yeehaah got users to be included in S-1-5-xxx-yyy-zzz's local groups.

now need search capability on S-1-5-20, which will need argh, a
"group database API" on S-1-5-20, and the ability to add BUILTIN\Admins
etc to "local group map" argh.

source/groupdb/aliasunix.c

@@ -66,30 +66,51 @@ static BOOL setalsunixpwpos(void *vp, SMB_BIG_UINT tok)
 }
 
 /*************************************************************************
- maps a unix group to a rid, domain sid and an nt alias name.  
+ maps a unix group to a domain sid and an nt alias name.  
 *************************************************************************/
-static void map_unix_als_to_nt_als(struct group *unix_als, char *nt_name, DOM_SID *sid, uint32 *rid)
+static void map_unix_grp_to_nt_als(char *unix_name,
+	struct group *unix_grp, char *nt_name, DOM_SID *sid)
 {
-	if (map_alias_gid(unix_als->gr_gid, sid, nt_name, NULL))
+	BOOL found = False;
+	uint32 rid;
+	fstring ntname;
+	fstring ntdomain;
+
+	if (isdigit(unix_name[0]))
+	{
+		unix_grp->gr_gid = get_number(unix_name);
+		unix_grp->gr_name = unix_name;
+		found = map_alias_gid(unix_grp->gr_gid, sid, ntname, ntdomain);
+	}
+	else
+	{
+		unix_grp->gr_name = unix_name;
+		found = map_unix_alias_name(unix_grp->gr_name, sid, ntname, ntdomain);
+	}
+
+	if (found)
 	{
 		/*
 		 * find the NT name represented by this UNIX gid.
-		 * then, only accept NT aliases that are in our domain
+		 * then, only accept NT aliass that are in our domain
 		 */
 
-		sid_split_rid(sid, rid);
+		sid_split_rid(sid, &rid);
 	}
 	else
 	{
 		/*
-		 * assume that the UNIX alias is an NT alias with
+		 * assume that the UNIX group is an NT alias with
 		 * the same name.  convert gid to a alias rid.
 		 */
 		
-		fstrcpy(nt_name, unix_als->gr_name);
+		fstrcpy(ntdomain, global_sam_name);
+		fstrcpy(ntname, unix_grp->gr_name);
 		sid_copy(sid, &global_sam_sid);
-		(*rid) = pwdb_gid_to_alias_rid(unix_als->gr_gid);
 	}
+
+	slprintf(nt_name, sizeof(fstring)-1, "\\%s\\%s",
+	         ntdomain, ntname);
 }
 
 /*************************************************************************
@@ -113,13 +134,11 @@ BOOL get_unixalias_members(struct group *als,
 	for (i = 0; (unix_name = als->gr_mem[i]) != NULL; i++)
 	{
 		DOM_SID sid;
-		BOOL found = False;
+		struct group unix_grp;
 
-		found = map_unix_alias_name(unix_name, &sid, nt_name, NULL);
+		map_unix_grp_to_nt_als(unix_name, &unix_grp, nt_name, &sid);
 
-		found = found ? sid_equal(&sid, &global_sam_sid) : False;
+		if (!sid_equal(&sid, &global_sam_sid))
-
-		if (!found)
 		{
 			DEBUG(0,("alias database: could not resolve name %s in domain %s\n",
 			          unix_name, global_sam_name));

source/include/proto.h

@@ -1986,10 +1986,10 @@ void make_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u,
 		uint16 switch_value, char *acct_desc,
 		uint32 status);
 void samr_io_r_query_aliasinfo(char *desc,  SAMR_R_QUERY_ALIASINFO *r_u, prs_struct *ps, int depth);
-void samr_io_q_lookup_ids(char *desc,  SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, int depth);
+void samr_io_q_query_useraliases(char *desc,  SAMR_Q_QUERY_USERALIASES *q_u, prs_struct *ps, int depth);
-void make_samr_r_lookup_ids(SAMR_R_LOOKUP_IDS *r_u,
+void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u,
 		uint32 num_rids, uint32 *rid, uint32 status);
-void samr_io_r_lookup_ids(char *desc,  SAMR_R_LOOKUP_IDS *r_u, prs_struct *ps, int depth);
+void samr_io_r_query_useraliases(char *desc,  SAMR_R_QUERY_USERALIASES *r_u, prs_struct *ps, int depth);
 void samr_io_q_lookup_names(char *desc,  SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth);
 void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u,
 		uint32 num_rids, uint32 *rid, uint8 *type, uint32 status);

source/include/rpc_samr.h

@@ -80,7 +80,7 @@ SamrTestPrivateFunctionsUser
 #define SAMR_CLOSE_HND         0x01
 #define SAMR_OPEN_DOMAIN       0x07
 #define SAMR_QUERY_DOMAIN_INFO 0x08
-#define SAMR_LOOKUP_IDS        0x10
+#define SAMR_QUERY_USERALIASES        0x10
 #define SAMR_LOOKUP_NAMES      0x11
 #define SAMR_UNKNOWN_3         0x03
 #define SAMR_QUERY_DISPINFO    0x28
@@ -760,14 +760,14 @@ typedef struct r_samr_query_user_info
 
