mirror of
https://github.com/samba-team/samba.git
synced 2025-01-15 23:24:37 +03:00
Latest patch from metze <metze@metzemix.de> to move most of samba across
to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett
This commit is contained in:
parent
7c035d473c
commit
04f9a8ff4c
@ -624,8 +624,8 @@ typedef struct sam_passwd
|
||||
|
||||
uid_t uid; /* this is a unix uid_t */
|
||||
gid_t gid; /* this is a unix gid_t */
|
||||
uint32 user_rid; /* Primary User ID */
|
||||
uint32 group_rid; /* Primary Group ID */
|
||||
DOM_SID user_sid; /* Primary User SID */
|
||||
DOM_SID group_sid; /* Primary Group SID */
|
||||
|
||||
DATA_BLOB lm_pw; /* .data is Null if no password */
|
||||
DATA_BLOB nt_pw; /* .data is Null if no password */
|
||||
|
@ -1,10 +1,11 @@
|
||||
/*
|
||||
Unix SMB/CIFS implementation.
|
||||
Samba utility functions
|
||||
Copyright (C) Andrew Tridgell 1992-1998
|
||||
Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
|
||||
Copyright (C) Jeremy Allison 1999
|
||||
|
||||
Copyright (C) Andrew Tridgell 1992-1998
|
||||
Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
|
||||
Copyright (C) Jeremy Allison 1999
|
||||
Copyright (C) Stefan (metze) Metzmacher 2002
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
@ -253,6 +254,9 @@ BOOL sid_split_rid(DOM_SID *sid, uint32 *rid)
|
||||
|
||||
BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid)
|
||||
{
|
||||
if (!sid || !rid)
|
||||
return False;
|
||||
|
||||
if (sid->num_auths > 0) {
|
||||
*rid = sid->sub_auths[sid->num_auths - 1];
|
||||
return True;
|
||||
@ -260,6 +264,25 @@ BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid)
|
||||
return False;
|
||||
}
|
||||
|
||||
/*****************************************************************
|
||||
Return the last rid from the end of a sid
|
||||
and check the sid against the exp_dom_sid
|
||||
*****************************************************************/
|
||||
|
||||
BOOL sid_peek_check_rid(DOM_SID *exp_dom_sid,DOM_SID *sid, uint32 *rid)
|
||||
{
|
||||
if (!exp_dom_sid || !sid || !rid)
|
||||
return False;
|
||||
|
||||
|
||||
if (sid_compare_domain(exp_dom_sid, sid)!=0){
|
||||
*rid=(-1);
|
||||
return False;
|
||||
}
|
||||
|
||||
return sid_peek_rid(sid,rid);
|
||||
}
|
||||
|
||||
/*****************************************************************
|
||||
Copies a sid
|
||||
*****************************************************************/
|
||||
|
@ -273,7 +273,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!sid_peek_rid(&sid, &rid)) {
|
||||
if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) {
|
||||
DEBUG(1,("No rid for %s !?\n", name));
|
||||
continue;
|
||||
}
|
||||
@ -356,7 +356,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!sid_peek_rid(&sid, &rid)) {
|
||||
if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) {
|
||||
DEBUG(1,("No rid for %s !?\n", name));
|
||||
continue;
|
||||
}
|
||||
@ -584,7 +584,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!sid_peek_rid(&sid, &info->user_rid)) {
|
||||
if (!sid_peek_check_rid(&domain->sid,&sid, &info->user_rid)) {
|
||||
DEBUG(1,("No rid for %d !?\n", user_rid));
|
||||
goto done;
|
||||
}
|
||||
@ -662,7 +662,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
|
||||
|
||||
for (i=1;i<count;i++) {
|
||||
uint32 rid;
|
||||
if (!sid_peek_rid(&sids[i-1], &rid)) continue;
|
||||
if (!sid_peek_check_rid(&domain->sid, &sids[i-1], &rid)) continue;
|
||||
(*user_gids)[*num_groups] = rid;
|
||||
(*num_groups)++;
|
||||
}
|
||||
@ -737,7 +737,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
|
||||
DEBUG(1,("No sid for %s !?\n", (*names)[*num_names]));
|
||||
continue;
|
