[PATCH] store SID's in SAM_ACCOUNT
metze at metzemix.de
metze at metzemix.de
Fri May 31 03:24:01 GMT 2002
Hi Andrew and Simo,
this patches are only for discussion,( not completely ready)
please take look at it the Patch for Makefile.in should be cleaner but I
don't know how to do this... So it would be nice if someoneelse could do that.
The reason for changing Makefile.in is that the global_sam_sid should be
get with the function get_global_sam_sid(), witch is in
passdb/machine_sid.c and depends code from passdb/secrets.c
libsmb/smbencrypt.c libsmb/smbdes.c
code Patch
---------------------------------------------------------
diff -Nur HEAD/source/groupdb/mapping.c HEAD-fix/source/groupdb/mapping.c
--- HEAD/source/groupdb/mapping.c Mon Apr 29 08:26:39 2002
+++ HEAD-fix/source/groupdb/mapping.c Fri May 31 10:19:42 2002
@@ -21,7 +21,6 @@
#include "includes.h"
-extern DOM_SID global_sam_sid;
static TDB_CONTEXT *tdb; /* used for driver files */
@@ -186,17 +185,17 @@
/* Add the defaults domain groups */
- sid_copy(&sid_admins, &global_sam_sid);
+ sid_copy(&sid_admins, get_global_sam_sid());
sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS);
sid_to_string(str_admins, &sid_admins);
add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain
Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- sid_copy(&sid_users, &global_sam_sid);
+ sid_copy(&sid_users, get_global_sam_sid());
sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS);
sid_to_string(str_users, &sid_users);
add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain
Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- sid_copy(&sid_guests, &global_sam_sid);
+ sid_copy(&sid_guests, get_global_sam_sid());
sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS);
sid_to_string(str_guests, &sid_guests);
add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain
Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK);
@@ -987,7 +986,9 @@
* make one based on the unix information */
uint32 alias_rid;
- sid_peek_rid(&sid, &alias_rid);
+ if(!sid_peek_rid(NULL,&sid, &alias_rid))
+ return False;
+
map->gid=pdb_group_rid_to_gid(alias_rid);
if ((grp=getgrgid(map->gid)) == NULL)
@@ -1070,7 +1071,7 @@
/* interim solution until we have a last RID allocated */
- sid_copy(&map->sid, &global_sam_sid);
+ sid_copy(&map->sid, get_global_sam_sid());
sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid));
fstrcpy(map->nt_name, grp->gr_name);
diff -Nur HEAD/source/include/sids.h HEAD-fix/source/include/sids.h
--- HEAD/source/include/sids.h Wed Jan 30 07:08:15 2002
+++ HEAD-fix/source/include/sids.h Wed May 29 14:27:26 2002
@@ -23,7 +23,7 @@
#ifndef _SIDS_H
#define _SIDS_H
-extern DOM_SID global_sam_sid;
+extern DOM_SID *global_sam_sid;
extern fstring global_sam_name;
extern DOM_SID global_member_sid;
diff -Nur HEAD/source/include/smb.h HEAD-fix/source/include/smb.h
--- HEAD/source/include/smb.h Tue May 21 14:07:13 2002
+++ HEAD-fix/source/include/smb.h Mon May 27 11:28:59 2002
@@ -624,8 +624,8 @@
uid_t uid; /* this is a unix uid_t */
gid_t gid; /* this is a unix gid_t */
- uint32 user_rid; /* Primary User ID */
- uint32 group_rid; /* Primary Group ID */
+ DOM_SID user_sid; /* Primary User SID */
+ DOM_SID group_sid; /* Primary Group SID */
DATA_BLOB lm_pw; /* .data is Null if no password */
DATA_BLOB nt_pw; /* .data is Null if no password */
diff -Nur HEAD/source/lib/util_sid.c HEAD-fix/source/lib/util_sid.c
--- HEAD/source/lib/util_sid.c Mon Apr 15 10:32:58 2002
+++ HEAD-fix/source/lib/util_sid.c Wed May 29 14:43:41 2002
@@ -4,6 +4,7 @@
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
Copyright (C) Jeremy Allison 1999
+ Copyright (C) Stefan (metze) Metzmacher 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -25,7 +26,7 @@
/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
equal to the domain SID when we are a DC, otherwise its our
workstation SID */
-DOM_SID global_sam_sid;
+DOM_SID *global_sam_sid=NULL;
extern pstring global_myname;
extern fstring global_myworkgroup;
@@ -120,17 +121,17 @@
if ((lp_security() == SEC_USER) && lp_domain_logons()) {
- sid_name_map[i].sid = &global_sam_sid;
+ sid_name_map[i].sid = get_global_sam_sid();
sid_name_map[i].name = global_myworkgroup;
sid_name_map[i].known_users = NULL;
i++;
- sid_name_map[i].sid = &global_sam_sid;
+ sid_name_map[i].sid = get_global_sam_sid();
sid_name_map[i].name = global_myname;
sid_name_map[i].known_users = NULL;
i++;
}
else {
- sid_name_map[i].sid = &global_sam_sid;
+ sid_name_map[i].sid = get_global_sam_sid();
sid_name_map[i].name = global_myname;
sid_name_map[i].known_users = NULL;
i++;
@@ -270,14 +271,14 @@
if (nt_domain == NULL) {
DEBUG(5,("map_domain_name_to_sid: mapping NULL domain to
our SID.\n"));
- sid_copy(sid, &global_sam_sid);
+ sid_copy(sid, get_global_sam_sid());
return True;
}
if (nt_domain[0] == 0) {
fstrcpy(nt_domain, global_myname);
DEBUG(5,("map_domain_name_to_sid: overriding blank name to
%s\n", nt_domain));
- sid_copy(sid, &global_sam_sid);
+ sid_copy(sid, get_global_sam_sid());
return True;
}
@@ -473,8 +474,20 @@
Return the last rid from the end of a sid
*****************************************************************/
-BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid)
+BOOL sid_peek_rid(DOM_SID *exp_dom_sid,DOM_SID *sid, uint32 *rid)
{
+ DOM_SID *_exp_dom_sid=exp_dom_sid;
+
+ if(!sid||!rid)
+ return False;
+
+ if(!_exp_dom_sid)
+ if(!(_exp_dom_sid=get_global_sam_sid()))
