1da6c28aaSamw /*
2da6c28aaSamw * CDDL HEADER START
3da6c28aaSamw *
4da6c28aaSamw * The contents of this file are subject to the terms of the
5da6c28aaSamw * Common Development and Distribution License (the "License").
6da6c28aaSamw * You may not use this file except in compliance with the License.
7da6c28aaSamw *
8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9da6c28aaSamw * or http://www.opensolaris.org/os/licensing.
10da6c28aaSamw * See the License for the specific language governing permissions
11da6c28aaSamw * and limitations under the License.
12da6c28aaSamw *
13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each
14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the
16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying
17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner]
18da6c28aaSamw *
19da6c28aaSamw * CDDL HEADER END
20da6c28aaSamw */
21da6c28aaSamw /*
221fdeec65Sjoyce mcintosh * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23a73d9d5eSGordon Ross * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
24*f920d1d1SGordon Ross * Copyright 2023 RackTop Systems, Inc.
25b819cea2SGordon Ross */
26b819cea2SGordon Ross
27b819cea2SGordon Ross /*
28b819cea2SGordon Ross * SMB server interface to idmap
29b819cea2SGordon Ross * (smb_idmap_get..., smb_idmap_batch_...)
30b819cea2SGordon Ross *
31a73d9d5eSGordon Ross * There are three implementations of this interface.
32a73d9d5eSGordon Ross * This is the libsmb version of these routines. See also:
33a73d9d5eSGordon Ross * $SRC/uts/common/fs/smbsrv/smb_idmap.c
34a73d9d5eSGordon Ross * $SRC/lib/smbsrv/libfksmbsrv/common/fksmb_idmap.c
35b819cea2SGordon Ross *
36b819cea2SGordon Ross * There are enough differences (relative to the code size)
37b819cea2SGordon Ross * that it's more trouble than it's worth to merge them.
38b819cea2SGordon Ross *
39b819cea2SGordon Ross * This one differs from the others in that it:
40b819cea2SGordon Ross * calls idmap interfaces (libidmap)
41b819cea2SGordon Ross * domain SIDs returned are allocated
42da6c28aaSamw */
43da6c28aaSamw
449fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States #include <syslog.h>
45da6c28aaSamw #include <strings.h>
46da6c28aaSamw #include <smbsrv/libsmb.h>
47da6c28aaSamw
48da6c28aaSamw static int smb_idmap_batch_binsid(smb_idmap_batch_t *sib);
49da6c28aaSamw
50da6c28aaSamw /*
511fdeec65Sjoyce mcintosh * Report an idmap error.
52da6c28aaSamw */
53da6c28aaSamw void
smb_idmap_check(const char * s,idmap_stat stat)549fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_idmap_check(const char *s, idmap_stat stat)
55da6c28aaSamw {
569fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (stat != IDMAP_SUCCESS) {
579fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (s == NULL)
589fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States s = "smb_idmap_check";
599fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
601fdeec65Sjoyce mcintosh syslog(LOG_ERR, "%s: %s", s, idmap_stat2string(stat));
61da6c28aaSamw }
629fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
63da6c28aaSamw
64da6c28aaSamw /*
65da6c28aaSamw * smb_idmap_getsid