 
 /****************************************************************************
-SAMR_Q_LOOKUP_IDS - do a conversion from name to RID.
+SAMR_Q_QUERY_USERALIASES - do a conversion from name to RID.
 
 the policy handle allocated by an "samr open secret" call is associated
 with a SID.  this policy handle is what is queried here, *not* the SID
 itself.  the response to the lookup rids is relative to this SID.
 *****************************************************************************/
-/* SAMR_Q_LOOKUP_IDS */
+/* SAMR_Q_QUERY_USERALIASES */
-typedef struct q_samr_lookup_ids_info
+typedef struct q_samr_query_useraliases_info
 {
 	POLICY_HND pol;       /* policy handle */
 
@@ -778,11 +778,11 @@ typedef struct q_samr_lookup_ids_info
 	uint32   ptr_sid[MAX_LOOKUP_SIDS]; /* pointers to sids to be looked up */
 	DOM_SID2 sid    [MAX_LOOKUP_SIDS]; /* sids to be looked up. */
 
-} SAMR_Q_LOOKUP_IDS;
+} SAMR_Q_QUERY_USERALIASES;
 
 
-/* SAMR_R_LOOKUP_IDS */
+/* SAMR_R_QUERY_USERALIASES */
-typedef struct r_samr_lookup_ids_info
+typedef struct r_samr_query_useraliases_info
 {
 	uint32 num_entries;
 	uint32 ptr; /* undocumented buffer pointer */
@@ -792,7 +792,7 @@ typedef struct r_samr_lookup_ids_info
 
 	uint32 status; /* return code */
 
-} SAMR_R_LOOKUP_IDS;
+} SAMR_R_QUERY_USERALIASES;
 
 
 /****************************************************************************

source/rpc_parse/parse_samr.c

@@ -1646,16 +1646,16 @@ void samr_io_r_query_aliasinfo(char *desc,  SAMR_R_QUERY_ALIASINFO *r_u, prs_str
 }
 
 /*******************************************************************
-reads or writes a SAMR_Q_LOOKUP_IDS structure.
+reads or writes a SAMR_Q_QUERY_USERALIASES structure.
 ********************************************************************/
-void samr_io_q_lookup_ids(char *desc,  SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, int depth)
+void samr_io_q_query_useraliases(char *desc,  SAMR_Q_QUERY_USERALIASES *q_u, prs_struct *ps, int depth)
 {
 	fstring tmp;
 	int i;
 
 	if (q_u == NULL) return;
 
-	prs_debug(ps, depth, desc, "samr_io_q_lookup_ids");
+	prs_debug(ps, depth, desc, "samr_io_q_query_useraliases");
 	depth++;
 
 	prs_align(ps);
@@ -1690,15 +1690,15 @@ void samr_io_q_lookup_ids(char *desc,  SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, i
 
 
 /*******************************************************************
-makes a SAMR_R_LOOKUP_IDS structure.
+makes a SAMR_R_QUERY_USERALIASES structure.
 ********************************************************************/
-void make_samr_r_lookup_ids(SAMR_R_LOOKUP_IDS *r_u,
+void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u,
 		uint32 num_rids, uint32 *rid, uint32 status)
 {
 	int i;
 	if (r_u == NULL) return;
 
-	DEBUG(5,("make_samr_r_lookup_ids\n"));
+	DEBUG(5,("make_samr_r_query_useraliases\n"));
 
 	if (status == 0x0)
 	{
@@ -1726,13 +1726,13 @@ void make_samr_r_lookup_ids(SAMR_R_LOOKUP_IDS *r_u,
 /*******************************************************************
 reads or writes a structure.
 ********************************************************************/
-void samr_io_r_lookup_ids(char *desc,  SAMR_R_LOOKUP_IDS *r_u, prs_struct *ps, int depth)
+void samr_io_r_query_useraliases(char *desc,  SAMR_R_QUERY_USERALIASES *r_u, prs_struct *ps, int depth)
 {
 	fstring tmp;
 	int i;
 	if (r_u == NULL) return;
 
-	prs_debug(ps, depth, desc, "samr_io_r_lookup_ids");
+	prs_debug(ps, depth, desc, "samr_io_r_query_useraliases");
 	depth++;
 
 	prs_align(ps);

source/rpc_server/srv_samr.c

@@ -742,9 +742,9 @@ static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct
 
