bool ok;
uint64_t account_type, xid;
enum id_type type;
+ struct dom_sid_buf buf;
if (tldap_msg_type(msg) != TLDAP_RES_SEARCH_ENTRY) {
continue;
}
}
if (map == NULL) {
- struct dom_sid_buf buf;
DBG_DEBUG("Got unexpected sid %s from object %s\n",
dom_sid_str_buf(&sid, &buf),
dn);
map->xid.id = xid;
map->status = ID_MAPPED;
- DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_dbg(map->sid),
+ DEBUG(10, ("Mapped %s -> %lu (%d)\n",
+ dom_sid_str_buf(map->sid, &buf),
(unsigned long)map->xid.id, map->xid.type));
}
ctx = (struct idmap_autorid_sid_to_id_alloc_ctx *)private_data;
if (idmap_autorid_sid_is_special(ctx->map->sid)) {
+ struct dom_sid_buf buf;
NTSTATUS ret;
ret = idmap_autorid_sid_to_id_special(ctx->dom, ctx->map);
DEBUG(10, ("Sepecial sid %s not mapped. falling back to "
"regular allocation\n",
- sid_string_dbg(ctx->map->sid)));
+ dom_sid_str_buf(ctx->map->sid, &buf)));
}
return idmap_tdb_common_new_mapping(ctx->dom, ctx->map);
{
NTSTATUS ret;
struct idmap_autorid_sid_to_id_alloc_ctx alloc_ctx;
+ struct dom_sid_buf buf;
map->status = ID_UNKNOWN;
/* bad things happened */
if (!NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
DEBUG(1, ("Looking up SID->ID mapping for %s failed: %s\n",
- sid_string_dbg(map->sid), nt_errstr(ret)));
+ dom_sid_str_buf(map->sid, &buf),
+ nt_errstr(ret)));
return ret;
}
if (dom->read_only) {
DEBUG(3, ("Not allocating new mapping for %s, because backend "
- "is read-only\n", sid_string_dbg(map->sid)));
+ "is read-only\n",
+ dom_sid_str_buf(map->sid, &buf)));
map->status = ID_UNMAPPED;
return NT_STATUS_NONE_MAPPED;
}
DEBUG(10, ("Creating new mapping in pool for %s\n",
- sid_string_dbg(map->sid)));
+ dom_sid_str_buf(map->sid, &buf)));
alloc_ctx.dom = dom;
alloc_ctx.map = map;
struct autorid_range_config range;
uint32_t rid;
struct dom_sid domainsid;
+ struct dom_sid_buf buf;
NTSTATUS ret;
ZERO_STRUCT(range);
map->status = ID_UNKNOWN;
- DEBUG(10, ("Trying to map %s\n", sid_string_dbg(map->sid)));
+ DEBUG(10, ("Trying to map %s\n", dom_sid_str_buf(map->sid, &buf)));
sid_copy(&domainsid, map->sid);
if (!sid_split_rid(&domainsid, &rid)) {
DEBUG(4, ("Could not determine domain SID from %s, "
"ignoring mapping request\n",
- sid_string_dbg(map->sid)));
+ dom_sid_str_buf(map->sid, &buf)));
map->status = ID_UNMAPPED;
return NT_STATUS_NONE_MAPPED;
}
if (idmap_autorid_domsid_is_for_alloc(&domainsid)) {
DEBUG(10, ("SID %s is for ALLOC range.\n",
- sid_string_dbg(map->sid)));
+ dom_sid_str_buf(map->sid, &buf)));
return idmap_autorid_sid_to_id_alloc(common, dom, map);
}
ret = idmap_autorid_sid_to_id(commoncfg, dom, ids[i]);
if ((!NT_STATUS_IS_OK(ret)) &&
(!NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED))) {
+ struct dom_sid_buf buf;
/* some fatal error occurred, log it */
DEBUG(3, ("Unexpected error resolving a SID (%s)\n",
- sid_string_dbg(ids[i]->sid)));
+ dom_sid_str_buf(ids[i]->sid, &buf)));
return ret;
}
/* create the hash table of domain SIDs */
for (i=0; i<num_domains; i++) {
+ struct dom_sid_buf buf;
uint32_t hash;
if (is_null_sid(&dom_list[i].sid))
DBG_INFO("Adding %s (%s) -> %d\n",
dom_list[i].domain_name,
- sid_string_dbg(&dom_list[i].sid),
+ dom_sid_str_buf(&dom_list[i].sid, &buf),