+ return False;
+
+ if(sid_compare_domain(_exp_dom_sid,sid)!=0)
+ return False;
+
if (sid->num_auths > 0) {
*rid = sid->sub_auths[sid->num_auths - 1];
return True;
@@ -631,7 +644,7 @@
*****************************************************************/
BOOL sid_check_is_domain(const DOM_SID *sid)
{
- return sid_equal(sid, &global_sam_sid);
+ return sid_equal(sid, get_global_sam_sid());
}
@@ -655,7 +668,7 @@
sid_copy(&dom_sid, sid);
sid_split_rid(&dom_sid, &rid);
- return sid_equal(&dom_sid, &global_sam_sid);
+ return sid_equal(&dom_sid, get_global_sam_sid());
}
/*****************************************************************
diff -Nur HEAD/source/nsswitch/winbindd_ads.c
HEAD-fix/source/nsswitch/winbindd_ads.c
--- HEAD/source/nsswitch/winbindd_ads.c Mon Apr 29 08:26:40 2002
+++ HEAD-fix/source/nsswitch/winbindd_ads.c Wed May 29 14:59:36 2002
@@ -273,7 +273,7 @@
continue;
}
- if (!sid_peek_rid(&sid, &rid)) {
+ if (!sid_peek_rid(&domain->sid,&sid, &rid)) {
DEBUG(1,("No rid for %s !?\n", name));
continue;
}
@@ -356,7 +356,7 @@
continue;
}
- if (!sid_peek_rid(&sid, &rid)) {
+ if (!sid_peek_rid(&domain->sid,&sid, &rid)) {
DEBUG(1,("No rid for %s !?\n", name));
continue;
}
@@ -584,7 +584,7 @@
goto done;
}
- if (!sid_peek_rid(&sid, &info->user_rid)) {
+ if (!sid_peek_rid(&domain->sid,&sid, &info->user_rid)) {
DEBUG(1,("No rid for %d !?\n", user_rid));
goto done;
}
@@ -662,7 +662,7 @@
for (i=1;i<count;i++) {
uint32 rid;
- if (!sid_peek_rid(&sids[i-1], &rid)) continue;
+ if (!sid_peek_rid(&domain->sid,&sids[i-1], &rid)) continue;
(*user_gids)[*num_groups] = rid;
(*num_groups)++;
}
@@ -737,7 +737,7 @@
DEBUG(1,("No sid for %s !?\n", (*names)[*num_names]));
continue;
}
- if (!sid_peek_rid(&sid, &rid)) {
+ if (!sid_peek_rid(&domain->sid,&sid, &rid)) {
DEBUG(1,("No rid for %s !?\n", (*names)[*num_names]));
continue;
}
diff -Nur HEAD/source/nsswitch/winbindd_cache.c
HEAD-fix/source/nsswitch/winbindd_cache.c
--- HEAD/source/nsswitch/winbindd_cache.c Mon Apr 29 08:26:40 2002
+++ HEAD-fix/source/nsswitch/winbindd_cache.c Fri May 31 10:24:34 2002
@@ -648,7 +648,8 @@
NTSTATUS status;
uint32 rid = 0;
- sid_peek_rid(sid, &rid);
+ if(!sid_peek_rid(&domain->sid,sid, &rid))
+ return NT_STATUS_NO_SUCH_USER;
if (!cache->tdb) goto do_query;
diff -Nur HEAD/source/nsswitch/winbindd_group.c
HEAD-fix/source/nsswitch/winbindd_group.c
--- HEAD/source/nsswitch/winbindd_group.c Tue Apr 2 07:28:07 2002
+++ HEAD-fix/source/nsswitch/winbindd_group.c Fri May 31 10:25:23 2002
@@ -228,7 +228,8 @@
}
/* Fill in group structure */
- sid_peek_rid(&group_sid, &group_rid);
+ if(!sid_peek_rid(&domain->sid,&group_sid, &group_rid))
+ return WINBINDD_ERROR;
if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) {
DEBUG(1, ("error converting unix gid to sid\n"));
diff -Nur HEAD/source/passdb/machine_sid.c HEAD-fix/source/passdb/machine_sid.c
--- HEAD/source/passdb/machine_sid.c Tue May 21 14:07:16 2002
+++ HEAD-fix/source/passdb/machine_sid.c Fri May 31 10:10:55 2002
@@ -4,6 +4,7 @@
Copyright (C) Jeremy Allison 1996-2002
Copyright (C) Andrew Tridgell 2002
Copyright (C) Gerald (Jerry) Carter 2000
+ Copyright (C) Stefan (metze) Metzmacher 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -77,6 +78,10 @@
extern fstring global_myworkgroup;
BOOL is_dc = False;
+ if(global_sam_sid==NULL)
+ if(!(global_sam_sid=(DOM_SID *)malloc(sizeof(DOM_SID))))
+ return False;
+
generate_wellknown_sids();
switch (lp_server_role()) {
@@ -89,7 +94,7 @@
break;
}
- if (secrets_fetch_domain_sid(global_myname, &global_sam_sid)) {
+ if (secrets_fetch_domain_sid(global_myname, global_sam_sid)) {
DOM_SID domain_sid;
/* We got our sid. If not a pdc/bdc, we're done. */
@@ -100,19 +105,19 @@
/* No domain sid and we're a pdc/bdc. Store it */
- if (!secrets_store_domain_sid(global_myworkgroup,
&global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myworkgroup,
global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't
store domain SID as a pdc/bdc.\n"));
return False;
}
return True;
}
- if (!sid_equal(&domain_sid, &global_sam_sid)) {
+ if (!sid_equal(&domain_sid, global_sam_sid)) {
/* Domain name sid doesn't match global sam sid.
Re-store global sam sid as domain sid. */
DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as
a pdc/bdc.\n"));
- if (!secrets_store_domain_sid(global_myworkgroup,
&global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myworkgroup,
global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't
re-store domain SID as a pdc/bdc.\n"));
return False;
}
@@ -126,24 +131,23 @@
/* check for an old MACHINE.SID file for backwards compatibility */
asprintf(&fname, "%s/MACHINE.SID", lp_private_dir());
- if (read_sid_from_file(fname, &global_sam_sid)) {
+ if (read_sid_from_file(fname, global_sam_sid)) {
/* remember it for future reference and unlink the old
MACHINE.SID */
- if (!secrets_store_domain_sid(global_myname,
&global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myname, global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store
SID from file.\n"));
SAFE_FREE(fname);
return False;
}
unlink(fname);
if (is_dc) {
- if (!secrets_store_domain_sid(global_myworkgroup,
&global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myworkgroup,
global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to
store domain SID from file.\n"));
SAFE_FREE(fname);
return False;
}
}
- /* Stored the old sid from MACHINE.SID successfully.
