc_new failed\n"));
00049                 return False;
00050         }
00051 
00052         p = strchr_m(full_name, '\\');
00053 
00054         if (p != NULL) {
00055                 domain = talloc_strndup(tmp_ctx, full_name,
00056                                         PTR_DIFF(p, full_name));
00057                 name = talloc_strdup(tmp_ctx, p+1);
00058         } else {
00059                 domain = talloc_strdup(tmp_ctx, "");
00060                 name = talloc_strdup(tmp_ctx, full_name);
00061         }
00062 
00063         if ((domain == NULL) || (name == NULL)) {
00064                 DEBUG(0, ("talloc failed\n"));
00065                 TALLOC_FREE(tmp_ctx);
00066                 return False;
00067         }
00068 
00069         DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n",
00070                 full_name, domain, name));
00071         DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags));
00072 
00073         if ((flags & LOOKUP_NAME_DOMAIN) &&
00074             strequal(domain, get_global_sam_name()))
00075         {
00076 
00077                 /* It's our own domain, lookup the name in passdb */
00078                 if (lookup_global_sam_name(name, flags, &rid, &type)) {
00079                         sid_copy(&sid, get_global_sam_sid());
00080                         sid_append_rid(&sid, rid);
00081                         goto ok;
00082                 }
00083                 TALLOC_FREE(tmp_ctx);
00084                 return False;
00085         }
00086 
00087         if ((flags & LOOKUP_NAME_BUILTIN) &&
00088             strequal(domain, builtin_domain_name()))
00089         {
00090                 /* Explicit request for a name in BUILTIN */
00091                 if (lookup_builtin_name(name, &rid)) {
00092                         sid_copy(&sid, &global_sid_Builtin);
00093                         sid_append_rid(&sid, rid);
00094                         type = SID_NAME_ALIAS;
00095                         goto ok;
00096                 }
00097                 TALLOC_FREE(tmp_ctx);
00098                 return False;
00099         }
00100 
00101         /* Try the explicit winbind lookup first, don't let it guess the
00102          * domain yet at this point yet. This comes later. */
00103 
00104         if ((domain[0] != '\0') &&
00105             (flags & ~(LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED)) &&
00106             (winbind_lookup_name(domain, name, &sid, &type))) {
00107                         goto ok;
00108         }
00109 
00110         if (strequal(domain, unix_users_domain_name())) {
00111                 if (lookup_unix_user_name(name, &sid)) {
00112                         type = SID_NAME_USER;
00113                         goto ok;
00114                 }
00115                 TALLOC_FREE(tmp_ctx);
00116                 return False;
00117         }
00118 
00119         if (strequal(domain, unix_groups_domain_name())) {
00120                 if (lookup_unix_group_name(name, &sid)) {
00121                         type = SID_NAME_DOM_GRP;
00122                         goto ok;
00123                 }
00124                 TALLOC_FREE(tmp_ctx);
00125                 return False;
00126         }
00127 
00128         if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) {
00129                 TALLOC_FREE(tmp_ctx);
00130                 return False;
00131         }
00132 
00133         /* Now the guesswork begins, we haven't been given an explicit
00134          * domain. Try the sequence as documented on
00135          * http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp
00136          * November 27, 2005 */
00137 
00138         /* 1. well-known names */
00139 
00140         if ((flags & LOOKUP_NAME_WKN) &&
00141             lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
00142         {
00143                 type = SID_NAME_WKN_GRP;
00144                 goto ok;
00145         }
00146 
00147         /* 2. Builtin domain as such */
00148 
00149         if ((flags & (LOOKUP_NAME_BUILTIN|LOOKUP_NAME_REMOTE)) &&
00150             strequal(name, builtin_domain_name()))
00151         {
00152                 /* Swap domain and name */
00153                 tmp = name; name = domain; domain = tmp;
00154                 sid_copy(&sid, &global_sid_Builtin);
00155                 type = SID_NAME_DOMAIN;
00156                 goto ok;
00157         }
00158 
00159         /* 3. Account domain */
00160 
00161         if ((flags & LOOKUP_NAME_DOMAIN) &&
00162             strequal(name, get_global_sam_name()))
00163         {
00164                 if (!secrets_fetch_domain_sid(name, &sid)) {
00165                         DEBUG(3, ("Could not fetch my SID\n"));
00166                         TALLOC_FREE(tmp_ctx);
00167                         return False;
00168                 }
00169                 /* Swap domain and name */
00170                 tmp = name; name = domain; domain = tmp;
00171                 type = SID_NAME_DOMAIN;
00172                 goto ok;
00173         }
00174 
00175         /* 4. Primary domain */
00176 
00177         if ((flags & LOOKUP_NAME_DOMAIN) && !IS_DC &&
00178             strequal(name, lp_workgroup()))
00179         {
00180                 if (!secrets_fetch_domain_sid(name, &sid)) {
00181                         DEBUG(3, ("Could not fetch the domain SID\n"));
00182                         TALLOC_FREE(tmp_ctx);
00183                         return False;
00184                 }
00185                 /* Swap domain and name */
00186                 tmp = name; name = domain; domain = tmp;
00187                 type = SID_NAME_DOMAIN;
00188                 goto ok;
00189         }
00190 
00191         /* 5. Trusted domains as such, to me it looks as if members don't do
00192               this, tested an XP workstation in a NT domain -- vl */
00193 
00194         if ((flags & LOOKUP_NAME_REMOTE) && IS_DC &&
00195             (secrets_fetch_trusted_domain_password(name, NULL, &sid, NULL)))
00196         {
00197                 /* Swap domain and name */
00198                 tmp = name; name = domain; domain = tmp;
00199                 type = SID_NAME_DOMAIN;
00200                 goto ok;
00201         }
00202 
00203         /* 6. Builtin aliases */        
00204 
00205         if ((flags & LOOKUP_NAME_BUILTIN) &&
00206             lookup_builtin_name(name, &rid))
00207         {
00208                 domain = talloc_strdup(tmp_ctx, builtin_domain_name());
00209                 sid_copy(&sid, &global_sid_Builtin);
00210                 sid_append_rid(&sid, rid);
00211                 type = SID_NAME_ALIAS;
00212                 goto ok;
00213         }
00214 
00215         /* 7. Local systems' SAM (DCs don't have a local SAM) */
00216         /* 8. Primary SAM (On members, this is the domain) */
00217 
00218         /* Both cases are done by looking at our passdb */
00219 
00220         if ((flags & LOOKUP_NAME_DOMAIN) &&
00221             lookup_global_sam_name(name, flags, &rid, &type))
00222         {
00223                 domain = talloc_strdup(tmp_ctx, get_global_sam_name());
00224                 sid_copy(&sid, get_global_sam_sid());
00225                 sid_append_rid(&sid, rid);
00226                 goto ok;
00227         }
00228 
00229         /* Now our local possibilities are exhausted. */
00230 
00231         if (!(flags & LOOKUP_NAME_REMOTE)) {
00232                 TALLOC_FREE(tmp_ctx);
00233                 return False;
00234         }
00235 
00236         /* If we are not a DC, we have to ask in our primary domain. Let
00237          * winbind do that. */
00238 
00239         if (!IS_DC &&
00240             (winbind_lookup_name(lp_workgroup(), name, &sid, &type))) {
00241                 domain = talloc_strdup(tmp_ctx, lp_workgroup());
00242                 goto ok;
00243         }
00244 
00245         /* 9. Trusted domains */
00246 
00247         /* If we're a DC we have to ask all trusted DC's. Winbind does not do
00248          * that (yet), but give it a chance. */
00249 
00250         if (IS_DC && winbind_lookup_name("", name, &sid, &type)) {
00251                 DOM_SID dom_sid;
00252                 uint32 tmp_rid;
00253                 enum lsa_SidType domain_type;
00254                 
00255                 if (type == SID_NAME_DOMAIN) {
00256                         /* Swap name and type */
00257                         tmp = name; name = domain; domain = tmp;
00258                         goto ok;
00259                 }
00260 
00261                 /* Here we have to cope with a little deficiency in the
00262                  * winbind API: We have to ask it again for the name of the
00263                  * domain it figured out itself. Maybe fix that later... */
00264 
00265                 sid_copy(&dom_sid, &sid);
00266                 sid_split_rid(&dom_sid, &tmp_rid);
00267 
00268                 if (!winbind_lookup_sid(tmp_ctx, &dom_sid, &domain, NULL,
00269                                         &domain_type) ||
00270                     (domain_type != SID_NAME_DOMAIN)) {
00271                         DEBUG(2, ("winbind could not find the domain's name "
00272                                   "it just looked up for us\n"));
00273                         TALLOC_FREE(tmp_ctx);
00274                         return False;
00275                 }
00276                 goto ok;
00277         }
00278 
00279         /* 10. Don't translate */
00280 
00281         /* 11. Ok, windows would end here. Samba has two more options:
00282                Unmapped users and unmapped groups */
00283 
00284         if (lookup_unix_user_name(name, &sid)) {
00285                 domain = talloc_strdup(tmp_ctx, unix_users_domain_name());
00286                 type = SID_NAME_USER;
00287                 goto ok;
00288         }
00289 
00290         if (lookup_unix_group_name(name, &sid)) {
00291                 domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
00292                 type = SID_NAME_DOM_GRP;
00293                 goto ok;
00294         }
00295 
00296         /*
00297          * Ok, all possibilities tried. Fail.
00298          */
00299 
00300         TALLOC_FREE(tmp_ctx);
00301         return False;
00302 
00303  ok:
00304         if ((domain == NULL) || (name == NULL)) {
00305                 DEBUG(0, ("talloc failed\n"));
00306                 TALLOC_FREE(tmp_ctx);
00307                 return False;
00308         }
00309 
00310         /*
00311          * Hand over the results to the talloc context we've been given.
00312          */
00313 
00314         if ((ret_name != NULL) &&
00315             !(*ret_name = talloc_strdup(mem_ctx, name))) {
00316                 DEBUG(0, ("talloc failed\n"));
00317                 TALLOC_FREE(tmp_ctx);
00318                 return False;
00319         }
00320 
00321         if (ret_domain != NULL) {
00322                 char *tmp_dom;
00323                 if (!(tmp_dom = talloc_strdup(mem_ctx, domain))) {
00324                         DEBUG(0, ("talloc failed\n"));
00325                         TALLOC_FREE(tmp_ctx);
00326                         return False;
00327                 }
00328                 strupper_m(tmp_dom);
00329                 *ret_domain = tmp_dom;
00330         }
00331 
00332         if (ret_sid != NULL) {
00333                 sid_copy(ret_sid, &sid);
00334         }
00335 
00336         if (ret_type != NULL) {
00337                 *ret_type = type;
00338         }
00339 
00340         TALLOC_FREE(tmp_ctx);
00341         return True;
00342 }