hash);
hashed_domains[hash].sid = talloc(hashed_domains, struct dom_sid);
enum id_type type;
struct id_map *map;
uint32_t id;
+ struct dom_sid_buf buf;
if (i == 0) { /* first entry */
entry = ldap_first_entry(
DEBUG(1, ("WARNING: duplicate %s mapping in LDAP. "
"overwriting mapping %u -> %s with %u -> %s\n",
(type == ID_TYPE_UID) ? "UID" : "GID",
- id, sid_string_dbg(map->sid), id, sidstr));
+ id,
+ dom_sid_str_buf(map->sid, &buf),
+ id,
+ sidstr));
}
TALLOC_FREE(sidstr);
/* mapped */
map->status = ID_MAPPED;
- DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_dbg(map->sid),
+ DEBUG(10, ("Mapped %s -> %lu (%d)\n",
+ dom_sid_str_buf(map->sid, &buf),
(unsigned long)map->xid.id, map->xid.type));
}
enum id_type type;
struct id_map *map;
struct dom_sid sid;
+ struct dom_sid_buf buf;
uint32_t id;
if (i == 0) { /* first entry */
map->xid.id = id;
map->status = ID_MAPPED;
- DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_dbg(map->sid),
- (unsigned long)map->xid.id, map->xid.type));
+ DEBUG(10, ("Mapped %s -> %lu (%d)\n",
+ dom_sid_str_buf(map->sid, &buf),
+ (unsigned long)map->xid.id,
+ map->xid.type));
}
/* free the ldap results */
if (( ! NT_STATUS_IS_OK(ret)) &&
( ! NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED))) {
+ struct dom_sid_buf buf;
/* some fatal error occurred, log it */
DEBUG(3, ("Unexpected error resolving a SID (%s)\n",
- sid_string_dbg(ids[i]->sid)));
+ dom_sid_str_buf(ids[i]->sid, &buf)));
}
}
#include "winbindd.h"
#include "idmap.h"
#include "idmap_rw.h"
+#include "libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
struct idmap_rw_ops *ops,
struct id_map *map)
{
+ struct dom_sid_buf buf;
NTSTATUS status;
if (map == NULL) {
}
DEBUG(10, ("Setting mapping: %s <-> %s %lu\n",
- sid_string_dbg(map->sid),
+ dom_sid_str_buf(map->sid, &buf),
(map->xid.type == ID_TYPE_UID) ? "UID" : "GID",
(unsigned long)map->xid.id));
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
struct id_map *ids[2];
DEBUG(5, ("Mapping for %s exists - retrying to map sid\n",
- sid_string_dbg(map->sid)));
+ dom_sid_str_buf(map->sid, &buf)));
ids[0] = map;
ids[1] = NULL;
status = dom->methods->sids_to_unixids(dom, ids);
state->lookup_domain = find_lookup_domain_from_sid(sid);
if (state->lookup_domain == NULL) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not find domain for sid %s\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
return tevent_req_post(req, ev);
}
}
if (type != SID_NAME_DOMAIN) {
+ struct dom_sid_buf buf;
+
DBG_WARNING("SID %s for idmap domain name '%s' "
"not a domain SID\n",
- sid_string_dbg(&dom_maps[state->dom_idx].sid),
+ dom_sid_str_buf(&dom_maps[state->dom_idx].sid,
+ &buf),
dom_maps[state->dom_idx].name);
ZERO_STRUCT(dom_maps[state->dom_idx].sid);
uint32_t primary_group_rid;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
uint32_t num_groups = 0;
+ struct dom_sid_buf buf;
DEBUG(3,("ads: lookup_usergroups\n"));
*p_num_groups = 0;
if (!ADS_ERR_OK(rc)) {
status = ads_ntstatus(rc);
DEBUG(1, ("lookup_usergroups(sid=%s) ads_search tokenGroups: "
- "%s\n", sid_string_dbg(sid), ads_errstr(rc)));
+ "%s\n",
+ dom_sid_str_buf(sid, &buf),
+ ads_errstr(rc)));
