mirror of
https://github.com/samba-team/samba.git
synced 2025-03-27 22:50:26 +03:00
s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
Guenther
This commit is contained in:
Günther Deschner
parent
4006160179
commit
4dbd743e46
@ -20,6 +20,7 @@
|
||||
#include "includes.h"
|
||||
#include "../lib/crypto/arcfour.h"
|
||||
#include "../librpc/gen_ndr/netlogon.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_AUTH
|
||||
@ -332,7 +333,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
|
||||
|
||||
/* check if this is a "Unix Users" domain user,
|
||||
* we need to handle it in a special way if that's the case */
|
||||
if (sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) {
|
||||
if (dom_sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) {
|
||||
/* in info3 you can only set rids for the user and the
|
||||
* primary group, and the domain sid must be that of
|
||||
* the sam domain.
|
||||
@ -358,7 +359,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
|
||||
|
||||
/* check if this is a "Unix Groups" domain group,
|
||||
* if so we need special handling */
|
||||
if (sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) {
|
||||
if (dom_sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) {
|
||||
/* in info3 you can only set rids for the user and the
|
||||
* primary group, and the domain sid must be that of
|
||||
* the sam domain.
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
#include "includes.h"
|
||||
#include "secrets.h"
|
||||
#include "memcache.h"
|
||||
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
#include "../librpc/gen_ndr/netlogon.h"
|
||||
|
||||
/****************************************************************************
|
||||
@ -42,7 +42,7 @@ bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token
|
||||
return False;
|
||||
|
||||
for ( i=0; i<token->num_sids; i++ ) {
|
||||
if ( sid_equal( sid, &token->sids[i] ) )
|
||||
if ( dom_sid_equal( sid, &token->sids[i] ) )
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
@ -23,6 +23,7 @@
|
||||
#include "includes.h"
|
||||
#include "groupdb/mapping.h"
|
||||
#include "dbwrap.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
static struct db_context *db; /* used for driver files */
|
||||
|
||||
@ -340,7 +341,7 @@ static int collect_map(struct db_record *rec, void *private_data)
|
||||
}
|
||||
|
||||
if ((state->domsid != NULL) &&
|
||||
(sid_compare_domain(state->domsid, &map.sid) != 0)) {
|
||||
(dom_sid_compare_domain(state->domsid, &map.sid) != 0)) {
|
||||
DEBUG(11,("enum_group_mapping: group %s is not in domain\n",
|
||||
sid_string_dbg(&map.sid)));
|
||||
return 0;
|
||||
@ -455,7 +456,7 @@ static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *membe
|
||||
return False;
|
||||
|
||||
for (i=0; i<num; i++) {
|
||||
if (sid_compare(alias, &sids[i]) == 0) {
|
||||
if (dom_sid_compare(alias, &sids[i]) == 0) {
|
||||
TALLOC_FREE(sids);
|
||||
return True;
|
||||
}
|
||||
@ -576,7 +577,7 @@ static int collect_aliasmem(struct db_record *rec, void *priv)
|
||||
if (!string_to_sid(&alias, alias_string))
|
||||
continue;
|
||||
|
||||
if (sid_compare(state->alias, &alias) != 0)
|
||||
if (dom_sid_compare(state->alias, &alias) != 0)
|
||||
continue;
|
||||
|
||||
/* Ok, we found the alias we're looking for in the membership
|
||||
@ -656,7 +657,7 @@ static NTSTATUS del_aliasmem(const struct dom_sid *alias, const struct dom_sid *
|
||||
}
|
||||
|
||||
for (i=0; i<num; i++) {
|
||||
if (sid_compare(&sids[i], alias) == 0) {
|
||||
if (dom_sid_compare(&sids[i], alias) == 0) {
|
||||
found = True;
|
||||
break;
|
||||
}
|
||||
|
||||
@ -1294,9 +1294,6 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid
|
||||
void sid_copy(struct dom_sid *dst, const struct dom_sid *src);
|
||||
bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid);
|
||||
bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid);
|
||||
int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2);
|
||||
int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2);
|
||||
bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2);
|
||||
bool non_mappable_sid(struct dom_sid *sid);
|
||||
char *sid_binstring(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
|
||||
char *sid_binstring_hex(const struct dom_sid *sid);
|
||||
|
||||
@ -27,6 +27,7 @@
|
||||
#include "../librpc/gen_ndr/cli_lsa.h"
|
||||
#include "rpc_client/cli_lsarpc.h"
|
||||
#include "rpc_client/init_lsa.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx,
|
||||
struct rpc_pipe_client *pipe_cli,
|
||||
@ -1171,7 +1172,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
|
||||
for (i=0; i < r->in.total_entries; i++) {
|
||||
bool already_member = false;
|
||||
for (k=0; k < current_sids.num_sids; k++) {
|
||||
if (sid_equal(&member_sids[i],
|
||||
if (dom_sid_equal(&member_sids[i],
|
||||
current_sids.sids[k].sid)) {
|
||||
already_member = true;
|
||||
break;
|
||||
@ -1193,7 +1194,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
|
||||
for (k=0; k < current_sids.num_sids; k++) {
|
||||
bool keep_member = false;
|
||||
for (i=0; i < r->in.total_entries; i++) {
|
||||
if (sid_equal(&member_sids[i],
|
||||
if (dom_sid_equal(&member_sids[i],
|
||||
current_sids.sids[k].sid)) {
|
||||
keep_member = true;
|
||||
break;
|
||||
|
||||
@ -22,6 +22,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
#include "../librpc/gen_ndr/ndr_security.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
|
||||
SECINFO_DACL|SECINFO_SACL|\
|
||||
@ -607,10 +608,10 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
|
||||
}
|
||||
|
||||
/* The CREATOR sids are special when inherited */
|
||||
if (sid_equal(ptrustee, &global_sid_Creator_Owner)) {
|
||||
if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) {
|
||||
creator = &global_sid_Creator_Owner;
|
||||
ptrustee = owner_sid;
|
||||
} else if (sid_equal(ptrustee, &global_sid_Creator_Group)) {
|
||||
} else if (dom_sid_equal(ptrustee, &global_sid_Creator_Group)) {
|
||||
creator = &global_sid_Creator_Group;
|
||||
ptrustee = group_sid;
|
||||
}
|
||||
|
||||
@ -26,6 +26,7 @@
|
||||
/* function(s) moved from auth/auth_util.c to minimize linker deps */
|
||||
|
||||
#include "includes.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
/****************************************************************************
|
||||
Duplicate a SID token.
