domain aliases added a bit better: does local aliases if you query

for sid S-1-5-20 and does (nothing at the moment) if you query for
your own sid.

source/include/proto.h

@@ -1175,7 +1175,7 @@ void pdb_set_last_set_time(char *p, int max_len, time_t t);
 void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl);
 BOOL pdb_gethexpwd(char *p, char *pwd);
 BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid);
-BOOL pdb_generate_machine_sid(void);
+BOOL pdb_generate_sam_sid(void);
 uid_t pdb_user_rid_to_uid(uint32 user_rid);
 uint32 pdb_uid_to_user_rid(uid_t uid);
 uint32 pdb_gid_to_group_rid(gid_t gid);
@@ -1283,7 +1283,7 @@ BOOL do_samr_chgpasswd_user(struct cli_state *cli,
 		char nt_newpass[516], uchar nt_oldhash[16],
 		char lm_newpass[516], uchar lm_oldhash[16]);
 BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name);
-BOOL do_samr_unknown_8(struct cli_state *cli, 
+BOOL do_samr_query_dom_info(struct cli_state *cli, 
 				POLICY_HND *domain_pol, uint16 switch_value);
 BOOL do_samr_enum_dom_users(struct cli_state *cli, 
 				POLICY_HND *pol, uint16 num_entries, uint16 unk_0,
@@ -1620,15 +1620,15 @@ void samr_io_r_unknown_2c(char *desc,  SAMR_R_UNKNOWN_2C *r_u, prs_struct *ps, i
 void make_samr_q_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
 				POLICY_HND *user_pol, uint16 switch_value);
 void samr_io_q_unknown_3(char *desc,  SAMR_Q_UNKNOWN_3 *q_u, prs_struct *ps, int depth);
-void make_samr_q_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
+void make_samr_q_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
 				POLICY_HND *domain_pol, uint16 switch_value);
-void samr_io_q_unknown_8(char *desc,  SAMR_Q_UNKNOWN_8 *q_u, prs_struct *ps, int depth);
+void samr_io_q_query_dom_info(char *desc,  SAMR_Q_QUERY_DOMAIN_INFO *q_u, prs_struct *ps, int depth);
 void make_unk_info2(SAM_UNK_INFO_2 *u_2, char *domain, char *server);
 void sam_io_unk_info2(char *desc, SAM_UNK_INFO_2 *u_2, prs_struct *ps, int depth);
-void make_samr_r_unknown_8(SAMR_R_UNKNOWN_8 *r_u, 
+void make_samr_r_query_dom_info(SAMR_R_QUERY_DOMAIN_INFO *r_u, 
 				uint16 switch_value, SAM_UNK_CTR *ctr,
 				uint32 status);
-void samr_io_r_unknown_8(char *desc, SAMR_R_UNKNOWN_8 *r_u, prs_struct *ps, int depth);
+void samr_io_r_query_dom_info(char *desc, SAMR_R_QUERY_DOMAIN_INFO *r_u, prs_struct *ps, int depth);
 void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, DOM_SID *sid);
 void make_samr_r_unknown_3(SAMR_R_UNKNOWN_3 *r_u,
 				uint16 unknown_2, uint16 unknown_3,
@@ -1889,6 +1889,7 @@ int find_lsa_policy_by_hnd(POLICY_HND *hnd);
 BOOL set_lsa_policy_samr_rid(POLICY_HND *hnd, uint32 rid);
 BOOL set_lsa_policy_samr_pol_status(POLICY_HND *hnd, uint32 pol_status);
 BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid);
+BOOL get_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid);
 uint32 get_lsa_policy_samr_rid(POLICY_HND *hnd);
 BOOL set_lsa_policy_reg_name(POLICY_HND *hnd, fstring name);
 BOOL close_lsa_policy_hnd(POLICY_HND *hnd);

source/include/rpc_samr.h

@@ -79,7 +79,7 @@ SamrTestPrivateFunctionsUser
 
 #define SAMR_CLOSE_HND         0x01
 #define SAMR_OPEN_DOMAIN       0x07
-#define SAMR_UNKNOWN_8         0x08
+#define SAMR_QUERY_DOMAIN_INFO 0x08
 #define SAMR_LOOKUP_IDS        0x10
 #define SAMR_LOOKUP_NAMES      0x11
 #define SAMR_UNKNOWN_3         0x03
@@ -338,16 +338,16 @@ typedef struct r_samr_unknown_3_info
 