goto done;
}
status = NT_STATUS_UNSUCCESSFUL;
DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: "
"invalid number of results (count=%d)\n",
- sid_string_dbg(sid), count));
+ dom_sid_str_buf(sid, &buf),
+ count));
goto done;
}
if (!msg) {
DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: NULL msg\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
status = NT_STATUS_UNSUCCESSFUL;
goto done;
}
if (!ads_pull_uint32(ads, msg, "primaryGroupID", &primary_group_rid)) {
DEBUG(1,("%s: No primary group for sid=%s !?\n",
- domain->name, sid_string_dbg(sid)));
+ domain->name,
+ dom_sid_str_buf(sid, &buf)));
goto done;
}
status = (*user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
DEBUG(3,("ads lookup_usergroups (tokenGroups) succeeded for sid=%s\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
done:
TALLOC_FREE(user_dn);
ads_msgfree(ads, msg);
uint32_t num_nocache = 0;
TALLOC_CTX *tmp_ctx = NULL;
uint32_t rid;
+ struct dom_sid_buf buf;
DEBUG(10,("ads: lookup_groupmem %s sid=%s\n", domain->name,
- sid_string_dbg(group_sid)));
+ dom_sid_str_buf(group_sid, &buf)));
*num_names = 0;
if (lookup_cached_sid(mem_ctx, &sid, &domain_name, &name,
&name_type)) {
DEBUG(10,("ads: lookup_groupmem: got sid %s from "
- "cache\n", sid_string_dbg(&sid)));
+ "cache\n",
+ dom_sid_str_buf(&sid, &buf)));
sid_copy(&(*sid_mem)[*num_names], &sid);
(*names)[*num_names] = fill_domain_username_talloc(
*names,
}
else {
DEBUG(10, ("ads: lookup_groupmem: sid %s not found in "
- "cache\n", sid_string_dbg(&sid)));
+ "cache\n",
+ dom_sid_str_buf(&sid, &buf)));
sid_copy(&(sid_mem_nocache)[num_nocache], &sid);
num_nocache++;
}
status = NT_STATUS_OK;
DEBUG(3,("ads lookup_groupmem for sid=%s succeeded\n",
- sid_string_dbg(group_sid)));
+ dom_sid_str_buf(group_sid, &buf)));
done:
struct cache_entry *centry = NULL;
NTSTATUS status;
uint32_t rid;
- struct dom_sid_buf tmp;
+ struct dom_sid_buf sidstr;
if (!cache->tdb) {
return NT_STATUS_INTERNAL_DB_ERROR;
fall back to an unsalted cred. */
centry = wcache_fetch(cache, domain, "CRED/%s",
- dom_sid_str_buf(sid, &tmp));
+ dom_sid_str_buf(sid, &sidstr));
if (!centry) {
DEBUG(10,("wcache_get_creds: entry for [CRED/%s] not found\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &sidstr)));
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
*cached_nt_pass = (const uint8_t *)centry_hash16(centry, mem_ctx);
if (*cached_nt_pass == NULL) {
- struct dom_sid_buf sidstr;
dom_sid_str_buf(sid, &sidstr);
status = centry->status;
DEBUG(10,("wcache_get_creds: [Cached] - cached creds for user %s status: %s\n",
- sid_string_dbg(sid), nt_errstr(status) ));
+ dom_sid_str_buf(sid, &sidstr),
+ nt_errstr(status) ));
centry_free(centry);
return status;
dom = idmap_find_domain_with_sid(d->name.string, d->sid);
if (dom == NULL) {
+ struct dom_sid_buf buf;
DEBUG(10, ("idmap domain %s:%s not found\n",
- d->name.string, sid_string_dbg(d->sid)));
+ d->name.string,
+ dom_sid_str_buf(d->sid, &buf)));
for (i=0; i<num_ids; i++) {
char *buf;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf sidbuf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(state->sid), nt_errstr(status)));
+ dom_sid_str_buf(state->sid, &sidbuf),
