[PATCH] store SID's in SAM_ACCOUNT

Stefan (metze) Metzmacher metze at metzemix.de
Mon Jun 10 02:52:03 GMT 2002


Hi Andrew,

here's the next version on my rid -> sid patch.



metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>
-------------- next part --------------
diff -Nur --exclude=CVS HEAD/source/groupdb/mapping.c HEAD-fix/source/groupdb/mapping.c
--- HEAD/source/groupdb/mapping.c	Fri Jun  7 16:38:19 2002
+++ HEAD-fix/source/groupdb/mapping.c	Mon Jun 10 11:20:45 2002
@@ -985,7 +985,8 @@
 		 * make one based on the unix information */
 		uint32 alias_rid;
 
-		sid_peek_rid(&sid, &alias_rid);
+		sid_peek_rid(&sid,&sid, &alias_rid);
+
 		map->gid=pdb_group_rid_to_gid(alias_rid);
 
 		if ((grp=getgrgid(map->gid)) == NULL)
diff -Nur --exclude=CVS HEAD/source/include/smb.h HEAD-fix/source/include/smb.h
--- HEAD/source/include/smb.h	Fri Jun  7 14:48:14 2002
+++ HEAD-fix/source/include/smb.h	Fri Jun  7 16:31:14 2002
@@ -624,8 +624,8 @@
 		
 		uid_t uid;          /* this is a unix uid_t */
 		gid_t gid;          /* this is a unix gid_t */
-		uint32 user_rid;    /* Primary User ID */
-		uint32 group_rid;   /* Primary Group ID */
+		DOM_SID user_sid;    /* Primary User SID */
+		DOM_SID group_sid;   /* Primary Group SID */
 		
 		DATA_BLOB lm_pw; /* .data is Null if no password */
 		DATA_BLOB nt_pw; /* .data is Null if no password */
diff -Nur --exclude=CVS HEAD/source/lib/util_sid.c HEAD-fix/source/lib/util_sid.c
--- HEAD/source/lib/util_sid.c	Fri Jun  7 16:38:19 2002
+++ HEAD-fix/source/lib/util_sid.c	Fri Jun  7 17:03:06 2002
@@ -1,10 +1,11 @@
 /* 
    Unix SMB/CIFS implementation.
    Samba utility functions
-   Copyright (C) Andrew Tridgell 1992-1998
-   Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
-   Copyright (C) Jeremy Allison  1999
-   
+   Copyright (C) Andrew Tridgell 		1992-1998
+   Copyright (C) Luke Kenneth Caseson Leighton 	1998-1999
+   Copyright (C) Jeremy Allison  		1999
+   Copyright (C) Stefan (metze) Metzmacher 	2002
+      
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
@@ -251,8 +252,17 @@
  Return the last rid from the end of a sid
 *****************************************************************/  
 
-BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid)
+BOOL sid_peek_rid(DOM_SID *exp_dom_sid,DOM_SID *sid, uint32 *rid)
 {
+	if(!exp_dom_sid||!sid||!rid)
+		return False;
+			
+
+	if(sid_compare_domain(exp_dom_sid,sid)!=0){
+		*rid=(-1);
+		return False;
+	}
+	
 	if (sid->num_auths > 0) {
 		*rid = sid->sub_auths[sid->num_auths - 1];
 		return True;
diff -Nur --exclude=CVS HEAD/source/nsswitch/winbindd_ads.c HEAD-fix/source/nsswitch/winbindd_ads.c
--- HEAD/source/nsswitch/winbindd_ads.c	Mon Jun  3 09:20:24 2002
+++ HEAD-fix/source/nsswitch/winbindd_ads.c	Mon Jun  3 09:20:48 2002
@@ -273,7 +273,7 @@
 			continue;
 		}
 
-		if (!sid_peek_rid(&sid, &rid)) {
+		if (!sid_peek_rid(&domain->sid,&sid, &rid)) {
 			DEBUG(1,("No rid for %s !?\n", name));
 			continue;
 		}
@@ -356,7 +356,7 @@
 			continue;
 		}
 