- Patch from Stefan "metze" Metzmacher
<metze at metzemix.de>*/
+ /* Stored the old sid from MACHINE.SID successfully.*/
SAFE_FREE(fname);
return True;
}
@@ -152,14 +156,14 @@
/* we don't have the SID in secrets.tdb, we will need to
generate one and save it */
- generate_random_sid(&global_sam_sid);
+ generate_random_sid(global_sam_sid);
- if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myname, global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated
machine SID.\n"));
return False;
}
if (is_dc) {
- if (!secrets_store_domain_sid(global_myworkgroup,
&global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myworkgroup,
global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store
generated domain SID.\n"));
return False;
}
@@ -167,3 +171,17 @@
return True;
}
+
+/* return our global_sam_sid */
+DOM_SID *get_global_sam_sid(void)
+{
+ if(global_sam_sid!=NULL)
+ return global_sam_sid;
+
+ /* memory for global_sam_sid is allocated in
+ pdb_generate_sam_sid() is needed*/
+ if(!pdb_generate_sam_sid())
+ global_sam_sid=NULL;
+
+ return global_sam_sid;
+}
diff -Nur HEAD/source/passdb/passdb.c HEAD-fix/source/passdb/passdb.c
--- HEAD/source/passdb/passdb.c Mon May 27 13:11:01 2002
+++ HEAD-fix/source/passdb/passdb.c Fri May 31 10:29:36 2002
@@ -32,7 +32,6 @@
* responsible.
*/
-extern DOM_SID global_sam_sid;
extern pstring global_myname;
/************************************************************
@@ -185,18 +184,19 @@
-- abartlet 11-May-02
*/
- pdb_set_user_rid(sam_account,
+ pdb_set_user_sid_from_rid(sam_account,
fallback_pdb_uid_to_user_rid(pwd->pw_uid));
/* call the mapping code here */
if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
- sid_peek_rid(&map.sid, &rid);
+ if(!sid_peek_rid(NULL,&map.sid, &rid))
+ return NT_STATUS_NO_SUCH_USER;
}
else {
rid=pdb_gid_to_group_rid(pwd->pw_gid);
}
- pdb_set_group_rid(sam_account, rid);
+ pdb_set_group_sid_from_rid(sam_account, rid);
/* check if this is a user account or a machine account */
if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$')
@@ -481,7 +481,8 @@
/* absolutely no idea what to do about the unix GID to Domain RID
mapping */
/* map it ! */
if (get_group_map_from_gid(pw->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
- sid_peek_rid(&map.sid, g_rid);
+ if(!sid_peek_rid(NULL,&map.sid, g_rid))
+ return NT_STATUS_NO_SUCH_USER;
} else
*g_rid = pdb_gid_to_group_rid(pw->pw_gid);
@@ -579,7 +580,8 @@
SAM_ACCOUNT *sam_account = NULL;
GROUP_MAP map;
- sid_peek_rid(sid, &rid);
+ if(!sid_peek_rid(NULL,sid, &rid))
+ return False;
*psid_name_use = SID_NAME_UNKNOWN;
DEBUG(5,("local_lookup_sid: looking up RID %u.\n", (unsigned
int)rid));
@@ -699,7 +701,7 @@
fstrcpy(user, c_user);
- sid_copy(&local_sid, &global_sam_sid);
+ sid_copy(&local_sid, get_global_sam_sid());
/*
* Special case for MACHINE\Everyone. Map to the world_sid.
@@ -725,10 +727,9 @@
}
if (pdb_getsampwnam(sam_account, user)) {
- sid_append_rid( &local_sid, pdb_get_user_rid(sam_account));
+ sid_copy(psid,(DOM_SID *)pdb_get_user_sid(sam_account));
*psid_name_use = SID_NAME_USER;
- sid_copy( psid, &local_sid);
pdb_free_sam(&sam_account);
return True;
}
@@ -787,12 +788,11 @@
DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
{
- extern DOM_SID global_sam_sid;
struct passwd *pass;
SAM_ACCOUNT *sam_user = NULL;
fstring str; /* sid string buffer */
- sid_copy(psid, &global_sam_sid);
+ sid_copy(psid, get_global_sam_sid());
if((pass = getpwuid_alloc(uid))) {
@@ -802,7 +802,7 @@
}
if (pdb_getsampwnam(sam_user, pass->pw_name)) {
- sid_append_rid(psid, pdb_get_user_rid(sam_user));
+ sid_copy(psid,(DOM_SID *) pdb_get_user_sid(sam_user));
} else {
sid_append_rid(psid,
fallback_pdb_uid_to_user_rid(uid));
}
@@ -830,7 +830,6 @@
BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE
*name_type)
{
- extern DOM_SID global_sam_sid;
DOM_SID dom_sid;
uint32 rid;
@@ -846,7 +845,7 @@
* We can only convert to a uid if this is our local
* Domain SID (ie. we are the controling authority).
*/
- if (!sid_equal(&global_sam_sid, &dom_sid))
+ if (!sid_equal(get_global_sam_sid(), &dom_sid))
return False;
if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
@@ -878,10 +877,9 @@
DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
{
- extern DOM_SID global_sam_sid;
GROUP_MAP map;
- sid_copy(psid, &global_sam_sid);
+ sid_copy(psid, get_global_sam_sid());
if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
sid_copy(psid, &map.sid);
@@ -899,7 +897,6 @@
BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE
*name_type)
{
- extern DOM_SID global_sam_sid;
DOM_SID dom_sid;
uint32 rid;
fstring str;
@@ -917,7 +914,7 @@
* Or in the Builtin SID too. JFM, 11/30/2001
*/
- if (!sid_equal(&global_sam_sid, &dom_sid))
+ if (!sid_equal(get_global_sam_sid(), &dom_sid))
return False;
if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
@@ -926,7 +923,8 @@
if (map.gid==-1)
return False;
- sid_peek_rid(&map.sid, &rid);
+ if(!sid_peek_rid(NULL,&map.sid, &rid))
+ return False;
*pgid = map.gid;
*name_type = map.sid_name_use;
DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid
(%u).\n", sid_to_string( str, psid),
@@ -1002,9 +1000,9 @@
pdb_set_munged_dial(to ,
pdb_unistr2_convert(&from->uni_munged_dial ));
if (from->user_rid)
- pdb_set_user_rid(to, from->user_rid);
+ pdb_set_user_sid_from_rid(to, from->user_rid);
if (from->group_rid)
- pdb_set_group_rid(to, from->group_rid);
+ pdb_set_group_sid_from_rid(to, from->group_rid);
pdb_set_acct_ctrl(to, from->acb_info);
pdb_set_unknown_3(to, from->unknown_3);
@@ -1057,9 +1055,9 @@
pdb_set_munged_dial(to ,
pdb_unistr2_convert(&from->uni_munged_dial ));
if (from->user_rid)
- pdb_set_user_rid(to, from->user_rid);
+ pdb_set_user_sid_from_rid(to, from->user_rid);
if (from->group_rid)
- pdb_set_group_rid(to, from->group_rid);
+ pdb_set_group_sid_from_rid(to, from->group_rid);
/* FIXME!! Do we need to copy the passwords here as well?