+ nt_errstr(status)));
return status;
}
#include "includes.h"
#include "winbindd.h"
+#include "libcli/security/dom_sid.h"
struct winbindd_getgrnam_state {
struct tevent_context *ev;
char *buf;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf sidbuf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &sidbuf),
+ nt_errstr(status)));
return status;
}
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &buf),
+ nt_errstr(status)));
return status;
}
#include "includes.h"
#include "winbindd.h"
#include "passdb/lookup_sid.h" /* only for LOOKUP_NAME_NO_NSS flag */
+#include "libcli/security/dom_sid.h"
struct winbindd_getpwnam_state {
struct tevent_context *ev;
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &buf),
+ nt_errstr(status)));
return status;
}
response->data.pw = state->pw;
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &buf),
+ nt_errstr(status)));
return status;
}
response->data.pw = state->pw;
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(state->sid), nt_errstr(status)));
+ dom_sid_str_buf(state->sid, &buf),
+ nt_errstr(status)));
return status;
}
response->data.pw = state->pw;
{
struct winbindd_getusersids_state *state = tevent_req_data(
req, struct winbindd_getusersids_state);
+ struct dom_sid_buf sidbuf;
NTSTATUS status;
int i;
char *result;
if (tevent_req_is_nterror(req, &status)) {
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &sidbuf),
+ nt_errstr(status)));
return status;
}
}
for (i=0; i<state->num_sids; i++) {
- struct dom_sid_buf sidbuf;
result = talloc_asprintf_append_buffer(
result,
"%s\n",
struct wb_irpc_lsa_LookupNames4_state *state =
talloc_get_type_abort(nstate->state,
struct wb_irpc_lsa_LookupNames4_state);
+ struct dom_sid_buf buf;
NTSTATUS status;
SMB_ASSERT(state->num_pending > 0);
&nstate->authority_sid, NULL);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("dom_sid_split_rid(%s) failed - %s\n",
- sid_string_dbg(&nstate->sid), nt_errstr(status));
+ dom_sid_str_buf(&nstate->sid, &buf),
+ nt_errstr(status));
irpc_send_reply(state->msg, status);
return;
}
&state->num_domain_sids);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("add_sid_to_array_unique(%s) failed - %s\n",
- sid_string_dbg(nstate->authority_sid), nt_errstr(status));
+ dom_sid_str_buf(nstate->authority_sid, &buf),
+ nt_errstr(status));
irpc_send_reply(state->msg, status);
return;
}
domain = find_lookup_domain_from_sid(&state->domain_sid);
if (domain == NULL) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Domain for sid %s not found\n",
- sid_string_dbg(&state->domain_sid)));
+ dom_sid_str_buf(&state->domain_sid, &buf)));
tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN);
return tevent_req_post(req, ev);
}
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not lookup sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &buf),
+ nt_errstr(status)));
return status;
}
NTSTATUS result;
NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
char *mapped_name = NULL;
+ struct dom_sid_buf buf;
- DEBUG(3, ("msrpc_sid_to_name: %s for domain %s\n", sid_string_dbg(sid),
- domain->name ));
+ DEBUG(3, ("msrpc_sid_to_name: %s for domain %s\n",
+ dom_sid_str_buf(sid, &buf),