|
||||
@ -120,7 +121,7 @@ bool token_sid_in_ace(const struct security_token *token, const struct security_
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < token->num_sids; i++) {
|
||||
if (sid_equal(&ace->trustee, &token->sids[i]))
|
||||
if (dom_sid_equal(&ace->trustee, &token->sids[i]))
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@ -244,7 +244,7 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid
|
||||
return False;
|
||||
}
|
||||
|
||||
if (sid_compare_domain(exp_dom_sid, sid)!=0){
|
||||
if (dom_sid_compare_domain(exp_dom_sid, sid)!=0){
|
||||
*rid=(-1);
|
||||
return False;
|
||||
}
|
||||
@ -307,84 +307,6 @@ bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid)
|
||||
return true;
|
||||
}
|
||||
|
||||
/*****************************************************************
|
||||
Compare the auth portion of two sids.
|
||||
*****************************************************************/
|
||||
|
||||
static int sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (sid1 == sid2)
|
||||
return 0;
|
||||
if (!sid1)
|
||||
return -1;
|
||||
if (!sid2)
|
||||
return 1;
|
||||
|
||||
if (sid1->sid_rev_num != sid2->sid_rev_num)
|
||||
return sid1->sid_rev_num - sid2->sid_rev_num;
|
||||
|
||||
for (i = 0; i < 6; i++)
|
||||
if (sid1->id_auth[i] != sid2->id_auth[i])
|
||||
return sid1->id_auth[i] - sid2->id_auth[i];
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*****************************************************************
|
||||
Compare two sids.
|
||||
*****************************************************************/
|
||||
|
||||
int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (sid1 == sid2)
|
||||
return 0;
|
||||
if (!sid1)
|
||||
return -1;
|
||||
if (!sid2)
|
||||
return 1;
|
||||
|
||||
/* Compare most likely different rids, first: i.e start at end */
|
||||
if (sid1->num_auths != sid2->num_auths)
|
||||
return sid1->num_auths - sid2->num_auths;
|
||||
|
||||
for (i = sid1->num_auths-1; i >= 0; --i)
|
||||
if (sid1->sub_auths[i] != sid2->sub_auths[i])
|
||||
return sid1->sub_auths[i] - sid2->sub_auths[i];
|
||||
|
||||
return sid_compare_auth(sid1, sid2);
|
||||
}
|
||||
|
||||
/*****************************************************************
|
||||
See if 2 SIDs are in the same domain
|
||||
this just compares the leading sub-auths
|
||||
*****************************************************************/
|
||||
|
||||
int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2)
|
||||
{
|
||||
int n, i;
|
||||
|
||||
n = MIN(sid1->num_auths, sid2->num_auths);
|
||||
|
||||
for (i = n-1; i >= 0; --i)
|
||||
if (sid1->sub_auths[i] != sid2->sub_auths[i])
|
||||
return sid1->sub_auths[i] - sid2->sub_auths[i];
|
||||
|
||||
return sid_compare_auth(sid1, sid2);
|
||||
}
|
||||
|
||||
/*****************************************************************
|
||||
Compare two sids.
|
||||
*****************************************************************/
|
||||
|
||||
bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2)
|
||||
{
|
||||
return sid_compare(sid1, sid2) == 0;
|
||||
}
|
||||
|
||||
/*****************************************************************
|
||||
Returns true if SID is internal (and non-mappable).