 
 /****************************************************************************
-SAMR_Q_UNKNOWN_8 - probably a query on domain group info.
+SAMR_Q_QUERY_DOMAIN_INFO - probably a query on domain group info.
 *****************************************************************************/
 
-/* SAMR_Q_UNKNOWN_8 - */
+/* SAMR_Q_QUERY_DOMAIN_INFO - */
-typedef struct q_samr_unknown_8_info
+typedef struct q_samr_query_domain_info
 {
 	POLICY_HND domain_pol;   /* policy handle */
 	uint16 switch_value;     /* 0x0002 */
 
-} SAMR_Q_UNKNOWN_8;
+} SAMR_Q_QUERY_DOMAIN_INFO;
 
 typedef struct sam_unkown_info_2_info
 {
@@ -363,16 +363,17 @@ typedef struct sam_unkown_info_2_info
 	   pointer is referring to
 	 */
 
-	uint32 unknown_4; /* 0x0000 0099 or 0x1000 0000 */
+	uint32 seq_num; /* some sort of incrementing sequence number? */
-	uint32 unknown_5; /* 0x0000 0000 */
+	uint32 unknown_3; /* 0x0000 0000 */
 	
-	uint32 unknown_6 ; /* 0x0000 0001 */
+	uint32 unknown_4; /* 0x0000 0001 */
-	uint32 unknown_7 ; /* 0x0000 0003 */
+	uint32 unknown_5; /* 0x0000 0003 */
-	uint32 unknown_8 ; /* 0x0000 0001 */
+	uint32 unknown_6; /* 0x0000 0001 */
-	uint32 unknown_9 ; /* 0x0000 0008 */
+	uint32 num_domain_usrs; /* number of users in domain */
-	uint32 unknown_10; /* 0x0000 0003 */
+	uint32 num_domain_grps; /* number of domain groups in domain */
+	uint32 num_local_grps; /* number of local groups in domain */
 
-	uint8 padding[16]; /* 16 bytes zeros */
+	uint8 padding[12]; /* 12 bytes zeros */
 
 	UNISTR2 uni_domain; /* domain name unicode string */
 	UNISTR2 uni_server; /* server name unicode string */
@@ -391,8 +392,8 @@ typedef struct sam_unknown_ctr_info
 } SAM_UNK_CTR;
 
 
-/* SAMR_R_UNKNOWN_8 - */
+/* SAMR_R_QUERY_DOMAIN_INFO - */
-typedef struct r_samr_unknown_8_info
+typedef struct r_samr_query_domain_info
 {
 	uint32 ptr_0;
 	uint16 switch_value; /* same as in query */
@@ -401,7 +402,7 @@ typedef struct r_samr_unknown_8_info
 
 	uint32 status;         /* return status */
 
-} SAMR_R_UNKNOWN_8;
+} SAMR_R_QUERY_DOMAIN_INFO;
 
 
 /****************************************************************************

source/lib/util_hnd.c

@@ -225,7 +225,28 @@ BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
 }
 
 /****************************************************************************
-  set samr rid
+  get samr sid
+****************************************************************************/
+BOOL get_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
+{
+	struct policy *p = find_lsa_policy(hnd);
+
+	if (p != NULL && p->open)
+	{
+		pstring sidstr;
+		memcpy(sid, &p->dev.samr.sid, sizeof(*sid));
+		DEBUG(3,("Getting policy sid=%s pnum=%x\n",
+			 sid_to_string(sidstr, sid), p->pnum));
+
+		return True;
+	}
+
+	DEBUG(3,("Error getting policy\n"));
+	return False;
+}
+
+/****************************************************************************
+  get samr rid
 ****************************************************************************/
 uint32 get_lsa_policy_samr_rid(POLICY_HND *hnd)
 {

source/lsarpcd/srv_lsa.c

@@ -28,7 +28,7 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
-extern DOM_SID global_machine_sid;
+extern DOM_SID global_sam_sid;
 
 /***************************************************************************
 lsa_reply_open_policy2
@@ -373,7 +373,7 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data,
 	pstrcpy(dom_name, lp_workgroup());
 
 	/* construct reply.  return status is always 0x0 */
-	lsa_reply_query_info(&q_i, rdata, dom_name, &global_machine_sid);
+	lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid);
 }
 