||||
}
|
||||
if (!sid_peek_rid(&sid, &rid)) {
|
||||
if (!sid_peek_check_rid(&domain->sid, &sid, &rid)) {
|
||||
DEBUG(1,("No rid for %s !?\n", (*names)[*num_names]));
|
||||
continue;
|
||||
}
|
||||
|
@ -658,7 +658,8 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain,
|
||||
NTSTATUS status;
|
||||
uint32 rid = 0;
|
||||
|
||||
sid_peek_rid(sid, &rid);
|
||||
if (!sid_peek_check_rid(&domain->sid, sid, &rid))
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
|
||||
if (!cache->tdb) goto do_query;
|
||||
|
||||
|
@ -228,7 +228,8 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
|
||||
}
|
||||
|
||||
/* Fill in group structure */
|
||||
sid_peek_rid(&group_sid, &group_rid);
|
||||
if (!sid_peek_check_rid(&domain->sid, &group_sid, &group_rid))
|
||||
return WINBINDD_ERROR;
|
||||
|
||||
if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) {
|
||||
DEBUG(1, ("error converting unix gid to sid\n"));
|
||||
|
@ -156,7 +156,6 @@ NTSTATUS pdb_init_sam(SAM_ACCOUNT **user)
|
||||
NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
uint32 rid;
|
||||
|
||||
if (!pwd) {
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
@ -184,18 +183,25 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
|
||||
-- abartlet 11-May-02
|
||||
*/
|
||||
|
||||
pdb_set_user_rid(sam_account,
|
||||
fallback_pdb_uid_to_user_rid(pwd->pw_uid));
|
||||
if (!pdb_set_user_sid_from_rid(sam_account,
|
||||
fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
|
||||
DEBUG(0,("Can't set User SID from RID!\n"));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
/* call the mapping code here */
|
||||
if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
|
||||
sid_peek_rid(&map.sid, &rid);
|
||||
if (!pdb_set_group_sid(sam_account,&map.sid)){
|
||||
DEBUG(0,("Can't set Group SID!\n"));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
else {
|
||||
rid=pdb_gid_to_group_rid(pwd->pw_gid);
|
||||
if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
|
||||
DEBUG(0,("Can't set Group SID\n"));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
|
||||
pdb_set_group_rid(sam_account, rid);
|
||||
|
||||
/* check if this is a user account or a machine account */
|
||||
if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$')
|
||||
@ -455,39 +461,6 @@ BOOL pdb_gethexpwd(const char *p, unsigned char *pwd)
|
||||
return (True);
|
||||
}
|
||||
|
||||
#if 0 /* seem it is not used by anyone */
|
||||
/*******************************************************************
|
||||
Group and User RID username mapping function
|
||||
********************************************************************/
|
||||
|
||||
BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
struct passwd *pw = Get_Pwnam(user_name);
|
||||
|
||||
if (u_rid == NULL || g_rid == NULL || user_name == NULL)
|
||||
return False;
|
||||
|
||||
if (!pw) {
|
||||
DEBUG(1,("Username %s is invalid on this system\n", user_name));
|
||||
return False;
|
||||
}
|
||||
|
||||
/* turn the unix UID into a Domain RID. this is what the posix
|
||||
sub-system does (adds 1000 to the uid) */
|
||||
*u_rid = fallback_pdb_uid_to_user_rid(pw->pw_uid);
|
||||
|
||||
/* absolutely no idea what to do about the unix GID to Domain RID mapping */
|
||||
/* map it ! */
|
||||
if (get_group_map_from_gid(pw->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
|
||||
sid_peek_rid(&map.sid, g_rid);
|
||||
} else
|
||||
*g_rid = pdb_gid_to_group_rid(pw->pw_gid);
|
||||
|
||||
return True;
|
||||
}
|
||||
#endif /* seem it is not used by anyone */
|
||||
|
||||
/*******************************************************************
|
||||
Converts NT user RID to a UNIX uid.
