sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Code

Latest patch from metze <metze@metzemix.de> to move most of samba across

Browse Source 
to using SIDs instead of RIDs.

The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.

The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 0001-01-01 00:00:00 +00:00
parent 7c035d473c
commit 04f9a8ff4c
14 changed files with 184 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source/include/smb.h
View File

@ -624,8 +624,8 @@ typedef struct sam_passwd
uid_t uid; /* this is a unix uid_t */
gid_t gid; /* this is a unix gid_t */
uint32 user_rid; /* Primary User ID */
uint32 group_rid; /* Primary Group ID */
DOM_SID user_sid; /* Primary User SID */
DOM_SID group_sid; /* Primary Group SID */
DATA_BLOB lm_pw; /* .data is Null if no password */
DATA_BLOB nt_pw; /* .data is Null if no password */

31
source/lib/util_sid.c
View File

@ -1,10 +1,11 @@
/*
Unix SMB/CIFS implementation.
Samba utility functions
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
Copyright (C) Jeremy Allison 1999
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
Copyright (C) Jeremy Allison 1999
Copyright (C) Stefan (metze) Metzmacher 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
@ -253,6 +254,9 @@ BOOL sid_split_rid(DOM_SID *sid, uint32 *rid)
BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid)
{
if (!sid || !rid)
return False;
if (sid->num_auths > 0) {
*rid = sid->sub_auths[sid->num_auths - 1];
return True;
@ -260,6 +264,25 @@ BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid)
return False;
}
/*****************************************************************
Return the last rid from the end of a sid
and check the sid against the exp_dom_sid
*****************************************************************/
BOOL sid_peek_check_rid(DOM_SID *exp_dom_sid,DOM_SID *sid, uint32 *rid)
{
if (!exp_dom_sid || !sid || !rid)
return False;
if (sid_compare_domain(exp_dom_sid, sid)!=0){
*rid=(-1);
return False;
}
return sid_peek_rid(sid,rid);
}
/*****************************************************************
Copies a sid
*****************************************************************/

10
source/nsswitch/winbindd_ads.c
View File

@ -273,7 +273,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
continue;
}
if (!sid_peek_rid(&sid, &rid)) {
if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) {
DEBUG(1,("No rid for %s !?\n", name));
continue;
}
@ -356,7 +356,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
continue;
}
if (!sid_peek_rid(&sid, &rid)) {
if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) {
DEBUG(1,("No rid for %s !?\n", name));
continue;
}
@ -584,7 +584,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
goto done;
}
if (!sid_peek_rid(&sid, &info->user_rid)) {
if (!sid_peek_check_rid(&domain->sid,&sid, &info->user_rid)) {
DEBUG(1,("No rid for %d !?\n", user_rid));
goto done;
}
@ -662,7 +662,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
for (i=1;i<count;i++) {
uint32 rid;
if (!sid_peek_rid(&sids[i-1], &rid)) continue;
if (!sid_peek_check_rid(&domain->sid, &sids[i-1], &rid)) continue;
(*user_gids)[*num_groups] = rid;
(*num_groups)++;
}
@ -737,7 +737,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
DEBUG(1,("No sid for %s !?\n", (*names)[*num_names]));
continue;
}
if (!sid_peek_rid(&sid, &rid)) {
if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) {
DEBUG(1,("No rid for %s !?\n", (*names)[*num_names]));
continue;
}

3
source/nsswitch/winbindd_cache.c
View File

@ -658,7 +658,8 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain,
NTSTATUS status;
uint32 rid = 0;
sid_peek_rid(sid, &rid);
if (!sid_peek_check_rid(&domain->sid, sid, &rid))
return NT_STATUS_INVALID_PARAMETER;
if (!cache->tdb) goto do_query;

3
source/nsswitch/winbindd_group.c
View File

@ -228,7 +228,8 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
}
/* Fill in group structure */
sid_peek_rid(&group_sid, &group_rid);
if (!sid_peek_check_rid(&domain->sid, &group_sid, &group_rid))
return WINBINDD_ERROR;
if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) {
DEBUG(1, ("error converting unix gid to sid\n"));