66da6c28aaSamw *
67da6c28aaSamw * Tries to get a mapping for the given uid/gid
68b819cea2SGordon Ross * Allocates ->sim_domsid
69da6c28aaSamw */
70da6c28aaSamw idmap_stat
smb_idmap_getsid(uid_t id,int idtype,smb_sid_t ** sid)716537f381Sas200622 smb_idmap_getsid(uid_t id, int idtype, smb_sid_t **sid)
72da6c28aaSamw {
73da6c28aaSamw smb_idmap_batch_t sib;
74da6c28aaSamw idmap_stat stat;
75da6c28aaSamw
76da6c28aaSamw stat = smb_idmap_batch_create(&sib, 1, SMB_IDMAP_ID2SID);
77da6c28aaSamw if (stat != IDMAP_SUCCESS)
78da6c28aaSamw return (stat);
79da6c28aaSamw
80da6c28aaSamw stat = smb_idmap_batch_getsid(sib.sib_idmaph, &sib.sib_maps[0],
81da6c28aaSamw id, idtype);
82da6c28aaSamw
83da6c28aaSamw if (stat != IDMAP_SUCCESS) {
84da6c28aaSamw smb_idmap_batch_destroy(&sib);
85da6c28aaSamw return (stat);
86da6c28aaSamw }
87da6c28aaSamw
88*f920d1d1SGordon Ross /* Leave error reporting to the caller. */
89*f920d1d1SGordon Ross stat = smb_idmap_batch_getmappings(&sib, NULL);
90da6c28aaSamw
91da6c28aaSamw if (stat != IDMAP_SUCCESS) {
92da6c28aaSamw smb_idmap_batch_destroy(&sib);
93da6c28aaSamw return (stat);
94da6c28aaSamw }
95da6c28aaSamw
966537f381Sas200622 *sid = smb_sid_dup(sib.sib_maps[0].sim_sid);
97da6c28aaSamw
98da6c28aaSamw smb_idmap_batch_destroy(&sib);
99da6c28aaSamw
100da6c28aaSamw return (IDMAP_SUCCESS);
101da6c28aaSamw }
102da6c28aaSamw
103da6c28aaSamw /*
104dc20a302Sas200622 * smb_idmap_getid
105dc20a302Sas200622 *
106dc20a302Sas200622 * Tries to get a mapping for the given SID
107dc20a302Sas200622 */
108dc20a302Sas200622 idmap_stat
smb_idmap_getid(smb_sid_t * sid,uid_t * id,int * id_type)1096537f381Sas200622 smb_idmap_getid(smb_sid_t *sid, uid_t *id, int *id_type)
110dc20a302Sas200622 {
111dc20a302Sas200622 smb_idmap_batch_t sib;
112dc20a302Sas200622 smb_idmap_t *sim;
113dc20a302Sas200622 idmap_stat stat;
114dc20a302Sas200622
115dc20a302Sas200622 stat = smb_idmap_batch_create(&sib, 1, SMB_IDMAP_SID2ID);
116dc20a302Sas200622 if (stat != IDMAP_SUCCESS)
117dc20a302Sas200622 return (stat);
118dc20a302Sas200622
119dc20a302Sas200622 sim = &sib.sib_maps[0];
120dc20a302Sas200622 sim->sim_id = id;
121dc20a302Sas200622 stat = smb_idmap_batch_getid(sib.sib_idmaph, sim, sid, *id_type);
122dc20a302Sas200622 if (stat != IDMAP_SUCCESS) {
123dc20a302Sas200622 smb_idmap_batch_destroy(&sib);
124dc20a302Sas200622 return (stat);
125dc20a302Sas200622 }
126dc20a302Sas200622
127*f920d1d1SGordon Ross /* Leave error reporting to the caller. */
128*f920d1d1SGordon Ross stat = smb_idmap_batch_getmappings(&sib, NULL);
129dc20a302Sas200622
130dc20a302Sas200622 if (stat != IDMAP_SUCCESS) {
131dc20a302Sas200622 smb_idmap_batch_destroy(&sib);
132dc20a302Sas200622 return (stat);
133dc20a302Sas200622 }
134dc20a302Sas200622
135dc20a302Sas200622 *id_type = sim->sim_idtype;
136dc20a302Sas200622 smb_idmap_batch_destroy(&sib);
137dc20a302Sas200622
138dc20a302Sas200622 return (IDMAP_SUCCESS);
139dc20a302Sas200622 }
140dc20a302Sas200622
141dc20a302Sas200622 /*
142da6c28aaSamw * smb_idmap_batch_create
143da6c28aaSamw *
144da6c28aaSamw * Creates and initializes the context for batch ID mapping.