BOOL lookup_name_smbconf ( TALLOC_CTX mem_ctx,
const char *  full_name,
int  flags,
const char **  ret_domain,
const char **  ret_name,
DOM_SID ret_sid,
enum lsa_SidType ret_type 
)

lookup_sid.c350 行で定義されています。

参照先 get_global_sam_name()lookup_name()strchr_m()talloc_asprintf()talloc_strdup()unix_groups_domain_name()unix_users_domain_name().

参照元 create_token_from_username()find_forced_group()token_contains_name().

00354 {
00355         char *qualified_name;
00356         const char *p;
00357 
00358         /* NB. No winbindd_separator here as lookup_name needs \\' */
00359         if ((p = strchr_m(full_name, *lp_winbind_separator())) != NULL) {
00360 
00361                 /* The name is already qualified with a domain. */
00362 
00363                 if (*lp_winbind_separator() != '\\') {
00364                         char *tmp;
00365 
00366                         /* lookup_name() needs '\\' as a separator */
00367 
00368                         tmp = talloc_strdup(mem_ctx, full_name);
00369                         if (!tmp) {
00370                                 return False;
00371                         }
00372                         tmp[p - full_name] = '\\';
00373                         full_name = tmp;
00374                 }
00375 
00376                 return lookup_name(mem_ctx, full_name, flags,
00377                                 ret_domain, ret_name,
00378                                 ret_sid, ret_type);
00379         }
00380 
00381         /* Try with our own SAM name. */
00382         qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
00383                                 get_global_sam_name(),
00384                                 full_name );
00385         if (!qualified_name) {
00386                 return False;
00387         }
00388 
00389         if (lookup_name(mem_ctx, qualified_name, flags,
00390                                 ret_domain, ret_name,
00391                                 ret_sid, ret_type)) {
00392                 return True;
00393         }
00394         
00395         /* Finally try with "Unix Users" or "Unix Group" */
00396         qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
00397                                 flags & LOOKUP_NAME_GROUP ?
00398                                         unix_groups_domain_name() :
00399                                         unix_users_domain_name(),
00400                                 full_name );
00401         if (!qualified_name) {
00402                 return False;
00403         }
00404 
00405         return lookup_name(mem_ctx, qualified_name, flags,
00406                                 ret_domain, ret_name,
00407                                 ret_sid, ret_type);
00408 }

static BOOL wb_lookup_rids ( TALLOC_CTX mem_ctx,
const DOM_SID domain_sid,
int  num_rids,
uint32 *  rids,
const char **  domain_name,
const char **  names,
enum lsa_SidType types 
) [static]

lookup_sid.c410 行で定義されています。

参照先 domain_sidSID_NAME_UNKNOWNtalloc_init()talloc_strdup()winbind_lookup_rids().

参照元 lookup_rids().