 
 /*******************************************************************
- samr_reply_lookup_ids
+ samr_reply_query_useraliases
  ********************************************************************/
-static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
+static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
 				prs_struct *rdata)
 {
 	uint32 rid[MAX_SAM_ENTRIES];
@@ -759,9 +759,9 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
 	fstring dom_sid_str;
 	fstring usr_sid_str;
 
-	SAMR_R_LOOKUP_IDS r_u;
+	SAMR_R_QUERY_USERALIASES r_u;
 
-	DEBUG(5,("samr_lookup_ids: %d\n", __LINE__));
+	DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
 
 	/* find the policy handle.  open a policy on it. */
 	if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid))
@@ -777,7 +777,7 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
 	if (num_rids > MAX_SAM_ENTRIES)
 	{
 		num_rids = MAX_SAM_ENTRIES;
-		DEBUG(5,("samr_lookup_ids: truncating entries to %d\n", num_rids));
+		DEBUG(5,("samr_query_useraliases: truncating entries to %d\n", num_rids));
 	}
 
 	if (status == 0x0)
@@ -806,16 +806,16 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
 	{
 		if (sid_equal(&dom_sid, &global_sid_S_1_5_20))
 		{
-			DEBUG(5,("lookup on S-1-5-20\n"));
+			DEBUG(10,("lookup on S-1-5-20\n"));
 		}
 		else if (sid_equal(&dom_sid, &usr_sid))
 		{
-			DOMAIN_GRP *mem_grp = NULL;
+			LOCAL_GRP *mem_grp = NULL;
 
-			DEBUG(5,("lookup on Domain SID\n"));
+			DEBUG(10,("lookup on Domain SID\n"));
 
 			become_root(True);
-			getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_rids);
+			getuseraliasnam(sam_pass->smb_name, &mem_grp, &num_rids);
 			unbecome_root(True);
 
 			num_rids = MIN(num_rids, MAX_SAM_ENTRIES);
@@ -835,27 +835,27 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
 		}
 	}
 
-	make_samr_r_lookup_ids(&r_u, num_rids, rid, status);
+	make_samr_r_query_useraliases(&r_u, num_rids, rid, status);
 
 	/* store the response in the SMB stream */
-	samr_io_r_lookup_ids("", &r_u, rdata, 0);
+	samr_io_r_query_useraliases("", &r_u, rdata, 0);
 
-	DEBUG(5,("samr_lookup_ids: %d\n", __LINE__));
+	DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
 
 }
 
 /*******************************************************************
- api_samr_lookup_ids
+ api_samr_query_useraliases
  ********************************************************************/
-static void api_samr_lookup_ids( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static void api_samr_query_useraliases( uint16 vuid, prs_struct *data, prs_struct *rdata)
 {
-	SAMR_Q_LOOKUP_IDS q_u;
+	SAMR_Q_QUERY_USERALIASES q_u;
 
 	/* grab the samr 0x10 */
-	samr_io_q_lookup_ids("", &q_u, data, 0);
+	samr_io_q_query_useraliases("", &q_u, data, 0);
 
 	/* construct reply.  always indicate success */
-	samr_reply_lookup_ids(&q_u, rdata);
+	samr_reply_query_useraliases(&q_u, rdata);
 }
 
 /*******************************************************************
@@ -1750,11 +1750,11 @@ static struct api_struct api_samr_cmds [] =
 	{ "SAMR_ENUM_DOM_USERS"   , SAMR_ENUM_DOM_USERS   , api_samr_enum_dom_users   },
 	{ "SAMR_ENUM_DOM_GROUPS"  , SAMR_ENUM_DOM_GROUPS  , api_samr_enum_dom_groups  },
 	{ "SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
-	{ "SAMR_LOOKUP_IDS"       , SAMR_LOOKUP_IDS       , api_samr_lookup_ids       },
+	{ "SAMR_QUERY_USERALIASES", SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
 	{ "SAMR_LOOKUP_NAMES"     , SAMR_LOOKUP_NAMES     , api_samr_lookup_names     },
 	{ "SAMR_OPEN_USER"        , SAMR_OPEN_USER        , api_samr_open_user        },
 	{ "SAMR_QUERY_USERINFO"   , SAMR_QUERY_USERINFO   , api_samr_query_userinfo   },
-	{ "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info        },
+	{ "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info   },
 	{ "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
 	{ "SAMR_QUERY_DISPINFO"   , SAMR_QUERY_DISPINFO   , api_samr_query_dispinfo   },
 	{ "SAMR_QUERY_ALIASINFO"  , SAMR_QUERY_ALIASINFO  , api_samr_query_aliasinfo  },