145da6c28aaSamw */
146da6c28aaSamw idmap_stat
smb_idmap_batch_create(smb_idmap_batch_t * sib,uint16_t nmap,int flags)147da6c28aaSamw smb_idmap_batch_create(smb_idmap_batch_t *sib, uint16_t nmap, int flags)
148da6c28aaSamw {
149da6c28aaSamw idmap_stat stat;
150da6c28aaSamw
151da6c28aaSamw if (!sib)
152da6c28aaSamw return (IDMAP_ERR_ARG);
153da6c28aaSamw
154da6c28aaSamw bzero(sib, sizeof (smb_idmap_batch_t));
1551fdeec65Sjoyce mcintosh stat = idmap_get_create(&sib->sib_idmaph);
1568d7e4166Sjose borrego
1579fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (stat != IDMAP_SUCCESS) {
1589fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_idmap_check("idmap_get_create", stat);
159da6c28aaSamw return (stat);
1609fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
161da6c28aaSamw
162da6c28aaSamw sib->sib_flags = flags;
163da6c28aaSamw sib->sib_nmap = nmap;
164da6c28aaSamw sib->sib_size = nmap * sizeof (smb_idmap_t);
165da6c28aaSamw sib->sib_maps = malloc(sib->sib_size);
166da6c28aaSamw if (!sib->sib_maps)
167da6c28aaSamw return (IDMAP_ERR_MEMORY);
168da6c28aaSamw
169da6c28aaSamw bzero(sib->sib_maps, sib->sib_size);
170da6c28aaSamw return (IDMAP_SUCCESS);
171da6c28aaSamw }
172da6c28aaSamw
173da6c28aaSamw /*
174da6c28aaSamw * smb_idmap_batch_destroy
175da6c28aaSamw *
176da6c28aaSamw * Frees the batch ID mapping context.
177da6c28aaSamw */
178da6c28aaSamw void
smb_idmap_batch_destroy(smb_idmap_batch_t * sib)179da6c28aaSamw smb_idmap_batch_destroy(smb_idmap_batch_t *sib)
180da6c28aaSamw {
181da6c28aaSamw int i;
182da6c28aaSamw
1836537f381Sas200622 if (sib == NULL)
184da6c28aaSamw return;
185da6c28aaSamw
186da6c28aaSamw if (sib->sib_idmaph) {
187da6c28aaSamw idmap_get_destroy(sib->sib_idmaph);
188da6c28aaSamw sib->sib_idmaph = NULL;
189da6c28aaSamw }
190da6c28aaSamw
1916537f381Sas200622 if (sib->sib_maps == NULL)
192da6c28aaSamw return;
193da6c28aaSamw
194dc20a302Sas200622 if (sib->sib_flags & SMB_IDMAP_ID2SID) {
195da6c28aaSamw /*
196da6c28aaSamw * SIDs are allocated only when mapping
197da6c28aaSamw * UID/GID to SIDs
198da6c28aaSamw */
199330db02cSGordon Ross for (i = 0; i < sib->sib_nmap; i++) {
2006537f381Sas200622 smb_sid_free(sib->sib_maps[i].sim_sid);
201330db02cSGordon Ross free(sib->sib_maps[i].sim_domsid);
202330db02cSGordon Ross }
203a73d9d5eSGordon Ross } else if (sib->sib_flags & SMB_IDMAP_SID2ID) {
204a73d9d5eSGordon Ross /*
205a73d9d5eSGordon Ross * SID prefixes are allocated only when mapping
206a73d9d5eSGordon Ross * SIDs to UID/GID
207a73d9d5eSGordon Ross */
208a73d9d5eSGordon Ross for (i = 0; i < sib->sib_nmap; i++) {
209a73d9d5eSGordon Ross free(sib->sib_maps[i].sim_domsid);
210a73d9d5eSGordon Ross }
211da6c28aaSamw }
212da6c28aaSamw
213da6c28aaSamw if (sib->sib_size && sib->sib_maps) {
214da6c28aaSamw free(sib->sib_maps);
215da6c28aaSamw sib->sib_maps = NULL;
216da6c28aaSamw }
217da6c28aaSamw }
218da6c28aaSamw
219da6c28aaSamw /*
220da6c28aaSamw * smb_idmap_batch_getid
221da6c28aaSamw *
222da6c28aaSamw * Queue a request to map the given SID to a UID or GID.