-		if (!sid_peek_rid(&sid, &rid)) {
+		if (!sid_peek_rid(&domain->sid,&sid, &rid)) {
 			DEBUG(1,("No rid for %s !?\n", name));
 			continue;
 		}
@@ -584,7 +584,7 @@
 		goto done;
 	}
 	
-	if (!sid_peek_rid(&sid, &info->user_rid)) {
+	if (!sid_peek_rid(&domain->sid,&sid, &info->user_rid)) {
 		DEBUG(1,("No rid for %d !?\n", user_rid));
 		goto done;
 	}
@@ -662,7 +662,7 @@
 
 	for (i=1;i<count;i++) {
 		uint32 rid;
-		if (!sid_peek_rid(&sids[i-1], &rid)) continue;
+		if (!sid_peek_rid(&domain->sid,&sids[i-1], &rid)) continue;
 		(*user_gids)[*num_groups] = rid;
 		(*num_groups)++;
 	}
@@ -737,7 +737,7 @@
 			DEBUG(1,("No sid for %s !?\n", (*names)[*num_names]));
 			continue;
 		}
-		if (!sid_peek_rid(&sid, &rid)) {
+		if (!sid_peek_rid(&domain->sid,&sid, &rid)) {
 			DEBUG(1,("No rid for %s !?\n", (*names)[*num_names]));
 			continue;
 		}
diff -Nur --exclude=CVS HEAD/source/nsswitch/winbindd_cache.c HEAD-fix/source/nsswitch/winbindd_cache.c
--- HEAD/source/nsswitch/winbindd_cache.c	Thu Jun  6 19:34:02 2002
+++ HEAD-fix/source/nsswitch/winbindd_cache.c	Thu Jun  6 19:35:42 2002
@@ -658,7 +658,8 @@
 	NTSTATUS status;
 	uint32 rid = 0;
 
-	sid_peek_rid(sid, &rid);
+	if(!sid_peek_rid(&domain->sid,sid, &rid))
+		return NT_STATUS_NO_SUCH_USER;
 
 	if (!cache->tdb) goto do_query;
 
diff -Nur --exclude=CVS HEAD/source/nsswitch/winbindd_group.c HEAD-fix/source/nsswitch/winbindd_group.c
--- HEAD/source/nsswitch/winbindd_group.c	Tue Apr  2 07:28:07 2002
+++ HEAD-fix/source/nsswitch/winbindd_group.c	Fri May 31 10:25:23 2002
@@ -228,7 +228,8 @@
 	}
 
 	/* Fill in group structure */
-	sid_peek_rid(&group_sid, &group_rid);
+	if(!sid_peek_rid(&domain->sid,&group_sid, &group_rid))
+		return WINBINDD_ERROR;
 
 	if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) {
 		DEBUG(1, ("error converting unix gid to sid\n"));
diff -Nur --exclude=CVS HEAD/source/passdb/passdb.c HEAD-fix/source/passdb/passdb.c
--- HEAD/source/passdb/passdb.c	Fri Jun  7 16:38:19 2002
+++ HEAD-fix/source/passdb/passdb.c	Fri Jun  7 17:43:12 2002
@@ -156,7 +156,6 @@
 NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
 {
 	GROUP_MAP map;
-	uint32 rid;
 
 	if (!pwd) {
 		return NT_STATUS_UNSUCCESSFUL;
@@ -184,18 +183,25 @@
 	   -- abartlet 11-May-02
 	*/
 
-	pdb_set_user_rid(sam_account, 
-			 fallback_pdb_uid_to_user_rid(pwd->pw_uid));
+	if(!pdb_set_user_sid_from_rid(sam_account, 
+			 fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
+		DEBUG(0,("Can't set User SID from RID!\n"));
+		return NT_STATUS_NO_SUCH_USER;
+	}
 
 	/* call the mapping code here */
 	if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
-		sid_peek_rid(&map.sid, &rid);
+		if(!pdb_set_group_sid(sam_account,&map.sid)){
+			DEBUG(0,("Can't set Group SID!\n"));
+			return NT_STATUS_NO_SUCH_GROUP;
+		}
 	} 
 	else {
-		rid=pdb_gid_to_group_rid(pwd->pw_gid);
+		if(!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
+			DEBUG(0,("Can't set Group SID\n"));
+			return NT_STATUS_NO_SUCH_GROUP;
+		}
 	}
-		
-	pdb_set_group_rid(sam_account, rid);
 
