194
195
static NTSTATUS lookup_well_known_names(TALLOC_CTX *mem_ctx, const char *domain,
195
196
const char *name, const char **authority_name,
196
struct dom_sid **sid, uint32_t *rtype)
197
struct dom_sid **sid, enum lsa_SidType *rtype)
199
200
for (i=0; well_known[i].sid; i++) {
201
202
if (strcasecmp_m(domain, well_known[i].domain) == 0
220
221
static NTSTATUS lookup_well_known_sids(TALLOC_CTX *mem_ctx,
221
222
const char *sid_str, const char **authority_name,
222
const char **name, uint32_t *rtype)
223
const char **name, enum lsa_SidType *rtype)
225
226
for (i=0; well_known[i].sid; i++) {
226
227
if (strcasecmp_m(sid_str, well_known[i].sid) == 0) {
227
228
*authority_name = well_known[i].domain;
239
240
static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
240
241
struct loadparm_context *lp_ctx,
241
242
struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
242
const char *name, const char **authority_name,
243
struct dom_sid **sid, enum lsa_SidType *rtype)
243
const char *name, const char **authority_name,
244
struct dom_sid **sid, enum lsa_SidType *rtype,
246
249
struct ldb_message **res;
247
250
const char * const attrs[] = { "objectSid", "sAMAccountType", NULL};
274
277
/* Look up table of well known names */
275
278
status = lookup_well_known_names(mem_ctx, NULL, username, authority_name, sid, rtype);
276
279
if (NT_STATUS_IS_OK(status)) {
280
dom_sid_split_rid(NULL, *sid, NULL, rid);
284
if (username == NULL) {
285
*authority_name = NAME_BUILTIN;
286
*sid = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN);
287
*rtype = SID_NAME_DOMAIN;
277
289
return NT_STATUS_OK;
281
293
*authority_name = NAME_NT_AUTHORITY;
282
294
*sid = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHORITY);
283
295
*rtype = SID_NAME_DOMAIN;
296
dom_sid_split_rid(NULL, *sid, NULL, rid);
284
297
return NT_STATUS_OK;
286
299
if (strcasecmp_m(username, NAME_BUILTIN) == 0) {
287
300
*authority_name = NAME_BUILTIN;
288
301
*sid = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN);
289
302
*rtype = SID_NAME_DOMAIN;
290
304
return NT_STATUS_OK;
292
306
if (strcasecmp_m(username, state->domain_dns) == 0) {
293
307
*authority_name = state->domain_name;
294
308
*sid = state->domain_sid;
295
309
*rtype = SID_NAME_DOMAIN;
296
311
return NT_STATUS_OK;
298
313
if (strcasecmp_m(username, state->domain_name) == 0) {
299
314
*authority_name = state->domain_name;
300
315
*sid = state->domain_sid;
301
316
*rtype = SID_NAME_DOMAIN;
302
318
return NT_STATUS_OK;
308
324
return NT_STATUS_NO_MEMORY;
310
status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype);
326
status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid);
311
327
if (NT_STATUS_IS_OK(status)) {
318
334
return NT_STATUS_NO_MEMORY;
320
status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype);
336
status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid);
321
337
if (NT_STATUS_IS_OK(status)) {
328
344
return NT_STATUS_NO_MEMORY;
330
status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype);
346
status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid);
331
347
if (NT_STATUS_IS_OK(status)) {
338
354
*authority_name = NAME_NT_AUTHORITY;
339
355
*sid = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHORITY);
340
356
*rtype = SID_NAME_DOMAIN;
357
dom_sid_split_rid(NULL, *sid, NULL, rid);
341
358
return NT_STATUS_OK;
344
361
/* Look up table of well known names */
345
return lookup_well_known_names(mem_ctx, domain, username, authority_name,
362
status = lookup_well_known_names(mem_ctx, domain, username, authority_name,
364
if (NT_STATUS_IS_OK(status)) {
365