 /***************************************************************************
@@ -406,7 +406,7 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
         string_to_sid(&sid_S_1_5, "S-1-5");
 
 	dom_names[0] = dom_name;
-	sid_array[0] = &global_machine_sid;
+	sid_array[0] = &global_sam_sid;
 
 	dom_names[1] = "Everyone";
 	sid_array[1] = &sid_S_1_1;
@@ -458,7 +458,7 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
         string_to_sid(&sid_S_1_5, "S-1-5");
 
 	dom_names[0] = dom_name;
-	sid_array[0] = &global_machine_sid;
+	sid_array[0] = &global_sam_sid;
 
 	dom_names[1] = "Everyone";
 	sid_array[1] = &sid_S_1_1;

source/passdb/passdb.c

@@ -27,10 +27,11 @@ extern int DEBUGLEVEL;
 
 /*
  * This is set on startup - it defines the SID for this
- * machine.
+ * machine, and therefore the SAM database for which it is
+ * responsible.
  */
 
-DOM_SID global_machine_sid;
+DOM_SID global_sam_sid;
 
 /*
  * NOTE. All these functions are abstracted into a structure
@@ -805,7 +806,7 @@ static BOOL read_sid_from_file(int fd, char *sid_file)
    */
 
   fline[sizeof(fline)-1] = '\0';
-  if(!string_to_sid( &global_machine_sid, fline)) {
+  if(!string_to_sid( &global_sam_sid, fline)) {
     DEBUG(0,("unable to generate machine SID.\n"));
     return False;
   }
@@ -817,7 +818,7 @@ static BOOL read_sid_from_file(int fd, char *sid_file)
  Generate the global machine sid. Look for the MACHINE.SID file first, if
  not found then look in smb.conf and use it to create the MACHINE.SID file.
 ****************************************************************************/
-BOOL pdb_generate_machine_sid(void)
+BOOL pdb_generate_sam_sid(void)
 {
 	int fd;
 	char *p;
@@ -901,7 +902,7 @@ BOOL pdb_generate_machine_sid(void)
 	 * Ensure our new SID is valid.
 	 */
 	
-	if(!string_to_sid( &global_machine_sid, sid_string)) {
+	if(!string_to_sid( &global_sam_sid, sid_string)) {
 		DEBUG(0,("unable to generate machine SID.\n"));
 		return False;
 	} 

source/rpc_client/cli_samr.c

@@ -209,13 +209,13 @@ BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name)
 /****************************************************************************
 do a SAMR unknown 0x8 command
 ****************************************************************************/
-BOOL do_samr_unknown_8(struct cli_state *cli, 
+BOOL do_samr_query_dom_info(struct cli_state *cli, 
 				POLICY_HND *domain_pol, uint16 switch_value)
 {
 	prs_struct data;
 	prs_struct rdata;
 
-	SAMR_Q_UNKNOWN_8 q_e;
+	SAMR_Q_QUERY_DOMAIN_INFO q_e;
 	BOOL valid_un8 = False;
 
 	/* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */
@@ -228,25 +228,25 @@ BOOL do_samr_unknown_8(struct cli_state *cli,
 	if (domain_pol == NULL) return False;
 
 	/* store the parameters */
-	make_samr_q_unknown_8(&q_e, domain_pol, switch_value);
+	make_samr_q_query_dom_info(&q_e, domain_pol, switch_value);
 
 	/* turn parameters into data stream */
-	samr_io_q_unknown_8("", &q_e, &data, 0);
+	samr_io_q_query_dom_info("", &q_e, &data, 0);
 
 	/* send the data on \PIPE\ */
-	if (rpc_api_pipe_req(cli, SAMR_UNKNOWN_8, &data, &rdata))
+	if (rpc_api_pipe_req(cli, SAMR_QUERY_DOMAIN_INFO, &data, &rdata))
 	{
 #if 0
-		SAMR_R_UNKNOWN_8 r_e;
+		SAMR_R_QUERY_DOMAIN_INFO r_e;
 		BOOL p;
 