78
source/passdb/passdb.c
View File

@ -156,7 +156,6 @@ NTSTATUS pdb_init_sam(SAM_ACCOUNT **user)
NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
{
GROUP_MAP map;
uint32 rid;
if (!pwd) {
return NT_STATUS_UNSUCCESSFUL;
@ -184,18 +183,25 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
-- abartlet 11-May-02
*/
pdb_set_user_rid(sam_account,
fallback_pdb_uid_to_user_rid(pwd->pw_uid));
if (!pdb_set_user_sid_from_rid(sam_account,
fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
DEBUG(0,("Can't set User SID from RID!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
/* call the mapping code here */
if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
sid_peek_rid(&map.sid, &rid);
if (!pdb_set_group_sid(sam_account,&map.sid)){
DEBUG(0,("Can't set Group SID!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
}
else {
rid=pdb_gid_to_group_rid(pwd->pw_gid);
if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
DEBUG(0,("Can't set Group SID\n"));
return NT_STATUS_INVALID_PARAMETER;
}
}
pdb_set_group_rid(sam_account, rid);
/* check if this is a user account or a machine account */
if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$')
@ -455,39 +461,6 @@ BOOL pdb_gethexpwd(const char *p, unsigned char *pwd)
return (True);
}
#if 0 /* seem it is not used by anyone */
/*******************************************************************
Group and User RID username mapping function
********************************************************************/
BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid)
{
GROUP_MAP map;
struct passwd *pw = Get_Pwnam(user_name);
if (u_rid == NULL || g_rid == NULL || user_name == NULL)
return False;
if (!pw) {
DEBUG(1,("Username %s is invalid on this system\n", user_name));
return False;
}
/* turn the unix UID into a Domain RID. this is what the posix
sub-system does (adds 1000 to the uid) */
*u_rid = fallback_pdb_uid_to_user_rid(pw->pw_uid);
/* absolutely no idea what to do about the unix GID to Domain RID mapping */
/* map it ! */
if (get_group_map_from_gid(pw->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
sid_peek_rid(&map.sid, g_rid);
} else
*g_rid = pdb_gid_to_group_rid(pw->pw_gid);
return True;
}
#endif /* seem it is not used by anyone */
/*******************************************************************
Converts NT user RID to a UNIX uid.
********************************************************************/
@ -578,7 +551,11 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
SAM_ACCOUNT *sam_account = NULL;
GROUP_MAP map;
sid_peek_rid(sid, &rid);
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){
DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n",
sid_string_static(&map.sid)));
return False;
}
*psid_name_use = SID_NAME_UNKNOWN;
DEBUG(5,("local_lookup_sid: looking up RID %u.\n", (unsigned int)rid));
@ -724,10 +701,9 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
}
if (pdb_getsampwnam(sam_account, user)) {
sid_append_rid( &local_sid, pdb_get_user_rid(sam_account));
sid_copy(psid, (DOM_SID *) pdb_get_user_sid(sam_account));
*psid_name_use = SID_NAME_USER;
sid_copy( psid, &local_sid);
pdb_free_sam(&sam_account);
return True;
}
@ -800,7 +776,7 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
}
if (pdb_getsampwnam(sam_user, pass->pw_name)) {
sid_append_rid(psid, pdb_get_user_rid(sam_user));
sid_copy(psid, (DOM_SID *) pdb_get_user_sid(sam_user));
} else {
sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
}
@ -920,7 +896,11 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
if (map.gid==-1)
return False;
sid_peek_rid(&map.sid, &rid);
if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)){
DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n",
sid_string_static(&map.sid)));
return False;
}
*pgid = map.gid;
*name_type = map.sid_name_use;
DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n", sid_to_string( str, psid),
@ -996,9 +976,9 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial ));
if (from->user_rid)
pdb_set_user_rid(to, from->user_rid);
pdb_set_user_sid_from_rid(to, from->user_rid);
if (from->group_rid)
pdb_set_group_rid(to, from->group_rid);
pdb_set_group_sid_from_rid(to, from->group_rid);
pdb_set_acct_ctrl(to, from->acb_info);
pdb_set_unknown_3(to, from->unknown_3);
@ -1051,9 +1031,9 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial ));
if (from->user_rid)
pdb_set_user_rid(to, from->user_rid);
pdb_set_user_sid_from_rid(to, from->user_rid);
if (from->group_rid)
pdb_set_group_rid(to, from->group_rid);
pdb_set_group_sid_from_rid(to, from->group_rid);
/* FIXME!! Do we need to copy the passwords here as well?
I don't know. Need to figure this out --jerry */