I don't know. Need to figure this out --jerry */
diff -Nur HEAD/source/passdb/pdb_get_set.c HEAD-fix/source/passdb/pdb_get_set.c
--- HEAD/source/passdb/pdb_get_set.c Tue May 21 14:07:17 2002
+++ HEAD-fix/source/passdb/pdb_get_set.c Wed May 29 15:03:04 2002
@@ -5,6 +5,7 @@
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
Copyright (C) Gerald (Jerry) Carter 2000-2001
Copyright (C) Andrew Bartlett 2001-2002
+ Copyright (C) Stefan (metze) Metzmacher 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -155,21 +156,35 @@
else
return (NULL);
}
+const DOM_SID *pdb_get_user_sid(const SAM_ACCOUNT *sampass)
+{
+ return &sampass->private.user_sid;
+}
+
+const DOM_SID *pdb_get_group_sid(const SAM_ACCOUNT *sampass)
+{
+ return &sampass->private.group_sid;
+}
uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass)
{
+ uint32 u_rid;
+
if (sampass)
- return (sampass->private.user_rid);
- else
- return (-1);
+ if(sid_peek_rid(NULL,(DOM_SID
*)pdb_get_user_sid(sampass),&u_rid))
+ return u_rid;
+
+ return (-1);
}
uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass)
{
+ uint32 g_rid;
+
if (sampass)
- return (sampass->private.group_rid);
- else
- return (-1);
+ if(sid_peek_rid(NULL,(DOM_SID
*)pdb_get_group_sid(sampass),&g_rid))
+ return g_rid;
+ return (-1);
}
/**
@@ -487,27 +502,71 @@
}
-BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid)
+BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid)
+{
+ if(!sampass||!u_sid)
+ return False;
+
+ sid_copy(&sampass->private.user_sid,u_sid);
+
+ DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
+ sid_string_static(&sampass->private.user_sid)));
+
+ return True;
+}
+
+BOOL pdb_set_group_sid(SAM_ACCOUNT *sampass, DOM_SID *g_sid)
+{
+ if (!sampass||!g_sid)
+ return False;
+
+ sid_copy(&sampass->private.group_sid,g_sid);
+
+ DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
+ sid_string_static(&sampass->private.group_sid)));
+
+ return True;
+}
+
+BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid)
{
+ DOM_SID u_sid;
+
if (!sampass)
return False;
- DEBUG(10, ("pdb_set_rid: setting user rid %d, was %d\n",
- rid, sampass->private.user_rid));
-
- sampass->private.user_rid = rid;
+ sid_copy(&u_sid,get_global_sam_sid());
+
+ if(!sid_append_rid(&u_sid,rid))
+ return False;
+
+ if(!pdb_set_user_sid(sampass,&u_sid))
+ return False;
+
+ DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from
rid %d\n",
+ sid_string_static(&u_sid),rid));
+
return True;
}
-BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid)
+BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid)
{
+ DOM_SID g_sid;
+
if (!sampass)
return False;
+
+ sid_copy(&g_sid,get_global_sam_sid());
+
+ if(!sid_append_rid(&g_sid,grid))
+ return False;
+
+ if(!pdb_set_group_sid(sampass,&g_sid))
+ return False;
+
+ DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s
from rid %d\n",
+ sid_string_static(&g_sid),grid));
- DEBUG(10, ("pdb_set_group_rid: setting group rid %d, was %d\n",
- grid, sampass->private.group_rid));
-
- sampass->private.group_rid = grid;
return True;
}
diff -Nur HEAD/source/passdb/pdb_ldap.c HEAD-fix/source/passdb/pdb_ldap.c
--- HEAD/source/passdb/pdb_ldap.c Mon May 27 13:11:01 2002
+++ HEAD-fix/source/passdb/pdb_ldap.c Fri May 31 10:31:24 2002
@@ -624,7 +624,8 @@
GROUP_MAP map;
/* call the mapping code here */
if(get_group_map_from_gid(gid, &map,
MAPPING_WITHOUT_PRIV)) {
- sid_peek_rid(&map.sid, &group_rid);
+ if(!sid_peek_rid(NULL,&map.sid, &group_rid))
+ return False;
}
else {
group_rid=pdb_gid_to_group_rid(gid);
@@ -780,8 +781,8 @@
pdb_set_hours_len(sampass, hours_len);
pdb_set_logon_divs(sampass, logon_divs);
- pdb_set_user_rid(sampass, user_rid);
- pdb_set_group_rid(sampass, group_rid);
+ pdb_set_user_sid_from_rid(sampass, user_rid);
+ pdb_set_group_sid_from_rid(sampass, group_rid);
pdb_set_username(sampass, username);
@@ -1273,7 +1274,8 @@
static BOOL ldapsam_getsampwsid(struct pdb_methods *my_methods,
SAM_ACCOUNT * user, DOM_SID *sid)
{
uint32 rid;
- sid_peek_rid(sid, &rid);
+ if(!sid_peek_rid(NULL,sid, &rid))
+ return False;
return ldapsam_getsampwrid(my_methods, user, rid);
}
diff -Nur HEAD/source/passdb/pdb_nisplus.c HEAD-fix/source/passdb/pdb_nisplus.c
--- HEAD/source/passdb/pdb_nisplus.c Mon May 27 13:11:01 2002
+++ HEAD-fix/source/passdb/pdb_nisplus.c Fri May 31 10:32:18 2002
@@ -339,8 +339,8 @@
pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID)));
pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID)));
- pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID)));
- pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID)));
+ pdb_set_user_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID)));
+ pdb_set_group_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID)));
/* values, must exist for user */
if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) {
@@ -381,7 +381,7 @@
else
{
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
- pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
+ pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
}
/* Check the lanman password column. */
@@ -538,7 +538,8 @@
if (rid==0) {
if (get_group_map_from_gid(pdb_get_gid(sampass),
&map, MAPPING_WITHOUT_PRIV)) {
- sid_peek_rid(&map.sid, &rid);
+ if(!sid_peek_rid(NULL,&map.sid, &rid))
+ return False;
} else
rid=pdb_gid_to_group_rid(pdb_get_gid(sampass));
}
@@ -1034,7 +1035,8 @@
BOOL pdb_getsampwsid(SAM_ACCOUNT * user, DOM_SID *sid)
{
uint32 rid;
- sid_peek_rid(sid, &rid);
+ if(!sid_peek_rid(NULL,sid, &rid))
+ return False;
return pdb_getsampwrid(user, rid);
}
diff -Nur HEAD/source/passdb/pdb_smbpasswd.c
HEAD-fix/source/passdb/pdb_smbpasswd.c
--- HEAD/source/passdb/pdb_smbpasswd.c Mon May 27 13:11:02 2002
+++ HEAD-fix/source/passdb/pdb_smbpasswd.c Fri May 31 10:32:39 2002
@@ -1242,14 +1242,14 @@
&& (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid)
&& (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
- pdb_set_user_rid(sam_pass, fallback_pdb_uid_to_user_rid
(pw_buf->smb_userid));
+ pdb_set_user_sid_from_rid(sam_pass,
fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
/* lkclXXXX this is OBSERVED behaviour by NT PDCs,
enforced here.