223da6c28aaSamw *
224da6c28aaSamw * sim->sim_id should point to variable that's supposed to
225da6c28aaSamw * hold the returned UID/GID. This needs to be setup by caller
226da6c28aaSamw * of this function.
227da6c28aaSamw * If requested ID type is known, it's passed as 'idtype',
228da6c28aaSamw * if it's unknown it'll be returned in sim->sim_idtype.
229da6c28aaSamw */
230da6c28aaSamw idmap_stat
smb_idmap_batch_getid(idmap_get_handle_t * idmaph,smb_idmap_t * sim,smb_sid_t * sid,int idtype)231da6c28aaSamw smb_idmap_batch_getid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
2326537f381Sas200622 smb_sid_t *sid, int idtype)
233da6c28aaSamw {
2346537f381Sas200622 char sidstr[SMB_SID_STRSZ];
235da6c28aaSamw idmap_stat stat;
236da6c28aaSamw int flag = 0;
237da6c28aaSamw
2387f667e74Sjose borrego if (idmaph == NULL || sim == NULL || sid == NULL)
239da6c28aaSamw return (IDMAP_ERR_ARG);
240da6c28aaSamw
241b819cea2SGordon Ross smb_sid_tostr(sid, sidstr);
242b819cea2SGordon Ross if (smb_sid_splitstr(sidstr, &sim->sim_rid) != 0)
243b819cea2SGordon Ross return (IDMAP_ERR_SID);
244a73d9d5eSGordon Ross /* Note: Free sim_domsid in smb_idmap_batch_destroy */
245a73d9d5eSGordon Ross sim->sim_domsid = strdup(sidstr);
2469fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States sim->sim_idtype = idtype;
247da6c28aaSamw
248da6c28aaSamw switch (idtype) {
249da6c28aaSamw case SMB_IDMAP_USER:
250da6c28aaSamw stat = idmap_get_uidbysid(idmaph, sim->sim_domsid,
251da6c28aaSamw sim->sim_rid, flag, sim->sim_id, &sim->sim_stat);
2529fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_idmap_check("idmap_get_uidbysid", stat);
253da6c28aaSamw break;
254da6c28aaSamw
255da6c28aaSamw case SMB_IDMAP_GROUP:
256da6c28aaSamw stat = idmap_get_gidbysid(idmaph, sim->sim_domsid,
257da6c28aaSamw sim->sim_rid, flag, sim->sim_id, &sim->sim_stat);
2589fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_idmap_check("idmap_get_gidbysid", stat);
259da6c28aaSamw break;
260da6c28aaSamw
261da6c28aaSamw case SMB_IDMAP_UNKNOWN:
262da6c28aaSamw stat = idmap_get_pidbysid(idmaph, sim->sim_domsid,
263da6c28aaSamw sim->sim_rid, flag, sim->sim_id, &sim->sim_idtype,
264da6c28aaSamw &sim->sim_stat);
2659fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_idmap_check("idmap_get_pidbysid", stat);
266da6c28aaSamw break;
267da6c28aaSamw
268da6c28aaSamw default:
269b819cea2SGordon Ross stat = IDMAP_ERR_ARG;
270b819cea2SGordon Ross break;
271da6c28aaSamw }
272da6c28aaSamw
273da6c28aaSamw return (stat);
274da6c28aaSamw }
275da6c28aaSamw
276da6c28aaSamw /*
277da6c28aaSamw * smb_idmap_batch_getsid
278da6c28aaSamw *
279da6c28aaSamw * Queue a request to map the given UID/GID to a SID.