|
||||
*****************************************************************/
|
||||
@ -397,10 +319,10 @@ bool non_mappable_sid(struct dom_sid *sid)
|
||||
sid_copy(&dom, sid);
|
||||
sid_split_rid(&dom, &rid);
|
||||
|
||||
if (sid_equal(&dom, &global_sid_Builtin))
|
||||
if (dom_sid_equal(&dom, &global_sid_Builtin))
|
||||
return True;
|
||||
|
||||
if (sid_equal(&dom, &global_sid_NT_Authority))
|
||||
if (dom_sid_equal(&dom, &global_sid_NT_Authority))
|
||||
return True;
|
||||
|
||||
return False;
|
||||
@ -494,7 +416,7 @@ NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
|
||||
size_t i;
|
||||
|
||||
for (i=0; i<(*num_sids); i++) {
|
||||
if (sid_compare(sid, &(*sids)[i]) == 0)
|
||||
if (dom_sid_compare(sid, &(*sids)[i]) == 0)
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -515,7 +437,7 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t
|
||||
/* if we find the SID, then decrement the count
|
||||
and break out of the loop */
|
||||
|
||||
if ( sid_equal(sid, &sid_list[i]) ) {
|
||||
if ( dom_sid_equal(sid, &sid_list[i]) ) {
|
||||
*num -= 1;
|
||||
break;
|
||||
}
|
||||
@ -555,7 +477,7 @@ bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
|
||||
bool is_null_sid(const struct dom_sid *sid)
|
||||
{
|
||||
static const struct dom_sid null_sid = {0};
|
||||
return sid_equal(sid, &null_sid);
|
||||
return dom_sid_equal(sid, &null_sid);
|
||||
}
|
||||
|
||||
bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid)
|
||||
@ -563,7 +485,7 @@ bool is_sid_in_token(const struct security_token *token, const struct dom_sid *s
|
||||
int i;
|
||||
|
||||
for (i=0; i<token->num_sids; i++) {
|
||||
if (sid_compare(sid, &token->sids[i]) == 0)
|
||||
if (dom_sid_compare(sid, &token->sids[i]) == 0)
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
||||
@ -25,6 +25,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
#include "libnet/libnet_samsync.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
/* Convert a struct samu_DELTA to a struct samu. */
|
||||
#define STRING_CHANGED (old_string && !new_string) ||\
|
||||
@ -608,7 +609,7 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx,
|
||||
map.gid = grp->gr_gid;
|
||||
map.sid = alias_sid;
|
||||
|
||||
if (sid_equal(dom_sid, &global_sid_Builtin))
|
||||
if (dom_sid_equal(dom_sid, &global_sid_Builtin))
|
||||
map.sid_name_use = SID_NAME_WKN_GRP;
|
||||
else
|
||||
map.sid_name_use = SID_NAME_ALIAS;
|
||||
|
||||
@ -27,6 +27,7 @@
|
||||
#include "libsmb_internal.h"
|
||||
#include "../librpc/gen_ndr/ndr_lsa.h"
|
||||
#include "rpc_client/cli_lsarpc.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
|
||||
/*
|
||||
@ -121,8 +122,8 @@ ace_compare(struct security_ace *ace1,
|
||||
return ace2->type - ace1->type;
|
||||
}
|
||||
|
||||
if (sid_compare(&ace1->trustee, &ace2->trustee)) {
|
||||
return sid_compare(&ace1->trustee, &ace2->trustee);
|
||||
if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
|
||||
return dom_sid_compare(&ace1->trustee, &ace2->trustee);
|
||||
}
|
||||
|
||||
if (ace1->flags != ace2->flags) {
|
||||
@ -1608,7 +1609,7 @@ cacl_set(SMBCCTX *context,
|
||||
bool found = False;
|
||||
|
||||
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
|
||||
if (sid_equal(&sd->dacl->aces[i].trustee,
|
||||
if (dom_sid_equal(&sd->dacl->aces[i].trustee,
|
||||
&old->dacl->aces[j].trustee)) {
|
||||
if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
|
||||
err = EEXIST;
|
||||
|
||||
@ -417,7 +417,7 @@ static void split_afs_acl(struct afs_acl *acl,
|
||||
static bool same_principal(struct afs_ace *x, struct afs_ace *y)
|
||||
{
|
||||
return ( (x->positive == y->positive) &&
|
||||
(sid_compare(&x->sid, &y->sid) == 0) );
|
||||
(dom_sid_compare(&x->sid, &y->sid) == 0) );
|
||||
}
|
||||
|
||||
static void merge_afs_acls(struct afs_acl *dir_acl,
|
||||
@ -699,16 +699,16 @@ static bool mappable_sid(const struct dom_sid *sid)
|
||||
{
|
||||
struct dom_sid domain_sid;
|
||||
|
||||
if (sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
|
||||
if (dom_sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
|
||||
return True;
|
||||
|
||||
if (sid_compare(sid, &global_sid_World) == 0)
|
||||
if (dom_sid_compare(sid, &global_sid_World) == 0)
|
||||
return True;
|
||||
|
||||
if (sid_compare(sid, &global_sid_Authenticated_Users) == 0)
|
||||
if (dom_sid_compare(sid, &global_sid_Authenticated_Users) == 0)
|
||||
return True;
|
||||
|
||||
if (sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
|
||||
if (dom_sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
|
||||
return True;
|
||||
|
||||
string_to_sid(&domain_sid, "S-1-5-21");
|
||||
@ -757,22 +757,22 @@ static bool nt_to_afs_acl(const char *filename,
|
||||
continue;
|
||||
}
|
||||
|
||||
if (sid_compare(&ace->trustee,
|
||||
if (dom_sid_compare(&ace->trustee,
|
||||
&global_sid_Builtin_Administrators) == 0) {
|
||||
|
||||
name = "system:administrators";
|
||||
|
||||
} else if (sid_compare(&ace->trustee,
|
||||
} else if (dom_sid_compare(&ace->trustee,
|
||||
&global_sid_World) == 0) {
|
||||
|
||||
name = "system:anyuser";
|
||||
|
||||
} else if (sid_compare(&ace->trustee,
|
||||
} else if (dom_sid_compare(&ace->trustee,
|
||||
&global_sid_Authenticated_Users) == 0) {
|
||||
|
||||
name = "system:authuser";
|
||||
|
||||
} else if (sid_compare(&ace->trustee,
|
||||
} else if (dom_sid_compare(&ace->trustee,
|
||||
&global_sid_Builtin_Backup_Operators)
|
||||
== 0) {
|
||||
|
||||
|
||||
@ -24,6 +24,7 @@
|
||||
#include "secrets.h"
|
||||
#include "memcache.h"
|
||||
#include "idmap_cache.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
/*****************************************************************
|
||||
Dissect a user-provided name into domain, name, sid and type.