-		samr_io_r_unknown_8("", &r_e, &rdata, 0);
+		samr_io_r_query_dom_info("", &r_e, &rdata, 0);
 
 		p = rdata.offset != 0;
 		if (p && r_e.status != 0)
 		{
 			/* report error code */
-			DEBUG(0,("SAMR_R_UNKNOWN_8: %s\n", get_nt_error_msg(r_e.status)));
+			DEBUG(0,("SAMR_R_QUERY_DOMAIN_INFO: %s\n", get_nt_error_msg(r_e.status)));
 			p = False;
 		}
 

source/rpc_parse/parse_samr.c

@@ -228,12 +228,12 @@ void samr_io_q_unknown_3(char *desc,  SAMR_Q_UNKNOWN_3 *q_u, prs_struct *ps, int
 /*******************************************************************
 reads or writes a structure.
 ********************************************************************/
-void make_samr_q_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
+void make_samr_q_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
 				POLICY_HND *domain_pol, uint16 switch_value)
 {
 	if (q_u == NULL) return;
 
-	DEBUG(5,("samr_make_q_unknown_8\n"));
+	DEBUG(5,("samr_make_q_query_dom_info\n"));
 
 	memcpy(&q_u->domain_pol, domain_pol, sizeof(q_u->domain_pol));
 	q_u->switch_value = switch_value;
@@ -242,11 +242,11 @@ void make_samr_q_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
 /*******************************************************************
 reads or writes a structure.
 ********************************************************************/
-void samr_io_q_unknown_8(char *desc,  SAMR_Q_UNKNOWN_8 *q_u, prs_struct *ps, int depth)
+void samr_io_q_query_dom_info(char *desc,  SAMR_Q_QUERY_DOMAIN_INFO *q_u, prs_struct *ps, int depth)
 {
 	if (q_u == NULL) return;
 
-	prs_debug(ps, depth, desc, "samr_io_q_unknown_8");
+	prs_debug(ps, depth, desc, "samr_io_q_query_dom_info");
 	depth++;
 
 	prs_align(ps);
@@ -276,16 +276,17 @@ void make_unk_info2(SAM_UNK_INFO_2 *u_2, char *domain, char *server)
 	make_uni_hdr(&(u_2->hdr_domain), len_domain, len_domain, 1);
 	make_uni_hdr(&(u_2->hdr_server), len_server, len_server, 1);
 
-	u_2->unknown_4 = 0x10000000;
+	u_2->seq_num = 0x10000000;
-	u_2->unknown_5 = 0x00000000;
+	u_2->unknown_3 = 0x00000000;
 	
+	u_2->unknown_4  = 0x00000001;
+	u_2->unknown_5  = 0x00000003;
 	u_2->unknown_6  = 0x00000001;
-	u_2->unknown_7  = 0x00000003;
+	u_2->num_domain_usrs  = 0x00000008;
-	u_2->unknown_8  = 0x00000001;
+	u_2->num_domain_grps = 0x00000003;
-	u_2->unknown_9  = 0x00000008;
+	u_2->num_local_grps = 0x00000003;
-	u_2->unknown_10 = 0x00000003;
 
-	memset(u_2->padding, 0, sizeof(u_2->padding)); /* 16 bytes zeros */
+	memset(u_2->padding, 0, sizeof(u_2->padding)); /* 12 bytes zeros */
 
 	make_unistr2(&u_2->uni_domain, domain, len_domain);
 	make_unistr2(&u_2->uni_server, server, len_server);
@@ -313,16 +314,17 @@ void sam_io_unk_info2(char *desc, SAM_UNK_INFO_2 *u_2, prs_struct *ps, int depth
 	   pointer is referring to
 	 */
 
-	prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4 ); /* 0x0000 0099 or 0x1000 0000 */
+	prs_uint32("seq_num ", ps, depth, &u_2->seq_num ); /* 0x0000 0099 or 0x1000 0000 */
-	prs_uint32("unknown_5 ", ps, depth, &u_2->unknown_5 ); /* 0x0000 0000 */
+	prs_uint32("unknown_3 ", ps, depth, &u_2->unknown_3 ); /* 0x0000 0000 */
 	
