[PATCH] Remove sid_string_dbg
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Dec 20 20:34:49 UTC 2018
Hi!
Review appreciated!
Thanks, Volker
--
Besuchen Sie die verinice.XP 2019 in Berlin!
Anwenderkonferenz für Informationssicherheit
26.-28. Februar 2019 - im Hotel Radisson Blu
Info & Anmeldung hier: http://veriniceXP.org
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From cf12e3eb1dd1bc760156a9fdfe3cb93261c9cadd Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 10 Dec 2018 12:47:36 +0100
Subject: [PATCH 01/21] net: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/utils/net_rpc.c | 11 ++++++++---
source3/utils/net_rpc_samsync.c | 5 +++--
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index a3b3727b484..6d5a1043792 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -6828,9 +6828,14 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
}
#ifdef DEBUG_PASSWORD
- DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
- "password: [%s]\n", trusted_dom_name,
- sid_string_dbg(&dom_sid), cleartextpwd));
+ {
+ struct dom_sid_buf buf;
+ DEBUG(100,("successfully vampired trusted domain [%s], "
+ "sid: [%s], password: [%s]\n",
+ trusted_dom_name,
+ dom_sid_str_buf(&dom_sid, &buf),
+ cleartextpwd));
+ }
#endif
done:
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index be2b085d55b..e295d6ab9d6 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -68,6 +68,7 @@ static NTSTATUS rpc_vampire_ds_internals(struct net_context *c,
struct dssync_context *ctx = NULL;
if (!dom_sid_equal(domain_sid, get_global_sam_sid())) {
+ struct dom_sid_buf buf1, buf2;
d_printf(_("Cannot import users from %s at this time, "
"as the current domain:\n\t%s: %s\nconflicts "
"with the remote domain\n\t%s: %s\n"
@@ -75,9 +76,9 @@ static NTSTATUS rpc_vampire_ds_internals(struct net_context *c,
"workgroup=%s\n\n in your smb.conf?\n"),
domain_name,
get_global_sam_name(),
- sid_string_dbg(get_global_sam_sid()),
+ dom_sid_str_buf(get_global_sam_sid(), &buf1),
domain_name,
- sid_string_dbg(domain_sid),
+ dom_sid_str_buf(domain_sid, &buf2),
domain_name);
return NT_STATUS_UNSUCCESSFUL;
}
--
2.11.0
From 92dfcf4ec4b9b9ea08bbd1886b72f9184c2d9a43 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 10 Dec 2018 12:51:56 +0100
Subject: [PATCH 02/21] smbcacls: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/utils/smbcacls.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 33eb78c41ec..7a39de9e5e7 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -104,6 +104,7 @@ done:
static struct dom_sid *get_domain_sid(struct cli_state *cli)
{
NTSTATUS status;
+ struct dom_sid_buf buf;
struct dom_sid *sid = talloc(talloc_tos(), struct dom_sid);
if (sid == NULL) {
@@ -126,7 +127,7 @@ static struct dom_sid *get_domain_sid(struct cli_state *cli)
}
- DEBUG(2,("Domain SID: %s\n", sid_string_dbg(sid)));
+ DEBUG(2,("Domain SID: %s\n", dom_sid_str_buf(sid, &buf)));
return sid;
}
--
2.11.0
From c598ab2f98c3454be089f242ec3dbebb899d8047 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 10 Dec 2018 13:04:11 +0100
Subject: [PATCH 03/21] smbd: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/smbd/ntquotas.c | 13 +++++++++----
source3/smbd/nttrans.c | 3 ++-
source3/smbd/posix_acls.c | 43 +++++++++++++++++++++++++++----------------
source3/smbd/service.c | 3 ++-
4 files changed, 40 insertions(+), 22 deletions(-)
diff --git a/source3/smbd/ntquotas.c b/source3/smbd/ntquotas.c
index 7e2c0363696..5622f1023a8 100644
--- a/source3/smbd/ntquotas.c
+++ b/source3/smbd/ntquotas.c
@@ -23,6 +23,7 @@
#include "system/passwd.h"
#include "passdb/lookup_sid.h"
#include "libsmb/libsmb.h"
+#include "libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_QUOTA
@@ -88,8 +89,9 @@ NTSTATUS vfs_get_ntquota(files_struct *fsp, enum SMB_QUOTA_TYPE qtype,
id.uid = -1;
if (psid && !sid_to_uid(psid, &id.uid)) {
+ struct dom_sid_buf buf;
DEBUG(0,("sid_to_uid: failed, SID[%s]\n",
- sid_string_dbg(psid)));
+ dom_sid_str_buf(psid, &buf)));
return NT_STATUS_NO_SUCH_USER;
}
@@ -148,8 +150,9 @@ int vfs_set_ntquota(files_struct *fsp, enum SMB_QUOTA_TYPE qtype, struct dom_sid
D.ihardlimit = limit_blk2inodes(D.hardlimit);
if (psid && !sid_to_uid(psid, &id.uid)) {
+ struct dom_sid_buf buf;
DEBUG(0,("sid_to_uid: failed, SID[%s]\n",
- sid_string_dbg(psid)));
+ dom_sid_str_buf(psid, &buf)));
}
ret = SMB_VFS_SET_QUOTA(fsp->conn, qtype, id, &D);
@@ -193,6 +196,7 @@ int vfs_get_user_ntquota_list(files_struct *fsp, SMB_NTQUOTA_LIST **qt_list)
SMB_NTQUOTA_STRUCT tmp_qt;
SMB_NTQUOTA_LIST *tmp_list_ent;
struct dom_sid sid;
+ struct dom_sid_buf buf;
NTSTATUS status;
ZERO_STRUCT(tmp_qt);
@@ -213,13 +217,14 @@ int vfs_get_user_ntquota_list(files_struct *fsp, SMB_NTQUOTA_LIST **qt_list)
}
if (tmp_qt.softlim == 0 && tmp_qt.hardlim == 0) {
DEBUG(5,("no quota entry for sid[%s] path[%s]\n",
- sid_string_dbg(&sid),
+ dom_sid_str_buf(&sid, &buf),
fsp->conn->connectpath));
continue;
}
DEBUG(15,("quota entry for id[%s] path[%s]\n",
- sid_string_dbg(&sid), fsp->conn->connectpath));
+ dom_sid_str_buf(&sid, &buf),
+ fsp->conn->connectpath));
if ((tmp_list_ent=talloc_zero(mem_ctx,SMB_NTQUOTA_LIST))==NULL) {
DEBUG(0,("TALLOC_ZERO() failed\n"));
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index e7991c051c1..7ebd802109f 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2472,10 +2472,11 @@ static enum ndr_err_code extract_sids_from_buf(TALLOC_CTX *mem_ctx,
*num = i;
for (iter = sid_list, i = 0; iter; iter = iter->next, i++) {
+ struct dom_sid_buf buf;
(*sids)[i] = iter->sid;
DBG_DEBUG("quota SID[%u] %s\n",
(unsigned int)i,
- sid_string_dbg(&iter->sid));
+ dom_sid_str_buf(&iter->sid, &buf));
}
}
err = NDR_ERR_SUCCESS;
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index f1148f2af8c..59cd020dbed 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -800,8 +800,9 @@ static canon_ace *dup_canon_ace( canon_ace *src_ace)
static void print_canon_ace(canon_ace *pace, int num)
{
+ struct dom_sid_buf buf;
dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
- dbgtext( "SID = %s ", sid_string_dbg(&pace->trustee));
+ dbgtext( "SID = %s ", dom_sid_str_buf(&pace->trustee, &buf));
if (pace->owner_type == UID_ACE) {
dbgtext( "uid %u ", (unsigned int)pace->unix_ug.id);
} else if (pace->owner_type == GID_ACE) {
@@ -1193,9 +1194,11 @@ NTSTATUS unpack_nt_owners(struct connection_struct *conn,
* reasonably */
*puser = get_current_uid(conn);
} else {
- DEBUG(3,("unpack_nt_owners: unable to validate"
- " owner sid for %s\n",
- sid_string_dbg(psd->owner_sid)));
+ struct dom_sid_buf buf;
+ DBG_NOTICE("unable to validate"
+ " owner sid for %s\n",
+ dom_sid_str_buf(psd->owner_sid,
+ &buf));
return NT_STATUS_INVALID_OWNER;
}
}
@@ -1990,12 +1993,14 @@ static bool create_canon_ace_lists(files_struct *fsp,
struct unixid unixid;
if (!sids_to_unixids(¤t_ace->trustee, 1, &unixid)) {
+ struct dom_sid_buf buf;
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
TALLOC_FREE(current_ace);
- DEBUG(0, ("create_canon_ace_lists: sids_to_unixids "
- "failed for %s (allocation failure)\n",
- sid_string_dbg(¤t_ace->trustee)));
+ DBG_ERR("sids_to_unixids failed for %s "
+ "(allocation failure)\n",
+ dom_sid_str_buf(¤t_ace->trustee,
+ &buf));
return false;
}
@@ -2080,31 +2085,37 @@ static bool create_canon_ace_lists(files_struct *fsp,
current_ace->type = SMB_ACL_GROUP;
}
} else {
+ struct dom_sid_buf buf;
/*
* Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
*/
if (non_mappable_sid(&psa->trustee)) {
- DEBUG(10, ("create_canon_ace_lists: ignoring "
- "non-mappable SID %s\n",
- sid_string_dbg(&psa->trustee)));
+ DBG_DEBUG("ignoring "
+ "non-mappable SID %s\n",
+ dom_sid_str_buf(
+ &psa->trustee,
+ &buf));
TALLOC_FREE(current_ace);
continue;
}
if (lp_force_unknown_acl_user(SNUM(fsp->conn))) {
- DEBUG(10, ("create_canon_ace_lists: ignoring "
- "unknown or foreign SID %s\n",
- sid_string_dbg(&psa->trustee)));
+ DBG_DEBUG("ignoring unknown or "
+ "foreign SID %s\n",
+ dom_sid_str_buf(
+ &psa->trustee,
+ &buf));
TALLOC_FREE(current_ace);
continue;
}
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
- DEBUG(0, ("create_canon_ace_lists: unable to map SID "
- "%s to uid or gid.\n",
- sid_string_dbg(¤t_ace->trustee)));
+ DBG_ERR("unable to map SID %s to uid or "
+ "gid.\n",
+ dom_sid_str_buf(¤t_ace->trustee,
+ &buf));
TALLOC_FREE(current_ace);
return false;
}
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index a19b9734246..d7c85d8b6ca 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -284,8 +284,9 @@ static NTSTATUS find_forced_group(bool force_user,
}
if (!sid_to_gid(&group_sid, &gid)) {
+ struct dom_sid_buf buf;
DEBUG(10, ("sid_to_gid(%s) for %s failed\n",
- sid_string_dbg(&group_sid), groupname));
+ dom_sid_str_buf(&group_sid, &buf), groupname));
goto done;
}
--
2.11.0
From 2d1195a37669d3517b130d81b871cb47775f317d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 11 Dec 2018 07:44:13 +0100
Subject: [PATCH 04/21] libads: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libads/ldap.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 13846695bd4..6b5f271272a 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -2799,8 +2799,9 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
ret = sid_parse((const uint8_t *)values[i]->bv_val,
values[i]->bv_len, &(*sids)[count]);
if (ret) {
- DEBUG(10, ("pulling SID: %s\n",
- sid_string_dbg(&(*sids)[count])));
+ struct dom_sid_buf buf;
+ DBG_DEBUG("pulling SID: %s\n",
+ dom_sid_str_buf(&(*sids)[count], &buf));
count++;
}
}
--
2.11.0
From 46c2f2b0b01058737c305d57447ab2b8cd7882de Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 11 Dec 2018 11:03:02 +0100
Subject: [PATCH 05/21] winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap_rfc2307.c | 7 +++++--
source3/winbindd/wb_sids2xids.c | 3 ++-
source3/winbindd/winbindd_lookupname.c | 5 ++++-
3 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index f30baf9e104..e3bf58d8165 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -30,6 +30,7 @@
#include "smbldap.h"
#include "nsswitch/winbind_client.h"
#include "lib/winbind_util.h"
+#include "libcli/security/dom_sid.h"
/*
* Config and connection info per domain.
@@ -454,6 +455,7 @@ static NTSTATUS idmap_rfc_2307_sids_to_names(TALLOC_CTX *mem_ctx,
enum lsa_SidType lsa_type;
struct id_map *id = ids[i];
struct idmap_rfc2307_map *map = &maps[i];
+ struct dom_sid_buf buf;
bool b;
/* by default calls to winbindd are disabled
@@ -465,7 +467,7 @@ static NTSTATUS idmap_rfc_2307_sids_to_names(TALLOC_CTX *mem_ctx,
if (!b) {
DEBUG(1, ("Lookup sid %s failed.\n",
- sid_string_dbg(ids[i]->sid)));
+ dom_sid_str_buf(ids[i]->sid, &buf)));
continue;
}
@@ -491,7 +493,8 @@ static NTSTATUS idmap_rfc_2307_sids_to_names(TALLOC_CTX *mem_ctx,
default:
DEBUG(1, ("Unknown lsa type %d for sid %s\n",
- lsa_type, sid_string_dbg(id->sid)));
+ lsa_type,
+ dom_sid_str_buf(id->sid, &buf)));
id->status = ID_UNMAPPED;
continue;
}
diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c
index c687f7064bb..7ab8dd133fd 100644
--- a/source3/winbindd/wb_sids2xids.c
+++ b/source3/winbindd/wb_sids2xids.c
@@ -108,9 +108,10 @@ struct tevent_req *wb_sids2xids_send(TALLOC_CTX *mem_ctx,
* the same index.