This was down the bottom for machines, but it looks
pretty good as
a general default for non-unix users. --abartlet 2002-01-08
*/
- pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
+ pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
pdb_set_username (sam_pass, pw_buf->smb_name);
pdb_set_domain (sam_pass, lp_workgroup());
} else {
@@ -1458,7 +1458,8 @@
static BOOL smbpasswd_getsampwsid(struct pdb_methods *my_methods,
SAM_ACCOUNT * user, DOM_SID *sid)
{
uint32 rid;
- sid_peek_rid(sid, &rid);
+ if(!sid_peek_rid(NULL,sid, &rid))
+ return False;
return smbpasswd_getsampwrid(my_methods, user, rid);
}
diff -Nur HEAD/source/passdb/pdb_tdb.c HEAD-fix/source/passdb/pdb_tdb.c
--- HEAD/source/passdb/pdb_tdb.c Mon May 27 13:11:02 2002
+++ HEAD-fix/source/passdb/pdb_tdb.c Fri May 31 10:32:55 2002
@@ -246,8 +246,8 @@
}
}
- pdb_set_user_rid(sampass, user_rid);
- pdb_set_group_rid(sampass, group_rid);
+ pdb_set_user_sid_from_rid(sampass, user_rid);
+ pdb_set_group_sid_from_rid(sampass, group_rid);
pdb_set_unknown_3(sampass, unknown_3);
pdb_set_hours_len(sampass, hours_len);
pdb_set_unknown_5(sampass, unknown_5);
@@ -671,7 +671,8 @@
static BOOL tdbsam_getsampwsid(struct pdb_methods *my_methods,
SAM_ACCOUNT * user, DOM_SID *sid)
{
uint32 rid;
- sid_peek_rid(sid, &rid);
+ if(!sid_peek_rid(NULL,sid, &rid))
+ return False;
return tdbsam_getsampwrid(my_methods, user, rid);
}
@@ -775,7 +776,7 @@
goto done;
}
}
- pdb_set_user_rid(newpwd, user_rid);
+ pdb_set_user_sid_from_rid(newpwd, user_rid);
} else {
user_rid = tdb_state->low_nua_rid;
tdb_ret =
tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid,
RID_MULTIPLIER);
@@ -788,7 +789,7 @@
ret = False;
goto done;
}
- pdb_set_user_rid(newpwd, user_rid);
+ pdb_set_user_sid_from_rid(newpwd, user_rid);
}
} else {
DEBUG (0,("tdb_update_sam: Failing to store a
SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
@@ -805,7 +806,7 @@
goto done;
} else {
/* This seems like a good default choice
for non-unix users */
- pdb_set_group_rid(newpwd,
DOMAIN_GROUP_RID_USERS);
+ pdb_set_group_sid_from_rid(newpwd,
DOMAIN_GROUP_RID_USERS);
}
} else {
DEBUG (0,("tdb_update_sam: Failing to store a
SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
diff -Nur HEAD/source/passdb/pdb_unix.c HEAD-fix/source/passdb/pdb_unix.c
--- HEAD/source/passdb/pdb_unix.c Mon May 27 13:11:02 2002
+++ HEAD-fix/source/passdb/pdb_unix.c Fri May 31 10:33:56 2002
@@ -68,7 +68,8 @@
static BOOL unixsam_getsampwsid(struct pdb_methods *my_methods,
SAM_ACCOUNT * user, DOM_SID *sid)
{
uint32 rid;
- sid_peek_rid(sid, &rid);
+ if(!sid_peek_rid(NULL,sid, &rid))
+ return False;
return unixsam_getsampwrid(my_methods, user, rid);
}
diff -Nur HEAD/source/printing/nt_printing.c
HEAD-fix/source/printing/nt_printing.c
--- HEAD/source/printing/nt_printing.c Mon May 13 14:09:47 2002
+++ HEAD-fix/source/printing/nt_printing.c Wed May 29 15:14:08 2002
@@ -3683,7 +3683,6 @@
static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
{
- extern DOM_SID global_sam_sid;
SEC_ACE ace[3];
SEC_ACCESS sa;
SEC_ACL *psa = NULL;
@@ -3709,7 +3708,7 @@
This should emulate a lanman printer as security
settings can't be changed. */
- sid_copy(&owner_sid, &global_sam_sid);
+ sid_copy(&owner_sid, get_global_sam_sid());
sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
}
diff -Nur HEAD/source/rpc_server/srv_lsa_nt.c
HEAD-fix/source/rpc_server/srv_lsa_nt.c
--- HEAD/source/rpc_server/srv_lsa_nt.c Tue May 21 14:07:20 2002
+++ HEAD-fix/source/rpc_server/srv_lsa_nt.c Wed May 29 15:22:01 2002
@@ -26,7 +26,6 @@
#include "includes.h"
-extern DOM_SID global_sam_sid;
extern fstring global_myworkgroup;
extern pstring global_myname;
extern PRIVS privs[];
@@ -320,7 +319,7 @@
init_sec_access(&mask, POLICY_EXECUTE);
init_sec_ace(&ace[0], &global_sid_World,
SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
- sid_copy(&adm_sid, &global_sam_sid);
+ sid_copy(&adm_sid, get_global_sam_sid());
sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
init_sec_access(&mask, POLICY_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
@@ -367,7 +366,7 @@
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(info);
- info->sid = global_sam_sid;
+ info->sid = *(get_global_sam_sid());
info->access = acc_granted;
/* set up the LSA QUERY INFO response */
@@ -405,7 +404,7 @@
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(info);
- info->sid = global_sam_sid;
+ info->sid = *(get_global_sam_sid());
info->access = acc_granted;
/* set up the LSA QUERY INFO response */
@@ -502,7 +501,7 @@
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
name = global_myworkgroup;
- sid = &global_sam_sid;
+ sid = get_global_sam_sid();
break;
case ROLE_DOMAIN_MEMBER:
name = global_myworkgroup;
@@ -532,15 +531,15 @@