|
||||
@ -655,7 +656,7 @@ static bool lookup_as_domain(const struct dom_sid *sid, TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
for (i=0; i<num_domains; i++) {
|
||||
if (sid_equal(sid, &domains[i]->sid)) {
|
||||
if (dom_sid_equal(sid, &domains[i]->sid)) {
|
||||
*name = talloc_strdup(mem_ctx,
|
||||
domains[i]->name);
|
||||
return true;
|
||||
@ -834,7 +835,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
|
||||
if (!dom_infos[j].valid) {
|
||||
break;
|
||||
}
|
||||
if (sid_equal(&sid, &dom_infos[j].sid)) {
|
||||
if (dom_sid_equal(&sid, &dom_infos[j].sid)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -1581,7 +1582,7 @@ NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx,
|
||||
/* We need a sid within our domain */
|
||||
sid_copy(&domain_sid, group_sid);
|
||||
sid_split_rid(&domain_sid, &rid);
|
||||
if (sid_equal(&domain_sid, get_global_sam_sid())) {
|
||||
if (dom_sid_equal(&domain_sid, get_global_sam_sid())) {
|
||||
/*
|
||||
* As shortcut for the expensive lookup_sid call
|
||||
* compare the domain sid part
|
||||
|
||||
@ -23,6 +23,7 @@
|
||||
#include "includes.h"
|
||||
#include "secrets.h"
|
||||
#include "dbwrap.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
|
||||
equal to the domain SID when we are a DC, otherwise its our
|
||||
@ -113,7 +114,7 @@ static struct dom_sid *pdb_generate_sam_sid(void)
|
||||
return sam_sid;
|
||||
}
|
||||
|
||||
if (!sid_equal(&domain_sid, sam_sid)) {
|
||||
if (!dom_sid_equal(&domain_sid, sam_sid)) {
|
||||
|
||||
/* Domain name sid doesn't match global sam sid. Re-store domain sid as 'local' sid. */
|
||||
|
||||
@ -232,7 +233,7 @@ void reset_global_sam_sid(void)
|
||||
|
||||
bool sid_check_is_domain(const struct dom_sid *sid)
|
||||
{
|
||||
return sid_equal(sid, get_global_sam_sid());
|
||||
return dom_sid_equal(sid, get_global_sam_sid());
|
||||
}
|
||||
|
||||
/*****************************************************************
|
||||
|
||||
@ -23,6 +23,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
#include "../libcli/auth/libcli_auth.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_PASSDB
|
||||
@ -509,7 +510,7 @@ bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum p
|
||||
|
||||
sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS);
|
||||
|
||||
if (sid_equal(&dug_sid, g_sid)) {
|
||||
if (dom_sid_equal(&dug_sid, g_sid)) {
|
||||
sid_copy(sampass->group_sid, &dug_sid);
|
||||
} else if (sid_to_gid( g_sid, &gid ) ) {
|
||||
sid_copy(sampass->group_sid, g_sid);
|
||||
|
||||
@ -25,6 +25,7 @@
|
||||
#include "../librpc/gen_ndr/samr.h"
|
||||
#include "memcache.h"
|
||||
#include "nsswitch/winbind_client.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_PASSDB
|
||||
@ -890,7 +891,7 @@ static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
|
||||
}
|
||||
|
||||
for (i=0; i<num_groups; i++) {
|
||||
if (sid_equal(group_sid, &sids[i])) {
|
||||
if (dom_sid_equal(group_sid, &sids[i])) {
|
||||
return True;
|
||||
}
|
||||
}
|
||||
|
||||
@ -47,6 +47,7 @@
|
||||
#include "../libcli/auth/libcli_auth.h"
|
||||
#include "secrets.h"
|
||||
#include "idmap_cache.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_PASSDB
|
||||
@ -1106,7 +1107,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
|
||||
|
||||
gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid);
|
||||
primary_gsid = pdb_get_group_sid(sampass);
|
||||
if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) {
|
||||
if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) {
|
||||
store_gid_sid_cache(primary_gsid,
|
||||
sampass->unix_pw->pw_gid);
|
||||
idmap_cache_set_sid2gid(primary_gsid,
|
||||
@ -2682,7 +2683,7 @@ static bool ldapsam_extract_rid_from_entry(LDAP *ldap_struct,
|
||||
return False;
|
||||
}
|
||||
|
||||
if (sid_compare_domain(&sid, domain_sid) != 0) {
|
||||
if (dom_sid_compare_domain(&sid, domain_sid) != 0) {
|
||||
DEBUG(10, ("SID %s is not in expected domain %s\n",
|
||||
str, sid_string_dbg(domain_sid)));
|
||||
return False;
|
||||
@ -3055,7 +3056,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
|
||||
}
|
||||
}
|
||||
|
||||
if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
|
||||
if (dom_sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
|
||||
DEBUG(3, ("primary group of [%s] not found\n",
|
||||
pdb_get_username(user)));
|
||||
goto done;
|
||||
@ -6668,7 +6669,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
|
||||
}
|
||||
found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,
|
||||
&secrets_domain_sid);
|
||||
if (!found_sid || !sid_equal(&secrets_domain_sid,
|
||||
if (!found_sid || !dom_sid_equal(&secrets_domain_sid,
|
||||
&ldap_domain_sid)) {
|
||||
DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain "
|
||||
"%s based on pdb_ldap results %s -> %s\n",
|
||||
|
||||
@ -22,6 +22,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
#include "../librpc/gen_ndr/samr.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_PASSDB
|
||||
@ -1372,7 +1373,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam
|
||||
return nt_status;
|
||||
|
||||
/* build_sam_account might change the SID on us, if the name was for the guest account */
|
||||