*/
for (i=0; i<state->num_sids; i++) {
+ struct dom_sid_buf buf;
DEBUG(10, ("SID %d: %s\n", (int)i,
- sid_string_dbg(&state->sids[i])));
+ dom_sid_str_buf(&state->sids[i], &buf)));
if (wb_sids2xids_in_cache(&state->sids[i], &state->cached[i])) {
continue;
diff --git a/source3/winbindd/winbindd_lookupname.c b/source3/winbindd/winbindd_lookupname.c
index c5a7c135973..d6403b32c46 100644
--- a/source3/winbindd/winbindd_lookupname.c
+++ b/source3/winbindd/winbindd_lookupname.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "winbindd.h"
+#include "libcli/security/dom_sid.h"
struct winbindd_lookupname_state {
struct tevent_context *ev;
@@ -112,8 +113,10 @@ NTSTATUS winbindd_lookupname_recv(struct tevent_req *req,
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &buf),
+ nt_errstr(status)));
return status;
}
sid_to_fstring(response->data.sid.sid, &state->sid);
--
2.11.0
From bc4321ae1321beee6419d731366dbc1300ab6eec Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 11 Dec 2018 13:56:03 +0100
Subject: [PATCH 06/21] groupdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/groupdb/mapping.c | 3 ++-
source3/groupdb/mapping_tdb.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index dd04bef9487..43722e777d4 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -606,8 +606,9 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
if ((map->sid_name_use != SID_NAME_ALIAS) &&
(map->sid_name_use != SID_NAME_WKN_GRP)) {
+ struct dom_sid_buf buf;
DEBUG(2, ("%s is a %s, expected an alias\n",
- sid_string_dbg(sid),
+ dom_sid_str_buf(sid, &buf),
sid_type_lookup(map->sid_name_use)));
status = NT_STATUS_NO_SUCH_ALIAS;
goto done;
diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c
index 41b56be5ca3..d6a06ef199b 100644
--- a/source3/groupdb/mapping_tdb.c
+++ b/source3/groupdb/mapping_tdb.c
@@ -398,8 +398,9 @@ static int collect_map(struct db_record *rec, void *private_data)
if ((state->domsid != NULL) &&
(dom_sid_compare_domain(state->domsid, &map->sid) != 0)) {
+ struct dom_sid_buf buf;
DEBUG(11,("enum_group_mapping: group %s is not in domain\n",
- sid_string_dbg(&map->sid)));
+ dom_sid_str_buf(&map->sid, &buf)));
TALLOC_FREE(map);
return 0;
}
--
2.11.0
From 0bf505b0fda64c7c36307bfb28ba193d30e830d0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 11 Dec 2018 16:09:41 +0100
Subject: [PATCH 07/21] passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/passdb/passdb.c | 11 ++++++++---
source3/passdb/pdb_compat.c | 6 ++++--
source3/passdb/pdb_get_set.c | 7 +++++--
source3/passdb/pdb_interface.c | 14 +++++++++-----
source3/passdb/pdb_secrets.c | 3 ++-
source3/passdb/pdb_util.c | 12 ++++++++----
6 files changed, 36 insertions(+), 17 deletions(-)
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 64e05b346de..401a11135cd 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -608,8 +608,11 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
if (ret) {
if (!sid_check_is_in_our_sam(&user_sid)) {
- DEBUG(0, ("User %s with invalid SID %s in passdb\n",
- name, sid_string_dbg(&user_sid)));
+ struct dom_sid_buf buf;
+ DBG_ERR("User %s with invalid SID %s"
+ " in passdb\n",
+ name,
+ dom_sid_str_buf(&user_sid, &buf));
return False;
}
@@ -639,9 +642,11 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
/* BUILTIN groups are looked up elsewhere */
if (!sid_check_is_in_our_sam(&map->sid)) {
+ struct dom_sid_buf buf;
DEBUG(10, ("Found group %s (%s) not in our domain -- "
"ignoring.\n",
- name, sid_string_dbg(&map->sid)));
+ name,
+ dom_sid_str_buf(&map->sid, &buf)));
TALLOC_FREE(map);
return False;
}
diff --git a/source3/passdb/pdb_compat.c b/source3/passdb/pdb_compat.c
index 6b7797a2d6d..2a32ec89012 100644
--- a/source3/passdb/pdb_compat.c
+++ b/source3/passdb/pdb_compat.c
@@ -52,6 +52,7 @@ uint32_t pdb_get_group_rid (struct samu *sampass)
bool pdb_set_user_sid_from_rid (struct samu *sampass, uint32_t rid, enum pdb_value_state flag)
{
struct dom_sid u_sid;
+ struct dom_sid_buf buf;
const struct dom_sid *global_sam_sid;
if (!sampass)
@@ -70,7 +71,7 @@ bool pdb_set_user_sid_from_rid (struct samu *sampass, uint32_t rid, enum pdb_val
return False;
DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n",
- sid_string_dbg(&u_sid),rid));
+ dom_sid_str_buf(&u_sid, &buf), rid));
return True;
}
@@ -78,6 +79,7 @@ bool pdb_set_user_sid_from_rid (struct samu *sampass, uint32_t rid, enum pdb_val
bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32_t grid, enum pdb_value_state flag)
{
struct dom_sid g_sid;
+ struct dom_sid_buf buf;
const struct dom_sid *global_sam_sid;
if (!sampass)
@@ -96,7 +98,7 @@ bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32_t grid, enum pdb_v
return False;
DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n",
- sid_string_dbg(&g_sid), grid));
+ dom_sid_str_buf(&g_sid, &buf), grid));
return True;
}
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 35181da3a4f..31e18df0c08 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -486,13 +486,15 @@ bool pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pd
bool pdb_set_user_sid(struct samu *sampass, const struct dom_sid *u_sid, enum pdb_value_state flag)
{
+ struct dom_sid_buf buf;
+
if (!u_sid)
return False;
sid_copy(&sampass->user_sid, u_sid);
DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
- sid_string_dbg(&sampass->user_sid)));
+ dom_sid_str_buf(&sampass->user_sid, &buf)));
return pdb_set_init_flags(sampass, PDB_USERSID, flag);
}
@@ -532,6 +534,7 @@ bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum p
{
gid_t gid;
struct dom_sid dug_sid;
+ struct dom_sid_buf buf;
if (!g_sid)
return False;
@@ -554,7 +557,7 @@ bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum p
}
DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
- sid_string_dbg(sampass->group_sid)));
+ dom_sid_str_buf(sampass->group_sid, &buf)));
return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
}
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 78ff2daafaf..d42d5e52932 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -1497,6 +1497,8 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx;
bool ret = False;
uint32_t rid;
+ struct dom_sid_buf buf;
+
id->id = -1;
mem_ctx = talloc_new(NULL);
@@ -1529,13 +1531,14 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods,
"an object exists in the database, "
"but it is neither a user nor a "
"group (got type %d).\n",
- sid_string_dbg(sid), type));
+ dom_sid_str_buf(sid, &buf),
+ type));
ret = false;
}
} else {
DEBUG(5, ("SID %s belongs to our domain, but there is "
"no corresponding object in the database.\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
}
goto done;
}
@@ -1563,13 +1566,14 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods,
if (!NT_STATUS_IS_OK(methods->getgrsid(methods, map, *sid))) {
DEBUG(10, ("Could not find map for sid %s\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
goto done;
}
if ((map->sid_name_use != SID_NAME_ALIAS) &&
(map->sid_name_use != SID_NAME_WKN_GRP)) {
DEBUG(10, ("Map for sid %s is a %s, expected an "
- "alias\n", sid_string_dbg(sid),
+ "alias\n",
+ dom_sid_str_buf(sid, &buf),
sid_type_lookup(map->sid_name_use)));
goto done;
}
@@ -1581,7 +1585,7 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods,
}
DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
done:
diff --git a/source3/passdb/pdb_secrets.c b/source3/passdb/pdb_secrets.c
index a581190a225..2e983058c61 100644
--- a/source3/passdb/pdb_secrets.c
+++ b/source3/passdb/pdb_secrets.c
@@ -75,9 +75,10 @@ static int list_trusted_domain(struct db_record *rec, void *private_data)
}
if (pass.domain_sid.num_auths != 4) {
+ struct dom_sid_buf buf;
DEBUG(0, ("SID %s is not a domain sid, has %d "
"auths instead of 4\n",
- sid_string_dbg(&pass.domain_sid),
+ dom_sid_str_buf(&pass.domain_sid, &buf),
pass.domain_sid.num_auths));
return 0;
}
diff --git a/source3/passdb/pdb_util.c b/source3/passdb/pdb_util.c
index dcafbfcf62f..780c03fdc8d 100644
--- a/source3/passdb/pdb_util.c
+++ b/source3/passdb/pdb_util.c
@@ -47,16 +47,20 @@ static NTSTATUS add_sid_to_builtin(const struct dom_sid *builtin_sid,
status = pdb_add_aliasmem(builtin_sid, dom_sid);
if (NT_STATUS_EQUAL(status, NT_STATUS_MEMBER_IN_ALIAS)) {
+ struct dom_sid_buf buf1, buf2;
DEBUG(5, ("add_sid_to_builtin %s is already a member of %s\n",
- sid_string_dbg(dom_sid),
- sid_string_dbg(builtin_sid)));
+ dom_sid_str_buf(dom_sid, &buf1),
+ dom_sid_str_buf(builtin_sid, &buf2)));
return NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(status)) {
+ struct dom_sid_buf buf1, buf2;
DEBUG(4, ("add_sid_to_builtin %s could not be added to %s: "
- "%s\n", sid_string_dbg(dom_sid),
- sid_string_dbg(builtin_sid), nt_errstr(status)));
+ "%s\n",
+ dom_sid_str_buf(dom_sid, &buf1),
+ dom_sid_str_buf(builtin_sid, &buf2),
+ nt_errstr(status)));
}
return status;
}
--
2.11.0
From b75dd0295c28953fbafe152d7336ff4ebeccde81 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 11 Dec 2018 16:39:19 +0100
Subject: [PATCH 08/21] pdb_smbpasswd: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/passdb/pdb_smbpasswd.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 2615cbdd788..a9def1260d4 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1332,11 +1332,12 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd *smb_pw;
+ struct dom_sid_buf buf;
FILE *fp = NULL;
uint32_t rid;
DEBUG(10, ("smbpasswd_getsampwrid: search by sid: %s\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return NT_STATUS_UNSUCCESSFUL;
@@ -1382,9 +1383,11 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam
/* build_sam_account might change the SID on us, if the name was for the guest account */
if (NT_STATUS_IS_OK(nt_status) && !dom_sid_equal(pdb_get_user_sid(sam_acct), sid)) {
+ struct dom_sid_buf buf1, buf2;
DEBUG(1, ("looking for user with sid %s instead returned %s "
- "for account %s!?!\n", sid_string_dbg(sid),
- sid_string_dbg(pdb_get_user_sid(sam_acct)),
+ "for account %s!?!\n",
+ dom_sid_str_buf(sid, &buf1),
+ dom_sid_str_buf(pdb_get_user_sid(sam_acct), &buf2),
pdb_get_username(sam_acct)));
return NT_STATUS_NO_SUCH_USER;
}
--
2.11.0
From 775a1ef265fafa821de5b219cedb52f11b32af37 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 11 Dec 2018 16:52:39 +0100
Subject: [PATCH 09/21] pdb_ldap: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/passdb/pdb_ldap.c | 50 ++++++++++++++++++++++++++++++++---------------
1 file changed, 34 insertions(+), 16 deletions(-)
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 5850236374f..7f8903ba96d 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1629,13 +1629,18 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, struct samu
result);
if (count < 1) {
+ struct dom_sid_buf buf;
DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] "
- "count=%d\n", sid_string_dbg(sid), count));
+ "count=%d\n",
+ dom_sid_str_buf(sid, &buf),
+ count));
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
} else if (count > 1) {
+ struct dom_sid_buf buf;
DEBUG(1, ("ldapsam_getsampwsid: More than one user with SID "
- "[%s]. Failing. count=%d\n", sid_string_dbg(sid),
+ "[%s]. Failing. count=%d\n",
+ dom_sid_str_buf(sid, &buf),
count));
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
@@ -2152,9 +2157,11 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s
smbldap_get_ldap(
ldap_state->smbldap_state),
result) != 0) {
+ struct dom_sid_buf buf;
DEBUG(0,("ldapsam_add_sam_account: SID '%s' "
"already in the base, with samba "
- "attributes\n", sid_string_dbg(sid)));
+ "attributes\n",
+ dom_sid_str_buf(sid, &buf)));
goto fn_exit;
}
ldap_msgfree(result);
@@ -2635,8 +2642,10 @@ static bool ldapsam_extract_rid_from_entry(LDAP *ldap_struct,
}
if (dom_sid_compare_domain(&sid, domain_sid) != 0) {
+ struct dom_sid_buf buf;
DEBUG(10, ("SID %s is not in expected domain %s\n",
- str, sid_string_dbg(domain_sid)));
+ str,
+ dom_sid_str_buf(domain_sid, &buf)));
return False;
}
@@ -2697,7 +2706,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
if (count > 1) {
DEBUG(1, ("Found more than one groupmap entry for %s\n",
- sid_string_dbg(group)));
+ dom_sid_str_buf(group, &buf)));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
@@ -3134,7 +3143,8 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
msg) > 0)) {
DEBUG(3, ("SID %s already present in LDAP, refusing to add "
- "group mapping entry\n", sid_string_dbg(&map->sid)));
+ "group mapping entry\n",
+ dom_sid_str_buf(&map->sid, &buf)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
@@ -3153,7 +3163,7 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
&& !sid_check_is_in_builtin(&map->sid) )
{
DEBUG(3, ("Refusing to map sid %s as an alias, not in our domain\n",
- sid_string_dbg(&map->sid)));
+ dom_sid_str_buf(&map->sid, &buf)));
result = NT_STATUS_INVALID_PARAMETER;
goto done;
}
@@ -3180,7 +3190,9 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
if (pdb_id_to_sid(&id, &sid)) {
DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to "
- "add\n", (unsigned int)map->gid, sid_string_dbg(&sid)));
+ "add\n",
+ (unsigned int)map->gid,
+ dom_sid_str_buf(&sid, &buf)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
@@ -3582,8 +3594,9 @@ static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods,
}
if (type == SID_NAME_USE_NONE) {
+ struct dom_sid_buf buf;
DEBUG(5, ("SID %s is neither in builtin nor in our domain!\n",
- sid_string_dbg(alias)));
+ dom_sid_str_buf(alias, &buf)));
return NT_STATUS_NO_SUCH_ALIAS;
}
@@ -3709,7 +3722,7 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
if (type == SID_NAME_USE_NONE) {
DEBUG(5, ("SID %s is neither in builtin nor in our domain!\n",
- sid_string_dbg(alias)));
+ dom_sid_str_buf(alias, &tmp)));
return NT_STATUS_NO_SUCH_ALIAS;
}
@@ -3826,8 +3839,9 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
}
if (type == SID_NAME_USE_NONE) {
+ struct dom_sid_buf buf;
DEBUG(5, ("SID %s is neither builtin nor domain!\n",
- sid_string_dbg(domain_sid)));
+ dom_sid_str_buf(domain_sid, &buf)));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -4649,8 +4663,9 @@ static bool ldapuser2displayentry(struct ldap_search_state *state,
ldap_value_free(vals);
if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid)) {
+ struct dom_sid_buf buf;
DEBUG(0, ("sid %s does not belong to our domain\n",
- sid_string_dbg(&sid)));
+ dom_sid_str_buf(&sid, &buf)));
return False;
}
@@ -4814,8 +4829,9 @@ static bool ldapgroup2displayentry(struct ldap_search_state *state,