 	/* check if this is a user account or a machine account */
 	if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$')
@@ -455,39 +461,6 @@
 	return (True);
 }
 
-#if 0 /* seem it is not used by anyone */
-/*******************************************************************
- Group and User RID username mapping function
- ********************************************************************/
-
-BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid)
-{
-	GROUP_MAP map;
-	struct passwd *pw = Get_Pwnam(user_name);
-
-	if (u_rid == NULL || g_rid == NULL || user_name == NULL)
-		return False;
-
-	if (!pw) {
-		DEBUG(1,("Username %s is invalid on this system\n", user_name));
-		return False;
-	}
-
-	/* turn the unix UID into a Domain RID.  this is what the posix
-	   sub-system does (adds 1000 to the uid) */
-	*u_rid = fallback_pdb_uid_to_user_rid(pw->pw_uid);
-
-	/* absolutely no idea what to do about the unix GID to Domain RID mapping */
-	/* map it ! */
-	if (get_group_map_from_gid(pw->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
-		sid_peek_rid(&map.sid, g_rid);
-	} else 
-		*g_rid = pdb_gid_to_group_rid(pw->pw_gid);
-
-	return True;
-}
-#endif /* seem it is not used by anyone */
-
 /*******************************************************************
  Converts NT user RID to a UNIX uid.
  ********************************************************************/
@@ -578,7 +551,11 @@
 	SAM_ACCOUNT *sam_account = NULL;
 	GROUP_MAP map;
 
-	sid_peek_rid(sid, &rid);
+	if(!sid_peek_rid(get_global_sam_sid(),sid, &rid)){
+		DEBUG(0,("local_sid_to_gid: sid_peek_rid return False! SID: %s\n",
+			sid_string_static(&map.sid)));
+		return False;
+	}	
 	*psid_name_use = SID_NAME_UNKNOWN;
 	
 	DEBUG(5,("local_lookup_sid: looking up RID %u.\n", (unsigned int)rid));
@@ -724,10 +701,9 @@
 	}
 	
 	if (pdb_getsampwnam(sam_account, user)) {
-		sid_append_rid( &local_sid, pdb_get_user_rid(sam_account));
+		sid_copy(psid,(DOM_SID *)pdb_get_user_sid(sam_account));
 		*psid_name_use = SID_NAME_USER;
 		
-		sid_copy( psid, &local_sid);
 		pdb_free_sam(&sam_account);
 		return True;
 	}
@@ -800,7 +776,7 @@
 		}
 		
 		if (pdb_getsampwnam(sam_user, pass->pw_name)) {
-			sid_append_rid(psid, pdb_get_user_rid(sam_user));
+			sid_copy(psid,(DOM_SID *) pdb_get_user_sid(sam_user));
 		} else {
 			sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
 		}
@@ -920,7 +896,11 @@
 		if (map.gid==-1)
 			return False;
 
-		sid_peek_rid(&map.sid, &rid);
+		if(!sid_peek_rid(get_global_sam_sid(),&map.sid, &rid)){
+			DEBUG(0,("local_sid_to_gid: sid_peek_rid return False! SID: %s\n",
+				sid_string_static(&map.sid)));
+			return False;
+		}
 		*pgid = map.gid;
 		*name_type = map.sid_name_use;
 		DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n", sid_to_string( str, psid),
@@ -996,9 +976,9 @@
 		pdb_set_munged_dial(to   , pdb_unistr2_convert(&from->uni_munged_dial ));
 
 	if (from->user_rid)
-		pdb_set_user_rid(to, from->user_rid);
+		pdb_set_user_sid_from_rid(to, from->user_rid);
 	if (from->group_rid)
-		pdb_set_group_rid(to, from->group_rid);
+		pdb_set_group_sid_from_rid(to, from->group_rid);
 
 	pdb_set_acct_ctrl(to, from->acb_info);
 	pdb_set_unknown_3(to, from->unknown_3);
@@ -1051,9 +1031,9 @@
 		pdb_set_munged_dial(to   , pdb_unistr2_convert(&from->uni_munged_dial ));
 
 	if (from->user_rid)
-		pdb_set_user_rid(to, from->user_rid);
+		pdb_set_user_sid_from_rid(to, from->user_rid);
 	if (from->group_rid)
-		pdb_set_group_rid(to, from->group_rid);
+		pdb_set_group_sid_from_rid(to, from->group_rid);
 