99
source/passdb/pdb_get_set.c
View File

@ -5,6 +5,7 @@
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
Copyright (C) Gerald (Jerry) Carter 2000-2001
Copyright (C) Andrew Bartlett 2001-2002
Copyright (C) Stefan (metze) Metzmacher 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -155,21 +156,41 @@ const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass)
else
return (NULL);
}
const DOM_SID *pdb_get_user_sid(const SAM_ACCOUNT *sampass)
{
if (sampass)
return &sampass->private.user_sid;
else
return (NULL);
}
const DOM_SID *pdb_get_group_sid(const SAM_ACCOUNT *sampass)
{
if (sampass)
return &sampass->private.group_sid;
else
return (NULL);
}
uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass)
{
uint32 u_rid;
if (sampass)
return (sampass->private.user_rid);
else
return (-1);
if (sid_peek_check_rid(get_global_sam_sid(), (DOM_SID *) pdb_get_user_sid(sampass),&u_rid))
return u_rid;
return (-1);
}
uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass)
{
uint32 g_rid;
if (sampass)
return (sampass->private.group_rid);
else
return (-1);
if (sid_peek_check_rid(get_global_sam_sid(), (DOM_SID *) pdb_get_group_sid(sampass),&g_rid))
return g_rid;
return (-1);
}
/**
@ -487,27 +508,71 @@ BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid)
}
BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid)
BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid)
{
if (!sampass)
if (!sampass || !u_sid)
return False;
sid_copy(&sampass->private.user_sid, u_sid);
DEBUG(10, ("pdb_set_rid: setting user rid %d, was %d\n",
rid, sampass->private.user_rid));
sampass->private.user_rid = rid;
DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
sid_string_static(&sampass->private.user_sid)));
return True;
}
BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid)
BOOL pdb_set_group_sid(SAM_ACCOUNT *sampass, DOM_SID *g_sid)
{
if (!sampass || !g_sid)
return False;
sid_copy(&sampass->private.group_sid, g_sid);
DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
sid_string_static(&sampass->private.group_sid)));
return True;
}
BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid)
{
DOM_SID u_sid;
if (!sampass)
return False;
DEBUG(10, ("pdb_set_group_rid: setting group rid %d, was %d\n",
grid, sampass->private.group_rid));
sampass->private.group_rid = grid;
sid_copy(&u_sid, get_global_sam_sid());
if (!sid_append_rid(&u_sid, rid))
return False;
if (!pdb_set_user_sid(sampass, &u_sid))
return False;
DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n",
sid_string_static(&u_sid),rid));
return True;
}
BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid)
{
DOM_SID g_sid;
if (!sampass)
return False;
sid_copy(&g_sid, get_global_sam_sid());
if (!sid_append_rid(&g_sid, grid))
return False;
if (!pdb_set_group_sid(sampass, &g_sid))
return False;
DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n",
sid_string_static(&g_sid), grid));
return True;
}

10
source/passdb/pdb_ldap.c
View File

@ -624,7 +624,8 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
GROUP_MAP map;
/* call the mapping code here */
if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
sid_peek_rid(&map.sid, &group_rid);
if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &group_rid))
return False;
}
else {
group_rid=pdb_gid_to_group_rid(gid);
@ -780,8 +781,8 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_hours_len(sampass, hours_len);
pdb_set_logon_divs(sampass, logon_divs);
pdb_set_user_rid(sampass, user_rid);
pdb_set_group_rid(sampass, group_rid);
pdb_set_user_sid_from_rid(sampass, user_rid);
pdb_set_group_sid_from_rid(sampass, group_rid);
pdb_set_username(sampass, username);
@ -1273,7 +1274,8 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us
static BOOL ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
{
uint32 rid;
sid_peek_rid(sid, &rid);
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return False;
return ldapsam_getsampwrid(my_methods, user, rid);
}

12
source/passdb/pdb_nisplus.c
View File

@ -339,8 +339,8 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj
pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID)));
pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID)));
pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID)));
pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID)));
pdb_set_user_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID)));
pdb_set_group_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID)));
/* values, must exist for user */
if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) {
@ -381,7 +381,7 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj
else
{
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
}
/* Check the lanman password column. */
@ -538,7 +538,8 @@ static BOOL init_nisp_from_sam(nis_object *obj, const SAM_ACCOUNT *sampass,
if (rid==0) {
if (get_group_map_from_gid(pdb_get_gid(sampass), &map, MAPPING_WITHOUT_PRIV)) {
sid_peek_rid(&map.sid, &rid);
if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid))
return False;
} else
rid=pdb_gid_to_group_rid(pdb_get_gid(sampass));
}
@ -1034,7 +1035,8 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname)
BOOL pdb_getsampwsid(SAM_ACCOUNT * user, DOM_SID *sid)
{
uint32 rid;
sid_peek_rid(sid, &rid);
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return False;
return pdb_getsampwrid(user, rid);
}