+ domain->name));
result = winbindd_lookup_sids(mem_ctx,
domain,
struct rpc_pipe_client *samr_pipe;
struct policy_handle dom_pol;
struct dom_sid *user_grpsids = NULL;
+ struct dom_sid_buf buf;
uint32_t num_groups = 0;
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
- DEBUG(3,("msrpc_lookup_usergroups sid=%s\n", sid_string_dbg(user_sid)));
+ DEBUG(3,("msrpc_lookup_usergroups sid=%s\n",
+ dom_sid_str_buf(user_sid, &buf)));
*pnum_groups = 0;
unsigned int orig_timeout;
struct samr_RidAttrArray *rids = NULL;
struct dcerpc_binding_handle *b;
+ struct dom_sid_buf buf;
DEBUG(3,("msrpc_lookup_groupmem: %s sid=%s\n", domain->name,
- sid_string_dbg(group_sid)));
+ dom_sid_str_buf(group_sid, &buf)));
if ( !winbindd_can_contact_domain( domain ) ) {
DEBUG(10,("lookup_groupmem: No incoming trust for domain %s\n",
security_token_debug(DBGC_CLASS, 10, token);
for (i=0; i<num_require_membership_of_sid; i++) {
- DEBUG(10, ("Checking SID %s\n", sid_string_dbg(
- &require_membership_of_sid[i])));
+ struct dom_sid_buf buf;
+ DEBUG(10, ("Checking SID %s\n",
+ dom_sid_str_buf(&require_membership_of_sid[i],
+ &buf)));
if (nt_token_check_sid(&require_membership_of_sid[i],
token)) {
DEBUG(10, ("Access ok\n"));
info3_copy->base.logon_domain.string);
if (domain && domain->primary ) {
struct dom_sid user_sid;
+ struct dom_sid_buf buf;
sid_compose(&user_sid,
info3_copy->base.domain_sid,
DBG_INFO("PAC for user %s\\%s SID %s primed cache\n",
info3_copy->base.logon_domain.string,
info3_copy->base.account_name.string,
- sid_string_dbg(&user_sid));
+ dom_sid_str_buf(&user_sid, &buf));
}
}
!sid_check_is_in_unix_groups(sid) &&
!sid_check_is_unix_groups(sid) &&
!sid_check_is_in_wellknown_domain(sid)) {
+ struct dom_sid_buf buf;
DEBUG(0, ("sam_sid_to_name: possible deadlock - trying to "
- "lookup SID %s\n", sid_string_dbg(sid)));
+ "lookup SID %s\n",
+ dom_sid_str_buf(sid, &buf)));
return NT_STATUS_NONE_MAPPED;
}
!sid_check_is_unix_users(domain_sid) &&
!sid_check_is_unix_groups(domain_sid) &&
!sid_check_is_in_wellknown_domain(domain_sid)) {
+ struct dom_sid_buf buf;
DEBUG(0, ("sam_rids_to_names: possible deadlock - trying to "
- "lookup SID %s\n", sid_string_dbg(domain_sid)));
+ "lookup SID %s\n",
+ dom_sid_str_buf(domain_sid, &buf)));
return NT_STATUS_NONE_MAPPED;
}
const char **ignored_domains = NULL;
const char **dom = NULL;
int role = lp_server_role();
+ struct dom_sid_buf buf;
if (is_null_sid(sid)) {
DBG_ERR("Got null SID for domain [%s]\n", domain_name);
if (check_domain != NULL) {
DBG_ERR("SID [%s] already used by domain [%s], "
"expected [%s]\n",
- sid_string_dbg(sid), check_domain->name,
+ dom_sid_str_buf(sid, &buf),
+ check_domain->name,
domain->name);
return NT_STATUS_INVALID_PARAMETER;
}
DBG_NOTICE("Added domain [%s] [%s] [%s]\n",
domain->name, domain->alt_name,
- sid_string_dbg(&domain->sid));
+ dom_sid_str_buf(&domain->sid, &buf));
*_d = domain;
return NT_STATUS_OK;
struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
{
- DBG_DEBUG("SID [%s]\n", sid_string_dbg(sid));
+ struct dom_sid_buf buf;
+
+ DBG_DEBUG("SID [%s]\n", dom_sid_str_buf(sid, &buf));
/*
* SIDs in the S-1-22-{1,2} domain and well-known SIDs should be handled