|
||||
********************************************************************/
|
||||
@ -578,7 +551,11 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
|
||||
SAM_ACCOUNT *sam_account = NULL;
|
||||
GROUP_MAP map;
|
||||
|
||||
sid_peek_rid(sid, &rid);
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){
|
||||
DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n",
|
||||
sid_string_static(&map.sid)));
|
||||
return False;
|
||||
}
|
||||
*psid_name_use = SID_NAME_UNKNOWN;
|
||||
|
||||
DEBUG(5,("local_lookup_sid: looking up RID %u.\n", (unsigned int)rid));
|
||||
@ -724,10 +701,9 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
|
||||
}
|
||||
|
||||
if (pdb_getsampwnam(sam_account, user)) {
|
||||
sid_append_rid( &local_sid, pdb_get_user_rid(sam_account));
|
||||
sid_copy(psid, (DOM_SID *) pdb_get_user_sid(sam_account));
|
||||
*psid_name_use = SID_NAME_USER;
|
||||
|
||||
sid_copy( psid, &local_sid);
|
||||
pdb_free_sam(&sam_account);
|
||||
return True;
|
||||
}
|
||||
@ -800,7 +776,7 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
|
||||
}
|
||||
|
||||
if (pdb_getsampwnam(sam_user, pass->pw_name)) {
|
||||
sid_append_rid(psid, pdb_get_user_rid(sam_user));
|
||||
sid_copy(psid, (DOM_SID *) pdb_get_user_sid(sam_user));
|
||||
} else {
|
||||
sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
|
||||
}
|
||||
@ -920,7 +896,11 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
|
||||
if (map.gid==-1)
|
||||
return False;
|
||||
|
||||
sid_peek_rid(&map.sid, &rid);
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)){
|
||||
DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n",
|
||||
sid_string_static(&map.sid)));
|
||||
return False;
|
||||
}
|
||||
*pgid = map.gid;
|
||||
*name_type = map.sid_name_use;
|
||||
DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n", sid_to_string( str, psid),
|
||||
@ -996,9 +976,9 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
|
||||
pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial ));
|
||||
|
||||
if (from->user_rid)
|
||||
pdb_set_user_rid(to, from->user_rid);
|
||||
pdb_set_user_sid_from_rid(to, from->user_rid);
|
||||
if (from->group_rid)
|
||||
pdb_set_group_rid(to, from->group_rid);
|
||||
pdb_set_group_sid_from_rid(to, from->group_rid);
|
||||
|
||||
pdb_set_acct_ctrl(to, from->acb_info);
|
||||
pdb_set_unknown_3(to, from->unknown_3);
|
||||
@ -1051,9 +1031,9 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
|
||||
pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial ));
|
||||
|
||||
if (from->user_rid)
|
||||
pdb_set_user_rid(to, from->user_rid);
|
||||
pdb_set_user_sid_from_rid(to, from->user_rid);
|
||||
if (from->group_rid)
|
||||
pdb_set_group_rid(to, from->group_rid);
|
||||
pdb_set_group_sid_from_rid(to, from->group_rid);
|
||||
|
||||
/* FIXME!! Do we need to copy the passwords here as well?