7
source/passdb/pdb_smbpasswd.c
View File

@ -1242,14 +1242,14 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
&& (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid)
&& (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
pdb_set_user_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here.
This was down the bottom for machines, but it looks pretty good as
a general default for non-unix users. --abartlet 2002-01-08
*/
pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
pdb_set_username (sam_pass, pw_buf->smb_name);
pdb_set_domain (sam_pass, lp_workgroup());
} else {
@ -1458,7 +1458,8 @@ static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *s
static BOOL smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
{
uint32 rid;
sid_peek_rid(sid, &rid);
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return False;
return smbpasswd_getsampwrid(my_methods, user, rid);
}

13
source/passdb/pdb_tdb.c
View File

@ -246,8 +246,8 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
}
}
pdb_set_user_rid(sampass, user_rid);
pdb_set_group_rid(sampass, group_rid);
pdb_set_user_sid_from_rid(sampass, user_rid);
pdb_set_group_sid_from_rid(sampass, group_rid);
pdb_set_unknown_3(sampass, unknown_3);
pdb_set_hours_len(sampass, hours_len);
pdb_set_unknown_5(sampass, unknown_5);
@ -671,7 +671,8 @@ static BOOL tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *use
static BOOL tdbsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
{
uint32 rid;
sid_peek_rid(sid, &rid);
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return False;
return tdbsam_getsampwrid(my_methods, user, rid);
}
@ -775,7 +776,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
goto done;
}
}
pdb_set_user_rid(newpwd, user_rid);
pdb_set_user_sid_from_rid(newpwd, user_rid);
} else {
user_rid = tdb_state->low_nua_rid;
tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
@ -788,7 +789,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
ret = False;
goto done;
}
pdb_set_user_rid(newpwd, user_rid);
pdb_set_user_sid_from_rid(newpwd, user_rid);
}
} else {
DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
@ -805,7 +806,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
goto done;
} else {
/* This seems like a good default choice for non-unix users */
pdb_set_group_rid(newpwd, DOMAIN_GROUP_RID_USERS);
pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS);
}
} else {
DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));

3
source/passdb/pdb_unix.c
View File

@ -68,7 +68,8 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods,
static BOOL unixsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
{
uint32 rid;
sid_peek_rid(sid, &rid);
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return False;
return unixsam_getsampwrid(my_methods, user, rid);
}

15
source/rpc_server/srv_samr_nt.c
View File

@ -2019,18 +2019,9 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
return NT_STATUS_ACCESS_DENIED;
}
/* Get the domain SID stored in the domain policy */
if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) {
pdb_free_sam(&sam_pass);
return NT_STATUS_INVALID_HANDLE;
}
/* append the user's RID to it */
if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) {
pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
}
/* Get the user's SID */
sid_copy(&sid, (DOM_SID *) pdb_get_user_sid(sam_pass));
/* associate the user's SID with the new handle. */
if ((info = get_samr_info_by_sid(&sid)) == NULL) {
pdb_free_sam(&sam_pass);

10
source/utils/pdbedit.c
View File

@ -81,10 +81,12 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst
if (IS_SAM_UNIX_USER(sam_pwent)) {
uid = pdb_get_uid(sam_pwent);
gid = pdb_get_gid(sam_pwent);
printf ("user ID/Group: %d/%d\n", uid, gid);
printf ("User ID/Group ID: %d/%d\n", uid, gid);
}
printf ("user RID/GRID: %u/%u\n", (unsigned int)pdb_get_user_rid(sam_pwent),
(unsigned int)pdb_get_group_rid(sam_pwent));
printf ("User SID: %s\n",
sid_string_static((DOM_SID *)pdb_get_user_sid(sam_pwent)));
printf ("Primary Group SID: %s\n",
sid_string_static((DOM_SID *)pdb_get_group_sid(sam_pwent)));
printf ("Full Name: %s\n", pdb_get_fullname(sam_pwent));
printf ("Home Directory: %s\n", pdb_get_homedir(sam_pwent));
printf ("HomeDir Drive: %s\n", pdb_get_dirdrive(sam_pwent));
@ -329,7 +331,7 @@ static int new_machine (struct pdb_context *in, char *machinename)
pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
pdb_set_group_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
if (in->pdb_add_sam_account (in, sam_pwent)) {
print_user_info (in, name, True, False);