diff options
Diffstat (limited to 'source/sam/idmap.c')
| -rw-r--r-- | source/sam/idmap.c | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/source/sam/idmap.c b/source/sam/idmap.c index 9fc1a573a92..aac8b70013a 100644 --- a/source/sam/idmap.c +++ b/source/sam/idmap.c @@ -188,6 +188,18 @@ NTSTATUS idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type) if (proxyonly) return NT_STATUS_UNSUCCESSFUL; + if (sid_check_is_in_our_domain(sid)) { + DEBUG(3, ("Refusing to add SID %s to idmap, it's our own " + "domain\n", sid_string_static(sid))); + return NT_STATUS_ACCESS_DENIED; + } + + if (sid_check_is_in_builtin(sid)) { + DEBUG(3, ("Refusing to add SID %s to idmap, it's our builtin " + "domain\n", sid_string_static(sid))); + return NT_STATUS_ACCESS_DENIED; + } + DEBUG(10, ("idmap_set_mapping: Set %s to %s %lu\n", sid_string_static(sid), ((id_type & ID_TYPEMASK) == ID_USERID) ? "UID" : "GID", @@ -225,6 +237,18 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) if (proxyonly) return NT_STATUS_UNSUCCESSFUL; + if (sid_check_is_in_our_domain(sid)) { + DEBUG(9, ("sid %s is in our domain -- go look in passdb\n", + sid_string_static(sid))); + return NT_STATUS_NONE_MAPPED; + } + + if (sid_check_is_in_builtin(sid)) { + DEBUG(9, ("sid %s is in builtin domain -- go look in passdb\n", + sid_string_static(sid))); + return NT_STATUS_NONE_MAPPED; + } + loc_type = *id_type; if (remote_map) { @@ -338,23 +362,6 @@ NTSTATUS idmap_allocate_id(unid_t *id, int id_type) } /************************************************************************** - Alloocate a new RID -**************************************************************************/ - -NTSTATUS idmap_allocate_rid(uint32 *rid, int type) -{ - /* we have to allocate from the authoritative backend */ - - if (proxyonly) - return NT_STATUS_UNSUCCESSFUL; - - if ( remote_map ) - return remote_map->allocate_rid( rid, type ); - - return cache_map->allocate_rid( rid, type ); -} - -/************************************************************************** Shutdown maps. **************************************************************************/ |