if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid)
&& !sid_peek_check_rid(&global_sid_Builtin, &sid, &result->rid))
{
+ struct dom_sid_buf buf;
DEBUG(0, ("%s is not in our domain\n",
- sid_string_dbg(&sid)));
+ dom_sid_str_buf(&sid, &buf)));
return False;
}
break;
@@ -6708,17 +6724,19 @@ NTSTATUS pdb_ldapsam_init_common(struct pdb_methods **pdb_method,
&secrets_domain_sid);
if (!found_sid || !dom_sid_equal(&secrets_domain_sid,
&ldap_domain_sid)) {
+ struct dom_sid_buf buf1, buf2;
DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain "
"%s based on pdb_ldap results %s -> %s\n",
ldap_state->domain_name,
- sid_string_dbg(&secrets_domain_sid),
- sid_string_dbg(&ldap_domain_sid)));
+ dom_sid_str_buf(&secrets_domain_sid, &buf1),
+ dom_sid_str_buf(&ldap_domain_sid, &buf2)));
/* reset secrets.tdb sid */
PDB_secrets_store_domain_sid(ldap_state->domain_name,
&ldap_domain_sid);
DEBUG(1, ("New global sam SID: %s\n",
- sid_string_dbg(get_global_sam_sid())));
+ dom_sid_str_buf(get_global_sam_sid(),
+ &buf1)));
}
sid_copy(&ldap_state->domain_sid, &ldap_domain_sid);
TALLOC_FREE(domain_sid_string);
--
2.11.0
From 233ae27c2ca509b74ce60307fc14e78980b485d4 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 11 Dec 2018 17:00:48 +0100
Subject: [PATCH 10/21] lookup_sid: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/passdb/lookup_sid.c | 59 ++++++++++++++++++++++++++++++---------------
1 file changed, 40 insertions(+), 19 deletions(-)
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index eeaf2b720a7..6bda783fa03 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -569,9 +569,10 @@ static bool lookup_rids(TALLOC_CTX *mem_ctx, const struct dom_sid *domain_sid,
const char ***names, enum lsa_SidType **types)
{
int i;
+ struct dom_sid_buf buf;
DEBUG(10, ("lookup_rids called for domain sid '%s'\n",
- sid_string_dbg(domain_sid)));
+ dom_sid_str_buf(domain_sid, &buf)));
if (num_rids) {
*names = talloc_zero_array(mem_ctx, const char *, num_rids);
@@ -788,6 +789,7 @@ static bool lookup_as_domain(const struct dom_sid *sid, TALLOC_CTX *mem_ctx,
static bool check_dom_sid_to_level(const struct dom_sid *sid, int level)
{
+ struct dom_sid_buf buf;
int ret = false;
switch(level) {
@@ -810,7 +812,8 @@ static bool check_dom_sid_to_level(const struct dom_sid *sid, int level)
DEBUG(10, ("%s SID %s in level %d\n",
ret ? "Accepting" : "Rejecting",
- sid_string_dbg(sid), level));
+ dom_sid_str_buf(sid, &buf),
+ level));
return ret;
}
@@ -1055,10 +1058,12 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
{
struct lsa_dom_info *domain;
struct lsa_name_info *name;
+ struct dom_sid_buf buf;
TALLOC_CTX *tmp_ctx;
bool ret = false;
- DEBUG(10, ("lookup_sid called for SID '%s'\n", sid_string_dbg(sid)));
+ DEBUG(10, ("lookup_sid called for SID '%s'\n",
+ dom_sid_str_buf(sid, &buf)));
if (!(tmp_ctx = talloc_new(mem_ctx))) {
DEBUG(0, ("talloc_new failed\n"));
@@ -1092,10 +1097,12 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
done:
if (ret) {
- DEBUG(10, ("Sid %s -> %s\\%s(%d)\n", sid_string_dbg(sid),
+ DEBUG(10, ("Sid %s -> %s\\%s(%d)\n",
+ dom_sid_str_buf(sid, &buf),
domain->name, name->name, name->type));
} else {
- DEBUG(10, ("failed to lookup sid %s\n", sid_string_dbg(sid)));
+ DEBUG(10, ("failed to lookup sid %s\n",
+ dom_sid_str_buf(sid, &buf)));
}
TALLOC_FREE(tmp_ctx);
return ret;
@@ -1118,6 +1125,7 @@ static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
{
bool ret;
struct unixid id;
+ struct dom_sid_buf buf;
ZERO_STRUCTP(psid);
@@ -1146,7 +1154,7 @@ static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
done:
DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
- sid_string_dbg(psid)));
+ dom_sid_str_buf(psid, &buf)));
return;
}
@@ -1159,6 +1167,7 @@ static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
{
bool ret;
struct unixid id;
+ struct dom_sid_buf buf;
ZERO_STRUCTP(psid);
@@ -1187,7 +1196,7 @@ static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
done:
DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
- sid_string_dbg(psid)));
+ dom_sid_str_buf(psid, &buf)));
return;
}
@@ -1205,8 +1214,9 @@ static bool legacy_sid_to_unixid(const struct dom_sid *psid, struct unixid *id)
unbecome_root();
if (!ret) {
+ struct dom_sid_buf buf;
DEBUG(10,("LEGACY: mapping failed for sid %s\n",
- sid_string_dbg(psid)));
+ dom_sid_str_buf(psid, &buf)));
return false;
}
@@ -1247,6 +1257,7 @@ void uid_to_sid(struct dom_sid *psid, uid_t uid)
{
bool expired = true;
bool ret;
+ struct dom_sid_buf buf;
ZERO_STRUCTP(psid);
/* Check the winbindd cache directly. */
@@ -1283,7 +1294,7 @@ void uid_to_sid(struct dom_sid *psid, uid_t uid)
}
DEBUG(10,("uid %u -> sid %s\n", (unsigned int)uid,
- sid_string_dbg(psid)));
+ dom_sid_str_buf(psid, &buf)));
return;
}
@@ -1296,6 +1307,7 @@ void gid_to_sid(struct dom_sid *psid, gid_t gid)
{
bool expired = true;
bool ret;
+ struct dom_sid_buf buf;
ZERO_STRUCTP(psid);
/* Check the winbindd cache directly. */
@@ -1332,7 +1344,7 @@ void gid_to_sid(struct dom_sid *psid, gid_t gid)
}
DEBUG(10,("gid %u -> sid %s\n", (unsigned int)gid,
- sid_string_dbg(psid)));
+ dom_sid_str_buf(psid, &buf)));
return;
}
@@ -1462,6 +1474,7 @@ bool sid_to_uid(const struct dom_sid *psid, uid_t *puid)
bool expired = true;
bool ret;
uint32_t rid;
+ struct dom_sid_buf buf;
/* Optimize for the Unix Users Domain
* as the conversion is straightforward */
@@ -1470,8 +1483,9 @@ bool sid_to_uid(const struct dom_sid *psid, uid_t *puid)
*puid = uid;
/* return here, don't cache */
- DEBUG(10,("sid %s -> uid %u\n", sid_string_dbg(psid),
- (unsigned int)*puid ));
+ DEBUG(10,("sid %s -> uid %u\n",
+ dom_sid_str_buf(psid, &buf),
+ (unsigned int)*puid ));
return true;
}
@@ -1490,7 +1504,7 @@ bool sid_to_uid(const struct dom_sid *psid, uid_t *puid)
/* Not in cache. Ask winbindd. */
if (!winbind_sid_to_uid(puid, psid)) {
DEBUG(5, ("winbind failed to find a uid for sid %s\n",
- sid_string_dbg(psid)));
+ dom_sid_str_buf(psid, &buf)));
/* winbind failed. do legacy */
return legacy_sid_to_uid(psid, puid);
}
@@ -1499,7 +1513,8 @@ bool sid_to_uid(const struct dom_sid *psid, uid_t *puid)
/* TODO: Here would be the place to allocate both a gid and a uid for
* the SID in question */
- DEBUG(10,("sid %s -> uid %u\n", sid_string_dbg(psid),
+ DEBUG(10,("sid %s -> uid %u\n",
+ dom_sid_str_buf(psid, &buf),
(unsigned int)*puid ));
return true;
@@ -1515,6 +1530,7 @@ bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
bool expired = true;
bool ret;
uint32_t rid;
+ struct dom_sid_buf buf;
/* Optimize for the Unix Groups Domain
* as the conversion is straightforward */
@@ -1523,7 +1539,8 @@ bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
*pgid = gid;
/* return here, don't cache */
- DEBUG(10,("sid %s -> gid %u\n", sid_string_dbg(psid),
+ DEBUG(10,("sid %s -> gid %u\n",
+ dom_sid_str_buf(psid, &buf),
(unsigned int)*pgid ));
return true;
}
@@ -1547,13 +1564,14 @@ bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
if ( !winbind_sid_to_gid(pgid, psid) ) {
DEBUG(10,("winbind failed to find a gid for sid %s\n",
- sid_string_dbg(psid)));
+ dom_sid_str_buf(psid, &buf)));
/* winbind failed. do legacy */
return legacy_sid_to_gid(psid, pgid);
}
}
- DEBUG(10,("sid %s -> gid %u\n", sid_string_dbg(psid),
+ DEBUG(10,("sid %s -> gid %u\n",
+ dom_sid_str_buf(psid, &buf),
(unsigned int)*pgid ));
return true;
@@ -1654,9 +1672,11 @@ NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx,
if (need_lookup_sid) {
enum lsa_SidType type = SID_NAME_UNKNOWN;
bool lookup_ret;
+ struct dom_sid_buf buf;
DEBUG(10, ("do lookup_sid(%s) for group of user %s\n",
- sid_string_dbg(group_sid), username));
+ dom_sid_str_buf(group_sid, &buf),
+ username));
/* Now check that it's actually a domain group and
* not something else */
@@ -1669,7 +1689,8 @@ NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx,
DEBUG(3, ("Primary group %s for user %s is"
" a %s and not a domain group\n",
- sid_string_dbg(group_sid), username,
+ dom_sid_str_buf(group_sid, &buf),
+ username,
sid_type_lookup(type)));
}
--
2.11.0
From 620962679c2954cc9508cc595c988f0a3f9d90ec Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 11 Dec 2018 17:17:46 +0100
Subject: [PATCH 11/21] vfs: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/modules/nfs4_acls.c | 14 ++++++++++----
source3/modules/vfs_afsacl.c | 6 ++++--
source3/modules/vfs_default.c | 6 ++++--
3 files changed, 18 insertions(+), 8 deletions(-)
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 19f0fefdb98..7776caa16d2 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -317,6 +317,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx,
for (aceint = acl->first; aceint != NULL; aceint = aceint->next) {
uint32_t mask;
struct dom_sid sid;
+ struct dom_sid_buf buf;
SMB_ACE4PROP_T *ace = &aceint->prop;
uint32_t win_ace_flags;
@@ -349,7 +350,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx,
}
}
DEBUG(10, ("mapped %d to %s\n", ace->who.id,
- sid_string_dbg(&sid)));
+ dom_sid_str_buf(&sid, &buf)));
if (!is_directory && params->map_full_control) {
/*
@@ -655,7 +656,10 @@ static bool smbacl4_fill_ace4(
SMB_ACE4PROP_T *ace_v4 /* output */
)
{
- DEBUG(10, ("got ace for %s\n", sid_string_dbg(&ace_nt->trustee)));
+ struct dom_sid_buf buf;
+
+ DEBUG(10, ("got ace for %s\n",
+ dom_sid_str_buf(&ace_nt->trustee, &buf)));
ZERO_STRUCTP(ace_v4);
@@ -738,7 +742,7 @@ static bool smbacl4_fill_ace4(
DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
"convert %s to uid or gid\n",
filename->base_name,
- sid_string_dbg(&ace_nt->trustee)));
+ dom_sid_str_buf(&ace_nt->trustee, &buf)));
return false;
}
}
@@ -882,9 +886,11 @@ static struct SMB4ACL_T *smbacl4_win2nfs4(
if (!smbacl4_fill_ace4(fsp->fsp_name, pparams,
ownerUID, ownerGID,
dacl->aces + i, &ace_v4)) {
+ struct dom_sid_buf buf;
DEBUG(3, ("Could not fill ace for file %s, SID %s\n",
filename,
- sid_string_dbg(&((dacl->aces+i)->trustee))));
+ dom_sid_str_buf(&((dacl->aces+i)->trustee),
+ &buf)));
continue;
}
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c
index d9be513d041..40071c85431 100644
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -761,8 +761,9 @@ static bool nt_to_afs_acl(const char *filename,
}
if (!mappable_sid(&ace->trustee)) {
+ struct dom_sid_buf buf;
DEBUG(10, ("Ignoring unmappable SID %s\n",
- sid_string_dbg(&ace->trustee)));
+ dom_sid_str_buf(&ace->trustee, &buf)));
continue;
}
@@ -791,8 +792,9 @@ static bool nt_to_afs_acl(const char *filename,
if (!lookup_sid(talloc_tos(), &ace->trustee,
&dom_name, &name, &name_type)) {
+ struct dom_sid_buf buf;
DEBUG(1, ("AFSACL: Could not lookup SID %s on file %s\n",
- sid_string_dbg(&ace->trustee),
+ dom_sid_str_buf(&ace->trustee, &buf),
filename));
continue;
}
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index a492c9d3627..b1c4acc482d 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1330,6 +1330,7 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
* but I have to check that --metze
*/
struct dom_sid sid;
+ struct dom_sid_buf buf;
uid_t uid;
size_t sid_len;
@@ -1349,11 +1350,12 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
if (!sid_parse(_in_data + 4, sid_len, &sid)) {
return NT_STATUS_INVALID_PARAMETER;
}
- DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
+ DEBUGADD(10, ("for SID: %s\n",
+ dom_sid_str_buf(&sid, &buf)));
if (!sid_to_uid(&sid, &uid)) {
DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n",
- sid_string_dbg(&sid),
+ dom_sid_str_buf(&sid, &buf),
(unsigned long)sid_len));
uid = (-1);
}
--
2.11.0
From dc7abeef5228bb463fc1c23db8eb08fc0a877d16 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 13 Dec 2018 21:01:00 +0100
Subject: [PATCH 12/21] auth3: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/auth/auth_util.c | 6 ++++--
source3/auth/server_info.c | 26 ++++++++++++++++----------
source3/auth/token_util.c | 18 +++++++++++-------
3 files changed, 31 insertions(+), 19 deletions(-)
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index e31f8183439..d78dbed14b2 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -607,9 +607,10 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
if (ids[i].type != ID_TYPE_GID &&
ids[i].type != ID_TYPE_BOTH) {
+ struct dom_sid_buf buf;
DEBUG(10, ("Could not convert SID %s to gid, "
"ignoring it\n",
- sid_string_dbg(&t->sids[i])));
+ dom_sid_str_buf(&t->sids[i], &buf)));
continue;
}
if (!add_gid_to_array_unique(session_info->unix_token,
@@ -1084,10 +1085,11 @@ NTSTATUS auth3_session_info_create(TALLOC_CTX *mem_ctx,
ids[i].type != ID_TYPE_BOTH) {
struct security_token *nt_token =
session_info->security_token;
+ struct dom_sid_buf buf;
DEBUG(10, ("Could not convert SID %s to gid, "
"ignoring it\n",
- sid_string_dbg(&nt_token->sids[i])));
+ dom_sid_str_buf(&nt_token->sids[i], &buf)));
continue;
}
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 6d5e9fb72fe..2c48d1bb7a9 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -310,13 +310,14 @@ static NTSTATUS merge_resource_sids(const struct PAC_LOGON_INFO *logon_info,
NTSTATUS status;
struct dom_sid new_sid;
uint32_t attributes = rg->groups.rids[i].attributes;
+ struct dom_sid_buf buf;
sid_compose(&new_sid,
rg->domain_sid,
rg->groups.rids[i].rid);
DEBUG(10, ("Adding SID %s to extra SIDS\n",
- sid_string_dbg(&new_sid)));
+ dom_sid_str_buf(&new_sid, &buf)));
status = append_netr_SidAttr(info3, &info3->sids,
&info3->sidcount,
@@ -324,7 +325,7 @@ static NTSTATUS merge_resource_sids(const struct PAC_LOGON_INFO *logon_info,
attributes);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("failed to append SID %s to extra SIDS: %s\n",
- sid_string_dbg(&new_sid),
+ dom_sid_str_buf(&new_sid, &buf),
nt_errstr(status)));
return status;
}
@@ -431,6 +432,8 @@ static NTSTATUS SamInfo3_handle_sids(const char *username,
struct dom_sid *domain_sid,
struct extra_auth_info *extra)
{
+ struct dom_sid_buf buf;
+
if (sid_check_is_in_unix_users(user_sid)) {
/* in info3 you can only set rids for the user and the
* primary group, and the domain sid must be that of
@@ -445,7 +448,7 @@ static NTSTATUS SamInfo3_handle_sids(const char *username,
DEBUG(10, ("Unix User found. Rid marked as "
"special and sid (%s) saved as extra sid\n",
- sid_string_dbg(user_sid)));
+ dom_sid_str_buf(user_sid, &buf)));
} else {
sid_copy(domain_sid, user_sid);
sid_split_rid(domain_sid, &info3->base.rid);
@@ -471,17 +474,18 @@ static NTSTATUS SamInfo3_handle_sids(const char *username,
DEBUG(10, ("Unix Group found. Rid marked as "
"special and sid (%s) saved as extra sid\n",