00415 {
00416         int i;
00417         const char **my_names;
00418         enum lsa_SidType *my_types;
00419         TALLOC_CTX *tmp_ctx;
00420 
00421         if (!(tmp_ctx = talloc_init("wb_lookup_rids"))) {
00422                 return False;
00423         }
00424 
00425         if (!winbind_lookup_rids(tmp_ctx, domain_sid, num_rids, rids,
00426                                  domain_name, &my_names, &my_types)) {
00427                 *domain_name = "";
00428                 for (i=0; i<num_rids; i++) {
00429                         names[i] = "";
00430                         types[i] = SID_NAME_UNKNOWN;
00431                 }
00432                 TALLOC_FREE(tmp_ctx);
00433                 return True;
00434         }
00435 
00436         if (!(*domain_name = talloc_strdup(mem_ctx, *domain_name))) {
00437                 TALLOC_FREE(tmp_ctx);
00438                 return False;
00439         }
00440 
00441         /*
00442          * winbind_lookup_rids allocates its own array. We've been given the
00443          * array, so copy it over
00444          */
00445 
00446         for (i=0; i<num_rids; i++) {
00447                 if (my_names[i] == NULL) {
00448                         TALLOC_FREE(tmp_ctx);
00449                         return False;
00450                 }
00451                 if (!(names[i] = talloc_strdup(names, my_names[i]))) {
00452                         TALLOC_FREE(tmp_ctx);
00453                         return False;
00454                 }
00455                 types[i] = my_types[i];
00456         }
00457         TALLOC_FREE(tmp_ctx);
00458         return True;
00459 }

static BOOL lookup_rids ( TALLOC_CTX mem_ctx,
const DOM_SID domain_sid,
int  num_rids,
uint32_t *  rids,
const char **  domain_name,
const char ***  names,
enum lsa_SidType **  types 
) [static]

lookup_sid.c461 行で定義されています。

参照先 become_root()builtin_domain_name()domain_sidget_global_sam_name()gidtoname()lookup_builtin_rid()lookup_wellknown_sid()pdb_lookup_rids()resultsid_append_rid()sid_check_is_builtin()sid_check_is_domain()sid_check_is_unix_groups()sid_check_is_unix_users()sid_check_is_wellknown_domain()sid_copy()SID_NAME_ALIASSID_NAME_DOM_GRPSID_NAME_UNKNOWNSID_NAME_USERSID_NAME_WKN_GRPtalloc_strdup()uidtoname()unbecome_root()unix_groups_domain_name()unix_users_domain_name()wb_lookup_rids().

00465 {
00466         int i;
00467 
00468         if (num_rids) {
00469                 *names = TALLOC_ARRAY(mem_ctx, const char *, num_rids);
00470                 *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids);
00471 
00472                 if ((*names == NULL) || (*types == NULL)) {
00473                         return False;
00474                 }
00475         } else {
00476                 *names = NULL;
00477                 *types = NULL;
00478         }
00479 
00480         if (sid_check_is_domain(domain_sid)) {
00481                 NTSTATUS result;
00482 
00483                 if (*domain_name == NULL) {
00484                         *domain_name = talloc_strdup(
00485                                 mem_ctx, get_global_sam_name());
00486                 }
00487 
00488                 if (*domain_name == NULL) {
00489                         return False;
00490                 }
00491 
00492                 become_root();
00493                 result = pdb_lookup_rids(domain_sid, num_rids, rids,
00494                                          *names, *types);
00495                 unbecome_root();
00496 
00497                 return (NT_STATUS_IS_OK(result) ||
00498                         NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) ||
00499                         NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED));
00500         }
00501 
00502         if (sid_check_is_builtin(domain_sid)) {
00503 
00504                 if (*domain_name == NULL) {
00505                         *domain_name = talloc_strdup(
00506                                 mem_ctx, builtin_domain_name());
00507                 }
00508 
00509                 if (*domain_name == NULL) {
00510                         return False;
00511                 }
00512 
00513                 for (i=0; i<num_rids; i++) {
00514                         if (lookup_builtin_rid(*names, rids[i],
00515                                                &(*names)[i])) {
00516                                 if ((*names)[i] == NULL) {
00517                                         return False;
00518                                 }
00519                                 (*types)[i] = SID_NAME_ALIAS;
00520                         } else {
00521                                 (*types)[i] = SID_NAME_UNKNOWN;
00522                         }
00523                 }
00524                 return True;
00525         }
00526 
00527         if (sid_check_is_wellknown_domain(domain_sid, NULL)) {
00528                 for (i=0; i<num_rids; i++) {
00529                         DOM_SID sid;
00530                         sid_copy(&sid, domain_sid);
00531                         sid_append_rid(&sid, rids[i]);
00532                         if (lookup_wellknown_sid(mem_ctx, &sid,
00533                                                  domain_name, &(*names)[i])) {
00534                                 if ((*names)[i] == NULL) {
00535                                         return False;
00536                                 }
00537                                 (*types)[i] = SID_NAME_WKN_GRP;
00538                         } else {
00539                                 (*types)[i] = SID_NAME_UNKNOWN;
00540                         }
00541                 }
00542                 return True;
00543         }
00544 
00545         if (sid_check_is_unix_users(domain_sid)) {
00546                 if (*domain_name == NULL) {
00547                         *domain_name = talloc_strdup(
00548                                 mem_ctx, unix_users_domain_name());
00549                 }
00550                 for (i=0; i<num_rids; i++) {
00551                         (*names)[i] = talloc_strdup(
00552                                 (*names), uidtoname(rids[i]));
00553                         (*types)[i] = SID_NAME_USER;
00554                 }
00555                 return True;
00556         }
00557 
00558         if (sid_check_is_unix_groups(domain_sid)) {
00559                 if (*domain_name == NULL) {
00560                         *domain_name = talloc_strdup(
00561                                 mem_ctx, unix_groups_domain_name());
00562                 }
00563                 for (i=0; i<num_rids; i++) {
00564                         (*names)[i] = talloc_strdup(
00565                                 (*names), gidtoname(rids[i]));
00566                         (*types)[i] = SID_NAME_DOM_GRP;
00567                 }
00568                 return True;
00569         }
00570 
00571         return wb_lookup_rids(mem_ctx, domain_sid, num_rids, rids,
00572                               domain_name, *names, *types);
00573 }

static BOOL lookup_as_domain ( const DOM_SID sid,
TALLOC_CTX mem_ctx,
const char **  name 
) [static]

lookup_sid.c579 行で定義されています。

参照先 builtin_domain_name()get_global_sam_name()dom_sid::num_authsnum_domainssecrets_trusted_domains()trustdom_info::sidsid_check_is_builtin()sid_check_is_domain()sid_check_is_wellknown_domain()sid_equal()SID_NAME_DOMAINtalloc_strdup()typewinbind_lookup_sid().

参照元 lookup_sids().

