1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * CDDL HEADER START
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * The contents of this file are subject to the terms of the
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Common Development and Distribution License (the "License").
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * You may not use this file except in compliance with the License.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * See the License for the specific language governing permissions
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * and limitations under the License.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * When distributing Covered Code, include this CDDL HEADER in each
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * If applicable, add the following below this CDDL HEADER, with the
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * fields enclosed by brackets "[]" replaced with your own identifying
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * information: Portions Copyright [yyyy] [name of copyright owner]
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * CDDL HEADER END
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Information about well-known (builtin) names, and functions to retrieve
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * information about them.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Table for well-known SIDs.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Background:
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Some of the well-known principals are stored under:
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * They belong to objectClass "foreignSecurityPrincipal". They don't have
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * "samAccountName" nor "userPrincipalName" attributes. Their names are
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * available in "cn" and "name" attributes. Some of these principals have a
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * second entry under CN=ForeignSecurityPrincipals,dc=<forestRootDomain> and
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * these duplicate entries have the stringified SID in the "name" and "cn"
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * attributes instead of the actual name.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Those of the form S-1-5-32-X are Builtin groups and are stored in the
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * cn=builtin container (except, Power Users which is not stored in AD)
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * These principals are and will remain constant. Therefore doing AD lookups
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * provides no benefit. Also, using hard-coded table (and thus avoiding AD
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * lookup) improves performance and avoids additional complexity in the
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * adutils.c code. Moreover these SIDs can be used when no Active Directory
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * is available (such as the CIFS server's "workgroup" mode).
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * 1. Currently we don't support localization of well-known SID names,
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * unlike Windows.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * 2. Other well-known SIDs i.e. S-1-5-<domain>-<w-k RID> are not stored
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * here. AD does have normal user/group objects for these objects and
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * can be looked up using the existing AD lookup code.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * 3. See comments above lookup_wksids_sid2pid() for more information
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * on how we lookup the wksids table.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * 4. If this table contains two entries for a particular Windows name,
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * so as to offer both UID and GID mappings, the preferred mapping (the
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * one that matches Windows usage) must be listed first. That is the
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * entry that will be used when the caller specifies IDMAP_POSIXID
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * ("don't care") as the target.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Entries here come from KB243330, MS-LSAT, and
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * http://technet.microsoft.com/en-us/library/cc755854.aspx
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * http://technet.microsoft.com/en-us/library/cc755925.aspx
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * http://msdn.microsoft.com/en-us/library/cc980032(PROT.10).aspx
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-0 Null Authority */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-0", 0, "", "Nobody", 1, IDMAP_SENTINEL_PID, -1, 1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-1 World Authority */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-1", 0, "", "Everyone", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-2 Local Authority */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-2", 0, "", "Local", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-2", 1, "", "Console Logon", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-3 Creator Authority */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-3", 0, "", "Creator Owner", 1, IDMAP_WK_CREATOR_OWNER_UID, 1, 0},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-3", 1, "", "Creator Group", 0, IDMAP_WK_CREATOR_GROUP_GID, 0, 0},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-3", 2, "", "Creator Owner Server", 1, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-3", 3, "", "Creator Group Server", 0, IDMAP_SENTINEL_PID, -1, 1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-3", 4, "", "Owner Rights", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-4 Non-unique Authority */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-5 NT Authority */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 1, "", "Dialup", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 2, "", "Network", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 3, "", "Batch", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 4, "", "Interactive", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-5-5-X-Y Logon Session */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 6, "", "Service", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5", 7, "", "Anonymous Logon", 0, GID_NOBODY, 0, 0},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5", 7, "", "Anonymous Logon", 0, UID_NOBODY, 1, 0},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 8, "", "Proxy", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5", 9, "", "Enterprise Domain Controllers", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 10, "", "Self", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 11, "", "Authenticated Users", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 12, "", "Restricted", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 13, "", "Terminal Server Users", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 14, "", "Remote Interactive Logon", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 15, "", "This Organization", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 17, "", "IUSR", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5", 18, "", "Local System", 0, IDMAP_WK_LOCAL_SYSTEM_GID, 0, 0},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 19, "", "Local Service", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 20, "", "Network Service", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-5-21-<domain> Machine-local definitions */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {NULL, 498, NULL, "Enterprise Read-only Domain Controllers", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 500, NULL, "Administrator", 1, IDMAP_SENTINEL_PID, 1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 501, NULL, "Guest", 