- sid_string_dbg(group_sid)));
+ dom_sid_str_buf(group_sid, &buf)));
} else {
bool ok = sid_peek_check_rid(domain_sid, group_sid,
&info3->base.primary_gid);
if (!ok) {
+ struct dom_sid_buf buf2, buf3;
DEBUG(1, ("The primary group domain sid(%s) does not "
"match the domain sid(%s) for %s(%s)\n",
- sid_string_dbg(group_sid),
- sid_string_dbg(domain_sid),
+ dom_sid_str_buf(group_sid, &buf),
+ dom_sid_str_buf(domain_sid, &buf2),
username,
- sid_string_dbg(user_sid)));
+ dom_sid_str_buf(user_sid, &buf3)));
return NT_STATUS_INVALID_SID;
}
}
@@ -751,12 +755,14 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
ok = sid_peek_check_rid(&domain_sid, &group_sid,
&info3->base.primary_gid);
if (!ok) {
+ struct dom_sid_buf buf1, buf2, buf3;
+
DEBUG(1, ("The primary group domain sid(%s) does not "
"match the domain sid(%s) for %s(%s)\n",
- sid_string_dbg(&group_sid),
- sid_string_dbg(&domain_sid),
+ dom_sid_str_buf(&group_sid, &buf1),
+ dom_sid_str_buf(&domain_sid, &buf2),
unix_username,
- sid_string_dbg(&user_sid)));
+ dom_sid_str_buf(&user_sid, &buf3)));
status = NT_STATUS_INVALID_SID;
goto done;
}
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index 21ccb0d1fe7..bfc2c3029b2 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -430,9 +430,10 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
int i;
NTSTATUS status;
uint32_t session_info_flags = 0;
+ struct dom_sid_buf buf;
DEBUG(10, ("Create local NT token for %s\n",
- sid_string_dbg(user_sid)));
+ dom_sid_str_buf(user_sid, &buf)));
if (!(result = talloc_zero(mem_ctx, struct security_token))) {
DEBUG(0, ("talloc failed\n"));
@@ -554,8 +555,9 @@ static NTSTATUS add_local_groups(struct security_token *result,
pass = getpwuid_alloc(tmp_ctx, uid);
if (pass == NULL) {
+ struct dom_sid_buf buf;
DEBUG(1, ("SID %s -> getpwuid(%u) failed\n",
- sid_string_dbg(&result->sids[0]),
+ dom_sid_str_buf(&result->sids[0], &buf),
(unsigned int)uid));
}
}
@@ -903,6 +905,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
uint32_t i;
uint32_t high, low;
bool range_ok;
+ struct dom_sid_buf buf;
if (sid_check_is_in_our_sam(user_sid)) {
bool ret;
@@ -922,7 +925,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
if (!ret) {
DEBUG(1, ("pdb_getsampwsid(%s) failed\n",
- sid_string_dbg(user_sid)));
+ dom_sid_str_buf(user_sid, &buf)));
DEBUGADD(1, ("Fall back to unix user\n"));
goto unix_user;
}
@@ -932,7 +935,8 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
&pdb_num_group_sids);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(1, ("enum_group_memberships failed for %s: "
- "%s\n", sid_string_dbg(user_sid),
+ "%s\n",
+ dom_sid_str_buf(user_sid, &buf),
nt_errstr(result)));
DEBUGADD(1, ("Fall back to unix uid lookup\n"));
goto unix_user;
@@ -995,7 +999,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
if (!sid_to_uid(user_sid, uid)) {
DEBUG(1, ("unix_user case, sid_to_uid for %s failed\n",
- sid_string_dbg(user_sid)));
+ dom_sid_str_buf(user_sid, &buf)));
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
@@ -1050,7 +1054,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
/* We must always assign the *uid. */
if (!sid_to_uid(user_sid, uid)) {
DEBUG(1, ("winbindd case, sid_to_uid for %s failed\n",
- sid_string_dbg(user_sid)));
+ dom_sid_str_buf(user_sid, &buf)));
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
@@ -1075,7 +1079,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
if (!sid_to_gid(&group_sids[0], &gids[0])) {
DEBUG(1, ("sid_to_gid(%s) failed\n",
- sid_string_dbg(&group_sids[0])));
+ dom_sid_str_buf(&group_sids[0], &buf)));
goto done;
}
--
2.11.0
From 19e29ebab15096049f12e8c0464824aaa3111a95 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 13 Dec 2018 21:21:57 +0100
Subject: [PATCH 13/21] lib: Avoid sid_string_dbg
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/privileges.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index ec4e1893bda..c02d4c9884c 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -96,7 +96,7 @@ static bool get_privileges( const struct dom_sid *sid, uint64_t *mask )
if (!NT_STATUS_IS_OK(status)) {
DEBUG(4, ("get_privileges: No privileges assigned to SID "
- "[%s]\n", sid_string_dbg(sid)));
+ "[%s]\n", tmp.buf));
return False;
}
@@ -106,7 +106,7 @@ static bool get_privileges( const struct dom_sid *sid, uint64_t *mask )
} else {
if (data.dsize != sizeof( uint64_t ) ) {
DEBUG(3, ("get_privileges: Invalid privileges record assigned to SID "
- "[%s]\n", sid_string_dbg(sid)));
+ "[%s]\n", tmp.buf));
return False;
}
--
2.11.0
From 760164d7cc23f5dc4265c48aeee7e9962bbfafbe Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 13 Dec 2018 21:22:27 +0100
Subject: [PATCH 14/21] lib: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/privileges.c | 11 ++++++++---
source3/lib/util_sid.c | 3 ++-
source3/lib/util_wellknown.c | 7 +++++--
source3/lib/winbind_util.c | 3 ++-
4 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index c02d4c9884c..19412133342 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -168,13 +168,16 @@ bool get_privileges_for_sids(uint64_t *privileges, struct dom_sid *slist, int sc
*privileges = 0;
for ( i=0; i<scount; i++ ) {
+ struct dom_sid_buf buf;
+
/* don't add unless we actually have a privilege assigned */
if ( !get_privileges( &slist[i], &mask ) )
continue;
DEBUG(5,("get_privileges_for_sids: sid = %s\nPrivilege "
- "set: 0x%llx\n", sid_string_dbg(&slist[i]),
+ "set: 0x%llx\n",
+ dom_sid_str_buf(&slist[i], &buf),
(unsigned long long)mask));
*privileges |= mask;
@@ -341,6 +344,7 @@ NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx,
static bool grant_privilege_bitmap(const struct dom_sid *sid, const uint64_t priv_mask)
{
uint64_t old_mask, new_mask;
+ struct dom_sid_buf buf;
ZERO_STRUCT( old_mask );
ZERO_STRUCT( new_mask );
@@ -352,7 +356,7 @@ static bool grant_privilege_bitmap(const struct dom_sid *sid, const uint64_t pri
new_mask |= priv_mask;
- DEBUG(10,("grant_privilege: %s\n", sid_string_dbg(sid)));
+ DEBUG(10,("grant_privilege: %s\n", dom_sid_str_buf(sid, &buf)));
DEBUGADD( 10, ("original privilege mask: 0x%llx\n", (unsigned long long)new_mask));
@@ -398,13 +402,14 @@ bool grant_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set
static bool revoke_privilege_bitmap(const struct dom_sid *sid, const uint64_t priv_mask)
{
uint64_t mask;
+ struct dom_sid_buf buf;
/* if the user has no privileges, then we can't revoke any */
if ( !get_privileges( sid, &mask ) )
return True;
- DEBUG(10,("revoke_privilege: %s\n", sid_string_dbg(sid)));
+ DEBUG(10,("revoke_privilege: %s\n", dom_sid_str_buf(sid, &buf)));
DEBUGADD( 10, ("original privilege mask: 0x%llx\n", (unsigned long long)mask));
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 0e79a6ef2f0..71a4800d602 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -175,8 +175,9 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
&sid_array, &num_sids);
if (!NT_STATUS_IS_OK(status)) {
+ struct dom_sid_buf buf;
DEBUG(3, ("could not add SID to array: %s\n",
- sid_string_dbg(info3->sids[i].sid)));
+ dom_sid_str_buf(info3->sids[i].sid, &buf)));
return status;
}
}
diff --git a/source3/lib/util_wellknown.c b/source3/lib/util_wellknown.c
index a3db9ab5b44..8cb7a36ddec 100644
--- a/source3/lib/util_wellknown.c
+++ b/source3/lib/util_wellknown.c
@@ -116,6 +116,7 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
struct dom_sid dom_sid;
uint32_t rid;
const struct rid_name_map *users = NULL;
+ struct dom_sid_buf buf;
sid_copy(&dom_sid, sid);
if (!sid_split_rid(&dom_sid, &rid)) {
@@ -133,7 +134,8 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
}
if (users == NULL) {
- DEBUG(10, ("SID %s is no special sid\n", sid_string_dbg(sid)));
+ DEBUG(10, ("SID %s is no special sid\n",
+ dom_sid_str_buf(sid, &buf)));
return False;
}
@@ -144,7 +146,8 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
}
}
- DEBUG(10, ("RID of special SID %s not found\n", sid_string_dbg(sid)));
+ DEBUG(10, ("RID of special SID %s not found\n",
+ dom_sid_str_buf(sid, &buf)));
return False;
}
diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
index 427831f04c8..a072166ce18 100644
--- a/source3/lib/winbind_util.c
+++ b/source3/lib/winbind_util.c
@@ -94,6 +94,7 @@ bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
enum wbcSidType type;
char *domain_name = NULL;
char *account_name = NULL;
+ struct dom_sid_buf buf;
memcpy(&dom_sid, sid, sizeof(dom_sid));
@@ -112,7 +113,7 @@ bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
*name_type = (enum lsa_SidType)type;
DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n",
- sid_string_dbg(sid), domain_name, account_name));
+ dom_sid_str_buf(sid, &buf), domain_name, account_name));
wbcFreeMemory(domain_name);
wbcFreeMemory(account_name);
--
2.11.0
From 0646bd47a345221e606b1e03bccea37cc8da5d89 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 13 Dec 2018 21:41:43 +0100
Subject: [PATCH 15/21] libnet: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libnet/libnet_dssync_passdb.c | 55 ++++++++++++++++++++---------------
1 file changed, 32 insertions(+), 23 deletions(-)
diff --git a/source3/libnet/libnet_dssync_passdb.c b/source3/libnet/libnet_dssync_passdb.c
index 26be6dc840c..4b559f15e75 100644
--- a/source3/libnet/libnet_dssync_passdb.c
+++ b/source3/libnet/libnet_dssync_passdb.c
@@ -300,6 +300,7 @@ static int dssync_passdb_traverse_amembers(struct db_record *rec,
NTSTATUS status;
struct dom_sid alias_sid;
struct dom_sid member_sid;
+ struct dom_sid_buf buf1, buf2;
const char *member_dn;
size_t num_members;
size_t i;
@@ -324,9 +325,9 @@ static int dssync_passdb_traverse_amembers(struct db_record *rec,
mem->obj = dssync_search_obj_by_guid(pctx, pctx->all, &mem->cur->guid);
if (mem->obj == NULL) {
DEBUG(0,("alias[%s] member[%s] can't resolve member - ignoring\n",
- sid_string_dbg(&alias_sid),
+ dom_sid_str_buf(&alias_sid, &buf1),
is_null_sid(&member_sid)?
- sid_string_dbg(&member_sid):
+ dom_sid_str_buf(&member_sid, &buf2):
member_dn));
return 0;
}
@@ -335,7 +336,7 @@ static int dssync_passdb_traverse_amembers(struct db_record *rec,
case ATYPE_DISTRIBUTION_LOCAL_GROUP:
case ATYPE_DISTRIBUTION_GLOBAL_GROUP:
DEBUG(0, ("alias[%s] ignore distribution group [%s]\n",
- sid_string_dbg(&alias_sid),
+ dom_sid_str_buf(&alias_sid, &buf1),
member_dn));
return 0;
default:
@@ -343,14 +344,14 @@ static int dssync_passdb_traverse_amembers(struct db_record *rec,
}
DEBUG(0,("alias[%s] member[%s]\n",
- sid_string_dbg(&alias_sid),
- sid_string_dbg(&member_sid)));
+ dom_sid_str_buf(&alias_sid, &buf1),
+ dom_sid_str_buf(&member_sid, &buf2)));
status = pdb_enum_aliasmem(&alias_sid, talloc_tos(),
&members, &num_members);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Could not find current alias members %s - %s\n",
- sid_string_dbg(&alias_sid),
+ dom_sid_str_buf(&alias_sid, &buf1),
nt_errstr(status)));
return -1;
}
@@ -377,8 +378,8 @@ static int dssync_passdb_traverse_amembers(struct db_record *rec,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Could not %s %s as alias members of %s - %s\n",
action,
- sid_string_dbg(&member_sid),
- sid_string_dbg(&alias_sid),
+ dom_sid_str_buf(&member_sid, &buf1),
+ dom_sid_str_buf(&alias_sid, &buf2),
nt_errstr(status)));
return -1;
}
@@ -451,6 +452,7 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
char **unix_members;
struct dom_sid group_sid;
struct dom_sid member_sid;
+ struct dom_sid_buf buf1, buf2;
struct samu *member = NULL;
const char *member_dn = NULL;
GROUP_MAP *map;
@@ -481,9 +483,9 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
mem->obj = dssync_search_obj_by_guid(pctx, pctx->all, &mem->cur->guid);
if (mem->obj == NULL) {
DEBUG(0,("group[%s] member[%s] can't resolve member - ignoring\n",
- sid_string_dbg(&group_sid),
+ dom_sid_str_buf(&group_sid, &buf1),
is_null_sid(&member_sid)?
- sid_string_dbg(&member_sid):
+ dom_sid_str_buf(&member_sid, &buf2):
member_dn));
return 0;
}
@@ -495,14 +497,14 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
case ATYPE_SECURITY_LOCAL_GROUP:
case ATYPE_SECURITY_GLOBAL_GROUP:
DEBUG(0, ("Group[%s] ignore member group [%s]\n",
- sid_string_dbg(&group_sid),
- sid_string_dbg(&member_sid)));
+ dom_sid_str_buf(&group_sid, &buf1),
+ dom_sid_str_buf(&member_sid, &buf2)));
return 0;
case ATYPE_DISTRIBUTION_LOCAL_GROUP:
case ATYPE_DISTRIBUTION_GLOBAL_GROUP:
DEBUG(0, ("Group[%s] ignore distribution group [%s]\n",
- sid_string_dbg(&group_sid),
+ dom_sid_str_buf(&group_sid, &buf1),
member_dn));
return 0;
default:
@@ -516,7 +518,7 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
if (!get_domain_group_from_sid(group_sid, map)) {
DEBUG(0, ("Could not find global group %s\n",
- sid_string_dbg(&group_sid)));
+ dom_sid_str_buf(&group_sid, &buf1)));
//return NT_STATUS_NO_SUCH_GROUP;
TALLOC_FREE(map);
return -1;
@@ -540,9 +542,9 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
}
if (!pdb_getsampwsid(member, &member_sid)) {
- struct dom_sid_buf buf;
DEBUG(1, ("Found bogus group member: (member_sid=%s group=%s)\n",
- dom_sid_str_buf(&member_sid, &buf), grp->gr_name));
+ dom_sid_str_buf(&member_sid, &buf1),
+ grp->gr_name));
TALLOC_FREE(member);
return -1;
}
@@ -1105,6 +1107,7 @@ static NTSTATUS sam_account_from_object(struct samu *account,
{
TALLOC_CTX *mem_ctx = account;
const char *old_string, *new_string;
+ struct dom_sid_buf buf;
time_t unix_time, stored_time;
NTSTATUS status;
@@ -1137,7 +1140,8 @@ static NTSTATUS sam_account_from_object(struct samu *account,
objectSid = cur->object.identifier->sid;
GET_STRING_EX(sAMAccountName, true);
DEBUG(0,("sam_account_from_object(%s, %s) start\n",
- sAMAccountName, sid_string_dbg(&objectSid)));
+ sAMAccountName,
+ dom_sid_str_buf(&objectSid, &buf)));
GET_UINT64(lastLogon);
GET_UINT64(lastLogoff);
GET_UINT64(pwdLastSet);
@@ -1344,7 +1348,8 @@ static NTSTATUS sam_account_from_object(struct samu *account,
pdb_set_domain(account, lp_workgroup(), PDB_CHANGED);
DEBUG(0,("sam_account_from_object(%s, %s) done\n",
- sAMAccountName, sid_string_dbg(&objectSid)));
+ sAMAccountName,
+ dom_sid_str_buf(&objectSid, &buf)));
return NT_STATUS_OK;
}
@@ -1363,6 +1368,7 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
struct group *grp;
struct dom_sid user_sid;
struct dom_sid group_sid;
+ struct dom_sid_buf buf;
struct passwd *passwd = NULL;
uint32_t acct_flags;
uint32_t rid;
@@ -1388,7 +1394,9 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
* pdb_smbpasswd.c also has some DOMAIN_RID_GUEST related
* code...