00581 {
00582         const char *tmp;
00583         enum lsa_SidType type;
00584 
00585         if (sid_check_is_domain(sid)) {
00586                 *name = talloc_strdup(mem_ctx, get_global_sam_name());
00587                 return True;
00588         }
00589 
00590         if (sid_check_is_builtin(sid)) {
00591                 *name = talloc_strdup(mem_ctx, builtin_domain_name());
00592                 return True;
00593         }
00594 
00595         if (sid_check_is_wellknown_domain(sid, &tmp)) {
00596                 *name = talloc_strdup(mem_ctx, tmp);
00597                 return True;
00598         }
00599 
00600         if (sid->num_auths != 4) {
00601                 /* This can't be a domain */
00602                 return False;
00603         }
00604 
00605         if (IS_DC) {
00606                 uint32 i, num_domains;
00607                 struct trustdom_info **domains;
00608 
00609                 /* This is relatively expensive, but it happens only on DCs
00610                  * and for SIDs that have 4 sub-authorities and thus look like
00611                  * domains */
00612 
00613                 if (!NT_STATUS_IS_OK(secrets_trusted_domains(mem_ctx,
00614                                                              &num_domains,
00615                                                              &domains))) {
00616                         return False;
00617                 }
00618 
00619                 for (i=0; i<num_domains; i++) {
00620                         if (sid_equal(sid, &domains[i]->sid)) {
00621                                 *name = talloc_strdup(mem_ctx,
00622                                                       domains[i]->name);
00623                                 return True;
00624                         }
00625                 }
00626                 return False;
00627         }
00628 
00629         if (winbind_lookup_sid(mem_ctx, sid, &tmp, NULL, &type) &&
00630             (type == SID_NAME_DOMAIN)) {
00631                 *name = tmp;
00632                 return True;
00633         }
00634 
00635         return False;
00636 }

static BOOL check_dom_sid_to_level ( const DOM_SID sid,
int  level 
) [static]

lookup_sid.c657 行で定義されています。

参照先 trustdom_info::sidsid_check_is_builtin()sid_check_is_domain()sid_check_is_wellknown_domain()sid_string_static().

参照元 lookup_sids().

00658 {
00659         int ret = False;
00660 
00661         switch(level) {
00662         case 1:
00663                 ret = True;
00664                 break;
00665         case 2:
00666                 ret = (!sid_check_is_builtin(sid) &&
00667                        !sid_check_is_wellknown_domain(sid, NULL));
00668                 break;
00669         case 3:
00670         case 4:
00671         case 6:
00672                 ret = sid_check_is_domain(sid);
00673                 break;
00674         case 5:
00675                 ret = False;
00676                 break;
00677         }
00678 
00679         DEBUG(10, ("%s SID %s in level %d\n",
00680                    ret ? "Accepting" : "Rejecting",
00681                    sid_string_static(sid), level));
00682         return ret;
00683 }

NTSTATUS lookup_sids ( TALLOC_CTX mem_ctx,
int  num_sids,
const DOM_SID **  sids,
int  level,
struct lsa_dom_info **  ret_domains,
struct lsa_name_info **  ret_names 
)

lookup_sid.c697 行で定義されています。

参照先 builtin_domain_name()check_dom_sid_to_level()lsa_name_info::dom_idxdomain_namelsa_dom_info::idxslookup_as_domain()lsa_dom_info::namenamelsa_name_info::namelsa_dom_info::num_idxsresultlsa_name_info::ridlsa_dom_info::sidsid_check_is_builtin()sid_copy()sid_equal()SID_NAME_DOMAINSID_NAME_UNKNOWNSID_NAME_USE_NONEsid_split_rid()talloc_strdup()typelsa_name_info::typelsa_dom_info::validvalid.

参照元 _lsa_lookup_sids_internal()lookup_sid().