 	/* FIXME!!  Do we need to copy the passwords here as well?
 	   I don't know.  Need to figure this out   --jerry */
diff -Nur --exclude=CVS HEAD/source/passdb/pdb_get_set.c HEAD-fix/source/passdb/pdb_get_set.c
--- HEAD/source/passdb/pdb_get_set.c	Tue May 21 14:07:17 2002
+++ HEAD-fix/source/passdb/pdb_get_set.c	Tue Jun  4 15:18:43 2002
@@ -5,6 +5,7 @@
    Copyright (C) Luke Kenneth Casson Leighton 	1996-1998
    Copyright (C) Gerald (Jerry) Carter		2000-2001
    Copyright (C) Andrew Bartlett		2001-2002
+   Copyright (C) Stefan (metze) Metzmacher	2002
       
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -155,21 +156,41 @@
 	else
 		return (NULL);
 }
+const DOM_SID *pdb_get_user_sid(const SAM_ACCOUNT *sampass)
+{
+	if (sampass) 
+		return &sampass->private.user_sid;
+	else
+		return (NULL);
+}
+
+const DOM_SID *pdb_get_group_sid(const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return &sampass->private.group_sid;
+	else	
+		return (NULL);
+}	
 
 uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass)
 {
+	uint32 u_rid;
+
 	if (sampass)
-		return (sampass->private.user_rid);
-	else
-		return (-1);
+		if(sid_peek_rid(get_global_sam_sid(),(DOM_SID *)pdb_get_user_sid(sampass),&u_rid))
+			return u_rid;
+	
+	return (-1);
 }
 
 uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass)
 {
+	uint32 g_rid;
+
 	if (sampass)
-		return (sampass->private.group_rid);
-	else
-		return (-1);
+		if(sid_peek_rid(get_global_sam_sid(),(DOM_SID *)pdb_get_group_sid(sampass),&g_rid))
+			return g_rid;
+	return (-1);
 }
 
 /**
@@ -487,27 +508,71 @@
 
 }
 
-BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid)
+BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid)
+{
+	if(!sampass||!u_sid)
+		return False;
+	
+	sid_copy(&sampass->private.user_sid,u_sid);
+
+	DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n", 
+		    sid_string_static(&sampass->private.user_sid)));
+	
+	return True;
+}
+
+BOOL pdb_set_group_sid(SAM_ACCOUNT *sampass, DOM_SID *g_sid)
 {
+	if (!sampass||!g_sid)
+		return False;
+
+	sid_copy(&sampass->private.group_sid,g_sid);
+
+	DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n", 
+		    sid_string_static(&sampass->private.group_sid)));
+
+	return True;
+}
+
+BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid)
+{
+	DOM_SID u_sid;
+
 	if (!sampass)
 		return False;
 
-	DEBUG(10, ("pdb_set_rid: setting user rid %d, was %d\n", 
-		   rid, sampass->private.user_rid));
- 
-	sampass->private.user_rid = rid;
+	sid_copy(&u_sid,get_global_sam_sid());
+
+	if(!sid_append_rid(&u_sid,rid))
+		return False;
+
+	if(!pdb_set_user_sid(sampass,&u_sid))
+		return False;
+
+	DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n", 
+		    sid_string_static(&u_sid),rid));
+
 	return True;
 }
 
-BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid)
+BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid)
 {
+	DOM_SID g_sid;
+
 	if (!sampass)
 		return False;
+	
+	sid_copy(&g_sid,get_global_sam_sid());
+	
+	if(!sid_append_rid(&g_sid,grid))
+		return False;
+
+	if(!pdb_set_group_sid(sampass,&g_sid))
+		return False;
+
+	DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n", 
+		    sid_string_static(&g_sid),grid));
 