280da6c28aaSamw *
281da6c28aaSamw * sim->sim_domsid and sim->sim_rid will contain the mapping
282da6c28aaSamw * result upon successful process of the batched request.
283a73d9d5eSGordon Ross * Stash the type for error reporting (caller saves the ID).
284a73d9d5eSGordon Ross *
285b819cea2SGordon Ross * NB: sim_domsid allocated by strdup, here or in libidmap
286da6c28aaSamw */
287da6c28aaSamw idmap_stat
smb_idmap_batch_getsid(idmap_get_handle_t * idmaph,smb_idmap_t * sim,uid_t id,int idtype)288da6c28aaSamw smb_idmap_batch_getsid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
289da6c28aaSamw uid_t id, int idtype)
290da6c28aaSamw {
291da6c28aaSamw idmap_stat stat;
292da6c28aaSamw int flag = 0;
293da6c28aaSamw
294da6c28aaSamw if (!idmaph || !sim)
295da6c28aaSamw return (IDMAP_ERR_ARG);
296da6c28aaSamw
297a73d9d5eSGordon Ross sim->sim_idtype = idtype;
298da6c28aaSamw switch (idtype) {
299da6c28aaSamw case SMB_IDMAP_USER:
300da6c28aaSamw stat = idmap_get_sidbyuid(idmaph, id, flag,
301da6c28aaSamw &sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
3029fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_idmap_check("idmap_get_sidbyuid", stat);
303da6c28aaSamw break;
304da6c28aaSamw
305da6c28aaSamw case SMB_IDMAP_GROUP:
306da6c28aaSamw stat = idmap_get_sidbygid(idmaph, id, flag,
307da6c28aaSamw &sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
3089fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_idmap_check("idmap_get_sidbygid", stat);
309da6c28aaSamw break;
310da6c28aaSamw
311f96bd5c8SAlan Wright case SMB_IDMAP_OWNERAT:
312f96bd5c8SAlan Wright /* Current Owner S-1-5-32-766 */
313f96bd5c8SAlan Wright sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
314f96bd5c8SAlan Wright sim->sim_rid = SECURITY_CURRENT_OWNER_RID;
315f96bd5c8SAlan Wright sim->sim_stat = IDMAP_SUCCESS;
316f96bd5c8SAlan Wright stat = IDMAP_SUCCESS;
317f96bd5c8SAlan Wright break;
318f96bd5c8SAlan Wright
319f96bd5c8SAlan Wright case SMB_IDMAP_GROUPAT:
320f96bd5c8SAlan Wright /* Current Group S-1-5-32-767 */
321f96bd5c8SAlan Wright sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
322f96bd5c8SAlan Wright sim->sim_rid = SECURITY_CURRENT_GROUP_RID;
323f96bd5c8SAlan Wright sim->sim_stat = IDMAP_SUCCESS;
324f96bd5c8SAlan Wright stat = IDMAP_SUCCESS;
325f96bd5c8SAlan Wright break;
326f96bd5c8SAlan Wright
327da6c28aaSamw case SMB_IDMAP_EVERYONE:
328da6c28aaSamw /* Everyone S-1-1-0 */
329f96bd5c8SAlan Wright sim->sim_domsid = strdup(NT_WORLD_AUTH_SIDSTR);
330da6c28aaSamw sim->sim_rid = 0;
331da6c28aaSamw sim->sim_stat = IDMAP_SUCCESS;
332da6c28aaSamw stat = IDMAP_SUCCESS;
333da6c28aaSamw break;
334da6c28aaSamw
335da6c28aaSamw default:
336da6c28aaSamw return (IDMAP_ERR_ARG);
337da6c28aaSamw }
338da6c28aaSamw
339da6c28aaSamw return (stat);
340da6c28aaSamw }
341da6c28aaSamw
342da6c28aaSamw /*
343da6c28aaSamw * smb_idmap_batch_getmappings
344da6c28aaSamw *
345da6c28aaSamw * trigger ID mapping service to get the mappings for queued
346da6c28aaSamw * requests.