1, IDMAP_SENTINEL_PID, 1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 502, NULL, "KRBTGT", 1, IDMAP_SENTINEL_PID, 1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 512, NULL, "Domain Admins", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 513, NULL, "Domain Users", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 514, NULL, "Domain Guests", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 515, NULL, "Domain Computers", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 516, NULL, "Domain Controllers", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 517, NULL, "Cert Publishers", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 518, NULL, "Schema Admins", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 519, NULL, "Enterprise Admins", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {NULL, 520, NULL, "Global Policy Creator Owners", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {NULL, 533, NULL, "RAS and IAS Servers", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-5-32 BUILTIN */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5-32", 544, "BUILTIN", "Administrators", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5-32", 545, "BUILTIN", "Users", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5-32", 546, "BUILTIN", "Guests", 0, IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5-32", 547, "BUILTIN", "Power Users", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 548, "BUILTIN", "Account Operators", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 549, "BUILTIN", "Server Operators", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 550, "BUILTIN", "Print Operators", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 551, "BUILTIN", "Backup Operators", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5-32", 552, "BUILTIN", "Replicator", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 554, "BUILTIN", "Pre-Windows 2000 Compatible Access", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 555, "BUILTIN", "Remote Desktop Users", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 556, "BUILTIN", "Network Configuration Operators", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 557, "BUILTIN", "Incoming Forest Trust Builders", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 558, "BUILTIN", "Performance Monitor Users", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 559, "BUILTIN", "Performance Log Users", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 560, "BUILTIN", "Windows Authorization Access Group", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 561, "BUILTIN", "Terminal Server License Servers", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 562, "BUILTIN", "Distributed COM Users", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5-32", 568, "BUILTIN", "IIS_IUSRS", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 569, "BUILTIN", "Cryptographic Operators", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 573, "BUILTIN", "Event Log Readers", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-32", 574, "BUILTIN", "Certificate Service DCOM Access", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 33, "", "Write Restricted", 0, IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-5-64 NT Authority */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5-64", 10, "", "NTLM Authentication", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown {"S-1-5-64", 14, "", "SChannel Authentication", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5-64", 21, "", "Digest Authentication", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-5-80-a-b-c-d NT Service */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States {"S-1-5", 1000, "", "Other Organization", 0,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States IDMAP_SENTINEL_PID, -1, -1},
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* S-1-7 Internet$ */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * S-1-16 Mandatory Label
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * S-1-16-0 Untrusted Mandatory Level
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * S-1-16-4096 Low Mandatory Level
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * S-1-16-8192 Medium Mandatory Level
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * S-1-16-8448 Medium Plus Mandatory Level
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * S-1-16-12288 High Mandatory Level
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * S-1-16-16384 System Mandatory Level
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * S-1-16-20480 Protected Process Mandatory Level
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Find a wksid entry for the specified Windows name and domain, of the
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * specified type.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Ignore entries intended only for U2W use.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightfind_wksid_by_name(const char *name, const char *domain, idmap_id_type type)
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown (void) strcpy(my_host_name, _idmapdstate.hostname);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* Check to see if this entry yields the desired type */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * We have a Windows name, so ignore entries that are only
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * usable for mapping UNIX->Windows. (Note: the current
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * table does not have any such entries.)
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown if (wksids[i].direction == IDMAP_DIRECTION_U2W)
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown return (&wksids[i]);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Find a wksid entry for the specified SID, of the specified type.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Ignore entries intended only for U2W use.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightfind_wksid_by_sid(const char *sid, int rid, idmap_id_type type)
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown int len = strlen(_idmapdstate.cfg->pgcfg.machine_sid);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown (void) strcpy(my_machine_sid, _idmapdstate.cfg->pgcfg.machine_sid);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* Check to see if this entry yields the desired type */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * We have a SID, so ignore entries that are only usable
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * for mapping UNIX->Windows. (Note: the current table
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * does not have any such entries.)
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown if (wksids[i].direction == IDMAP_DIRECTION_U2W)
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown return (&wksids[i]);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Find a wksid entry for the specified pid, of the specified type.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Ignore entries that do not specify U2W mappings.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if (pid == IDMAP_SENTINEL_PID)
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown return (&wksids[i]);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * It is probably a bug that both this and find_wksid_by_sid exist,
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * but for now the distinction is primarily that one takes {machinesid,rid}
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * and the other takes a full SID.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown int len = strlen(_idmapdstate.cfg->pgcfg.machine_sid);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown (void) strcpy(my_machine_sid, _idmapdstate.cfg->pgcfg.machine_sid);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Check to see whether the SID we're looking for starts
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * with this prefix, then a -, then a single RID, and it's
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * the right RID.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown if (*p != '\0')
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown return (&wksids[i]);