-	DEBUG(10, ("pdb_set_group_rid: setting group rid %d, was %d\n", 
-		   grid, sampass->private.group_rid));
- 
-	sampass->private.group_rid = grid;
 	return True;
 }
 
diff -Nur --exclude=CVS HEAD/source/passdb/pdb_ldap.c HEAD-fix/source/passdb/pdb_ldap.c
--- HEAD/source/passdb/pdb_ldap.c	Mon May 27 13:11:01 2002
+++ HEAD-fix/source/passdb/pdb_ldap.c	Tue Jun  4 15:18:57 2002
@@ -624,7 +624,8 @@
 			GROUP_MAP map;
 			/* call the mapping code here */
 			if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
-				sid_peek_rid(&map.sid, &group_rid);
+				if(!sid_peek_rid(get_global_sam_sid(),&map.sid, &group_rid))
+					return False;
 			} 
 			else {
 				group_rid=pdb_gid_to_group_rid(gid);
@@ -780,8 +781,8 @@
 	pdb_set_hours_len(sampass, hours_len);
 	pdb_set_logon_divs(sampass, logon_divs);
 
-	pdb_set_user_rid(sampass, user_rid);
-	pdb_set_group_rid(sampass, group_rid);
+	pdb_set_user_sid_from_rid(sampass, user_rid);
+	pdb_set_group_sid_from_rid(sampass, group_rid);
 
 	pdb_set_username(sampass, username);
 
@@ -1273,7 +1274,8 @@
 static BOOL ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
 {
 	uint32 rid;
-	sid_peek_rid(sid, &rid);
+	if(!sid_peek_rid(get_global_sam_sid(),sid, &rid))
+		return False;
 	return ldapsam_getsampwrid(my_methods, user, rid);
 }	
 
diff -Nur --exclude=CVS HEAD/source/passdb/pdb_nisplus.c HEAD-fix/source/passdb/pdb_nisplus.c
--- HEAD/source/passdb/pdb_nisplus.c	Mon May 27 13:11:01 2002
+++ HEAD-fix/source/passdb/pdb_nisplus.c	Tue Jun  4 15:19:49 2002
@@ -339,8 +339,8 @@
 
   pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID)));
   pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID)));
-  pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID)));
-  pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID)));
+  pdb_set_user_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID)));
+  pdb_set_group_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID)));
 
   /* values, must exist for user */
   if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) {
@@ -381,7 +381,7 @@
   else 
   {
     /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
-    pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS); 
+    pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS); 
   }
 
   /* Check the lanman password column. */
@@ -538,7 +538,8 @@
 
 		if (rid==0) {
 			if (get_group_map_from_gid(pdb_get_gid(sampass), &map, MAPPING_WITHOUT_PRIV)) {
-				sid_peek_rid(&map.sid, &rid);
+				if(!sid_peek_rid(get_global_sam_sid(),&map.sid, &rid))
+					return False;
 			} else 
 				rid=pdb_gid_to_group_rid(pdb_get_gid(sampass));
 		}
@@ -1034,7 +1035,8 @@
 BOOL pdb_getsampwsid(SAM_ACCOUNT * user, DOM_SID *sid)
 {
 	uint32 rid;
-	sid_peek_rid(sid, &rid);
+	if(!sid_peek_rid(get_global_sam_sid(),sid, &rid))
+		return False;
 	return pdb_getsampwrid(user, rid);
 }
 
diff -Nur --exclude=CVS HEAD/source/passdb/pdb_smbpasswd.c HEAD-fix/source/passdb/pdb_smbpasswd.c
--- HEAD/source/passdb/pdb_smbpasswd.c	Mon May 27 13:11:02 2002
+++ HEAD-fix/source/passdb/pdb_smbpasswd.c	Tue Jun  4 15:20:02 2002
@@ -1242,14 +1242,14 @@
 	    && (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid) 
 	    && (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
 
-		pdb_set_user_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
+		pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
 
 		/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. 
 		   