00701 {
00702         TALLOC_CTX *tmp_ctx;
00703         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00704         struct lsa_name_info *name_infos;
00705         struct lsa_dom_info *dom_infos = NULL;
00706 
00707         int i, j;
00708 
00709         if (!(tmp_ctx = talloc_new(mem_ctx))) {
00710                 DEBUG(0, ("talloc_new failed\n"));
00711                 return NT_STATUS_NO_MEMORY;
00712         }
00713 
00714         if (num_sids) {
00715                 name_infos = TALLOC_ARRAY(mem_ctx, struct lsa_name_info, num_sids);
00716                 if (name_infos == NULL) {
00717                         result = NT_STATUS_NO_MEMORY;
00718                         goto fail;
00719                 }
00720         } else {
00721                 name_infos = NULL;
00722         }
00723 
00724         dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info,
00725                                       MAX_REF_DOMAINS);
00726         if (dom_infos == NULL) {
00727                 result = NT_STATUS_NO_MEMORY;
00728                 goto fail;
00729         }
00730 
00731         /* First build up the data structures:
00732          * 
00733          * dom_infos is a list of domains referenced in the list of
00734          * SIDs. Later we will walk the list of domains and look up the RIDs
00735          * in bulk.
00736          *
00737          * name_infos is a shadow-copy of the SIDs array to collect the real
00738          * data.
00739          *
00740          * dom_info->idxs is an index into the name_infos array. The
00741          * difficulty we have here is that we need to keep the SIDs the client
00742          * asked for in the same order for the reply
00743          */
00744 
00745         for (i=0; i<num_sids; i++) {
00746                 DOM_SID sid;
00747                 uint32 rid;
00748                 const char *domain_name = NULL;
00749 
00750                 sid_copy(&sid, sids[i]);
00751                 name_infos[i].type = SID_NAME_USE_NONE;
00752 
00753                 if (lookup_as_domain(&sid, name_infos, &domain_name)) {
00754                         /* We can't push that through the normal lookup
00755                          * process, as this would reference illegal
00756                          * domains.
00757                          *
00758                          * For example S-1-5-32 would end up referencing
00759                          * domain S-1-5- with RID 32 which is clearly wrong.
00760                          */
00761                         if (domain_name == NULL) {
00762                                 result = NT_STATUS_NO_MEMORY;
00763                                 goto fail;
00764                         }
00765                                 
00766                         name_infos[i].rid = 0;
00767                         name_infos[i].type = SID_NAME_DOMAIN;
00768                         name_infos[i].name = NULL;
00769 
00770                         if (sid_check_is_builtin(&sid)) {
00771                                 /* Yes, W2k3 returns "BUILTIN" both as domain
00772                                  * and name here */
00773                                 name_infos[i].name = talloc_strdup(
00774                                         name_infos, builtin_domain_name());
00775                                 if (name_infos[i].name == NULL) {
00776                                         result = NT_STATUS_NO_MEMORY;
00777                                         goto fail;
00778                                 }
00779                         }
00780                 } else {
00781                         /* This is a normal SID with rid component */
00782                         if (!sid_split_rid(&sid, &rid)) {
00783                                 result = NT_STATUS_INVALID_PARAMETER;
00784                                 goto fail;
00785                         }
00786                 }
00787 
00788                 if (!check_dom_sid_to_level(&sid, level)) {
00789                         name_infos[i].rid = 0;
00790                         name_infos[i].type = SID_NAME_UNKNOWN;
00791                         name_infos[i].name = NULL;
00792                         continue;
00793                 }
00794 
00795                 for (j=0; j<MAX_REF_DOMAINS; j++) {
00796                         if (!dom_infos[j].valid) {
00797                                 break;
00798                         }
00799                         if (sid_equal(&sid, &dom_infos[j].sid)) {
00800                                 break;
00801                         }
00802                 }
00803 
00804                 if (j == MAX_REF_DOMAINS) {
00805                         /* TODO: What's the right error message here? */
00806                         result = NT_STATUS_NONE_MAPPED;
00807                         goto fail;
00808                 }
00809 
00810                 if (!dom_infos[j].valid) {
00811                         /* We found a domain not yet referenced, create a new
00812                          * ref. */
00813                         dom_infos[j].valid = True;
00814                         sid_copy(&dom_infos[j].sid, &sid);
00815 
00816                         if (domain_name != NULL) {
00817                                 /* This name was being found above in the case
00818                                  * when we found a domain SID */
00819                                 dom_infos[j].name =
00820                                         talloc_strdup(dom_infos, domain_name);
00821                                 if (dom_infos[j].name == NULL) {
00822                                         result = NT_STATUS_NO_MEMORY;
00823                                         goto fail;
00824                                 }
00825                         } else {
00826                                 /* lookup_rids will take care of this */
00827                                 dom_infos[j].name = NULL;
00828                         }
00829                 }
00830 
00831                 name_infos[i].dom_idx = j;
00832 
00833                 if (name_infos[i].type == SID_NAME_USE_NONE) {
00834                         name_infos[i].rid = rid;
00835 
00836                         ADD_TO_ARRAY(dom_infos, int, i, &dom_infos[j].idxs,
00837                                      &dom_infos[j].num_idxs);
00838 
00839                         if (dom_infos[j].idxs == NULL) {
00840                                 result = NT_STATUS_NO_MEMORY;
00841                                 goto fail;
00842                         }
00843                 }
00844         }
00845 
00846         /* Iterate over the domains found */
00847 
00848         for (i=0; i<MAX_REF_DOMAINS; i++) {
00849                 uint32_t *rids;
00850                 const char *domain_name = NULL;
00851                 const char **names;
00852                 enum lsa_SidType *types;
00853                 struct lsa_dom_info *dom = &dom_infos[i];
00854 
00855                 if (!dom->valid) {
00856                         /* No domains left, we're done */
00857                         break;
00858                 }
00859 
00860                 if (dom->num_idxs) {
00861                         if (!(rids = TALLOC_ARRAY(tmp_ctx, uint32, dom->num_idxs))) {
00862                                 result = NT_STATUS_NO_MEMORY;
00863                                 goto fail;
00864                         }
00865                 } else {
00866                         rids = NULL;
00867                 }
00868 
00869                 for (j=0; j<dom->num_idxs; j++) {
00870                         rids[j] = name_infos[dom->idxs[j]].rid;
00871                 }
00872 
00873                 if (!lookup_rids(tmp_ctx, &dom->sid,
00874                                  dom->num_idxs, rids, &domain_name,
00875                                  &names, &types)) {
00876                         result = NT_STATUS_NO_MEMORY;
00877                         goto fail;
00878                 }
00879 
00880                 if (!(dom->name = talloc_strdup(dom_infos, domain_name))) {
00881                         result = NT_STATUS_NO_MEMORY;
00882                         goto fail;
00883                 }
00884                         
00885                 for (j=0; j<dom->num_idxs; j++) {
00886                         int idx = dom->idxs[j];
00887                         name_infos[idx].type = types[j];
00888                         if (types[j] != SID_NAME_UNKNOWN) {
00889                                 name_infos[idx].name =
00890                                         talloc_strdup(name_infos, names[j]);
00891                                 if (name_infos[idx].name == NULL) {
00892                                         result = NT_STATUS_NO_MEMORY;
00893                                         goto fail;
00894                                 }
00895                         } else {
00896                                 name_infos[idx].name = NULL;
00897                         }
00898                 }
00899         }
00900 
00901         *ret_domains = dom_infos;
00902         *ret_names = name_infos;
00903         return NT_STATUS_OK;
00904 
00905  fail:
00906         TALLOC_FREE(dom_infos);
00907         TALLOC_FREE(name_infos);
00908         TALLOC_FREE(tmp_ctx);
00909         return result;
00910 }

BOOL lookup_sid ( TALLOC_CTX mem_ctx,
const DOM_SID sid,
const char **  ret_domain,
const char **  ret_name,
enum lsa_SidType ret_type 
)

lookup_sid.c916 行で定義されています。

参照先 lookup_sids()lsa_dom_info::namenameSID_NAME_UNKNOWNsid_string_static()talloc_strdup().

参照元 _lsa_getsystemaccount()_lsa_open_account()_samr_open_alias()api_NetUserGetGroups()getgrgid_recv()net_lookup_sid()net_sam_addmem()net_sam_listmem()new_afs_ace()pdb_create_builtin_alias()pdb_get_group_sid()rids_to_names()sid_to_name()smbacl4_fill_ace4().

00919 {
00920         struct lsa_dom_info *domain;
00921         struct lsa_name_info *name;
00922         TALLOC_CTX *tmp_ctx;
00923         BOOL ret = False;
00924 
00925         if (!(tmp_ctx = talloc_new(mem_ctx))) {
00926                 DEBUG(0, ("talloc_new failed\n"));
00927                 return False;
00928         }
00929 
00930         if (!NT_STATUS_IS_OK(lookup_sids(tmp_ctx, 1, &sid, 1,
00931                                          &domain, &name))) {
00932                 goto done;
00933         }
00934 
00935         if (name->type == SID_NAME_UNKNOWN) {
00936                 goto done;
00937         }
00938 
00939         if ((ret_domain != NULL) &&
00940             !(*ret_domain = talloc_strdup(mem_ctx, domain->name))) {
00941                 goto done;
00942         }
00943 
00944         if ((ret_name != NULL) && 
00945             !(*ret_name = talloc_strdup(mem_ctx, name->name))) {
00946                 goto done;
00947         }
00948 
00949         if (ret_type != NULL) {
00950                 *ret_type = name->type;
00951         }
00952 
00953         ret = True;
00954 
00955  done:
00956         if (ret) {
00957                 DEBUG(10, ("Sid %s -> %s\\%s(%d)\n",
00958                            sid_string_static(sid), domain->name,
00959                            name->name, name->type));
00960         } else {
00961                 DEBUG(10, ("failed to lookup sid %s\n",
00962                            sid_string_static(sid)));
00963         }
00964         TALLOC_FREE(tmp_ctx);
00965         return ret;
00966 }

static BOOL fetch_sid_from_uid_cache ( DOM_SID psid,
uid_t  uid 
) [static]

lookup_sid.c1002 行で定義されています。

参照先 uid_sid_cache::nextuid_sid_cache::sidsid_string_static()uid_sid_cache::uiduid_sid_cache_head.