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
name = global_myworkgroup;
- sid = &global_sam_sid;
+ sid = get_global_sam_sid();
break;
case ROLE_DOMAIN_MEMBER:
name = global_myname;
- sid = &global_sam_sid;
+ sid = get_global_sam_sid();
break;
case ROLE_STANDALONE:
name = global_myname;
- sid = &global_sam_sid;
+ sid = get_global_sam_sid();
break;
default:
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
diff -Nur HEAD/source/rpc_server/srv_netlog_nt.c
HEAD-fix/source/rpc_server/srv_netlog_nt.c
--- HEAD/source/rpc_server/srv_netlog_nt.c Tue May 21 14:07:20 2002
+++ HEAD-fix/source/rpc_server/srv_netlog_nt.c Wed May 29 15:18:31 2002
@@ -27,7 +27,6 @@
#include "includes.h"
extern pstring global_myname;
-extern DOM_SID global_sam_sid;
/*************************************************************************
init_net_r_req_chal:
@@ -705,7 +704,7 @@
NULL, /* uchar sess_key[16] */
my_name , /* char *logon_srv */
my_workgroup, /* char *logon_dom */
- &global_sam_sid, /* DOM_SID *dom_sid */
+ get_global_sam_sid(), /* DOM_SID
*dom_sid */
NULL); /* char *other_sids */
}
free_server_info(&server_info);
diff -Nur HEAD/source/rpc_server/srv_samr_nt.c
HEAD-fix/source/rpc_server/srv_samr_nt.c
--- HEAD/source/rpc_server/srv_samr_nt.c Mon May 27 13:11:02 2002
+++ HEAD-fix/source/rpc_server/srv_samr_nt.c Wed May 29 13:16:56 2002
@@ -31,7 +31,6 @@
extern fstring global_myworkgroup;
extern pstring global_myname;
-extern DOM_SID global_sam_sid;
extern DOM_SID global_sid_Builtin;
extern rid_name domain_group_rids[];
@@ -654,7 +653,7 @@
}
SAFE_FREE(map);
- } else if (sid_equal(sid, &global_sam_sid) && !lp_hide_local_users()) {
+ } else if (sid_equal(sid, get_global_sam_sid()) &&
!lp_hide_local_users()) {
struct sys_grent *glist;
struct sys_grent *grp;
struct passwd *pw;
@@ -1356,7 +1355,7 @@
group_attrs[i] = SID_NAME_UNKNOWN;
*group_names[i] = '\0';
- if (sid_equal(&pol_sid, &global_sam_sid)) {
+ if (sid_equal(&pol_sid, get_global_sam_sid())) {
sid_copy(&sid, &pol_sid);
sid_append_rid(&sid, q_u->rid[i]);
@@ -1796,7 +1795,7 @@
num_users=info->disp_info.num_user_account;
free_samr_db(info);
- r_u->status=load_group_domain_entries(info,
&global_sam_sid);
+ r_u->status=load_group_domain_entries(info,
get_global_sam_sid());
if (NT_STATUS_IS_ERR(r_u->status)) {
DEBUG(5, ("_samr_query_dispinfo:
load_group_domain_entries failed\n"));
return r_u->status;
@@ -1982,19 +1981,10 @@
account));
return NT_STATUS_ACCESS_DENIED;
}
-
- /* Get the domain SID stored in the domain policy */
- if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) {
- pdb_free_sam(&sam_pass);
- return NT_STATUS_INVALID_HANDLE;
- }
-
- /* append the user's RID to it */
- if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) {
- pdb_free_sam(&sam_pass);
- return NT_STATUS_NO_SUCH_USER;
- }
+ /* Get the user's SID */
+ sid_copy(&sid,(DOM_SID *)pdb_get_user_sid(sam_pass));
+
/* associate the user's SID with the new handle. */
if ((info = get_samr_info_by_sid(&sid)) == NULL) {
pdb_free_sam(&sam_pass);
@@ -2709,7 +2699,7 @@
if(!get_local_group_from_sid(als_sid, &map,
MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
} else {
- if (sid_equal(&alias_sid, &global_sam_sid)) {
+ if (sid_equal(&alias_sid, get_global_sam_sid())) {
DEBUG(10, ("lookup on Server SID\n"));
if(!get_local_group_from_sid(als_sid, &map,
MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
@@ -2728,7 +2718,7 @@
struct passwd *pass;
uint32 rid;
- sid_copy(&temp_sid, &global_sam_sid);
+ sid_copy(&temp_sid, get_global_sam_sid());
pass = getpwuid_alloc(uid[i]);
if (!pass) continue;
@@ -2802,7 +2792,7 @@
DEBUG(10, ("sid is %s\n", group_sid_str));
/* can we get a query for an SID outside our domain ? */
- if (!sid_equal(&group_sid, &global_sam_sid))
+ if (!sid_equal(&group_sid, get_global_sam_sid()))
return NT_STATUS_NO_SUCH_GROUP;
sid_append_rid(&group_sid, group_rid);
@@ -2885,7 +2875,7 @@
sid_to_string(alias_sid_str, &alias_sid);
DEBUG(10, ("sid is %s\n", alias_sid_str));
- if (sid_compare(&alias_sid, &global_sam_sid)>0) {
+ if (sid_compare(&alias_sid, get_global_sam_sid())>0) {
DEBUG(10, ("adding member on Server SID\n"));
if(!get_local_group_from_sid(alias_sid, &map,
MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
@@ -3034,7 +3024,7 @@
sid_to_string(group_sid_str, &group_sid);
DEBUG(10, ("sid is %s\n", group_sid_str));
- if (sid_compare(&group_sid, &global_sam_sid)<=0)
+ if (sid_compare(&group_sid, get_global_sam_sid())<=0)
return NT_STATUS_NO_SUCH_GROUP;
DEBUG(10, ("lookup on Domain SID\n"));
@@ -3042,7 +3032,7 @@
if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
- sid_copy(&user_sid, &global_sam_sid);
+ sid_copy(&user_sid, get_global_sam_sid());
sid_append_rid(&user_sid, q_u->rid);
ret = pdb_init_sam(&sam_user);