*/
- DEBUG(0,("Ignore %s - %s\n", account, sid_string_dbg(&user_sid)));
+ DEBUG(0,("Ignore %s - %s\n",
+ account,
+ dom_sid_str_buf(&user_sid, &buf)));
return NT_STATUS_OK;
}
DEBUG(0,("Creating account: %s\n", account));
@@ -1407,11 +1415,12 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
}
DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n",
- sid_string_dbg(&user_sid), account));
+ dom_sid_str_buf(&user_sid, &buf),
+ account));
if (!pdb_getsampwsid(sam_account, &user_sid)) {
sam_account_from_object(sam_account, cur);
DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n",
- sid_string_dbg(&user_sid),
+ dom_sid_str_buf(&user_sid, &buf),
pdb_get_username(sam_account)));
if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) {
DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
@@ -1422,7 +1431,7 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
} else {
sam_account_from_object(sam_account, cur);
DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n",
- sid_string_dbg(&user_sid),
+ dom_sid_str_buf(&user_sid, &buf),
pdb_get_username(sam_account)));
if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) {
DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
@@ -1452,7 +1461,7 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
if (!(grp = getgrgid(map->gid))) {
DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
(unsigned long)map->gid, pdb_get_username(sam_account),
- sid_string_dbg(&group_sid)));
+ dom_sid_str_buf(&group_sid, &buf)));
} else {
smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
}
--
2.11.0
From d9d9927217fcfe87459f3d60ce3fff5ed7509773 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 13 Dec 2018 22:23:30 +0100
Subject: [PATCH 16/21] wkssvc: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/wkssvc/srv_wkssvc_nt.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
index 82f5b972d74..f661833abe2 100644
--- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
+++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
@@ -345,6 +345,8 @@ static struct wkssvc_NetWkstaInfo102 *create_wks_info_102(TALLOC_CTX *mem_ctx)
WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
struct wkssvc_NetWkstaGetInfo *r)
{
+ struct dom_sid_buf buf;
+
switch (r->in.level) {
case 100:
/* Level 100 can be allowed from anyone including anonymous
@@ -362,8 +364,9 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
"101\n"));
DEBUGADD(3,(" - does not have sid for Authenticated "
"Users %s:\n",
- sid_string_dbg(
- &global_sid_Authenticated_Users)));
+ dom_sid_str_buf(
+ &global_sid_Authenticated_Users,
+ &buf)));
security_token_debug(DBGC_CLASS, 3,
p->session_info->security_token);
return WERR_ACCESS_DENIED;
@@ -381,7 +384,9 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
"102\n"));
DEBUGADD(3,(" - does not have sid for Administrators "
"group %s, sids are:\n",
- sid_string_dbg(&global_sid_Builtin_Administrators)));
+ dom_sid_str_buf(
+ &global_sid_Builtin_Administrators,
+ &buf)));
security_token_debug(DBGC_CLASS, 3,
p->session_info->security_token);
return WERR_ACCESS_DENIED;
@@ -563,10 +568,13 @@ WERROR _wkssvc_NetWkstaEnumUsers(struct pipes_struct *p,
/* This with any level should only be allowed from a domain administrator */
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
p->session_info->security_token)) {
+ struct dom_sid_buf buf;
DEBUG(1,("User not allowed for NetWkstaEnumUsers\n"));
DEBUGADD(3,(" - does not have sid for Administrators group "
- "%s\n", sid_string_dbg(
- &global_sid_Builtin_Administrators)));
+ "%s\n",
+ dom_sid_str_buf(
+ &global_sid_Builtin_Administrators,
+ &buf)));
security_token_debug(DBGC_CLASS, 3, p->session_info->security_token);
return WERR_ACCESS_DENIED;
}
--
2.11.0
From 7caa721b37c32d4309663203b136c7448901d22f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 14 Dec 2018 21:09:51 +0100
Subject: [PATCH 17/21] winbindd: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap_ad.c | 5 +++--
source3/winbindd/idmap_autorid.c | 22 ++++++++++++++--------
source3/winbindd/idmap_hash/idmap_hash.c | 3 ++-
source3/winbindd/idmap_ldap.c | 16 ++++++++++++----
source3/winbindd/idmap_rid.c | 3 ++-
source3/winbindd/idmap_rw.c | 6 ++++--
source3/winbindd/wb_lookupsid.c | 3 ++-
source3/winbindd/wb_xids2sids.c | 5 ++++-
source3/winbindd/winbindd_ads.c | 26 +++++++++++++++++---------
source3/winbindd/winbindd_cache.c | 10 +++++-----
source3/winbindd/winbindd_dual_srv.c | 4 +++-
source3/winbindd/winbindd_getgrgid.c | 4 +++-
source3/winbindd/winbindd_getgrnam.c | 5 ++++-
source3/winbindd/winbindd_getgroups.c | 4 +++-
source3/winbindd/winbindd_getpwnam.c | 5 ++++-
source3/winbindd/winbindd_getpwsid.c | 4 +++-
source3/winbindd/winbindd_getpwuid.c | 4 +++-
source3/winbindd/winbindd_getusersids.c | 5 +++--
source3/winbindd/winbindd_irpc.c | 7 +++++--
source3/winbindd/winbindd_lookuprids.c | 3 ++-
source3/winbindd/winbindd_lookupsid.c | 4 +++-
source3/winbindd/winbindd_msrpc.c | 13 +++++++++----
source3/winbindd/winbindd_pam.c | 9 ++++++---
source3/winbindd/winbindd_samr.c | 8 ++++++--
source3/winbindd/winbindd_util.c | 10 +++++++---
25 files changed, 129 insertions(+), 59 deletions(-)
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 9e6510f43d3..a93c61f54d1 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -847,6 +847,7 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom,
bool ok;
uint64_t account_type, xid;
enum id_type type;
+ struct dom_sid_buf buf;
if (tldap_msg_type(msg) != TLDAP_RES_SEARCH_ENTRY) {
continue;
@@ -872,7 +873,6 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom,
}
}
if (map == NULL) {
- struct dom_sid_buf buf;
DBG_DEBUG("Got unexpected sid %s from object %s\n",
dom_sid_str_buf(&sid, &buf),
dn);
@@ -915,7 +915,8 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom,
map->xid.id = xid;
map->status = ID_MAPPED;
- DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_dbg(map->sid),
+ DEBUG(10, ("Mapped %s -> %lu (%d)\n",
+ dom_sid_str_buf(map->sid, &buf),
(unsigned long)map->xid.id, map->xid.type));
}
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index cb7dcba1a5f..6e38a57805b 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -453,6 +453,7 @@ static NTSTATUS idmap_autorid_sid_to_id_alloc_action(
ctx = (struct idmap_autorid_sid_to_id_alloc_ctx *)private_data;
if (idmap_autorid_sid_is_special(ctx->map->sid)) {
+ struct dom_sid_buf buf;
NTSTATUS ret;
ret = idmap_autorid_sid_to_id_special(ctx->dom, ctx->map);
@@ -465,7 +466,7 @@ static NTSTATUS idmap_autorid_sid_to_id_alloc_action(
DEBUG(10, ("Sepecial sid %s not mapped. falling back to "
"regular allocation\n",
- sid_string_dbg(ctx->map->sid)));
+ dom_sid_str_buf(ctx->map->sid, &buf)));
}
return idmap_tdb_common_new_mapping(ctx->dom, ctx->map);
@@ -481,6 +482,7 @@ static NTSTATUS idmap_autorid_sid_to_id_alloc(
{
NTSTATUS ret;
struct idmap_autorid_sid_to_id_alloc_ctx alloc_ctx;
+ struct dom_sid_buf buf;
map->status = ID_UNKNOWN;
@@ -495,19 +497,21 @@ static NTSTATUS idmap_autorid_sid_to_id_alloc(
/* bad things happened */
if (!NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
DEBUG(1, ("Looking up SID->ID mapping for %s failed: %s\n",
- sid_string_dbg(map->sid), nt_errstr(ret)));
+ dom_sid_str_buf(map->sid, &buf),
+ nt_errstr(ret)));
return ret;
}
if (dom->read_only) {
DEBUG(3, ("Not allocating new mapping for %s, because backend "
- "is read-only\n", sid_string_dbg(map->sid)));
+ "is read-only\n",
+ dom_sid_str_buf(map->sid, &buf)));
map->status = ID_UNMAPPED;
return NT_STATUS_NONE_MAPPED;
}
DEBUG(10, ("Creating new mapping in pool for %s\n",
- sid_string_dbg(map->sid)));
+ dom_sid_str_buf(map->sid, &buf)));
alloc_ctx.dom = dom;
alloc_ctx.map = map;
@@ -546,25 +550,26 @@ static NTSTATUS idmap_autorid_sid_to_id(struct idmap_tdb_common_context *common,
struct autorid_range_config range;
uint32_t rid;
struct dom_sid domainsid;
+ struct dom_sid_buf buf;
NTSTATUS ret;
ZERO_STRUCT(range);
map->status = ID_UNKNOWN;
- DEBUG(10, ("Trying to map %s\n", sid_string_dbg(map->sid)));
+ DEBUG(10, ("Trying to map %s\n", dom_sid_str_buf(map->sid, &buf)));
sid_copy(&domainsid, map->sid);
if (!sid_split_rid(&domainsid, &rid)) {
DEBUG(4, ("Could not determine domain SID from %s, "
"ignoring mapping request\n",
- sid_string_dbg(map->sid)));
+ dom_sid_str_buf(map->sid, &buf)));
map->status = ID_UNMAPPED;
return NT_STATUS_NONE_MAPPED;
}
if (idmap_autorid_domsid_is_for_alloc(&domainsid)) {
DEBUG(10, ("SID %s is for ALLOC range.\n",
- sid_string_dbg(map->sid)));
+ dom_sid_str_buf(map->sid, &buf)));
return idmap_autorid_sid_to_id_alloc(common, dom, map);
}
@@ -709,9 +714,10 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom,
ret = idmap_autorid_sid_to_id(commoncfg, dom, ids[i]);
if ((!NT_STATUS_IS_OK(ret)) &&
(!NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED))) {
+ struct dom_sid_buf buf;
/* some fatal error occurred, log it */
DEBUG(3, ("Unexpected error resolving a SID (%s)\n",
- sid_string_dbg(ids[i]->sid)));
+ dom_sid_str_buf(ids[i]->sid, &buf)));
return ret;
}
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c
index 0f4b0b8b064..1747b7c56c1 100644
--- a/source3/winbindd/idmap_hash/idmap_hash.c
+++ b/source3/winbindd/idmap_hash/idmap_hash.c
@@ -144,6 +144,7 @@ static NTSTATUS idmap_hash_initialize(struct idmap_domain *dom)
/* create the hash table of domain SIDs */
for (i=0; i<num_domains; i++) {
+ struct dom_sid_buf buf;
uint32_t hash;
if (is_null_sid(&dom_list[i].sid))
@@ -166,7 +167,7 @@ static NTSTATUS idmap_hash_initialize(struct idmap_domain *dom)
DBG_INFO("Adding %s (%s) -> %d\n",
dom_list[i].domain_name,
- sid_string_dbg(&dom_list[i].sid),
+ dom_sid_str_buf(&dom_list[i].sid, &buf),
hash);
hashed_domains[hash].sid = talloc(hashed_domains, struct dom_sid);
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index b8665234325..17cc7404f12 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -724,6 +724,7 @@ again:
enum id_type type;
struct id_map *map;
uint32_t id;
+ struct dom_sid_buf buf;
if (i == 0) { /* first entry */
entry = ldap_first_entry(
@@ -797,7 +798,10 @@ again:
DEBUG(1, ("WARNING: duplicate %s mapping in LDAP. "
"overwriting mapping %u -> %s with %u -> %s\n",
(type == ID_TYPE_UID) ? "UID" : "GID",
- id, sid_string_dbg(map->sid), id, sidstr));
+ id,
+ dom_sid_str_buf(map->sid, &buf),
+ id,
+ sidstr));
}
TALLOC_FREE(sidstr);
@@ -805,7 +809,8 @@ again:
/* mapped */
map->status = ID_MAPPED;
- DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_dbg(map->sid),
+ DEBUG(10, ("Mapped %s -> %lu (%d)\n",
+ dom_sid_str_buf(map->sid, &buf),
(unsigned long)map->xid.id, map->xid.type));
}
@@ -940,6 +945,7 @@ again:
enum id_type type;
struct id_map *map;
struct dom_sid sid;
+ struct dom_sid_buf buf;
uint32_t id;
if (i == 0) { /* first entry */
@@ -1024,8 +1030,10 @@ again:
map->xid.id = id;
map->status = ID_MAPPED;
- DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_dbg(map->sid),
- (unsigned long)map->xid.id, map->xid.type));
+ DEBUG(10, ("Mapped %s -> %lu (%d)\n",
+ dom_sid_str_buf(map->sid, &buf),
+ (unsigned long)map->xid.id,
+ map->xid.type));
}
/* free the ldap results */
diff --git a/source3/winbindd/idmap_rid.c b/source3/winbindd/idmap_rid.c
index b066ba3c50f..e5bb1fa856c 100644
--- a/source3/winbindd/idmap_rid.c
+++ b/source3/winbindd/idmap_rid.c
@@ -158,9 +158,10 @@ static NTSTATUS idmap_rid_sids_to_unixids(struct idmap_domain *dom, struct id_ma
if (( ! NT_STATUS_IS_OK(ret)) &&
( ! NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED))) {
+ struct dom_sid_buf buf;
/* some fatal error occurred, log it */
DEBUG(3, ("Unexpected error resolving a SID (%s)\n",
- sid_string_dbg(ids[i]->sid)));
+ dom_sid_str_buf(ids[i]->sid, &buf)));
}
}
diff --git a/source3/winbindd/idmap_rw.c b/source3/winbindd/idmap_rw.c
index f0f06f9f667..700a946fc62 100644
--- a/source3/winbindd/idmap_rw.c
+++ b/source3/winbindd/idmap_rw.c
@@ -23,6 +23,7 @@
#include "winbindd.h"
#include "idmap.h"
#include "idmap_rw.h"
+#include "libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
@@ -31,6 +32,7 @@ NTSTATUS idmap_rw_new_mapping(struct idmap_domain *dom,
struct idmap_rw_ops *ops,
struct id_map *map)
{
+ struct dom_sid_buf buf;
NTSTATUS status;
if (map == NULL) {
@@ -53,7 +55,7 @@ NTSTATUS idmap_rw_new_mapping(struct idmap_domain *dom,
}
DEBUG(10, ("Setting mapping: %s <-> %s %lu\n",
- sid_string_dbg(map->sid),
+ dom_sid_str_buf(map->sid, &buf),
(map->xid.type == ID_TYPE_UID) ? "UID" : "GID",
(unsigned long)map->xid.id));
@@ -63,7 +65,7 @@ NTSTATUS idmap_rw_new_mapping(struct idmap_domain *dom,
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
struct id_map *ids[2];
DEBUG(5, ("Mapping for %s exists - retrying to map sid\n",
- sid_string_dbg(map->sid)));
+ dom_sid_str_buf(map->sid, &buf)));
ids[0] = map;
ids[1] = NULL;
status = dom->methods->sids_to_unixids(dom, ids);
diff --git a/source3/winbindd/wb_lookupsid.c b/source3/winbindd/wb_lookupsid.c
index 8873ebb42ce..3db4e326659 100644
--- a/source3/winbindd/wb_lookupsid.c
+++ b/source3/winbindd/wb_lookupsid.c
@@ -49,8 +49,9 @@ struct tevent_req *wb_lookupsid_send(TALLOC_CTX *mem_ctx,
state->lookup_domain = find_lookup_domain_from_sid(sid);
if (state->lookup_domain == NULL) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not find domain for sid %s\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
return tevent_req_post(req, ev);
}
diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index 0d21e55c25d..fa4ba983720 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -221,9 +221,12 @@ static void wb_xids2sids_init_dom_maps_lookupname_done(
}
if (type != SID_NAME_DOMAIN) {
+ struct dom_sid_buf buf;
+
DBG_WARNING("SID %s for idmap domain name '%s' "
"not a domain SID\n",
- sid_string_dbg(&dom_maps[state->dom_idx].sid),
+ dom_sid_str_buf(&dom_maps[state->dom_idx].sid,
+ &buf),
dom_maps[state->dom_idx].name);
ZERO_STRUCT(dom_maps[state->dom_idx].sid);
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index b350bf0c565..4076f8227cb 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -835,6 +835,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
uint32_t primary_group_rid;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
uint32_t num_groups = 0;
+ struct dom_sid_buf buf;
DEBUG(3,("ads: lookup_usergroups\n"));
*p_num_groups = 0;
@@ -867,7 +868,9 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
if (!ADS_ERR_OK(rc)) {
status = ads_ntstatus(rc);
DEBUG(1, ("lookup_usergroups(sid=%s) ads_search tokenGroups: "
- "%s\n", sid_string_dbg(sid), ads_errstr(rc)));
+ "%s\n",
+ dom_sid_str_buf(sid, &buf),
+ ads_errstr(rc)));
goto done;
}
@@ -876,13 +879,14 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
status = NT_STATUS_UNSUCCESSFUL;
DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: "
"invalid number of results (count=%d)\n",
- sid_string_dbg(sid), count));
+ dom_sid_str_buf(sid, &buf),
+ count));
goto done;
}
if (!msg) {
DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: NULL msg\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
status = NT_STATUS_UNSUCCESSFUL;
goto done;
}
@@ -895,7 +899,8 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
if (!ads_pull_uint32(ads, msg, "primaryGroupID", &primary_group_rid)) {
DEBUG(1,("%s: No primary group for sid=%s !?\n",
- domain->name, sid_string_dbg(sid)));
+ domain->name,
+ dom_sid_str_buf(sid, &buf)));
goto done;
}
@@ -961,7 +966,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
status = (*user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
DEBUG(3,("ads lookup_usergroups (tokenGroups) succeeded for sid=%s\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
done:
TALLOC_FREE(user_dn);
ads_msgfree(ads, msg);
@@ -1085,9 +1090,10 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
uint32_t num_nocache = 0;
TALLOC_CTX *tmp_ctx = NULL;
uint32_t rid;
+ struct dom_sid_buf buf;
DEBUG(10,("ads: lookup_groupmem %s sid=%s\n", domain->name,
- sid_string_dbg(group_sid)));
+ dom_sid_str_buf(group_sid, &buf)));
*num_names = 0;
@@ -1213,7 +1219,8 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
if (lookup_cached_sid(mem_ctx, &sid, &domain_name, &name,
&name_type)) {
DEBUG(10,("ads: lookup_groupmem: got sid %s from "
- "cache\n", sid_string_dbg(&sid)));
+ "cache\n",
+ dom_sid_str_buf(&sid, &buf)));
sid_copy(&(*sid_mem)[*num_names], &sid);
(*names)[*num_names] = fill_domain_username_talloc(
*names,
@@ -1226,7 +1233,8 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
}
else {
DEBUG(10, ("ads: lookup_groupmem: sid %s not found in "
- "cache\n", sid_string_dbg(&sid)));
+ "cache\n",
+ dom_sid_str_buf(&sid, &buf)));
sid_copy(&(sid_mem_nocache)[num_nocache], &sid);
num_nocache++;
}
@@ -1302,7 +1310,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
status = NT_STATUS_OK;
DEBUG(3,("ads lookup_groupmem for sid=%s succeeded\n",
- sid_string_dbg(group_sid)));
+ dom_sid_str_buf(group_sid, &buf)));
done:
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 0ca683e8d9d..c686089d517 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1280,7 +1280,7 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
struct cache_entry *centry = NULL;
NTSTATUS status;
uint32_t rid;
- struct dom_sid_buf tmp;
+ struct dom_sid_buf sidstr;
if (!cache->tdb) {
return NT_STATUS_INTERNAL_DB_ERROR;
@@ -1298,10 +1298,10 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
fall back to an unsalted cred. */
centry = wcache_fetch(cache, domain, "CRED/%s",
- dom_sid_str_buf(sid, &tmp));
+ dom_sid_str_buf(sid, &sidstr));
if (!centry) {
DEBUG(10,("wcache_get_creds: entry for [CRED/%s] not found\n",
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &sidstr)));
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
@@ -1319,7 +1319,6 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
*cached_nt_pass = (const uint8_t *)centry_hash16(centry, mem_ctx);
if (*cached_nt_pass == NULL) {
- struct dom_sid_buf sidstr;
dom_sid_str_buf(sid, &sidstr);
@@ -1347,7 +1346,8 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
status = centry->status;
DEBUG(10,("wcache_get_creds: [Cached] - cached creds for user %s status: %s\n",
- sid_string_dbg(sid), nt_errstr(status) ));
+ dom_sid_str_buf(sid, &sidstr),
+ nt_errstr(status) ));
centry_free(centry);
return status;
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index e912cba7a41..62224bf313e 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -167,8 +167,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
dom = idmap_find_domain_with_sid(d->name.string, d->sid);
if (dom == NULL) {
+ struct dom_sid_buf buf;
DEBUG(10, ("idmap domain %s:%s not found\n",
- d->name.string, sid_string_dbg(d->sid)));
+ d->name.string,
+ dom_sid_str_buf(d->sid, &buf)));
for (i=0; i<num_ids; i++) {
diff --git a/source3/winbindd/winbindd_getgrgid.c b/source3/winbindd/winbindd_getgrgid.c
index 49a24dee7a4..aa99e6e2561 100644
--- a/source3/winbindd/winbindd_getgrgid.c
+++ b/source3/winbindd/winbindd_getgrgid.c
@@ -115,8 +115,10 @@ NTSTATUS winbindd_getgrgid_recv(struct tevent_req *req,
char *buf;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf sidbuf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(state->sid), nt_errstr(status)));
+ dom_sid_str_buf(state->sid, &sidbuf),
+ nt_errstr(status)));
return status;
}
diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c
index db53848055a..d43fc3042b5 100644
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "winbindd.h"
+#include "libcli/security/dom_sid.h"
struct winbindd_getgrnam_state {
struct tevent_context *ev;
@@ -168,8 +169,10 @@ NTSTATUS winbindd_getgrnam_recv(struct tevent_req *req,
char *buf;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf sidbuf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &sidbuf),
+ nt_errstr(status)));
return status;
}
diff --git a/source3/winbindd/winbindd_getgroups.c b/source3/winbindd/winbindd_getgroups.c
index 39a8c3556cf..63206c28134 100644
--- a/source3/winbindd/winbindd_getgroups.c
+++ b/source3/winbindd/winbindd_getgroups.c
@@ -246,8 +246,10 @@ NTSTATUS winbindd_getgroups_recv(struct tevent_req *req,
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &buf),
+ nt_errstr(status)));
return status;
}
diff --git a/source3/winbindd/winbindd_getpwnam.c b/source3/winbindd/winbindd_getpwnam.c
index 63274cab5a0..6f49ea9b356 100644
--- a/source3/winbindd/winbindd_getpwnam.c
+++ b/source3/winbindd/winbindd_getpwnam.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "winbindd.h"
#include "passdb/lookup_sid.h" /* only for LOOKUP_NAME_NO_NSS flag */
+#include "libcli/security/dom_sid.h"
struct winbindd_getpwnam_state {
struct tevent_context *ev;
@@ -136,8 +137,10 @@ NTSTATUS winbindd_getpwnam_recv(struct tevent_req *req,
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &buf),
+ nt_errstr(status)));
return status;
}
response->data.pw = state->pw;
diff --git a/source3/winbindd/winbindd_getpwsid.c b/source3/winbindd/winbindd_getpwsid.c
index f12d5296004..adf287fb478 100644
--- a/source3/winbindd/winbindd_getpwsid.c
+++ b/source3/winbindd/winbindd_getpwsid.c
@@ -87,8 +87,10 @@ NTSTATUS winbindd_getpwsid_recv(struct tevent_req *req,
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &buf),
+ nt_errstr(status)));
return status;
}
response->data.pw = state->pw;
diff --git a/source3/winbindd/winbindd_getpwuid.c b/source3/winbindd/winbindd_getpwuid.c
index 319f2f71ad9..937c214e936 100644
--- a/source3/winbindd/winbindd_getpwuid.c
+++ b/source3/winbindd/winbindd_getpwuid.c
@@ -110,8 +110,10 @@ NTSTATUS winbindd_getpwuid_recv(struct tevent_req *req,
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(state->sid), nt_errstr(status)));
+ dom_sid_str_buf(state->sid, &buf),
+ nt_errstr(status)));
return status;
}
response->data.pw = state->pw;
diff --git a/source3/winbindd/winbindd_getusersids.c b/source3/winbindd/winbindd_getusersids.c
index 9a6a24107b9..3924d4933e5 100644
--- a/source3/winbindd/winbindd_getusersids.c
+++ b/source3/winbindd/winbindd_getusersids.c
@@ -88,13 +88,15 @@ NTSTATUS winbindd_getusersids_recv(struct tevent_req *req,
{
struct winbindd_getusersids_state *state = tevent_req_data(
req, struct winbindd_getusersids_state);
+ struct dom_sid_buf sidbuf;
NTSTATUS status;
int i;
char *result;
if (tevent_req_is_nterror(req, &status)) {
DEBUG(5, ("Could not convert sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &sidbuf),
+ nt_errstr(status)));
return status;
}
@@ -104,7 +106,6 @@ NTSTATUS winbindd_getusersids_recv(struct tevent_req *req,
}
for (i=0; i<state->num_sids; i++) {
- struct dom_sid_buf sidbuf;
result = talloc_asprintf_append_buffer(
result,
"%s\n",
diff --git a/source3/winbindd/winbindd_irpc.c b/source3/winbindd/winbindd_irpc.c
index 2ac4f9bc422..8cbb0b93086 100644
--- a/source3/winbindd/winbindd_irpc.c
+++ b/source3/winbindd/winbindd_irpc.c
@@ -602,6 +602,7 @@ static void wb_irpc_lsa_LookupNames4_done(struct tevent_req *subreq)
struct wb_irpc_lsa_LookupNames4_state *state =
talloc_get_type_abort(nstate->state,
struct wb_irpc_lsa_LookupNames4_state);
+ struct dom_sid_buf buf;
NTSTATUS status;
SMB_ASSERT(state->num_pending > 0);
@@ -619,7 +620,8 @@ static void wb_irpc_lsa_LookupNames4_done(struct tevent_req *subreq)
&nstate->authority_sid, NULL);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("dom_sid_split_rid(%s) failed - %s\n",
- sid_string_dbg(&nstate->sid), nt_errstr(status));
+ dom_sid_str_buf(&nstate->sid, &buf),
+ nt_errstr(status));
irpc_send_reply(state->msg, status);
return;
}
@@ -630,7 +632,8 @@ static void wb_irpc_lsa_LookupNames4_done(struct tevent_req *subreq)
&state->num_domain_sids);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("add_sid_to_array_unique(%s) failed - %s\n",
- sid_string_dbg(nstate->authority_sid), nt_errstr(status));
+ dom_sid_str_buf(nstate->authority_sid, &buf),
+ nt_errstr(status));
irpc_send_reply(state->msg, status);
return;
}
diff --git a/source3/winbindd/winbindd_lookuprids.c b/source3/winbindd/winbindd_lookuprids.c
index ed5d951e7de..1e80b78a92e 100644
--- a/source3/winbindd/winbindd_lookuprids.c
+++ b/source3/winbindd/winbindd_lookuprids.c
@@ -64,8 +64,9 @@ struct tevent_req *winbindd_lookuprids_send(TALLOC_CTX *mem_ctx,
domain = find_lookup_domain_from_sid(&state->domain_sid);
if (domain == NULL) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Domain for sid %s not found\n",
- sid_string_dbg(&state->domain_sid)));
+ dom_sid_str_buf(&state->domain_sid, &buf)));
tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN);
return tevent_req_post(req, ev);
}
diff --git a/source3/winbindd/winbindd_lookupsid.c b/source3/winbindd/winbindd_lookupsid.c
index 6c76afb0b0d..e1e35232c2e 100644
--- a/source3/winbindd/winbindd_lookupsid.c
+++ b/source3/winbindd/winbindd_lookupsid.c
@@ -89,8 +89,10 @@ NTSTATUS winbindd_lookupsid_recv(struct tevent_req *req,
NTSTATUS status;
if (tevent_req_is_nterror(req, &status)) {
+ struct dom_sid_buf buf;
DEBUG(5, ("Could not lookup sid %s: %s\n",
- sid_string_dbg(&state->sid), nt_errstr(status)));
+ dom_sid_str_buf(&state->sid, &buf),
+ nt_errstr(status)));
return status;
}
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index eb400f0ebf3..203fbc6b56a 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -289,9 +289,11 @@ static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
NTSTATUS result;
NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
char *mapped_name = NULL;
+ struct dom_sid_buf buf;
- DEBUG(3, ("msrpc_sid_to_name: %s for domain %s\n", sid_string_dbg(sid),
- domain->name ));
+ DEBUG(3, ("msrpc_sid_to_name: %s for domain %s\n",
+ dom_sid_str_buf(sid, &buf),
+ domain->name));
result = winbindd_lookup_sids(mem_ctx,
domain,
@@ -403,11 +405,13 @@ static NTSTATUS msrpc_lookup_usergroups(struct winbindd_domain *domain,
struct rpc_pipe_client *samr_pipe;
struct policy_handle dom_pol;
struct dom_sid *user_grpsids = NULL;
+ struct dom_sid_buf buf;
uint32_t num_groups = 0;
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
- DEBUG(3,("msrpc_lookup_usergroups sid=%s\n", sid_string_dbg(user_sid)));
+ DEBUG(3,("msrpc_lookup_usergroups sid=%s\n",
+ dom_sid_str_buf(user_sid, &buf)));
*pnum_groups = 0;
@@ -549,9 +553,10 @@ static NTSTATUS msrpc_lookup_groupmem(struct winbindd_domain *domain,
unsigned int orig_timeout;
struct samr_RidAttrArray *rids = NULL;
struct dcerpc_binding_handle *b;
+ struct dom_sid_buf buf;
DEBUG(3,("msrpc_lookup_groupmem: %s sid=%s\n", domain->name,
- sid_string_dbg(group_sid)));
+ dom_sid_str_buf(group_sid, &buf)));
if ( !winbindd_can_contact_domain( domain ) ) {
DEBUG(10,("lookup_groupmem: No incoming trust for domain %s\n",
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index a82046a0040..b81f2722c42 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -375,8 +375,10 @@ static NTSTATUS check_info3_in_group(struct netr_SamInfo3 *info3,