参照元 uid_to_sid().

01003 {
01004         struct uid_sid_cache *pc;
01005 
01006         for (pc = uid_sid_cache_head; pc; pc = pc->next) {
01007                 if (pc->uid == uid) {
01008                         *psid = pc->sid;
01009                         DEBUG(3,("fetch sid from uid cache %u -> %s\n",
01010                                  (unsigned int)uid, sid_string_static(psid)));
01011                         DLIST_PROMOTE(uid_sid_cache_head, pc);
01012                         return True;
01013                 }
01014         }
01015         return False;
01016 }

static BOOL fetch_uid_from_cache ( uid_t *  puid,
const DOM_SID psid 
) [static]

lookup_sid.c1022 行で定義されています。

参照先 uid_sid_cache::nextuid_sid_cache::sidsid_compare()sid_string_static()uid_sid_cache::uiduid_sid_cache_head.

参照元 sid_to_gid()sid_to_uid().

01023 {
01024         struct uid_sid_cache *pc;
01025 
01026         for (pc = uid_sid_cache_head; pc; pc = pc->next) {
01027                 if (sid_compare(&pc->sid, psid) == 0) {
01028                         *puid = pc->uid;
01029                         DEBUG(3,("fetch uid from cache %u -> %s\n",
01030                                  (unsigned int)*puid, sid_string_static(psid)));
01031                         DLIST_PROMOTE(uid_sid_cache_head, pc);
01032                         return True;
01033                 }
01034         }
01035         return False;
01036 }

void store_uid_sid_cache ( const DOM_SID psid,
uid_t  uid 
)

lookup_sid.c1042 行で定義されています。

参照先 n_uid_sid_cacheuid_sid_cache::nextuid_sid_cache::sidsid_check_is_in_unix_users()sid_copy()uid_sid_cache::uiduid_sid_cache_head.

参照元 init_sam_from_ldap()legacy_sid_to_uid()legacy_uid_to_sid()sid_to_uid()uid_to_sid().

01043 {
01044         struct uid_sid_cache *pc;
01045 
01046         /* do not store SIDs in the "Unix Group" domain */
01047         
01048         if ( sid_check_is_in_unix_users( psid ) )
01049                 return;
01050 
01051         if (n_uid_sid_cache >= MAX_UID_SID_CACHE_SIZE && n_uid_sid_cache > TURNOVER_UID_SID_CACHE_SIZE) {
01052                 /* Delete the last TURNOVER_UID_SID_CACHE_SIZE entries. */
01053                 struct uid_sid_cache *pc_next;
01054                 size_t i;
01055 
01056                 for (i = 0, pc = uid_sid_cache_head; i < (n_uid_sid_cache - TURNOVER_UID_SID_CACHE_SIZE); i++, pc = pc->next)
01057                         ;
01058                 for(; pc; pc = pc_next) {
01059                         pc_next = pc->next;
01060                         DLIST_REMOVE(uid_sid_cache_head,pc);
01061                         SAFE_FREE(pc);
01062                         n_uid_sid_cache--;
01063                 }
01064         }
01065 
01066         pc = SMB_MALLOC_P(struct uid_sid_cache);
01067         if (!pc)
01068                 return;
01069         pc->uid = uid;
01070         sid_copy(&pc->sid, psid);
01071         DLIST_ADD(uid_sid_cache_head, pc);
01072         n_uid_sid_cache++;
01073 }

static BOOL fetch_sid_from_gid_cache ( DOM_SID psid,
gid_t  gid 
) [static]

lookup_sid.c1079 行で定義されています。

参照先 gid_sid_cache::gidgid_sid_cache_headgid_sid_cache::nextgid_sid_cache::sidsid_string_static().

参照元 gid_to_sid().

01080 {
01081         struct gid_sid_cache *pc;
01082 
01083         for (pc = gid_sid_cache_head; pc; pc = pc->next) {
01084                 if (pc->gid == gid) {
01085                         *psid = pc->sid;
01086                         DEBUG(3,("fetch sid from gid cache %u -> %s\n",
01087                                  (unsigned int)gid, sid_string_static(psid)));
01088                         DLIST_PROMOTE(gid_sid_cache_head, pc);
01089                         return True;
01090                 }
01091         }
01092         return False;
01093 }

static BOOL fetch_gid_from_cache ( gid_t *  pgid,
const DOM_SID psid 
) [static]

lookup_sid.c1099 行で定義されています。

参照先 gid_sid_cache::gidgid_sid_cache_headgid_sid_cache::nextgid_sid_cache::sidsid_compare()sid_string_static().

参照元 sid_to_gid()sid_to_uid().

01100 {
01101         struct gid_sid_cache *pc;
01102 
01103         for (pc = gid_sid_cache_head; pc; pc = pc->next) {
01104                 if (sid_compare(&pc->sid, psid) == 0) {
01105                         *pgid = pc->gid;
01106                         DEBUG(3,("fetch gid from cache %u -> %s\n",
01107                                  (unsigned int)*pgid, sid_string_static(psid)));
01108                         DLIST_PROMOTE(gid_sid_cache_head, pc);
01109                         return True;
01110                 }
01111         }
01112         return False;
01113 }

void store_gid_sid_cache ( const DOM_SID psid,
gid_t  gid 
)

lookup_sid.c1119 行で定義されています。

参照先 gid_sid_cache::gidgid_sid_cache_headn_gid_sid_cachegid_sid_cache::nextgid_sid_cache::sidsid_check_is_in_unix_groups()sid_copy()sid_string_static().

参照元 gid_to_sid()init_group_from_ldap()legacy_gid_to_sid()legacy_sid_to_gid()sid_to_gid().

01120 {
01121         struct gid_sid_cache *pc;
01122         
01123         /* do not store SIDs in the "Unix Group" domain */
01124         
01125         if ( sid_check_is_in_unix_groups( psid ) )
01126                 return;
01127 
01128         if (n_gid_sid_cache >= MAX_GID_SID_CACHE_SIZE && n_gid_sid_cache > TURNOVER_GID_SID_CACHE_SIZE) {
01129                 /* Delete the last TURNOVER_GID_SID_CACHE_SIZE entries. */
01130                 struct gid_sid_cache *pc_next;
01131                 size_t i;
01132 
01133                 for (i = 0, pc = gid_sid_cache_head; i < (n_gid_sid_cache - TURNOVER_GID_SID_CACHE_SIZE); i++, pc = pc->next)
01134                         ;
01135                 for(; pc; pc = pc_next) {
01136                         pc_next = pc->next;
01137                         DLIST_REMOVE(gid_sid_cache_head,pc);
01138                         SAFE_FREE(pc);
01139                         n_gid_sid_cache--;
01140                 }
01141         }
01142 
01143         pc = SMB_MALLOC_P(struct gid_sid_cache);
01144         if (!pc)
01145                 return;
01146         pc->gid = gid;
01147         sid_copy(&pc->sid, psid);
01148         DLIST_ADD(gid_sid_cache_head, pc);
01149 
01150         DEBUG(3,("store_gid_sid_cache: gid %u in cache -> %s\n", (unsigned int)gid,
01151                 sid_string_static(psid)));
01152 
01153         n_gid_sid_cache++;
01154 }

static void legacy_uid_to_sid ( DOM_SID psid,
uid_t  uid 
) [static]

lookup_sid.c1160 行で定義されています。

参照先 become_root()get_global_sam_sid()pdb_uid_to_rid()sid_append_rid()sid_copy()sid_string_static()store_uid_sid_cache()uid_to_unix_users_sid()unbecome_root().