@@ -3121,7 +3111,7 @@
if(!sid_check_is_in_our_domain(&group_sid))
return NT_STATUS_NO_SUCH_GROUP;
- sid_copy(&user_sid, &global_sam_sid);
+ sid_copy(&user_sid, get_global_sam_sid());
sid_append_rid(&user_sid, q_u->rid);
if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
@@ -3254,7 +3244,7 @@
DEBUG(10, ("sid is %s\n", group_sid_str));
/* we check if it's our SID before deleting */
- if (!sid_equal(&dom_sid, &global_sam_sid))
+ if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_NO_SUCH_GROUP;
DEBUG(10, ("lookup on Domain SID\n"));
@@ -3311,7 +3301,7 @@
DEBUG(10, ("sid is %s\n", alias_sid_str));
/* we check if it's our SID before deleting */
- if (!sid_equal(&dom_sid, &global_sam_sid))
+ if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_NO_SUCH_ALIAS;
DEBUG(10, ("lookup on Local SID\n"));
@@ -3361,7 +3351,7 @@
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid))
return NT_STATUS_INVALID_HANDLE;
- if (!sid_equal(&dom_sid, &global_sam_sid))
+ if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
/* TODO: check if allowed to create group and add a
become_root/unbecome_root pair.*/
@@ -3382,7 +3372,7 @@
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
/* add the group to the mapping table */
- sid_copy(&info_sid, &global_sam_sid);
+ sid_copy(&info_sid, get_global_sam_sid());
sid_append_rid(&info_sid, r_u->rid);
sid_to_string(sid_string, &info_sid);
@@ -3419,7 +3409,7 @@
if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid))
return NT_STATUS_INVALID_HANDLE;
- if (!sid_equal(&dom_sid, &global_sam_sid))
+ if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
/* TODO: check if allowed to create group and add a
become_root/unbecome_root pair.*/
@@ -3439,7 +3429,7 @@
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
- sid_copy(&info_sid, &global_sam_sid);
+ sid_copy(&info_sid, get_global_sam_sid());
sid_append_rid(&info_sid, r_u->rid);
sid_to_string(sid_string, &info_sid);
@@ -3614,10 +3604,10 @@
return NT_STATUS_INVALID_HANDLE;
/* this should not be hard-coded like this */
- if (!sid_equal(&sid, &global_sam_sid))
+ if (!sid_equal(&sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
- sid_copy(&info_sid, &global_sam_sid);
+ sid_copy(&info_sid, get_global_sam_sid());
sid_append_rid(&info_sid, q_u->rid_group);
sid_to_string(sid_string, &info_sid);
@@ -3706,7 +3696,7 @@
num_users=info->disp_info.num_user_account;
free_samr_db(info);
- r_u->status=load_group_domain_entries(info,
&global_sam_sid);
+ r_u->status=load_group_domain_entries(info,
get_global_sam_sid());
if (NT_STATUS_IS_ERR(r_u->status)) {
DEBUG(5, ("_samr_query_dispinfo:
load_group_domain_entries failed\n"));
return r_u->status;
diff -Nur HEAD/source/rpc_server/srv_util.c
HEAD-fix/source/rpc_server/srv_util.c
--- HEAD/source/rpc_server/srv_util.c Mon May 27 13:11:02 2002
+++ HEAD-fix/source/rpc_server/srv_util.c Fri May 31 10:36:44 2002
@@ -181,7 +181,8 @@
}
rids=new_rids;
- sid_peek_rid(&map.sid, &(rids[cur_rid]));
+ if(!sid_peek_rid(NULL,&map.sid,
&(rids[cur_rid])))
+ return NT_STATUS_NO_SUCH_USER;
DEBUG(10,("get_alias_user_groups: user
found in group %s\n", map.nt_name));
cur_rid++;
break;
@@ -243,7 +244,8 @@
}
rids=new_rids;
- sid_peek_rid(&map.sid, &(rids[cur_rid]));
+ if(!sid_peek_rid(NULL,&map.sid, &(rids[cur_rid])))
+ return NT_STATUS_NO_SUCH_USER;
cur_rid++;
done:
@@ -298,7 +300,8 @@
for(num=0; grp->gr_mem[num]!=NULL; num++) {
if(strcmp(grp->gr_mem[num], user_name)==0) {
/* we found the user, add the group to the
list */
- sid_peek_rid(&map[i].sid,
&(gids[cur_gid].g_rid));
+ if(!sid_peek_rid(NULL,&map[i].sid,
&(gids[cur_gid].g_rid)))
+ return False;
gids[cur_gid].attr=7;
DEBUG(10,("get_domain_user_groups: user
found in group %s\n", map[i].nt_name));
cur_gid++;
@@ -324,7 +327,8 @@
}
for(i=0; i<num_entries; i++) {
- sid_peek_rid(&map[i].sid, &tmp_rid);
+ if(!sid_peek_rid(NULL,&map[i].sid, &tmp_rid))
+ return False;
if (tmp_rid==grid) {
/*
* the primary group of the user but be the first
one in the list
diff -Nur HEAD/source/smbd/groupname.c HEAD-fix/source/smbd/groupname.c
--- HEAD/source/smbd/groupname.c Wed Jan 30 07:08:38 2002
+++ HEAD-fix/source/smbd/groupname.c Wed May 29 15:26:38 2002
@@ -21,7 +21,6 @@
#ifdef USING_GROUPNAME_MAP
#include "includes.h"
-extern DOM_SID global_sam_sid;
/**************************************************************************
Groupname map functionality. The code loads a groupname map file and
@@ -160,7 +159,7 @@
* It's not a well known name, convert the UNIX gid_t
* to a rid within this domain SID.
*/
- tmp_sid = global_sam_sid;
+ tmp_sid = *(get_global_sam_sid());
tmp_sid.sub_auths[tmp_sid.num_auths++] =
pdb_gid_to_group_rid(gid);
}
@@ -228,7 +227,7 @@
* If there's no map, convert the UNIX gid_t
* to a rid within this domain SID.
