lib: Introduce winbind_xid_to_sid

This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6)

2 files changed, 32 insertions, 0 deletions

diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
index 427831f04c8..5f10cb68725 100644
--- a/source3/lib/winbind_util.c
+++ b/source3/lib/winbind_util.c
@@ -197,6 +197,36 @@ bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid)
 	return (result == WBC_ERR_SUCCESS);
 }
 
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
+{
+	struct wbcUnixId wbc_xid;
+	struct wbcDomainSid dom_sid;
+	wbcErr result;
+
+	switch (xid->type) {
+	case ID_TYPE_UID:
+		wbc_xid = (struct wbcUnixId) {
+			.type = WBC_ID_TYPE_UID, .id.uid = xid->id
+		};
+		break;
+	case ID_TYPE_GID:
+		wbc_xid = (struct wbcUnixId) {
+			.type = WBC_ID_TYPE_GID, .id.gid = xid->id
+		};
+		break;
+	default:
+		return false;
+	}
+
+	result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
+	if (result != WBC_ERR_SUCCESS) {
+		return false;
+	}
+
+	memcpy(sid, &dom_sid, sizeof(struct dom_sid));
+	return true;
+}
+
 /* Check for a trusted domain */
 
 wbcErr wb_is_trusted_domain(const char *domain)
diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
index c2bf0e02d76..5ecda5a7b09 100644
--- a/source3/lib/winbind_util.h
+++ b/source3/lib/winbind_util.h
@@ -22,6 +22,7 @@
 #define __LIB__WINBIND_UTIL_H__
 
 #include "../librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/idmap.h"
 
 /* needed for wbcErr below */
 #include "nsswitch/libwbclient/wbclient.h"
@@ -38,6 +39,7 @@ bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
 bool winbind_uid_to_sid(struct dom_sid *sid, uid_t uid);
 bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
 bool winbind_gid_to_sid(struct dom_sid *sid, gid_t gid);
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
 struct passwd * winbind_getpwnam(const char * sname);
 struct passwd * winbind_getpwsid(const struct dom_sid *sid);
 wbcErr wb_is_trusted_domain(const char *domain);