参照元 uid_to_sid().

01161 {
01162         uint32 rid;
01163         BOOL ret;
01164 
01165         ZERO_STRUCTP(psid);
01166 
01167         become_root();
01168         ret = pdb_uid_to_rid(uid, &rid);
01169         unbecome_root();
01170 
01171         if (ret) {
01172                 /* This is a mapped user */
01173                 sid_copy(psid, get_global_sam_sid());
01174                 sid_append_rid(psid, rid);
01175                 goto done;
01176         }
01177 
01178         /* This is an unmapped user */
01179 
01180         uid_to_unix_users_sid(uid, psid);
01181 
01182  done:
01183         DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
01184                   sid_string_static(psid)));
01185 
01186         store_uid_sid_cache(psid, uid);
01187         return;
01188 }

static void legacy_gid_to_sid ( DOM_SID psid,
gid_t  gid 
) [static]

lookup_sid.c1194 行で定義されています。

参照先 become_root()gid_to_unix_groups_sid()pdb_gid_to_sid()sid_string_static()store_gid_sid_cache()unbecome_root().

参照元 gid_to_sid().

01195 {
01196         BOOL ret;
01197 
01198         ZERO_STRUCTP(psid);
01199 
01200         become_root();
01201         ret = pdb_gid_to_sid(gid, psid);
01202         unbecome_root();
01203 
01204         if (ret) {
01205                 /* This is a mapped group */
01206                 goto done;
01207         }
01208         
01209         /* This is an unmapped group */
01210 
01211         gid_to_unix_groups_sid(gid, psid);
01212 
01213  done:
01214         DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
01215                   sid_string_static(psid)));
01216 
01217         store_gid_sid_cache(psid, gid);
01218         return;
01219 }

static BOOL legacy_sid_to_uid ( const DOM_SID psid,
uid_t *  puid 
) [static]

lookup_sid.c1225 行で定義されています。

参照先 become_root()get_global_sam_sid()idpdb_sid_to_id()SID_NAME_USERsid_peek_check_rid()sid_string_static()sid_type_lookup()store_uid_sid_cache()typeunbecome_root().

参照元 sid_to_uid().

01226 {
01227         enum lsa_SidType type;
01228         uint32 rid;
01229 
01230         if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
01231                 union unid_t id;
01232                 BOOL ret;
01233 
01234                 become_root();
01235                 ret = pdb_sid_to_id(psid, &id, &type);
01236                 unbecome_root();
01237 
01238                 if (ret) {
01239                         if (type != SID_NAME_USER) {
01240                                 DEBUG(5, ("sid %s is a %s, expected a user\n",
01241                                           sid_string_static(psid),
01242                                           sid_type_lookup(type)));
01243                                 return False;
01244                         }
01245                         *puid = id.uid;
01246                         goto done;
01247                 }
01248 
01249                 /* This was ours, but it was not mapped.  Fail */
01250                 }
01251 
01252         DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid)));
01253         return False;
01254 
01255 done:
01256         DEBUG(10,("LEGACY: sid %s -> uid %u\n", sid_string_static(psid),
01257                 (unsigned int)*puid ));
01258 
01259         store_uid_sid_cache(psid, *puid);
01260         return True;
01261 }

static BOOL legacy_sid_to_gid ( const DOM_SID psid,
gid_t *  pgid 
) [static]

lookup_sid.c1268 行で定義されています。

参照先 become_root()get_global_sam_sid()_GROUP_MAP::gididpdb_getgrsid()pdb_sid_to_id()sid_check_is_in_builtin()sid_check_is_in_wellknown_domain()SID_NAME_ALIASSID_NAME_DOM_GRPsid_peek_check_rid()sid_string_static()sid_type_lookup()store_gid_sid_cache()typeunbecome_root().

参照元 sid_to_gid().

01269 {
01270         uint32 rid;
01271         GROUP_MAP map;
01272         union unid_t id;
01273         enum lsa_SidType type;
01274 
01275         if ((sid_check_is_in_builtin(psid) ||
01276              sid_check_is_in_wellknown_domain(psid))) {
01277                 BOOL ret;
01278 
01279                 become_root();
01280                 ret = pdb_getgrsid(&map, *psid);
01281                 unbecome_root();
01282 
01283                 if (ret) {
01284                         *pgid = map.gid;
01285                         goto done;
01286                 }
01287                 DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid)));
01288                 return False;
01289         }
01290 
01291         if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
01292                 BOOL ret;
01293 
01294                 become_root();
01295                 ret = pdb_sid_to_id(psid, &id, &type);
01296                 unbecome_root();
01297 
01298                 if (ret) {
01299                         if ((type != SID_NAME_DOM_GRP) &&
01300                             (type != SID_NAME_ALIAS)) {
01301                                 DEBUG(5, ("LEGACY: sid %s is a %s, expected a group\n",
01302                                           sid_string_static(psid),
01303                                           sid_type_lookup(type)));
01304                                 return False;
01305                         }
01306                         *pgid = id.gid;
01307                         goto done;
01308                 }
01309 
01310                 /* This was ours, but it was not mapped.  Fail */
01311         }
01312 
01313         DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid)));
01314                 return False;
01315         
01316  done:
01317         DEBUG(10,("LEGACY: sid %s -> gid %u\n", sid_string_static(psid),
01318                   (unsigned int)*pgid ));
01319 
01320         store_gid_sid_cache(psid, *pgid);
01321 
01322         return True;
01323 }

void uid_to_sid ( DOM_SID psid,
uid_t  uid 
)

lookup_sid.c1329 行で定義されています。

参照先 fetch_sid_from_uid_cache()legacy_uid_to_sid()sid_string_static()store_uid_sid_cache()winbind_ping()winbind_uid_to_sid().

参照元 afs_to_nt_acl()canonicalise_acl()create_file_sids()get_root_nt_token()pdb_default_enum_group_members()smb_get_nt_acl_nfs4()smbacl4_nfs42win()vfs_get_user_ntquota_list().