if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) {
|
||||
if (NT_STATUS_IS_OK(nt_status) && !dom_sid_equal(pdb_get_user_sid(sam_acct), sid)) {
|
||||
DEBUG(1, ("looking for user with sid %s instead returned %s "
|
||||
"for account %s!?!\n", sid_string_dbg(sid),
|
||||
sid_string_dbg(pdb_get_user_sid(sam_acct)),
|
||||
|
||||
@ -18,6 +18,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
struct rid_name_map {
|
||||
uint32 rid;
|
||||
@ -104,7 +105,7 @@ const char *builtin_domain_name(void)
|
||||
|
||||
bool sid_check_is_builtin(const struct dom_sid *sid)
|
||||
{
|
||||
return sid_equal(sid, &global_sid_Builtin);
|
||||
return dom_sid_equal(sid, &global_sid_Builtin);
|
||||
}
|
||||
|
||||
/*****************************************************************
|
||||
|
||||
@ -18,10 +18,11 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
bool sid_check_is_unix_users(const struct dom_sid *sid)
|
||||
{
|
||||
return sid_equal(sid, &global_sid_Unix_Users);
|
||||
return dom_sid_equal(sid, &global_sid_Unix_Users);
|
||||
}
|
||||
|
||||
bool sid_check_is_in_unix_users(const struct dom_sid *sid)
|
||||
@ -79,7 +80,7 @@ bool lookup_unix_user_name(const char *name, struct dom_sid *sid)
|
||||
|
||||
bool sid_check_is_unix_groups(const struct dom_sid *sid)
|
||||
{
|
||||
return sid_equal(sid, &global_sid_Unix_Groups);
|
||||
return dom_sid_equal(sid, &global_sid_Unix_Groups);
|
||||
}
|
||||
|
||||
bool sid_check_is_in_unix_groups(const struct dom_sid *sid)
|
||||
|
||||
@ -21,6 +21,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
struct rid_name_map {
|
||||
uint32 rid;
|
||||
@ -75,7 +76,7 @@ bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name)
|
||||
int i;
|
||||
|
||||
for (i=0; special_domains[i].sid != NULL; i++) {
|
||||
if (sid_equal(sid, special_domains[i].sid)) {
|
||||
if (dom_sid_equal(sid, special_domains[i].sid)) {
|
||||
if (name != NULL) {
|
||||
*name = special_domains[i].name;
|
||||
}
|
||||
@ -115,7 +116,7 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
|
||||
}
|
||||
|
||||
for (i=0; special_domains[i].sid != NULL; i++) {
|
||||
if (sid_equal(&dom_sid, special_domains[i].sid)) {
|
||||
if (dom_sid_equal(&dom_sid, special_domains[i].sid)) {
|
||||
*domain = talloc_strdup(mem_ctx,
|
||||
special_domains[i].name);
|
||||
users = special_domains[i].known_users;
|
||||
|
||||
@ -34,6 +34,7 @@
|
||||
#include "secrets.h"
|
||||
#include "../librpc/gen_ndr/netlogon.h"
|
||||
#include "rpc_client/init_lsa.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_RPC_SRV
|
||||
@ -91,7 +92,7 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
|
||||
|
||||
if (dom_name != NULL) {
|
||||
for (num = 0; num < ref->count; num++) {
|
||||
if (sid_equal(dom_sid, ref->domains[num].sid)) {
|
||||
if (dom_sid_equal(dom_sid, ref->domains[num].sid)) {
|
||||
return num;
|
||||
}
|
||||
}
|
||||
|
||||
@ -39,6 +39,7 @@
|
||||
#include "../lib/crypto/arcfour.h"
|
||||
#include "secrets.h"
|
||||
#include "rpc_client/init_lsa.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_RPC_SRV
|
||||
@ -712,7 +713,7 @@ NTSTATUS _samr_SetSecurity(struct pipes_struct *p,
|
||||
|
||||
dacl = r->in.sdbuf->sd->dacl;
|
||||
for (i=0; i < dacl->num_aces; i++) {
|
||||
if (sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) {
|
||||
if (dom_sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) {
|
||||
ret = pdb_set_pass_can_change(sampass,
|
||||
(dacl->aces[i].access_mask &
|
||||
SAMR_USER_ACCESS_CHANGE_PASSWORD) ?
|
||||
|
||||
@ -28,6 +28,7 @@
|
||||
#include "../librpc/gen_ndr/ndr_security.h"
|
||||
#include "secrets.h"
|
||||
#include "rpc_server/rpc_ncacn_np.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#define TOP_LEVEL_PRINT_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print"
|
||||
#define TOP_LEVEL_PRINT_PRINTERS_KEY TOP_LEVEL_PRINT_KEY "\\Printers"
|
||||
@ -2387,7 +2388,7 @@ create_default:
|
||||
/* If security descriptor is owned by S-1-1-0 and winbindd is up,
|
||||
this security descriptor has been created when winbindd was
|
||||
down. Take ownership of security descriptor. */
|
||||
if (sid_equal(secdesc->owner_sid, &global_sid_World)) {
|
||||
if (dom_sid_equal(secdesc->owner_sid, &global_sid_World)) {
|
||||
struct dom_sid owner_sid;
|
||||
|
||||
/* Change sd owner to workgroup administrator */
|
||||
|
||||
@ -20,6 +20,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
extern const struct generic_mapping file_generic_mapping;
|
||||
|
||||
@ -944,10 +945,10 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
|
||||
* ensure the POSIX ACL types are the same. */
|
||||
|
||||
if (!dir_acl) {
|
||||
can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
|
||||
can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
|
||||
(curr_ace->attr == curr_ace_outer->attr));
|
||||
} else {
|
||||
can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
|
||||
can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
|
||||
(curr_ace->type == curr_ace_outer->type) &&
|
||||
(curr_ace->attr == curr_ace_outer->attr));
|
||||
}
|
||||
@ -996,7 +997,7 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
|
||||
* we've put on the ACL, we know the deny must be the first one.