security_token_debug(DBGC_CLASS, 10, token);
for (i=0; i<num_require_membership_of_sid; i++) {
- DEBUG(10, ("Checking SID %s\n", sid_string_dbg(
- &require_membership_of_sid[i])));
+ struct dom_sid_buf buf;
+ DEBUG(10, ("Checking SID %s\n",
+ dom_sid_str_buf(&require_membership_of_sid[i],
+ &buf)));
if (nt_token_check_sid(&require_membership_of_sid[i],
token)) {
DEBUG(10, ("Access ok\n"));
@@ -3046,6 +3048,7 @@ NTSTATUS winbindd_pam_auth_pac_verify(struct winbindd_cli_state *state,
info3_copy->base.logon_domain.string);
if (domain && domain->primary ) {
struct dom_sid user_sid;
+ struct dom_sid_buf buf;
sid_compose(&user_sid,
info3_copy->base.domain_sid,
@@ -3060,7 +3063,7 @@ NTSTATUS winbindd_pam_auth_pac_verify(struct winbindd_cli_state *state,
DBG_INFO("PAC for user %s\\%s SID %s primed cache\n",
info3_copy->base.logon_domain.string,
info3_copy->base.account_name.string,
- sid_string_dbg(&user_sid));
+ dom_sid_str_buf(&user_sid, &buf));
}
}
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index 31720d54997..3727e8fa39f 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -668,8 +668,10 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain,
!sid_check_is_in_unix_groups(sid) &&
!sid_check_is_unix_groups(sid) &&
!sid_check_is_in_wellknown_domain(sid)) {
+ struct dom_sid_buf buf;
DEBUG(0, ("sam_sid_to_name: possible deadlock - trying to "
- "lookup SID %s\n", sid_string_dbg(sid)));
+ "lookup SID %s\n",
+ dom_sid_str_buf(sid, &buf)));
return NT_STATUS_NONE_MAPPED;
}
@@ -746,8 +748,10 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
!sid_check_is_unix_users(domain_sid) &&
!sid_check_is_unix_groups(domain_sid) &&
!sid_check_is_in_wellknown_domain(domain_sid)) {
+ struct dom_sid_buf buf;
DEBUG(0, ("sam_rids_to_names: possible deadlock - trying to "
- "lookup SID %s\n", sid_string_dbg(domain_sid)));
+ "lookup SID %s\n",
+ dom_sid_str_buf(domain_sid, &buf)));
return NT_STATUS_NONE_MAPPED;
}
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 75d2f31b55f..d266eb3048e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -126,6 +126,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
const char **ignored_domains = NULL;
const char **dom = NULL;
int role = lp_server_role();
+ struct dom_sid_buf buf;
if (is_null_sid(sid)) {
DBG_ERR("Got null SID for domain [%s]\n", domain_name);
@@ -169,7 +170,8 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
if (check_domain != NULL) {
DBG_ERR("SID [%s] already used by domain [%s], "
"expected [%s]\n",
- sid_string_dbg(sid), check_domain->name,
+ dom_sid_str_buf(sid, &buf),
+ check_domain->name,
domain->name);
return NT_STATUS_INVALID_PARAMETER;
}
@@ -292,7 +294,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
DBG_NOTICE("Added domain [%s] [%s] [%s]\n",
domain->name, domain->alt_name,
- sid_string_dbg(&domain->sid));
+ dom_sid_str_buf(&domain->sid, &buf));
*_d = domain;
return NT_STATUS_OK;
@@ -1455,7 +1457,9 @@ struct winbindd_domain *find_default_route_domain(void)
struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
{
- DBG_DEBUG("SID [%s]\n", sid_string_dbg(sid));
+ struct dom_sid_buf buf;
+
+ DBG_DEBUG("SID [%s]\n", dom_sid_str_buf(sid, &buf));
/*
* SIDs in the S-1-22-{1,2} domain and well-known SIDs should be handled
--
2.11.0
From f021c5798e901d1d8c69573d7522442e1ba6d192 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 14 Dec 2018 21:44:49 +0100
Subject: [PATCH 18/21] spoolss: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/spoolss/srv_spoolss_nt.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 024f19a73aa..f32b465afb6 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -6240,6 +6240,7 @@ static WERROR update_printer_sec(struct policy_handle *handle,
}
if (DEBUGLEVEL >= 10) {
+ struct dom_sid_buf buf;
struct security_acl *the_acl;
int i;
@@ -6248,8 +6249,10 @@ static WERROR update_printer_sec(struct policy_handle *handle,
printer, the_acl->num_aces));
for (i = 0; i < the_acl->num_aces; i++) {
- DEBUG(10, ("%s 0x%08x\n", sid_string_dbg(
- &the_acl->aces[i].trustee),
+ DEBUG(10, ("%s 0x%08x\n",
+ dom_sid_str_buf(
+ &the_acl->aces[i].trustee,
+ &buf),
the_acl->aces[i].access_mask));
}
@@ -6260,8 +6263,10 @@ static WERROR update_printer_sec(struct policy_handle *handle,
printer, the_acl->num_aces));
for (i = 0; i < the_acl->num_aces; i++) {
- DEBUG(10, ("%s 0x%08x\n", sid_string_dbg(
- &the_acl->aces[i].trustee),
+ DEBUG(10, ("%s 0x%08x\n",
+ dom_sid_str_buf(
+ &the_acl->aces[i].trustee,
+ &buf),
the_acl->aces[i].access_mask));
}
} else {
--
2.11.0
From b854566dce5871323af9d3e6472e2a353ab3db63 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 14 Dec 2018 21:48:48 +0100
Subject: [PATCH 19/21] lsasrv: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/lsa/srv_lsa_nt.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index f61efbb9fc8..57bfc596005 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -2937,6 +2937,7 @@ NTSTATUS _lsa_EnumPrivsAccount(struct pipes_struct *p,
struct lsa_info *info=NULL;
PRIVILEGE_SET *privileges;
struct lsa_PrivilegeSet *priv_set = NULL;
+ struct dom_sid_buf buf;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
@@ -2960,7 +2961,7 @@ NTSTATUS _lsa_EnumPrivsAccount(struct pipes_struct *p,
}
DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n",
- sid_string_dbg(&info->sid),
+ dom_sid_str_buf(&info->sid, &buf),
privileges->count));
priv_set->count = privileges->count;
@@ -3093,8 +3094,9 @@ NTSTATUS _lsa_AddPrivilegesToAccount(struct pipes_struct *p,
set = r->in.privs;
if ( !grant_privilege_set( &info->sid, set ) ) {
+ struct dom_sid_buf buf;
DEBUG(3,("_lsa_AddPrivilegesToAccount: grant_privilege_set(%s) failed!\n",
- sid_string_dbg(&info->sid) ));
+ dom_sid_str_buf(&info->sid, &buf)));
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
@@ -3127,8 +3129,9 @@ NTSTATUS _lsa_RemovePrivilegesFromAccount(struct pipes_struct *p,
set = r->in.privs;
if ( !revoke_privilege_set( &info->sid, set) ) {
+ struct dom_sid_buf buf;
DEBUG(3,("_lsa_RemovePrivilegesFromAccount: revoke_privilege(%s) failed!\n",
- sid_string_dbg(&info->sid) ));
+ dom_sid_str_buf(&info->sid, &buf)));
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
@@ -3424,6 +3427,7 @@ NTSTATUS _lsa_EnumAccountRights(struct pipes_struct *p,
NTSTATUS status;
struct lsa_info *info = NULL;
PRIVILEGE_SET *privileges;
+ struct dom_sid_buf buf;
/* find the connection policy handle. */
@@ -3451,7 +3455,8 @@ NTSTATUS _lsa_EnumAccountRights(struct pipes_struct *p,
}
DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n",
- sid_string_dbg(r->in.sid), privileges->count));
+ dom_sid_str_buf(r->in.sid, &buf),
+ privileges->count));
status = init_lsa_right_set(p->mem_ctx, r->out.rights, privileges);
--
2.11.0
From c5993138d7b2fae6f2700177f2acd0f97dc0f863 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 14 Dec 2018 22:11:56 +0100
Subject: [PATCH 20/21] samr: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/samr/srv_samr_nt.c | 139 ++++++++++++++++++++++------------
1 file changed, 91 insertions(+), 48 deletions(-)
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 00497efc96e..70a2efa4ca6 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -258,8 +258,10 @@ static DISP_INFO *get_samr_dispinfo_by_sid(const struct dom_sid *psid)
static void free_samr_cache(DISP_INFO *disp_info)
{
+ struct dom_sid_buf buf;
+
DEBUG(10, ("free_samr_cache: deleting cache for SID %s\n",
- sid_string_dbg(&disp_info->sid)));
+ dom_sid_str_buf(&disp_info->sid, &buf)));
/* We need to become root here because the paged search might have to
* tell the LDAP server we're not interested in the rest anymore. */
@@ -299,12 +301,15 @@ static void disp_info_cache_idle_timeout_handler(struct tevent_context *ev_ctx,
static void set_disp_info_cache_timeout(DISP_INFO *disp_info, time_t secs_fromnow)
{
+ struct dom_sid_buf buf;
+
/* Remove any pending timeout and update. */
TALLOC_FREE(disp_info->cache_timeout_event);
DEBUG(10,("set_disp_info_cache_timeout: caching enumeration for "
- "SID %s for %u seconds\n", sid_string_dbg(&disp_info->sid),
+ "SID %s for %u seconds\n",
+ dom_sid_str_buf(&disp_info->sid, &buf),
(unsigned int)secs_fromnow ));
disp_info->cache_timeout_event = tevent_add_timer(
@@ -596,8 +601,9 @@ NTSTATUS _samr_SetSecurity(struct pipes_struct *p,
unbecome_root();
if (!ret) {
+ struct dom_sid_buf buf;
DEBUG(4, ("User %s not found\n",
- sid_string_dbg(&uinfo->sid)));
+ dom_sid_str_buf(&uinfo->sid, &buf)));
TALLOC_FREE(sampass);
return NT_STATUS_INVALID_HANDLE;
}
@@ -645,7 +651,9 @@ static bool check_change_pw_access(TALLOC_CTX *mem_ctx, struct dom_sid *user_sid
unbecome_root();
if (ret == False) {
- DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+ struct dom_sid_buf buf;
+ DEBUG(4,("User %s not found\n",
+ dom_sid_str_buf(user_sid, &buf)));
TALLOC_FREE(sampass);
return False;
}
@@ -675,6 +683,7 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p,
NTSTATUS status;
struct security_descriptor * psd = NULL;
size_t sd_size = 0;
+ struct dom_sid_buf buf;
(void)policy_handle_find(p, r->in.handle,
SEC_STD_READ_CONTROL, NULL,
@@ -691,7 +700,8 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p,
struct samr_domain_info, &status);
if (NT_STATUS_IS_OK(status)) {
DEBUG(5,("_samr_QuerySecurity: querying security on Domain "
- "with SID: %s\n", sid_string_dbg(&dinfo->sid)));
+ "with SID: %s\n",
+ dom_sid_str_buf(&dinfo->sid, &buf)));
/*
* TODO: Builtin probably needs a different SD with restricted
* write access
@@ -707,7 +717,7 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p,
if (NT_STATUS_IS_OK(status)) {
DEBUG(10,("_samr_QuerySecurity: querying security on user "
"Object with SID: %s\n",
- sid_string_dbg(&uinfo->sid)));
+ dom_sid_str_buf(&uinfo->sid, &buf)));
if (check_change_pw_access(p->mem_ctx, &uinfo->sid)) {
status = make_samr_object_sd(
p->mem_ctx, &psd, &sd_size,
@@ -732,7 +742,7 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p,
*/
DEBUG(10,("_samr_QuerySecurity: querying security on group "
"Object with SID: %s\n",
- sid_string_dbg(&ginfo->sid)));
+ dom_sid_str_buf(&ginfo->sid, &buf)));
status = make_samr_object_sd(
p->mem_ctx, &psd, &sd_size,
&usr_nopwchange_generic_mapping,
@@ -750,7 +760,7 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p,
*/
DEBUG(10,("_samr_QuerySecurity: querying security on alias "
"Object with SID: %s\n",
- sid_string_dbg(&ainfo->sid)));
+ dom_sid_str_buf(&ainfo->sid, &buf)));
status = make_samr_object_sd(
p->mem_ctx, &psd, &sd_size,
&usr_nopwchange_generic_mapping,
@@ -1045,6 +1055,7 @@ NTSTATUS _samr_EnumDomainAliases(struct pipes_struct *p,
uint32_t num_aliases = 0;
struct samr_SamArray *samr_array = NULL;
struct samr_SamEntry *samr_entries = NULL;
+ struct dom_sid_buf buf;
dinfo = policy_handle_find(p, r->in.domain_handle,
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, NULL,
@@ -1054,7 +1065,7 @@ NTSTATUS _samr_EnumDomainAliases(struct pipes_struct *p,
}
DEBUG(5,("_samr_EnumDomainAliases: sid %s\n",
- sid_string_dbg(&dinfo->sid)));
+ dom_sid_str_buf(&dinfo->sid, &buf)));
samr_array = talloc_zero(p->mem_ctx, struct samr_SamArray);
if (!samr_array) {
@@ -1640,6 +1651,7 @@ NTSTATUS _samr_LookupNames(struct pipes_struct *p,
int num_rids = r->in.num_names;
struct samr_Ids rids, types;
uint32_t num_mapped = 0;
+ struct dom_sid_buf buf;
DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
@@ -1662,7 +1674,7 @@ NTSTATUS _samr_LookupNames(struct pipes_struct *p,
NT_STATUS_HAVE_NO_MEMORY(type);
DEBUG(5,("_samr_LookupNames: looking name on SID %s\n",
- sid_string_dbg(&dinfo->sid)));
+ dom_sid_str_buf(&dinfo->sid, &buf)));
for (i = 0; i < num_rids; i++) {
@@ -2290,10 +2302,13 @@ static NTSTATUS get_user_info_1(TALLOC_CTX *mem_ctx,
unbecome_root();
if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
+ struct dom_sid_buf buf1, buf2;
+
DEBUG(0, ("get_user_info_1: User %s has Primary Group SID %s, \n"
"which conflicts with the domain sid %s. Failing operation.\n",
- pdb_get_username(pw), sid_string_dbg(sid_group),
- sid_string_dbg(domain_sid)));
+ pdb_get_username(pw),
+ dom_sid_str_buf(sid_group, &buf1),
+ dom_sid_str_buf(domain_sid, &buf2)));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -2333,14 +2348,16 @@ static NTSTATUS get_user_info_3(TALLOC_CTX *mem_ctx,
{
const struct dom_sid *sid_user, *sid_group;
uint32_t rid, primary_gid;
+ struct dom_sid_buf buf1, buf2;
sid_user = pdb_get_user_sid(pw);
if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) {
DEBUG(0, ("get_user_info_3: User %s has SID %s, \nwhich conflicts with "
"the domain sid %s. Failing operation.\n",
- pdb_get_username(pw), sid_string_dbg(sid_user),
- sid_string_dbg(domain_sid)));
+ pdb_get_username(pw),
+ dom_sid_str_buf(sid_user, &buf1),
+ dom_sid_str_buf(domain_sid, &buf2)));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -2351,8 +2368,9 @@ static NTSTATUS get_user_info_3(TALLOC_CTX *mem_ctx,
if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
DEBUG(0, ("get_user_info_3: User %s has Primary Group SID %s, \n"
"which conflicts with the domain sid %s. Failing operation.\n",
- pdb_get_username(pw), sid_string_dbg(sid_group),
- sid_string_dbg(domain_sid)));
+ pdb_get_username(pw),
+ dom_sid_str_buf(sid_group, &buf1),
+ dom_sid_str_buf(domain_sid, &buf2)));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -2404,14 +2422,16 @@ static NTSTATUS get_user_info_5(TALLOC_CTX *mem_ctx,
{
const struct dom_sid *sid_user, *sid_group;