|
||||
I don't know. Need to figure this out --jerry */
|
||||
|
@ -5,6 +5,7 @@
|
||||
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
|
||||
Copyright (C) Gerald (Jerry) Carter 2000-2001
|
||||
Copyright (C) Andrew Bartlett 2001-2002
|
||||
Copyright (C) Stefan (metze) Metzmacher 2002
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -155,21 +156,41 @@ const char* pdb_get_plaintext_passwd (const SAM_ACCOUNT *sampass)
|
||||
else
|
||||
return (NULL);
|
||||
}
|
||||
const DOM_SID *pdb_get_user_sid(const SAM_ACCOUNT *sampass)
|
||||
{
|
||||
if (sampass)
|
||||
return &sampass->private.user_sid;
|
||||
else
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
const DOM_SID *pdb_get_group_sid(const SAM_ACCOUNT *sampass)
|
||||
{
|
||||
if (sampass)
|
||||
return &sampass->private.group_sid;
|
||||
else
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass)
|
||||
{
|
||||
uint32 u_rid;
|
||||
|
||||
if (sampass)
|
||||
return (sampass->private.user_rid);
|
||||
else
|
||||
return (-1);
|
||||
if (sid_peek_check_rid(get_global_sam_sid(), (DOM_SID *) pdb_get_user_sid(sampass),&u_rid))
|
||||
return u_rid;
|
||||
|
||||
return (-1);
|
||||
}
|
||||
|
||||
uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass)
|
||||
{
|
||||
uint32 g_rid;
|
||||
|
||||
if (sampass)
|
||||
return (sampass->private.group_rid);
|
||||
else
|
||||
return (-1);
|
||||
if (sid_peek_check_rid(get_global_sam_sid(), (DOM_SID *) pdb_get_group_sid(sampass),&g_rid))
|
||||
return g_rid;
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -487,27 +508,71 @@ BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid)
|
||||
|
||||
}
|
||||
|
||||
BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid)
|
||||
BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid)
|
||||
{
|
||||
if (!sampass)
|
||||
if (!sampass || !u_sid)
|
||||
return False;
|
||||
|
||||
sid_copy(&sampass->private.user_sid, u_sid);
|
||||
|
||||
DEBUG(10, ("pdb_set_rid: setting user rid %d, was %d\n",
|
||||
rid, sampass->private.user_rid));
|
||||
|
||||
sampass->private.user_rid = rid;
|
||||
DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
|
||||
sid_string_static(&sampass->private.user_sid)));
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid)
|
||||
BOOL pdb_set_group_sid(SAM_ACCOUNT *sampass, DOM_SID *g_sid)
|
||||
{
|
||||
if (!sampass || !g_sid)
|
||||
return False;
|
||||
|
||||
sid_copy(&sampass->private.group_sid, g_sid);
|
||||
|
||||
DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
|
||||
sid_string_static(&sampass->private.group_sid)));
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid)
|
||||
{
|
||||
DOM_SID u_sid;
|
||||
|
||||
if (!sampass)
|
||||
return False;
|
||||
|
||||
DEBUG(10, ("pdb_set_group_rid: setting group rid %d, was %d\n",
|
||||
grid, sampass->private.group_rid));
|
||||
|
||||
sampass->private.group_rid = grid;
|
||||
sid_copy(&u_sid, get_global_sam_sid());
|
||||
|
||||
if (!sid_append_rid(&u_sid, rid))
|
||||
return False;
|
||||
|
||||
if (!pdb_set_user_sid(sampass, &u_sid))
|
||||
return False;
|
||||
|
||||
DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n",
|
||||
sid_string_static(&u_sid),rid));
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid)
|
||||
{
|
||||
DOM_SID g_sid;
|
||||
|
||||
if (!sampass)
|
||||
return False;
|
||||
|
||||
sid_copy(&g_sid, get_global_sam_sid());
|
||||
|
||||
if (!sid_append_rid(&g_sid, grid))
|
||||
return False;
|
||||
|
||||
if (!pdb_set_group_sid(sampass, &g_sid))
|
||||
return False;
|
||||
|
||||
DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n",
|
||||
sid_string_static(&g_sid), grid));
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
|
@ -624,7 +624,8 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
|
||||
GROUP_MAP map;
|
||||
/* call the mapping code here */
|
||||
if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
|
||||
sid_peek_rid(&map.sid, &group_rid);
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &group_rid))
|
||||
return False;
|
||||
}