|
||||
*/
|
||||
|
||||
if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
|
||||
if (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
|
||||
(curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
|
||||
|
||||
if( DEBUGLVL( 10 )) {
|
||||
@ -1297,7 +1298,7 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano
|
||||
|
||||
/* "Everyone" always matches every uid. */
|
||||
|
||||
if (sid_equal(&group_ace->trustee, &global_sid_World))
|
||||
if (dom_sid_equal(&group_ace->trustee, &global_sid_World))
|
||||
return True;
|
||||
|
||||
/*
|
||||
@ -1513,12 +1514,12 @@ static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, s
|
||||
|
||||
for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
|
||||
if (!got_user_obj && current_ace->owner_type == UID_ACE &&
|
||||
sid_equal(¤t_ace->trustee, pfile_owner_sid)) {
|
||||
dom_sid_equal(¤t_ace->trustee, pfile_owner_sid)) {
|
||||
current_ace->type = SMB_ACL_USER_OBJ;
|
||||
got_user_obj = True;
|
||||
}
|
||||
if (!got_group_obj && current_ace->owner_type == GID_ACE &&
|
||||
sid_equal(¤t_ace->trustee, pfile_grp_sid)) {
|
||||
dom_sid_equal(¤t_ace->trustee, pfile_grp_sid)) {
|
||||
current_ace->type = SMB_ACL_GROUP_OBJ;
|
||||
got_group_obj = True;
|
||||
}
|
||||
@ -1549,7 +1550,7 @@ static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace)
|
||||
*/
|
||||
|
||||
if (ace->type == SMB_ACL_USER_OBJ &&
|
||||
!(sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {
|
||||
!(dom_sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {
|
||||
canon_ace *dup_ace = dup_canon_ace(ace);
|
||||
|
||||
if (dup_ace == NULL) {
|
||||
@ -1560,7 +1561,7 @@ static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace)
|
||||
}
|
||||
|
||||
if (ace->type == SMB_ACL_GROUP_OBJ &&
|
||||
!(sid_equal(&ace->trustee, &global_sid_Creator_Group))) {
|
||||
!(dom_sid_equal(&ace->trustee, &global_sid_Creator_Group))) {
|
||||
canon_ace *dup_ace = dup_canon_ace(ace);
|
||||
|
||||
if (dup_ace == NULL) {
|
||||
@ -1646,7 +1647,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
|
||||
if (psa1->access_mask != psa2->access_mask)
|
||||
continue;
|
||||
|
||||
if (!sid_equal(&psa1->trustee, &psa2->trustee))
|
||||
if (!dom_sid_equal(&psa1->trustee, &psa2->trustee))
|
||||
continue;
|
||||
|
||||
/*
|
||||
@ -1692,11 +1693,11 @@ static bool create_canon_ace_lists(files_struct *fsp,
|
||||
* Note what kind of a POSIX ACL this should map to.
|
||||
*/
|
||||
|
||||
if( sid_equal(¤t_ace->trustee, &global_sid_World)) {
|
||||
if( dom_sid_equal(¤t_ace->trustee, &global_sid_World)) {
|
||||
current_ace->owner_type = WORLD_ACE;
|
||||
current_ace->unix_ug.world = -1;
|
||||
current_ace->type = SMB_ACL_OTHER;
|
||||
} else if (sid_equal(¤t_ace->trustee, &global_sid_Creator_Owner)) {
|
||||
} else if (dom_sid_equal(¤t_ace->trustee, &global_sid_Creator_Owner)) {
|
||||
current_ace->owner_type = UID_ACE;
|
||||
current_ace->unix_ug.uid = pst->st_ex_uid;
|
||||
current_ace->type = SMB_ACL_USER_OBJ;
|
||||
@ -1709,7 +1710,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
|
||||
|
||||
psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
|
||||
|
||||
} else if (sid_equal(¤t_ace->trustee, &global_sid_Creator_Group)) {
|
||||
} else if (dom_sid_equal(¤t_ace->trustee, &global_sid_Creator_Group)) {
|
||||
current_ace->owner_type = GID_ACE;
|
||||
current_ace->unix_ug.gid = pst->st_ex_gid;
|
||||
current_ace->type = SMB_ACL_GROUP_OBJ;
|
||||
@ -2085,7 +2086,7 @@ static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list )
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!sid_equal(&curr_ace->trustee, &global_sid_World))
|
||||
if (!dom_sid_equal(&curr_ace->trustee, &global_sid_World))
|
||||
continue;
|
||||
|
||||
/* JRATEST - assert. */
|
||||
@ -3080,7 +3081,7 @@ static size_t merge_default_aces( struct security_ace *nt_ace_list, size_t num_a
|
||||
if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
|
||||
(nt_ace_list[i].size == nt_ace_list[j].size) &&
|
||||
(nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
|
||||
sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
|
||||
dom_sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
|
||||
(i_inh == j_inh) &&
|
||||
(i_flags_ni == 0) &&
|
||||
(j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT|
|
||||
@ -3144,7 +3145,7 @@ static void add_or_replace_ace(struct security_ace *nt_ace_list, size_t *num_ace
|
||||
|
||||
/* first search for a duplicate */
|
||||
for (i = 0; i < *num_aces; i++) {
|
||||
if (sid_equal(&nt_ace_list[i].trustee, sid) &&
|
||||
if (dom_sid_equal(&nt_ace_list[i].trustee, sid) &&
|
||||
(nt_ace_list[i].flags == flags)) break;
|
||||
}
|
||||
|
||||
@ -3367,7 +3368,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
|
||||
|
||||
if (lp_profile_acls(SNUM(conn))) {
|
||||
for (i = 0; i < num_aces; i++) {
|
||||
if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
|
||||
if (dom_sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
|
||||
add_or_replace_ace(nt_ace_list, &num_aces,
|
||||
&orig_owner_sid,
|
||||
nt_ace_list[i].type,
|
||||
@ -3756,7 +3757,7 @@ NTSTATUS append_parent_acl(files_struct *fsp,