 		   This was down the bottom for machines, but it looks pretty good as
 		   a general default for non-unix users. --abartlet 2002-01-08
 		*/
-		pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); 
+		pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS); 
 		pdb_set_username (sam_pass, pw_buf->smb_name);
 		pdb_set_domain (sam_pass, lp_workgroup());
 	} else {
@@ -1458,7 +1458,8 @@
 static BOOL smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
 {
 	uint32 rid;
-	sid_peek_rid(sid, &rid);
+	if(!sid_peek_rid(get_global_sam_sid(),sid, &rid))
+		return False;
 	return smbpasswd_getsampwrid(my_methods, user, rid);
 }
 
diff -Nur --exclude=CVS HEAD/source/passdb/pdb_tdb.c HEAD-fix/source/passdb/pdb_tdb.c
--- HEAD/source/passdb/pdb_tdb.c	Mon May 27 13:11:02 2002
+++ HEAD-fix/source/passdb/pdb_tdb.c	Tue Jun  4 15:20:13 2002
@@ -246,8 +246,8 @@
 		}
 	}
 
-	pdb_set_user_rid(sampass, user_rid);
-	pdb_set_group_rid(sampass, group_rid);
+	pdb_set_user_sid_from_rid(sampass, user_rid);
+	pdb_set_group_sid_from_rid(sampass, group_rid);
 	pdb_set_unknown_3(sampass, unknown_3);
 	pdb_set_hours_len(sampass, hours_len);
 	pdb_set_unknown_5(sampass, unknown_5);
@@ -671,7 +671,8 @@
 static BOOL tdbsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
 {
 	uint32 rid;
-	sid_peek_rid(sid, &rid);
+	if(!sid_peek_rid(get_global_sam_sid(),sid, &rid))
+		return False;
 	return tdbsam_getsampwrid(my_methods, user, rid);
 }
 
@@ -775,7 +776,7 @@
 						goto done;
 					}
 				}
-				pdb_set_user_rid(newpwd, user_rid);
+				pdb_set_user_sid_from_rid(newpwd, user_rid);
 			} else {
 				user_rid = tdb_state->low_nua_rid;
 				tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
@@ -788,7 +789,7 @@
 					ret = False;
 					goto done;
 				}
-				pdb_set_user_rid(newpwd, user_rid);
+				pdb_set_user_sid_from_rid(newpwd, user_rid);
 			}
 		} else {
 			DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
@@ -805,7 +806,7 @@
 				goto done;
 			} else {
 				/* This seems like a good default choice for non-unix users */
-				pdb_set_group_rid(newpwd, DOMAIN_GROUP_RID_USERS);
+				pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS);
 			}
 		} else {
 			DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
diff -Nur --exclude=CVS HEAD/source/passdb/pdb_unix.c HEAD-fix/source/passdb/pdb_unix.c
--- HEAD/source/passdb/pdb_unix.c	Mon May 27 13:11:02 2002
+++ HEAD-fix/source/passdb/pdb_unix.c	Tue Jun  4 15:20:20 2002
@@ -68,7 +68,8 @@
 static BOOL unixsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
 {
 	uint32 rid;
-	sid_peek_rid(sid, &rid);
+	if(!sid_peek_rid(get_global_sam_sid(),sid, &rid))
+		return False;
 	return unixsam_getsampwrid(my_methods, user, rid);
 }
 
diff -Nur --exclude=CVS HEAD/source/rpc_server/srv_samr_nt.c HEAD-fix/source/rpc_server/srv_samr_nt.c
--- HEAD/source/rpc_server/srv_samr_nt.c	Mon Jun 10 08:24:24 2002
+++ HEAD-fix/source/rpc_server/srv_samr_nt.c	Mon Jun 10 08:39:25 2002
@@ -2019,18 +2019,9 @@
  		return NT_STATUS_ACCESS_DENIED;		
  	}
  	