|
||||
else {
|
||||
group_rid=pdb_gid_to_group_rid(gid);
|
||||
@ -780,8 +781,8 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
|
||||
pdb_set_hours_len(sampass, hours_len);
|
||||
pdb_set_logon_divs(sampass, logon_divs);
|
||||
|
||||
pdb_set_user_rid(sampass, user_rid);
|
||||
pdb_set_group_rid(sampass, group_rid);
|
||||
pdb_set_user_sid_from_rid(sampass, user_rid);
|
||||
pdb_set_group_sid_from_rid(sampass, group_rid);
|
||||
|
||||
pdb_set_username(sampass, username);
|
||||
|
||||
@ -1273,7 +1274,8 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us
|
||||
static BOOL ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
|
||||
{
|
||||
uint32 rid;
|
||||
sid_peek_rid(sid, &rid);
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
|
||||
return False;
|
||||
return ldapsam_getsampwrid(my_methods, user, rid);
|
||||
}
|
||||
|
||||
|
@ -339,8 +339,8 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj
|
||||
|
||||
pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID)));
|
||||
pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID)));
|
||||
pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID)));
|
||||
pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID)));
|
||||
pdb_set_user_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID)));
|
||||
pdb_set_group_sid_from_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID)));
|
||||
|
||||
/* values, must exist for user */
|
||||
if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) {
|
||||
@ -381,7 +381,7 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj
|
||||
else
|
||||
{
|
||||
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
|
||||
pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
|
||||
pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
|
||||
}
|
||||
|
||||
/* Check the lanman password column. */
|
||||
@ -538,7 +538,8 @@ static BOOL init_nisp_from_sam(nis_object *obj, const SAM_ACCOUNT *sampass,
|
||||
|
||||
if (rid==0) {
|
||||
if (get_group_map_from_gid(pdb_get_gid(sampass), &map, MAPPING_WITHOUT_PRIV)) {
|
||||
sid_peek_rid(&map.sid, &rid);
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid))
|
||||
return False;
|
||||
} else
|
||||
rid=pdb_gid_to_group_rid(pdb_get_gid(sampass));
|
||||
}
|
||||
@ -1034,7 +1035,8 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname)
|
||||
BOOL pdb_getsampwsid(SAM_ACCOUNT * user, DOM_SID *sid)
|
||||
{
|
||||
uint32 rid;
|
||||
sid_peek_rid(sid, &rid);
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
|
||||
return False;
|
||||
return pdb_getsampwrid(user, rid);
|
||||
}
|
||||
|
||||
|
@ -1242,14 +1242,14 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
|
||||
&& (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid)
|
||||
&& (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
|
||||
|
||||
pdb_set_user_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
|
||||
pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
|
||||
|
||||
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here.
|
||||
|
||||
This was down the bottom for machines, but it looks pretty good as
|
||||
a general default for non-unix users. --abartlet 2002-01-08
|
||||
*/
|
||||
pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
|
||||
pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
|
||||
pdb_set_username (sam_pass, pw_buf->smb_name);
|
||||
pdb_set_domain (sam_pass, lp_workgroup());
|
||||
} else {
|
||||
@ -1458,7 +1458,8 @@ static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *s
|
||||
static BOOL smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
|
||||
{
|
||||
uint32 rid;
|
||||
sid_peek_rid(sid, &rid);
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
|
||||
return False;
|
||||
return smbpasswd_getsampwrid(my_methods, user, rid);
|
||||
}
|
||||
|
||||
|
@ -246,8 +246,8 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
|
||||
}
|
||||
}
|
||||
|
||||
pdb_set_user_rid(sampass, user_rid);
|
||||
pdb_set_group_rid(sampass, group_rid);
|
||||