01330 {
01331         ZERO_STRUCTP(psid);
01332 
01333         if (fetch_sid_from_uid_cache(psid, uid))
01334                 return;
01335 
01336         if (!winbind_uid_to_sid(psid, uid)) {
01337                 if (!winbind_ping()) {
01338                         legacy_uid_to_sid(psid, uid);
01339                         return;
01340                 }
01341 
01342                 DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n",
01343                         uid));
01344                 return;
01345         }
01346         
01347         DEBUG(10,("uid %u -> sid %s\n",
01348                   (unsigned int)uid, sid_string_static(psid)));
01349 
01350         store_uid_sid_cache(psid, uid);
01351         return;
01352 }

void gid_to_sid ( DOM_SID psid,
gid_t  gid 
)

lookup_sid.c1358 行で定義されています。

参照先 fetch_sid_from_gid_cache()legacy_gid_to_sid()sid_string_static()store_gid_sid_cache()winbind_gid_to_sid()winbind_ping().

参照元 afs_to_nt_acl()canonicalise_acl()change_to_user()create_file_sids()create_token_from_username()get_root_nt_token()pdb_default_enum_group_memberships()samu_set_unix_internal()smb_get_nt_acl_nfs4()smbacl4_nfs42win().

01359 {
01360         ZERO_STRUCTP(psid);
01361                 
01362         if (fetch_sid_from_gid_cache(psid, gid))
01363                 return;
01364 
01365         if (!winbind_gid_to_sid(psid, gid)) {
01366                 if (!winbind_ping()) {
01367                         legacy_gid_to_sid(psid, gid);
01368                         return;
01369                 }
01370 
01371                 DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n",
01372                         gid));
01373                 return;
01374         }
01375 
01376         DEBUG(10,("gid %u -> sid %s\n",
01377                   (unsigned int)gid, sid_string_static(psid)));
01378         
01379         store_gid_sid_cache(psid, gid);
01380         return;
01381 }

BOOL sid_to_uid ( const DOM_SID psid,
uid_t *  puid 
)

lookup_sid.c1387 行で定義されています。

参照先 fetch_gid_from_cache()fetch_uid_from_cache()unid_t::gidglobal_sid_Unix_Userslegacy_sid_to_uid()sid_peek_check_rid()sid_string_static()store_uid_sid_cache()unid_t::uidwinbind_ping()winbind_sid_to_uid().

参照元 _cleanup_failures()call_nt_transact_ioctl()create_token_from_username()pam_sm_chauthtok()pdb_default_add_groupmem()pdb_default_del_groupmem()pdb_delete_user()pdb_rename_sam_account()smbacl4_fill_ace4()unpack_nt_owners()vfs_get_ntquota()vfs_set_ntquota().

01388 {
01389         uint32 rid;
01390         gid_t gid;
01391 
01392         if (fetch_uid_from_cache(puid, psid))
01393                 return True;
01394 
01395         if (fetch_gid_from_cache(&gid, psid)) {
01396                 return False;
01397         }
01398 
01399         /* Optimize for the Unix Users Domain
01400          * as the conversion is straightforward */
01401         if (sid_peek_check_rid(&global_sid_Unix_Users, psid, &rid)) {
01402                 uid_t uid = rid;
01403                 *puid = uid;
01404 
01405                 /* return here, don't cache */
01406                 DEBUG(10,("sid %s -> uid %u\n", sid_string_static(psid),
01407                         (unsigned int)*puid ));
01408                 return True;
01409         }
01410 
01411         if (!winbind_sid_to_uid(puid, psid)) {
01412                 if (!winbind_ping()) {
01413                         return legacy_sid_to_uid(psid, puid);
01414                 }
01415 
01416                 DEBUG(5, ("winbind failed to find a uid for sid %s\n",
01417                           sid_string_static(psid)));
01418                 return False;
01419         }
01420         
01421         /* TODO: Here would be the place to allocate both a gid and a uid for
01422          * the SID in question */
01423 
01424         DEBUG(10,("sid %s -> uid %u\n", sid_string_static(psid),
01425                 (unsigned int)*puid ));
01426 
01427         store_uid_sid_cache(psid, *puid);
01428         return True;
01429 }

BOOL sid_to_gid ( const DOM_SID psid,
gid_t *  pgid 
)

lookup_sid.c1436 行で定義されています。

参照先 fetch_gid_from_cache()fetch_uid_from_cache()unid_t::gidglobal_sid_Unix_Groupslegacy_sid_to_gid()sid_peek_check_rid()sid_string_static()store_gid_sid_cache()unid_t::uidwinbind_ping()winbind_sid_to_gid().

参照元 _samr_create_dom_alias()_samr_open_alias()create_local_token()create_token_from_username()find_forced_group()ldapsam_change_groupmem()ldapsam_create_user()ldapsam_set_primary_group()make_connection_snum()pdb_default_enum_group_members()pdb_default_set_unix_primary_group()pdb_set_group_sid()smbacl4_fill_ace4()unpack_nt_owners().

01437 {
01438         uint32 rid;
01439         uid_t uid;
01440 
01441         if (fetch_gid_from_cache(pgid, psid))
01442                 return True;
01443 
01444         if (fetch_uid_from_cache(&uid, psid))
01445                 return False;
01446 
01447         /* Optimize for the Unix Groups Domain
01448          * as the conversion is straightforward */
01449         if (sid_peek_check_rid(&global_sid_Unix_Groups, psid, &rid)) {
01450                 gid_t gid = rid;
01451                 *pgid = gid;
01452 
01453                 /* return here, don't cache */
01454                 DEBUG(10,("sid %s -> gid %u\n", sid_string_static(psid),
01455                         (unsigned int)*pgid ));
01456                 return True;
01457         }
01458 
01459         /* Ask winbindd if it can map this sid to a gid.
01460          * (Idmap will check it is a valid SID and of the right type) */
01461 
01462         if ( !winbind_sid_to_gid(pgid, psid) ) {
01463                 if (!winbind_ping()) {
01464                         return legacy_sid_to_gid(psid, pgid);
01465                 }
01466 
01467                 DEBUG(10,("winbind failed to find a gid for sid %s\n",
01468                                         sid_string_static(psid)));
01469                 return False;
01470         }
01471 
01472         DEBUG(10,("sid %s -> gid %u\n", sid_string_static(psid),
01473                   (unsigned int)*pgid ));
01474 
01475         store_gid_sid_cache(psid, *pgid);
01476         
01477         return True;
01478 }


変数

size_t n_uid_sid_cache = 0 [static]

lookup_sid.c981 行で定義されています。

参照元 store_uid_sid_cache().

size_t n_gid_sid_cache = 0 [static]

lookup_sid.c982 行で定義されています。

参照元 store_gid_sid_cache().

struct uid_sid_cache * uid_sid_cache_head [static]

参照元 fetch_sid_from_uid_cache()fetch_uid_from_cache()store_uid_sid_cache().

struct gid_sid_cache * gid_sid_cache_head [static]

参照元 fetch_gid_from_cache()fetch_sid_from_gid_cache()store_gid_sid_cache().


Sambaに対してSat Aug 29 21:23:59 2009に生成されました。  doxygen 1.4.7