+	prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4 ); /* 0x0000 0001 */
+	prs_uint32("unknown_5 ", ps, depth, &u_2->unknown_5 ); /* 0x0000 0003 */
 	prs_uint32("unknown_6 ", ps, depth, &u_2->unknown_6 ); /* 0x0000 0001 */
-	prs_uint32("unknown_7 ", ps, depth, &u_2->unknown_7 ); /* 0x0000 0003 */
+	prs_uint32("num_domain_usrs ", ps, depth, &u_2->num_domain_usrs ); /* 0x0000 0008 */
-	prs_uint32("unknown_8 ", ps, depth, &u_2->unknown_8 ); /* 0x0000 0001 */
+	prs_uint32("num_domain_grps", ps, depth, &u_2->num_domain_grps); /* 0x0000 0003 */
-	prs_uint32("unknown_9 ", ps, depth, &u_2->unknown_9 ); /* 0x0000 0008 */
+	prs_uint32("num_local_grps", ps, depth, &u_2->num_local_grps); /* 0x0000 0003 */
-	prs_uint32("unknown_10", ps, depth, &u_2->unknown_10); /* 0x0000 0003 */
 
-	prs_uint8s(False, "padding", ps, depth, u_2->padding, sizeof(u_2->padding)); /* 16 bytes zeros */
+	prs_uint8s(False, "padding", ps, depth, u_2->padding, sizeof(u_2->padding)); /* 12 bytes zeros */
 
 	smb_io_unistr2( "uni_domain", &u_2->uni_domain, u_2->hdr_domain.buffer, ps, depth); /* domain name unicode string */
 	smb_io_unistr2( "uni_server", &u_2->uni_server, u_2->hdr_server.buffer, ps, depth); /* server name unicode string */
@@ -332,15 +334,15 @@ void sam_io_unk_info2(char *desc, SAM_UNK_INFO_2 *u_2, prs_struct *ps, int depth
 }
 
 /*******************************************************************
-makes a SAMR_R_UNKNOWN_8 structure.
+makes a SAMR_R_QUERY_DOMAIN_INFO structure.
 ********************************************************************/
-void make_samr_r_unknown_8(SAMR_R_UNKNOWN_8 *r_u, 
+void make_samr_r_query_dom_info(SAMR_R_QUERY_DOMAIN_INFO *r_u, 
 				uint16 switch_value, SAM_UNK_CTR *ctr,
 				uint32 status)
 {
 	if (r_u == NULL || ctr == NULL) return;
 
-	DEBUG(5,("make_samr_r_unknown_8\n"));
+	DEBUG(5,("make_samr_r_query_dom_info\n"));
 
 	r_u->ptr_0 = 0;
 	r_u->switch_value = 0;
@@ -357,11 +359,11 @@ void make_samr_r_unknown_8(SAMR_R_UNKNOWN_8 *r_u,
 /*******************************************************************
 reads or writes a structure.
 ********************************************************************/
-void samr_io_r_unknown_8(char *desc, SAMR_R_UNKNOWN_8 *r_u, prs_struct *ps, int depth)
+void samr_io_r_query_dom_info(char *desc, SAMR_R_QUERY_DOMAIN_INFO *r_u, prs_struct *ps, int depth)
 {
 	if (r_u == NULL) return;
 
-	prs_debug(ps, depth, desc, "samr_io_r_unknown_8");
+	prs_debug(ps, depth, desc, "samr_io_r_query_dom_info");
 	depth++;
 
 	prs_align(ps);
@@ -381,7 +383,7 @@ void samr_io_r_unknown_8(char *desc, SAMR_R_UNKNOWN_8 *r_u, prs_struct *ps, int
 			}
 			default:
 			{
-				DEBUG(3,("samr_io_r_unknown_8: unknown switch level 0x%x\n",
+				DEBUG(3,("samr_io_r_query_dom_info: unknown switch level 0x%x\n",
 				          r_u->switch_value));
 				return;
 			}

source/rpc_server/srv_lsa.c

@@ -28,7 +28,7 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
-extern DOM_SID global_machine_sid;
+extern DOM_SID global_sam_sid;
 
 /***************************************************************************
 lsa_reply_open_policy2
@@ -373,7 +373,7 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data,
 	pstrcpy(dom_name, lp_workgroup());
 
 	/* construct reply.  return status is always 0x0 */
-	lsa_reply_query_info(&q_i, rdata, dom_name, &global_machine_sid);
+	lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid);
 }
 