|
||||
* same SID. This is order N^2. Ouch :-(. JRA. */
|
||||
unsigned int k;
|
||||
for (k = 0; k < psd->dacl->num_aces; k++) {
|
||||
if (sid_equal(&psd->dacl->aces[k].trustee,
|
||||
if (dom_sid_equal(&psd->dacl->aces[k].trustee,
|
||||
&se->trustee)) {
|
||||
break;
|
||||
}
|
||||
|
||||
@ -6852,7 +6852,7 @@ static bool run_local_string_to_sid(int dummy) {
|
||||
printf("could not parse S-1-5-32-545\n");
|
||||
return false;
|
||||
}
|
||||
if (!sid_equal(&sid, &global_sid_Builtin_Users)) {
|
||||
if (!dom_sid_equal(&sid, &global_sid_Builtin_Users)) {
|
||||
printf("mis-parsed S-1-5-32-545 as %s\n",
|
||||
sid_string_tos(&sid));
|
||||
return false;
|
||||
|
||||
@ -36,6 +36,7 @@
|
||||
#include "secrets.h"
|
||||
#include "lib/netapi/netapi.h"
|
||||
#include "rpc_client/init_lsa.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
static int net_mode_share;
|
||||
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
|
||||
@ -4171,7 +4172,7 @@ static bool is_alias_member(struct dom_sid *sid, struct full_alias *alias)
|
||||
int i;
|
||||
|
||||
for (i=0; i<alias->num_members; i++) {
|
||||
if (sid_compare(sid, &alias->members[i]) == 0)
|
||||
if (dom_sid_compare(sid, &alias->members[i]) == 0)
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@ -29,6 +29,7 @@
|
||||
#include "../librpc/gen_ndr/ndr_drsuapi.h"
|
||||
#include "libnet/libnet_samsync.h"
|
||||
#include "libnet/libnet_dssync.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx,
|
||||
int argc,
|
||||
@ -187,7 +188,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c,
|
||||
NTSTATUS result;
|
||||
struct samsync_context *ctx = NULL;
|
||||
|
||||
if (!sid_equal(domain_sid, get_global_sam_sid())) {
|
||||
if (!dom_sid_equal(domain_sid, get_global_sam_sid())) {
|
||||
d_printf(_("Cannot import users from %s at this time, "
|
||||
"as the current domain:\n\t%s: %s\nconflicts "
|
||||
"with the remote domain\n\t%s: %s\n"
|
||||
|
||||
@ -23,6 +23,7 @@
|
||||
#include "popt_common.h"
|
||||
#include "registry/reg_objects.h"
|
||||
#include "regfio.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
/* GLOBAL VARIABLES */
|
||||
|
||||
@ -64,7 +65,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
|
||||
bool update = False;
|
||||
|
||||
verbose_output(" Owner SID: %s\n", sid_string_tos(sd->owner_sid));
|
||||
if ( sid_equal( sd->owner_sid, s1 ) ) {
|
||||
if ( dom_sid_equal( sd->owner_sid, s1 ) ) {
|
||||
sid_copy( sd->owner_sid, s2 );
|
||||
update = True;
|
||||
verbose_output(" New Owner SID: %s\n",
|
||||
@ -73,7 +74,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
|
||||
}
|
||||
|
||||
verbose_output(" Group SID: %s\n", sid_string_tos(sd->group_sid));
|
||||
if ( sid_equal( sd->group_sid, s1 ) ) {
|
||||
if ( dom_sid_equal( sd->group_sid, s1 ) ) {
|
||||
sid_copy( sd->group_sid, s2 );
|
||||
update = True;
|
||||
verbose_output(" New Group SID: %s\n",
|
||||
@ -85,7 +86,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
|
||||
for ( i=0; i<theacl->num_aces; i++ ) {
|
||||
verbose_output(" Trustee SID: %s\n",
|
||||
sid_string_tos(&theacl->aces[i].trustee));
|
||||
if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) {
|
||||
if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
|
||||
sid_copy( &theacl->aces[i].trustee, s2 );
|
||||
update = True;
|
||||
verbose_output(" New Trustee SID: %s\n",
|
||||
@ -99,7 +100,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
|
||||
for ( i=0; i<theacl->num_aces; i++ ) {
|
||||
verbose_output(" Trustee SID: %s\n",
|
||||
sid_string_tos(&theacl->aces[i].trustee));
|
||||
if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) {
|
||||
if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
|
||||
sid_copy( &theacl->aces[i].trustee, s2 );
|
||||
update = True;
|
||||
verbose_output(" New Trustee SID: %s\n",
|
||||
|
||||
@ -24,6 +24,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
#include "popt_common.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
static TALLOC_CTX *ctx;
|
||||
|
||||
@ -370,8 +371,8 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2)
|
||||
if (ace1->type != ace2->type)
|
||||
return ace2->type - ace1->type;
|
||||
|
||||
if (sid_compare(&ace1->trustee, &ace2->trustee))
|
||||
return sid_compare(&ace1->trustee, &ace2->trustee);
|
||||
if (dom_sid_compare(&ace1->trustee, &ace2->trustee))
|
||||
return dom_sid_compare(&ace1->trustee, &ace2->trustee);
|
||||
|
||||
if (ace1->flags != ace2->flags)
|
||||
return ace1->flags - ace2->flags;
|
||||
@ -459,7 +460,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
|
||||
bool found = False;
|
||||
|
||||
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
|
||||
if (sid_equal(&sd->dacl->aces[i].trustee,
|
||||
if (dom_sid_equal(&sd->dacl->aces[i].trustee,
|
||||
&old->dacl->aces[j].trustee)) {
|
||||
old->dacl->aces[j] = sd->dacl->aces[i];
|
||||
found = True;
|
||||
|
||||
@ -25,6 +25,7 @@
|
||||
#include "popt_common.h"
|
||||
#include "../librpc/gen_ndr/ndr_lsa.h"
|
||||
#include "rpc_client/cli_lsarpc.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
extern bool AllowDebugChange;