pdb_set_user_sid_from_rid(sampass, user_rid);
|
||||
pdb_set_group_sid_from_rid(sampass, group_rid);
|
||||
pdb_set_unknown_3(sampass, unknown_3);
|
||||
pdb_set_hours_len(sampass, hours_len);
|
||||
pdb_set_unknown_5(sampass, unknown_5);
|
||||
@ -671,7 +671,8 @@ static BOOL tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *use
|
||||
static BOOL tdbsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
|
||||
{
|
||||
uint32 rid;
|
||||
sid_peek_rid(sid, &rid);
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
|
||||
return False;
|
||||
return tdbsam_getsampwrid(my_methods, user, rid);
|
||||
}
|
||||
|
||||
@ -775,7 +776,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
pdb_set_user_rid(newpwd, user_rid);
|
||||
pdb_set_user_sid_from_rid(newpwd, user_rid);
|
||||
} else {
|
||||
user_rid = tdb_state->low_nua_rid;
|
||||
tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
|
||||
@ -788,7 +789,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
|
||||
ret = False;
|
||||
goto done;
|
||||
}
|
||||
pdb_set_user_rid(newpwd, user_rid);
|
||||
pdb_set_user_sid_from_rid(newpwd, user_rid);
|
||||
}
|
||||
} else {
|
||||
DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
|
||||
@ -805,7 +806,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
|
||||
goto done;
|
||||
} else {
|
||||
/* This seems like a good default choice for non-unix users */
|
||||
pdb_set_group_rid(newpwd, DOMAIN_GROUP_RID_USERS);
|
||||
pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS);
|
||||
}
|
||||
} else {
|
||||
DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
|
||||
|
@ -68,7 +68,8 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods,
|
||||
static BOOL unixsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
|
||||
{
|
||||
uint32 rid;
|
||||
sid_peek_rid(sid, &rid);
|
||||
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
|
||||
return False;
|
||||
return unixsam_getsampwrid(my_methods, user, rid);
|
||||
}
|
||||
|
||||
|
@ -2019,18 +2019,9 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
/* Get the domain SID stored in the domain policy */
|
||||
if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) {
|
||||
pdb_free_sam(&sam_pass);
|
||||
return NT_STATUS_INVALID_HANDLE;
|
||||
}
|
||||
|
||||
/* append the user's RID to it */
|
||||
if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) {
|
||||
pdb_free_sam(&sam_pass);
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
|
||||
/* Get the user's SID */
|
||||
sid_copy(&sid, (DOM_SID *) pdb_get_user_sid(sam_pass));
|
||||
|
||||
/* associate the user's SID with the new handle. */
|
||||
if ((info = get_samr_info_by_sid(&sid)) == NULL) {
|
||||
pdb_free_sam(&sam_pass);
|
||||
|
@ -81,10 +81,12 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst
|
||||
if (IS_SAM_UNIX_USER(sam_pwent)) {
|
||||
uid = pdb_get_uid(sam_pwent);
|
||||
gid = pdb_get_gid(sam_pwent);
|
||||
printf ("user ID/Group: %d/%d\n", uid, gid);
|
||||
printf ("User ID/Group ID: %d/%d\n", uid, gid);
|
||||
}
|
||||
printf ("user RID/GRID: %u/%u\n", (unsigned int)pdb_get_user_rid(sam_pwent),
|
||||
(unsigned int)pdb_get_group_rid(sam_pwent));
|
||||
printf ("User SID: %s\n",
|
||||
sid_string_static((DOM_SID *)pdb_get_user_sid(sam_pwent)));
|
||||
printf ("Primary Group SID: %s\n",
|
||||
sid_string_static((DOM_SID *)pdb_get_group_sid(sam_pwent)));
|
||||
printf ("Full Name: %s\n", pdb_get_fullname(sam_pwent));
|
||||
printf ("Home Directory: %s\n", pdb_get_homedir(sam_pwent));
|
||||
printf ("HomeDir Drive: %s\n", pdb_get_dirdrive(sam_pwent));
|
||||
@ -329,7 +331,7 @@ static int new_machine (struct pdb_context *in, char *machinename)
|
||||
|
||||
pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
|
||||
|
||||
pdb_set_group_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
|
||||
pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
|
||||
|
||||
if (in->pdb_add_sam_account (in, sam_pwent)) {
|
||||
print_user_info (in, name, True, False);
|
||||
|
Loading…
x
Reference in New Issue
Block a user