 /***************************************************************************
@@ -406,7 +406,7 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
         string_to_sid(&sid_S_1_5, "S-1-5");
 
 	dom_names[0] = dom_name;
-	sid_array[0] = &global_machine_sid;
+	sid_array[0] = &global_sam_sid;
 
 	dom_names[1] = "Everyone";
 	sid_array[1] = &sid_S_1_1;
@@ -458,7 +458,7 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
         string_to_sid(&sid_S_1_5, "S-1-5");
 
 	dom_names[0] = dom_name;
-	sid_array[0] = &global_machine_sid;
+	sid_array[0] = &global_sam_sid;
 
 	dom_names[1] = "Everyone";
 	sid_array[1] = &sid_S_1_1;

source/rpc_server/srv_lsa_hnd.c

@@ -225,7 +225,28 @@ BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
 }
 
 /****************************************************************************
-  set samr rid
+  get samr sid
+****************************************************************************/
+BOOL get_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
+{
+	struct policy *p = find_lsa_policy(hnd);
+
+	if (p != NULL && p->open)
+	{
+		pstring sidstr;
+		memcpy(sid, &p->dev.samr.sid, sizeof(*sid));
+		DEBUG(3,("Getting policy sid=%s pnum=%x\n",
+			 sid_to_string(sidstr, sid), p->pnum));
+
+		return True;
+	}
+
+	DEBUG(3,("Error getting policy\n"));
+	return False;
+}
+
+/****************************************************************************
+  get samr rid
 ****************************************************************************/
 uint32 get_lsa_policy_samr_rid(POLICY_HND *hnd)
 {

source/rpc_server/srv_netlog.c

@@ -32,7 +32,7 @@ extern int DEBUGLEVEL;
 extern BOOL sam_logon_in_ssb;
 extern pstring samlogon_user;
 extern pstring global_myname;
-extern DOM_SID global_machine_sid;
+extern DOM_SID global_sam_sid;
 
 /*************************************************************************
  make_net_r_req_chal:
@@ -790,7 +790,7 @@ static void api_net_sam_logon( uint16 vuid,
                           my_name     , /* char *logon_srv */
                           my_workgroup, /* char *logon_dom */
 
-                          &global_machine_sid,     /* DOM_SID *dom_sid */
+                          &global_sam_sid,     /* DOM_SID *dom_sid */
                           NULL); /* char *other_sids */
     }
     else

source/rpc_server/srv_samr.c

@@ -32,10 +32,11 @@ extern BOOL sam_logon_in_ssb;
 extern pstring samlogon_user;
 extern pstring global_myworkgroup;
 extern pstring global_myname;
-extern DOM_SID global_machine_sid;
+extern DOM_SID global_sam_sid;
 
 extern rid_name domain_group_rids[];
 extern rid_name domain_alias_rids[];
+extern rid_name builtin_alias_rids[];
 
 /*******************************************************************
   This next function should be replaced with something that
@@ -295,7 +296,7 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
 		DOM_SID user_sid;
 		DOM_SID everyone_sid;
 
-		user_sid = global_machine_sid;
+		user_sid = global_sam_sid;
 
 		SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1);
 
@@ -457,29 +458,44 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
 	SAMR_R_ENUM_DOM_ALIASES r_e;
 	SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
 	int num_entries;
-	BOOL got_aliases;
+	DOM_SID sid;
-	char *dummy_alias = "admins";
+	fstring sid_str;
+	fstring sam_sid_str;
 
 	r_e.status = 0x0;
 	r_e.num_entries = 0;
 
 	/* find the policy handle.  open a policy on it. */
-	if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
+	if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid))
 	{
 		r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
 	}
 
-	DEBUG(5,("samr_reply_enum_dom_aliases: %d\n", __LINE__));
+	sid_to_string(sid_str, &sid);
+	sid_to_string(sam_sid_str, &global_sam_sid);
 
-	got_aliases = True;
+	DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
-	num_entries = 1;
-	make_unistr2(&(pass[0].uni_user_name), dummy_alias, strlen(dummy_alias));
-	pass[0].user_rid = BUILTIN_ALIAS_RID_ADMINS;
 
-	if (r_e.status == 0 && got_aliases)
+	/* well-known aliases */
+	if (strequal(sid_str, "S-1-5-20"))
 	{
-		make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status);
+		char *name;
+		while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL))
+		{
+			make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name));
+			pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid;
+			num_entries++;
 		}
+	}
+	else if (strequal(sid_str, sam_sid_str))
+	{
+		/* local aliases */
+		/* oops!  there's no code to deal with this */
+		DEBUG(3,("samr_reply_enum_dom_aliases: enum of aliases in our domain not supported yet\n"));
+		num_entries = 0;
+	}
+		
+	make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status);
 