uint32_t rid, primary_gid;
+ struct dom_sid_buf buf1, buf2;
sid_user = pdb_get_user_sid(pw);
if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) {
DEBUG(0, ("get_user_info_5: User %s has SID %s, \nwhich conflicts with "
"the domain sid %s. Failing operation.\n",
- pdb_get_username(pw), sid_string_dbg(sid_user),
- sid_string_dbg(domain_sid)));
+ pdb_get_username(pw),
+ dom_sid_str_buf(sid_user, &buf1),
+ dom_sid_str_buf(domain_sid, &buf2)));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -2422,8 +2442,9 @@ static NTSTATUS get_user_info_5(TALLOC_CTX *mem_ctx,
if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
DEBUG(0, ("get_user_info_5: User %s has Primary Group SID %s, \n"
"which conflicts with the domain sid %s. Failing operation.\n",
- pdb_get_username(pw), sid_string_dbg(sid_group),
- sid_string_dbg(domain_sid)));
+ pdb_get_username(pw),
+ dom_sid_str_buf(sid_group, &buf1),
+ dom_sid_str_buf(domain_sid, &buf2)));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -2636,7 +2657,9 @@ static NTSTATUS get_user_info_18(struct pipes_struct *p,
ret = pdb_getsampwsid(smbpass, user_sid);
if (ret == False) {
- DEBUG(4, ("User %s not found\n", sid_string_dbg(user_sid)));
+ struct dom_sid_buf buf;
+ DEBUG(4, ("User %s not found\n",
+ dom_sid_str_buf(user_sid, &buf)));
TALLOC_FREE(smbpass);
return root_mode() ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED;
}
@@ -2722,6 +2745,7 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
struct lsa_BinaryString *parameters = NULL;
const char *munged_dial = NULL;
DATA_BLOB blob;
+ struct dom_sid_buf buf1, buf2;
ZERO_STRUCTP(r);
@@ -2730,8 +2754,9 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) {
DEBUG(0, ("get_user_info_21: User %s has SID %s, \nwhich conflicts with "
"the domain sid %s. Failing operation.\n",
- pdb_get_username(pw), sid_string_dbg(sid_user),
- sid_string_dbg(domain_sid)));
+ pdb_get_username(pw),
+ dom_sid_str_buf(sid_user, &buf1),
+ dom_sid_str_buf(domain_sid, &buf2)));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -2742,8 +2767,9 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
DEBUG(0, ("get_user_info_21: User %s has Primary Group SID %s, \n"
"which conflicts with the domain sid %s. Failing operation.\n",
- pdb_get_username(pw), sid_string_dbg(sid_group),
- sid_string_dbg(domain_sid)));
+ pdb_get_username(pw),
+ dom_sid_str_buf(sid_group, &buf1),
+ dom_sid_str_buf(domain_sid, &buf2)));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -2833,6 +2859,7 @@ NTSTATUS _samr_QueryUserInfo(struct pipes_struct *p,
bool ret = false;
struct samu *pwd = NULL;
uint32_t acc_required, acc_granted;
+ struct dom_sid_buf buf;
switch (r->in.level) {
case 1: /* UserGeneralInformation */
@@ -2915,7 +2942,7 @@ NTSTATUS _samr_QueryUserInfo(struct pipes_struct *p,
return NT_STATUS_OBJECT_TYPE_MISMATCH;
DEBUG(5,("_samr_QueryUserInfo: sid:%s\n",
- sid_string_dbg(&uinfo->sid)));
+ dom_sid_str_buf(&uinfo->sid, &buf)));
user_info = talloc_zero(p->mem_ctx, union samr_UserInfo);
if (!user_info) {
@@ -2933,7 +2960,8 @@ NTSTATUS _samr_QueryUserInfo(struct pipes_struct *p,
unbecome_root();
if (ret == false) {
- DEBUG(4,("User %s not found\n", sid_string_dbg(&uinfo->sid)));
+ DEBUG(4,("User %s not found\n",
+ dom_sid_str_buf(&uinfo->sid, &buf)));
TALLOC_FREE(pwd);
return NT_STATUS_NO_SUCH_USER;
}
@@ -3055,6 +3083,7 @@ NTSTATUS _samr_GetGroupsForUser(struct pipes_struct *p,
bool ret;
NTSTATUS result;
bool success = False;
+ struct dom_sid_buf buf;
struct samr_RidWithAttributeArray *rids = NULL;
@@ -3097,7 +3126,7 @@ NTSTATUS _samr_GetGroupsForUser(struct pipes_struct *p,
if (!ret) {
DEBUG(10, ("pdb_getsampwsid failed for %s\n",
- sid_string_dbg(&uinfo->sid)));
+ dom_sid_str_buf(&uinfo->sid, &buf)));
return NT_STATUS_NO_SUCH_USER;
}
@@ -3116,13 +3145,13 @@ NTSTATUS _samr_GetGroupsForUser(struct pipes_struct *p,
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10, ("pdb_enum_group_memberships failed for %s\n",
- sid_string_dbg(&uinfo->sid)));
+ dom_sid_str_buf(&uinfo->sid, &buf)));
return result;
}
if ( !success ) {
DEBUG(5, ("Group sid %s for user %s not in our domain\n",
- sid_string_dbg(pdb_get_group_sid(sam_pass)),
+ dom_sid_str_buf(pdb_get_group_sid(sam_pass), &buf),
pdb_get_username(sam_pass)));
TALLOC_FREE(sam_pass);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -3141,7 +3170,7 @@ NTSTATUS _samr_GetGroupsForUser(struct pipes_struct *p,
if (!sid_peek_check_rid(get_global_sam_sid(),
&(sids[i]), &dom_gid.rid)) {
DEBUG(10, ("Found sid %s not in our domain\n",
- sid_string_dbg(&sids[i])));
+ dom_sid_str_buf(&sids[i], &buf)));
continue;
}
@@ -3964,6 +3993,7 @@ NTSTATUS _samr_LookupDomain(struct pipes_struct *p,
NTSTATUS status;
const char *domain_name;
struct dom_sid *sid = NULL;
+ struct dom_sid_buf buf;
/* win9x user manager likes to use SAMR_ACCESS_ENUM_DOMAINS here.
Reverted that change so we will work with RAS servers again */
@@ -3995,7 +4025,7 @@ NTSTATUS _samr_LookupDomain(struct pipes_struct *p,
}
DEBUG(2,("Returning domain sid for domain %s -> %s\n", domain_name,
- sid_string_dbg(sid)));
+ dom_sid_str_buf(sid, &buf)));
*r->out.sid = sid;
@@ -4932,6 +4962,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
bool ret;
char *rhost;
DATA_BLOB session_key;
+ struct dom_sid_buf buf;
DEBUG(5,("_samr_SetUserInfo: %d\n", __LINE__));
@@ -4994,7 +5025,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
}
DEBUG(5, ("_samr_SetUserInfo: sid:%s, level:%d\n",
- sid_string_dbg(&uinfo->sid), r->in.level));
+ dom_sid_str_buf(&uinfo->sid, &buf),
+ r->in.level));
if (info == NULL) {
DEBUG(5, ("_samr_SetUserInfo: NULL info level\n"));
@@ -5295,6 +5327,7 @@ NTSTATUS _samr_GetMembersInAlias(struct pipes_struct *p,
size_t num_sids = 0;
struct lsa_SidPtr *sids = NULL;
struct dom_sid *pdb_sids = NULL;
+ struct dom_sid_buf buf;
ainfo = policy_handle_find(p, r->in.alias_handle,
SAMR_ALIAS_ACCESS_GET_MEMBERS, NULL,
@@ -5303,7 +5336,7 @@ NTSTATUS _samr_GetMembersInAlias(struct pipes_struct *p,
return status;
}
- DEBUG(10, ("sid is %s\n", sid_string_dbg(&ainfo->sid)));
+ DEBUG(10, ("sid is %s\n", dom_sid_str_buf(&ainfo->sid, &buf)));
become_root();
status = pdb_enum_aliasmem(&ainfo->sid, talloc_tos(), &pdb_sids,
@@ -5353,6 +5386,7 @@ NTSTATUS _samr_QueryGroupMember(struct pipes_struct *p,
NTSTATUS status;
struct samr_RidAttrArray *rids = NULL;
+ struct dom_sid_buf buf;
ginfo = policy_handle_find(p, r->in.group_handle,
SAMR_GROUP_ACCESS_GET_MEMBERS, NULL,
@@ -5366,11 +5400,11 @@ NTSTATUS _samr_QueryGroupMember(struct pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
- DEBUG(10, ("sid is %s\n", sid_string_dbg(&ginfo->sid)));
+ DEBUG(10, ("sid is %s\n", dom_sid_str_buf(&ginfo->sid, &buf)));
if (!sid_check_is_in_our_sam(&ginfo->sid)) {
DEBUG(3, ("sid %s is not in our domain\n",
- sid_string_dbg(&ginfo->sid)));
+ dom_sid_str_buf(&ginfo->sid, &buf)));
return NT_STATUS_NO_SUCH_GROUP;
}
@@ -5416,6 +5450,7 @@ NTSTATUS _samr_AddAliasMember(struct pipes_struct *p,
struct samr_AddAliasMember *r)
{
struct samr_alias_info *ainfo;
+ struct dom_sid_buf buf;
NTSTATUS status;
ainfo = policy_handle_find(p, r->in.alias_handle,
@@ -5425,7 +5460,7 @@ NTSTATUS _samr_AddAliasMember(struct pipes_struct *p,
return status;
}
- DEBUG(10, ("sid is %s\n", sid_string_dbg(&ainfo->sid)));
+ DEBUG(10, ("sid is %s\n", dom_sid_str_buf(&ainfo->sid, &buf)));
/******** BEGIN SeAddUsers BLOCK *********/
@@ -5450,6 +5485,7 @@ NTSTATUS _samr_DeleteAliasMember(struct pipes_struct *p,
struct samr_DeleteAliasMember *r)
{
struct samr_alias_info *ainfo;
+ struct dom_sid_buf buf;
NTSTATUS status;
ainfo = policy_handle_find(p, r->in.alias_handle,
@@ -5460,7 +5496,7 @@ NTSTATUS _samr_DeleteAliasMember(struct pipes_struct *p,
}
DEBUG(10, ("_samr_del_aliasmem:sid is %s\n",
- sid_string_dbg(&ainfo->sid)));
+ dom_sid_str_buf(&ainfo->sid, &buf)));
/******** BEGIN SeAddUsers BLOCK *********/
@@ -5485,6 +5521,7 @@ NTSTATUS _samr_AddGroupMember(struct pipes_struct *p,
struct samr_AddGroupMember *r)
{
struct samr_group_info *ginfo;
+ struct dom_sid_buf buf;
NTSTATUS status;
uint32_t group_rid;
@@ -5495,7 +5532,7 @@ NTSTATUS _samr_AddGroupMember(struct pipes_struct *p,
return status;
}
- DEBUG(10, ("sid is %s\n", sid_string_dbg(&ginfo->sid)));
+ DEBUG(10, ("sid is %s\n", dom_sid_str_buf(&ginfo->sid, &buf)));
if (!sid_peek_check_rid(get_global_sam_sid(), &ginfo->sid,
&group_rid)) {
@@ -5592,8 +5629,9 @@ NTSTATUS _samr_DeleteUser(struct pipes_struct *p,
unbecome_root();
if(!ret) {
+ struct dom_sid_buf buf;
DEBUG(5,("_samr_DeleteUser: User %s doesn't exist.\n",
- sid_string_dbg(&uinfo->sid)));
+ dom_sid_str_buf(&uinfo->sid, &buf)));
TALLOC_FREE(sam_pass);
return NT_STATUS_NO_SUCH_USER;
}
@@ -5635,6 +5673,7 @@ NTSTATUS _samr_DeleteDomainGroup(struct pipes_struct *p,
struct samr_DeleteDomainGroup *r)
{
struct samr_group_info *ginfo;
+ struct dom_sid_buf buf;
NTSTATUS status;
uint32_t group_rid;
@@ -5647,7 +5686,7 @@ NTSTATUS _samr_DeleteDomainGroup(struct pipes_struct *p,
return status;
}
- DEBUG(10, ("sid is %s\n", sid_string_dbg(&ginfo->sid)));
+ DEBUG(10, ("sid is %s\n", dom_sid_str_buf(&ginfo->sid, &buf)));
if (!sid_peek_check_rid(get_global_sam_sid(), &ginfo->sid,
&group_rid)) {
@@ -5665,7 +5704,7 @@ NTSTATUS _samr_DeleteDomainGroup(struct pipes_struct *p,
if ( !NT_STATUS_IS_OK(status) ) {
DEBUG(5,("_samr_DeleteDomainGroup: Failed to delete mapping "
"entry for group %s: %s\n",
- sid_string_dbg(&ginfo->sid),
+ dom_sid_str_buf(&ginfo->sid, &buf),
nt_errstr(status)));
return status;
}
@@ -5686,6 +5725,7 @@ NTSTATUS _samr_DeleteDomAlias(struct pipes_struct *p,
struct samr_DeleteDomAlias *r)
{
struct samr_alias_info *ainfo;
+ struct dom_sid_buf buf;
NTSTATUS status;
DEBUG(5, ("_samr_DeleteDomAlias: %d\n", __LINE__));
@@ -5697,7 +5737,7 @@ NTSTATUS _samr_DeleteDomAlias(struct pipes_struct *p,
return status;
}
- DEBUG(10, ("sid is %s\n", sid_string_dbg(&ainfo->sid)));
+ DEBUG(10, ("sid is %s\n", dom_sid_str_buf(&ainfo->sid, &buf)));
/* Don't let Windows delete builtin groups */
@@ -6198,6 +6238,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
{
struct dom_sid info_sid;
+ struct dom_sid_buf buf;
GROUP_MAP *map;
struct samr_domain_info *dinfo;
struct samr_group_info *ginfo;
@@ -6239,7 +6280,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
sid_compose(&info_sid, &dinfo->sid, r->in.rid);
DEBUG(10, ("_samr_OpenGroup:Opening SID: %s\n",
- sid_string_dbg(&info_sid)));
+ dom_sid_str_buf(&info_sid, &buf)));
map = talloc_zero(p->mem_ctx, GROUP_MAP);
if (!map) {
@@ -6274,10 +6315,11 @@ NTSTATUS _samr_RemoveMemberFromForeignDomain(struct pipes_struct *p,
struct samr_RemoveMemberFromForeignDomain *r)
{
struct samr_domain_info *dinfo;
+ struct dom_sid_buf buf;
NTSTATUS result;
DEBUG(5,("_samr_RemoveMemberFromForeignDomain: removing SID [%s]\n",
- sid_string_dbg(r->in.sid)));
+ dom_sid_str_buf(r->in.sid, &buf)));
/* Find the policy handle. Open a policy on it. */
@@ -6289,7 +6331,7 @@ NTSTATUS _samr_RemoveMemberFromForeignDomain(struct pipes_struct *p,
}
DEBUG(8, ("_samr_RemoveMemberFromForeignDomain: sid is %s\n",
- sid_string_dbg(&dinfo->sid)));
+ dom_sid_str_buf(&dinfo->sid, &buf)));
/* we can only delete a user from a group since we don't have
nested groups anyways. So in the latter case, just say OK */
@@ -6306,10 +6348,11 @@ NTSTATUS _samr_RemoveMemberFromForeignDomain(struct pipes_struct *p,
* other cases. */
if (!sid_check_is_builtin(&dinfo->sid)) {
+ struct dom_sid_buf buf2;
DEBUG(1,("_samr_RemoveMemberFromForeignDomain: domain_sid = %s, "
"global_sam_sid() = %s\n",
- sid_string_dbg(&dinfo->sid),
- sid_string_dbg(get_global_sam_sid())));
+ dom_sid_str_buf(&dinfo->sid, &buf),
+ dom_sid_str_buf(get_global_sam_sid(), &buf2)));
DEBUGADD(1,("please report to samba-technical at lists.samba.org!\n"));
return NT_STATUS_OK;
}
--
2.11.0
From c1a691d126219070f1771e45c2d5835f9276a866 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 15 Dec 2018 15:22:25 +0100
Subject: [PATCH 21/21] lib: Remove sid_string_dbg
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/include/proto.h | 1 -
source3/lib/util_sid.c | 11 -----------
2 files changed, 12 deletions(-)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 02463413517..d2f9986c244 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -467,7 +467,6 @@ bool is_setuid_root(void) ;
/* The following definitions come from lib/util_sid.c */
char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid);
-char *sid_string_dbg(const struct dom_sid *sid);
bool sid_linearize(uint8_t *outbuf, size_t len, const struct dom_sid *sid);
bool non_mappable_sid(struct dom_sid *sid);
char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 71a4800d602..57cd76c108d 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -40,17 +40,6 @@ char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid)
}
/*****************************************************************
- Useful function for debug lines.
-*****************************************************************/
-
-char *sid_string_dbg(const struct dom_sid *sid)
-{
- char *result = dom_sid_string(talloc_tos(), sid);
- SMB_ASSERT(result != NULL);
- return result;
-}
-
-/*****************************************************************
Write a sid out into on-the-wire format.
*****************************************************************/
--
2.11.0
More information about the samba-technical
mailing list