|
||||
|
||||
@ -835,8 +836,8 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2)
|
||||
if (ace1->type != ace2->type)
|
||||
return ace2->type - ace1->type;
|
||||
|
||||
if (sid_compare(&ace1->trustee, &ace2->trustee))
|
||||
return sid_compare(&ace1->trustee, &ace2->trustee);
|
||||
if (dom_sid_compare(&ace1->trustee, &ace2->trustee))
|
||||
return dom_sid_compare(&ace1->trustee, &ace2->trustee);
|
||||
|
||||
if (ace1->flags != ace2->flags)
|
||||
return ace1->flags - ace2->flags;
|
||||
@ -929,7 +930,7 @@ static int cacl_set(struct cli_state *cli, const char *filename,
|
||||
bool found = False;
|
||||
|
||||
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
|
||||
if (sid_equal(&sd->dacl->aces[i].trustee,
|
||||
if (dom_sid_equal(&sd->dacl->aces[i].trustee,
|
||||
&old->dacl->aces[j].trustee)) {
|
||||
old->dacl->aces[j] = sd->dacl->aces[i];
|
||||
found = True;
|
||||
|
||||
@ -33,6 +33,7 @@
|
||||
#include "nss_info.h"
|
||||
#include "secrets.h"
|
||||
#include "idmap.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_IDMAP
|
||||
@ -266,7 +267,7 @@ static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid)
|
||||
int i;
|
||||
|
||||
for (i = 0; maps[i] && i<IDMAP_AD_MAX_IDS; i++) {
|
||||
if (sid_equal(maps[i]->sid, sid)) {
|
||||
if (dom_sid_equal(maps[i]->sid, sid)) {
|
||||
return maps[i];
|
||||
}
|
||||
}
|
||||
|
||||
@ -28,6 +28,7 @@
|
||||
#include "secrets.h"
|
||||
#include "idmap.h"
|
||||
#include "idmap_rw.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_IDMAP
|
||||
@ -1030,7 +1031,7 @@ static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid)
|
||||
if (maps[i] == NULL) { /* end of the run */
|
||||
return NULL;
|
||||
}
|
||||
if (sid_equal(maps[i]->sid, sid)) {
|
||||
if (dom_sid_equal(maps[i]->sid, sid)) {
|
||||
return maps[i];
|
||||
}
|
||||
}
|
||||
|
||||
@ -20,6 +20,7 @@
|
||||
#include "includes.h"
|
||||
#include "winbindd.h"
|
||||
#include "librpc/gen_ndr/cli_wbint.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
struct wb_getgrsid_state {
|
||||
struct tevent_context *ev;
|
||||
@ -55,7 +56,7 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
|
||||
if (lp_winbind_trusted_domains_only()) {
|
||||
struct winbindd_domain *our_domain = find_our_domain();
|
||||
|
||||
if (sid_compare_domain(group_sid, &our_domain->sid) == 0) {
|
||||
if (dom_sid_compare_domain(group_sid, &our_domain->sid) == 0) {
|
||||
DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
|
||||
"getgrsid() for %s\n", sid_string_tos(group_sid)));
|
||||
tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
|
||||
|
||||
@ -30,6 +30,7 @@
|
||||
#include "../librpc/gen_ndr/ndr_wbint.h"
|
||||
#include "ads.h"
|
||||
#include "nss_info.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_WINBIND
|
||||
@ -118,7 +119,7 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
|
||||
}
|
||||
|
||||
if (strequal(domain->name, get_global_sam_name()) &&
|
||||
sid_equal(&domain->sid, get_global_sam_sid())) {
|
||||
dom_sid_equal(&domain->sid, get_global_sam_sid())) {
|
||||
domain->backend = &sam_passdb_methods;
|
||||
domain->initialized = True;
|
||||
}
|
||||
@ -644,7 +645,7 @@ static struct cache_entry *wcache_fetch_raw(char *kstr)
|
||||
static bool is_my_own_sam_domain(struct winbindd_domain *domain)
|
||||
{
|
||||
if (strequal(domain->name, get_global_sam_name()) &&
|
||||
sid_equal(&domain->sid, get_global_sam_sid())) {
|
||||
dom_sid_equal(&domain->sid, get_global_sam_sid())) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -654,7 +655,7 @@ static bool is_my_own_sam_domain(struct winbindd_domain *domain)
|
||||
static bool is_builtin_domain(struct winbindd_domain *domain)
|
||||
{
|
||||
if (strequal(domain->name, "BUILTIN") &&
|
||||
sid_equal(&domain->sid, &global_sid_Builtin)) {
|
||||
dom_sid_equal(&domain->sid, &global_sid_Builtin)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@ -23,6 +23,7 @@
|
||||
#include "includes.h"
|
||||
#include "winbindd.h"
|
||||
#include "secrets.h"
|
||||
#include "../libcli/security/dom_sid.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_WINBIND
|
||||
@ -135,7 +136,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
|
||||
continue;
|
||||
}
|
||||
|
||||
if (sid_equal(sid, &domain->sid)) {
|
||||
if (dom_sid_equal(sid, &domain->sid)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -146,7 +147,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
|
||||
* We found a match. Possibly update the SID
|
||||
*/
|
||||
if ((sid != NULL)
|
||||
&& sid_equal(&domain->sid, &global_sid_NULL)) {
|
||||
&& dom_sid_equal(&domain->sid, &global_sid_NULL)) {
|
||||
sid_copy( &domain->sid, sid );
|
||||
}
|
||||
return domain;
|
||||
@ -740,7 +741,7 @@ struct winbindd_domain *find_domain_from_sid_noinit(const struct dom_sid *sid)
|
||||
/* Search through list */
|
||||
|
||||
for (domain = domain_list(); domain != NULL; domain = domain->next) {
|
||||
if (sid_compare_domain(sid, &domain->sid) == 0)
|
||||
if (dom_sid_compare_domain(sid, &domain->sid) == 0)
|
||||
return domain;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user