- 	/* Get the domain SID stored in the domain policy */
-  	if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) {
-  		pdb_free_sam(&sam_pass);
-		return NT_STATUS_INVALID_HANDLE;
-	}
-
-	/* append the user's RID to it */
-	if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) {
-		pdb_free_sam(&sam_pass);
-		return NT_STATUS_NO_SUCH_USER;
-	}
-
+	/* Get the user's SID */
+	sid_copy(&sid,(DOM_SID *)pdb_get_user_sid(sam_pass));
+	
 	/* associate the user's SID with the new handle. */
 	if ((info = get_samr_info_by_sid(&sid)) == NULL) {
 		pdb_free_sam(&sam_pass);
diff -Nur --exclude=CVS HEAD/source/rpc_server/srv_util.c HEAD-fix/source/rpc_server/srv_util.c
--- HEAD/source/rpc_server/srv_util.c	Mon Jun 10 08:24:24 2002
+++ HEAD-fix/source/rpc_server/srv_util.c	Mon Jun 10 08:41:15 2002
@@ -182,7 +182,8 @@
 				}
 				rids=new_rids;
 				
-				sid_peek_rid(&map.sid, &(rids[cur_rid]));
+				if(!sid_peek_rid(get_global_sam_sid(),&map.sid, &(rids[cur_rid])))
+					return NT_STATUS_NO_SUCH_USER;
 				DEBUG(10,("get_alias_user_groups: user found in group %s\n", map.nt_name));
 				cur_rid++;
 				break;
@@ -244,7 +245,8 @@
 	}
 	rids=new_rids;
 
- 	sid_peek_rid(&map.sid, &(rids[cur_rid]));
+ 	if(!sid_peek_rid(get_global_sam_sid(),&map.sid, &(rids[cur_rid])))
+		return NT_STATUS_NO_SUCH_USER;
 	cur_rid++;
 
 done:
@@ -299,7 +301,8 @@
 		for(num=0; grp->gr_mem[num]!=NULL; num++) {
 			if(strcmp(grp->gr_mem[num], user_name)==0) {
 				/* we found the user, add the group to the list */
-				sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
+				if(!sid_peek_rid(get_global_sam_sid(),&map[i].sid, &(gids[cur_gid].g_rid)))
+					return False;
 				gids[cur_gid].attr=7;
 				DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
 				cur_gid++;
@@ -325,7 +328,8 @@
 	}
 
 	for(i=0; i<num_entries; i++) {
-		sid_peek_rid(&map[i].sid, &tmp_rid);
+		if(!sid_peek_rid(get_global_sam_sid(),&map[i].sid, &tmp_rid))
+			return False;
 		if (tmp_rid==grid) {
 			/* 
 			 * the primary group of the user but be the first one in the list
diff -Nur --exclude=CVS HEAD/source/utils/pdbedit.c HEAD-fix/source/utils/pdbedit.c
--- HEAD/source/utils/pdbedit.c	Mon May 27 13:11:03 2002
+++ HEAD-fix/source/utils/pdbedit.c	Wed May 29 13:19:29 2002
@@ -81,10 +81,12 @@
 		if (IS_SAM_UNIX_USER(sam_pwent)) {
 			uid = pdb_get_uid(sam_pwent);
 			gid = pdb_get_gid(sam_pwent);
-			printf ("user ID/Group:        %d/%d\n", uid, gid);
+			printf ("User ID/Group ID:     %d/%d\n", uid, gid);
 		}
-		printf ("user RID/GRID:        %u/%u\n", (unsigned int)pdb_get_user_rid(sam_pwent),
-			(unsigned int)pdb_get_group_rid(sam_pwent));
+		printf ("User SID:             %s\n",
+			sid_string_static((DOM_SID *)pdb_get_user_sid(sam_pwent)));
+		printf ("Primary Group SID:    %s\n",
+			sid_string_static((DOM_SID *)pdb_get_group_sid(sam_pwent)));
 		printf ("Full Name:            %s\n", pdb_get_fullname(sam_pwent));
 		printf ("Home Directory:       %s\n", pdb_get_homedir(sam_pwent));
 		printf ("HomeDir Drive:        %s\n", pdb_get_dirdrive(sam_pwent));
@@ -329,7 +331,7 @@
 	
 	pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
 	
-	pdb_set_group_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
+	pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
 	
 	if (in->pdb_add_sam_account (in, sam_pwent)) {
 		print_user_info (in, name, True, False);


More information about the samba-technical mailing list