347da6c28aaSamw *
348da6c28aaSamw * Checks the result of all the queued requests.
349da6c28aaSamw */
350da6c28aaSamw idmap_stat
smb_idmap_batch_getmappings(smb_idmap_batch_t * sib,smb_idmap_batch_errcb_t errcb)351*f920d1d1SGordon Ross smb_idmap_batch_getmappings(smb_idmap_batch_t *sib,
352*f920d1d1SGordon Ross smb_idmap_batch_errcb_t errcb)
353da6c28aaSamw {
354da6c28aaSamw idmap_stat stat = IDMAP_SUCCESS;
3552c1b14e5Sjose borrego smb_idmap_t *sim;
356da6c28aaSamw int i;
357da6c28aaSamw
3589fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if ((stat = idmap_get_mappings(sib->sib_idmaph)) != IDMAP_SUCCESS) {
3599fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_idmap_check("idmap_get_mappings", stat);
360da6c28aaSamw return (stat);
3619fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
362da6c28aaSamw
363da6c28aaSamw /*
364da6c28aaSamw * Check the status for all the queued requests
365da6c28aaSamw */
3662c1b14e5Sjose borrego for (i = 0, sim = sib->sib_maps; i < sib->sib_nmap; i++, sim++) {
3672c1b14e5Sjose borrego if (sim->sim_stat != IDMAP_SUCCESS) {
368*f920d1d1SGordon Ross sib->sib_nerr++;
369*f920d1d1SGordon Ross if (errcb != NULL)
370*f920d1d1SGordon Ross errcb(sib, sim);
371a73d9d5eSGordon Ross if ((sib->sib_flags & SMB_IDMAP_SKIP_ERRS) == 0) {
3722c1b14e5Sjose borrego return (sim->sim_stat);
373da6c28aaSamw }
374da6c28aaSamw }
375a73d9d5eSGordon Ross }
376da6c28aaSamw
3772c1b14e5Sjose borrego if (smb_idmap_batch_binsid(sib) != 0)
378da6c28aaSamw stat = IDMAP_ERR_OTHER;
379da6c28aaSamw
380da6c28aaSamw return (stat);
381da6c28aaSamw }
382da6c28aaSamw
383da6c28aaSamw /*
384da6c28aaSamw * smb_idmap_batch_binsid
385da6c28aaSamw *
386da6c28aaSamw * Convert sidrids to binary sids
387da6c28aaSamw *
388da6c28aaSamw * Returns 0 if successful and non-zero upon failure.
389da6c28aaSamw */
390da6c28aaSamw static int
smb_idmap_batch_binsid(smb_idmap_batch_t * sib)391da6c28aaSamw smb_idmap_batch_binsid(smb_idmap_batch_t *sib)
392da6c28aaSamw {
3936537f381Sas200622 smb_sid_t *sid;
394da6c28aaSamw smb_idmap_t *sim;
395da6c28aaSamw int i;
396da6c28aaSamw
397da6c28aaSamw if (sib->sib_flags & SMB_IDMAP_SID2ID)
398da6c28aaSamw /* This operation is not required */
399da6c28aaSamw return (0);
400da6c28aaSamw
401da6c28aaSamw sim = sib->sib_maps;
402da6c28aaSamw for (i = 0; i < sib->sib_nmap; sim++, i++) {
403da6c28aaSamw if (sim->sim_domsid == NULL)
404da6c28aaSamw return (-1);
405da6c28aaSamw
4066537f381Sas200622 sid = smb_sid_fromstr(sim->sim_domsid);
407da6c28aaSamw if (sid == NULL)
408da6c28aaSamw return (-1);
409da6c28aaSamw
4106537f381Sas200622 sim->sim_sid = smb_sid_splice(sid, sim->sim_rid);
411b819cea2SGordon Ross smb_sid_free(sid);
412da6c28aaSamw }
413da6c28aaSamw
414da6c28aaSamw return (0);
415da6c28aaSamw }
416