*/
- *psid = global_sam_sid;
+ sid_copy(psid,get_global_sam_sid());
psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid);
return;
diff -Nur HEAD/source/smbd/uid.c HEAD-fix/source/smbd/uid.c
--- HEAD/source/smbd/uid.c Mon Apr 15 10:33:07 2002
+++ HEAD-fix/source/smbd/uid.c Wed May 29 12:09:31 2002
@@ -504,7 +504,7 @@
sid_copy(&tmp_sid, sid);
sid_split_rid(&tmp_sid, &rid);
- if (sid_equal(&global_sam_sid, &tmp_sid)) {
+ if (sid_equal(get_global_sam_sid(), &tmp_sid)) {
return map_domain_sid_to_name(&tmp_sid, dom_name) &&
local_lookup_sid(sid, name, name_type);
@@ -598,7 +598,7 @@
fstring sid_str;
/* if we know its local then don't try winbindd */
- if (sid_compare_domain(&global_sam_sid, psid) == 0) {
+ if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
return local_sid_to_uid(puid, psid, sidtype);
}
diff -Nur HEAD/source/utils/pdbedit.c HEAD-fix/source/utils/pdbedit.c
--- HEAD/source/utils/pdbedit.c Mon May 27 13:11:03 2002
+++ HEAD-fix/source/utils/pdbedit.c Wed May 29 13:19:29 2002
@@ -81,10 +81,12 @@
if (IS_SAM_UNIX_USER(sam_pwent)) {
uid = pdb_get_uid(sam_pwent);
gid = pdb_get_gid(sam_pwent);
- printf ("user ID/Group: %d/%d\n", uid, gid);
+ printf ("User ID/Group ID: %d/%d\n", uid, gid);
}
- printf ("user RID/GRID: %u/%u\n", (unsigned
int)pdb_get_user_rid(sam_pwent),
- (unsigned int)pdb_get_group_rid(sam_pwent));
+ printf ("User SID: %s\n",
+ sid_string_static((DOM_SID
*)pdb_get_user_sid(sam_pwent)));
+ printf ("Primary Group SID: %s\n",
+ sid_string_static((DOM_SID
*)pdb_get_group_sid(sam_pwent)));
printf ("Full Name: %s\n",
pdb_get_fullname(sam_pwent));
printf ("Home Directory: %s\n",
pdb_get_homedir(sam_pwent));
printf ("HomeDir Drive: %s\n",
pdb_get_dirdrive(sam_pwent));
@@ -329,7 +331,7 @@
pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
- pdb_set_group_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
+ pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
if (in->pdb_add_sam_account (in, sam_pwent)) {
print_user_info (in, name, True, False);
diff -Nur HEAD/source/utils/smbgroupedit.c HEAD-fix/source/utils/smbgroupedit.c
--- HEAD/source/utils/smbgroupedit.c Fri Apr 19 00:56:34 2002
+++ HEAD-fix/source/utils/smbgroupedit.c Wed May 29 15:27:46 2002
@@ -23,7 +23,6 @@
extern pstring global_myname;
extern pstring global_myworkgroup;
-extern DOM_SID global_sam_sid;
/*
* Next two lines needed for SunOS and don't
-----------------------------------------------------------
Patch for Makefile.in
------------------------------------------------------------
--- HEAD/source/Makefile.in Mon May 27 13:10:59 2002
+++ HEAD-fix/source/Makefile.in Fri May 31 12:03:01 2002
@@ -134,7 +134,7 @@
lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
nsswitch/wb_client.o nsswitch/wb_common.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
- $(TDB_OBJ)
+ $(TDB_OBJ)
READLINE_OBJ = lib/readline.o
@@ -264,13 +264,14 @@
nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o
NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
- $(PROFILE_OBJ) $(LIB_OBJ)
+ $(PROFILE_OBJ) $(LIB_OBJ) passdb/machine_sid.o
WREPL_OBJ1 = wrepld/server.o wrepld/process.o wrepld/parser.o
wrepld/socket.o \
wrepld/partners.o
WREPL_OBJ = $(WREPL_OBJ1) $(PARAM_OBJ) $(UBIQX_OBJ) \
- $(PROFILE_OBJ) $(LIB_OBJ)
+ $(PROFILE_OBJ) $(LIB_OBJ) passdb/machine_sid.o \
+ libsmb/smbencrypt.o libsmb/smbdes.o passdb/secrets.o
SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \
web/swat.o web/neg_lang.o $(PRINTING_OBJ) $(LIBSMB_OBJ)
$(LOCKING_OBJ) \
@@ -279,29 +280,41 @@
smbwrapper/shared.o
SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \
- $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) passdb/machine_sid.o \
+ passdb/secrets.o libsmb/smbencrypt.o libsmb/smbdes.o
+
+
MAKE_PRINTERDEF_OBJ = utils/make_printerdef.o $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ)
STATUS_OBJ = utils/status.o $(LOCKING_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) passdb/machine_sid.o \
+ passdb/secrets.o libsmb/smbencrypt.o libsmb/smbdes.o
SMBCONTROL_OBJ = utils/smbcontrol.o $(LOCKING_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) passdb/machine_sid.o \
+ passdb/secrets.o libsmb/smbencrypt.o libsmb/smbdes.o
+
+
SMBTREE_OBJ = utils/smbtree.o $(LOCKING_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ)
+ $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ) \
+ passdb/machine_sid.o
+
+
TESTPARM_OBJ = utils/testparm.o \
- $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) passdb/machine_sid.o \
+ libsmb/smbencrypt.o libsmb/smbdes.o passdb/secrets.o
TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \
- $(LIB_OBJ)
+ $(LIB_OBJ) passdb/machine_sid.o \
+ libsmb/smbencrypt.o libsmb/smbdes.o passdb/secrets.o
SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) \
$(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\
- $(UBIQX_OBJ) $(LIB_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ)
PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ)
@@ -313,7 +326,7 @@
rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \
rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \
rpcclient/cmd_dfs.o rpcclient/cmd_reg.o \
- rpcclient/display_sec.o
+ rpcclient/display_sec.o
RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
@@ -342,7 +355,7 @@
CLIENT_OBJ = client/client.o client/clitar.o \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
- $(READLINE_OBJ)
+ $(READLINE_OBJ) passdb/machine_sid.o
NET_OBJ = utils/net.o utils/net_ads.o utils/net_help.o \
utils/net_rap.o utils/net_rpc.o \
@@ -351,23 +364,26 @@
$(GROUPDB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
-CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ)
$(LIB_OBJ)
+CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ)
$(LIB_OBJ) passdb/machine_sid.o
MOUNT_OBJ = client/smbmount.o \
- $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
passdb/machine_sid.o
MNT_OBJ = client/smbmnt.o \
- $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
passdb/machine_sid.o
UMOUNT_OBJ = client/smbumount.o \
- $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
passdb/machine_sid.o
NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(UBIQX_OBJ) \
- $(LIBSMB_OBJ) $(LIB_OBJ)
+ $(LIBSMB_OBJ) $(LIB_OBJ) passdb/machine_sid.o
SMBTORTURE_OBJ = torture/torture.o torture/nbio.o torture/scanner.o
torture/utable.o \
torture/denytest.o torture/mangle_test.o \
- $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
passdb/machine_sid.o \
+ passdb/secrets.o libsmb/smbencrypt.o libsmb/smbdes.o
+
+
MASKTEST_OBJ = torture/masktest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ)
@@ -454,7 +470,7 @@
$(GROUPDB_OBJ) $(PROFILE_OBJ) $(UNIGRP_OBJ)
WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o \
- passdb/secrets.o
+ passdb/secrets.o passdb/machine_sid.o
WINBIND_NSS_OBJ = nsswitch/winbind_nss.o nsswitch/wb_common.o
@WINBIND_NSS_EXTRA_OBJS@
More information about the samba-technical
mailing list