dom_sid_split_rid(NULL, *sid, NULL, rid);
347
368
} else if (strcasecmp_m(domain, NAME_BUILTIN) == 0) {
348
369
*authority_name = NAME_BUILTIN;
349
370
domain_dn = state->builtin_dn;
361
382
ret = gendb_search_dn(state->sam_ldb, mem_ctx, domain_dn, &res, attrs);
363
domain_sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
364
if (domain_sid == NULL) {
365
return NT_STATUS_INVALID_SID;
384
return NT_STATUS_INTERNAL_DB_CORRUPTION;
386
domain_sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
387
if (domain_sid == NULL) {
368
388
return NT_STATUS_INVALID_SID;
371
391
if (!*username) {
372
392
*sid = domain_sid;
373
393
*rtype = SID_NAME_DOMAIN;
374
395
return NT_STATUS_OK;
377
398
ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs,
378
399
"(&(sAMAccountName=%s)(objectSid=*))",
379
400
ldb_binary_encode_string(mem_ctx, username));
381
return NT_STATUS_INVALID_SID;
402
return NT_STATUS_INTERNAL_DB_CORRUPTION;
384
405
for (i=0; i < ret; i++) {
395
atype = samdb_result_uint(res[i], "sAMAccountType", 0);
416
atype = ldb_msg_find_attr_as_uint(res[i], "sAMAccountType", 0);
397
418
*rtype = ds_atype_map(atype);
398
419
if (*rtype == SID_NAME_UNKNOWN) {
399
420
return STATUS_SOME_UNMAPPED;
423
dom_sid_split_rid(NULL, *sid, NULL, rid);
402
424
return NT_STATUS_OK;
489
511
return NT_STATUS_NOT_FOUND;
514
/* need to re-add a check for an allocated sid */
492
516
ret = gendb_search(state->sam_ldb, mem_ctx, domain_dn, &res, attrs,
493
517
"objectSid=%s", ldap_encode_ndr_dom_sid(mem_ctx, sid));
495
*name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL);
518
if ((ret < 0) || (ret > 1)) {
519
return NT_STATUS_INTERNAL_DB_CORRUPTION;
522
return NT_STATUS_NOT_FOUND;
525
*name = ldb_msg_find_attr_as_string(res[0], "sAMAccountName", NULL);
527
*name = ldb_msg_find_attr_as_string(res[0], "cn", NULL);
497
*name = ldb_msg_find_attr_as_string(res[0], "cn", NULL);
499
*name = talloc_strdup(mem_ctx, sid_str);
500
NT_STATUS_HAVE_NO_MEMORY(*name);
529
*name = talloc_strdup(mem_ctx, sid_str);
530
NT_STATUS_HAVE_NO_MEMORY(*name);
504
atype = samdb_result_uint(res[0], "sAMAccountType", 0);
506
*rtype = ds_atype_map(atype);
511
/* need to re-add a check for an allocated sid */
534
atype = ldb_msg_find_attr_as_uint(res[0], "sAMAccountType", 0);
535
*rtype = ds_atype_map(atype);
513
return NT_STATUS_NOT_FOUND;
785
809
r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
786
810
r->out.sids->sids[i].flags = 0;
788
status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, &authority_name, &sid, &rtype);
812
status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name,
813
&authority_name, &sid, &rtype, &rid);
789
814
if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
915
940
const char *name = r->in.names[i].string;
916
941
const char *authority_name;
917
942
struct dom_sid *sid;
918
uint32_t rtype, sid_index;
943
uint32_t sid_index, rid=0;
944
enum lsa_SidType rtype;
919
945
NTSTATUS status2;
921
947
r->out.sids->count++;
928
954
r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
929
955
r->out.sids->sids[i].unknown = 0;
931
status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, state, mem_ctx, name,
932
&authority_name, &sid, &rtype);
957
status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, state, mem_ctx, name,
958
&authority_name, &sid, &rtype, &rid);
933
959
if (!NT_STATUS_IS_OK(status2)) {
943
969
r->out.sids->sids[i].sid_type = rtype;
944
r->out.sids->sids[i].rid = sid->sub_auths[sid->num_auths-1];
970
r->out.sids->sids[i].rid = rid;
945
971
r->out.sids->sids[i].sid_index = sid_index;
946
972
r->out.sids->sids[i].unknown = 0;