 	/* store the response in the SMB stream */
 	samr_io_r_enum_dom_aliases("", &r_e, rdata, 0);
@@ -1276,12 +1292,12 @@ static void api_samr_query_usergroups( uint16 vuid, prs_struct *data, prs_struct
 
 
 /*******************************************************************
- samr_reply_unknown_8
+ samr_reply_query_dom_info
  ********************************************************************/
-static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
+static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
 				prs_struct *rdata)
 {
-	SAMR_R_UNKNOWN_8 r_u;
+	SAMR_R_QUERY_DOMAIN_INFO r_u;
 	SAM_UNK_CTR ctr;
 	uint16 switch_value = 0x0;
 	uint32 status = 0x0;
@@ -1291,13 +1307,13 @@ static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
 
 	r_u.ctr = &ctr;
 
-	DEBUG(5,("samr_reply_unknown_8: %d\n", __LINE__));
+	DEBUG(5,("samr_reply_query_dom_info: %d\n", __LINE__));
 
 	/* find the policy handle.  open a policy on it. */
 	if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1))
 	{
 		r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
-		DEBUG(5,("samr_reply_unknown_8: invalid handle\n"));
+		DEBUG(5,("samr_reply_query_dom_info: invalid handle\n"));
 	}
 
 	if (status == 0x0)
@@ -1319,27 +1335,27 @@ static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
 		}
 	}
 
-	make_samr_r_unknown_8(&r_u, switch_value, &ctr, status);
+	make_samr_r_query_dom_info(&r_u, switch_value, &ctr, status);
 
 	/* store the response in the SMB stream */
-	samr_io_r_unknown_8("", &r_u, rdata, 0);
+	samr_io_r_query_dom_info("", &r_u, rdata, 0);
 
-	DEBUG(5,("samr_unknown_8: %d\n", __LINE__));
+	DEBUG(5,("samr_query_dom_info: %d\n", __LINE__));
 
 }
 
 /*******************************************************************
- api_samr_unknown_8
+ api_samr_query_dom_info
  ********************************************************************/
-static void api_samr_unknown_8( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static void api_samr_query_dom_info( uint16 vuid, prs_struct *data, prs_struct *rdata)
 {
-	SAMR_Q_UNKNOWN_8 q_e;
+	SAMR_Q_QUERY_DOMAIN_INFO q_e;
 
 	/* grab the samr unknown 8 command */
-	samr_io_q_unknown_8("", &q_e, data, 0);
+	samr_io_q_query_dom_info("", &q_e, data, 0);
 
 	/* construct reply. */
-	samr_reply_unknown_8(&q_e, rdata);
+	samr_reply_query_dom_info(&q_e, rdata);
 }
 
 
@@ -1595,7 +1611,7 @@ static struct api_struct api_samr_cmds [] =
 	{ "SAMR_LOOKUP_NAMES"     , SAMR_LOOKUP_NAMES     , api_samr_lookup_names     },
 	{ "SAMR_OPEN_USER"        , SAMR_OPEN_USER        , api_samr_open_user        },
 	{ "SAMR_QUERY_USERINFO"   , SAMR_QUERY_USERINFO   , api_samr_query_userinfo   },
-	{ "SAMR_UNKNOWN_8"        , SAMR_UNKNOWN_8        , api_samr_unknown_8        },
+	{ "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info        },
 	{ "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
 	{ "SAMR_QUERY_DISPINFO"   , SAMR_QUERY_DISPINFO   , api_samr_query_dispinfo   },
 	{ "SAMR_QUERY_ALIASINFO"  , SAMR_QUERY_ALIASINFO  , api_samr_query_aliasinfo  },

source/rpc_server/srv_util.c

@@ -42,7 +42,6 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
-extern DOM_SID global_machine_sid;
 
 /*
  * A list of the rids of well known BUILTIN and Domain users

source/rpcclient/cmd_samr.c

@@ -495,7 +495,7 @@ void cmd_sam_query_groups(struct client_info *info)
 	            &info->dom.samr_pol_open_domain) : False;
 
 	/* send a samr 0x8 command */
-	res = res ? do_samr_unknown_8(smb_cli,
+	res = res ? do_samr_query_dom_info(smb_cli,
 	            &info->dom.samr_pol_open_domain, switch_value) : False;
 
 	res = res ? do_samr_close(smb_cli,

source/smbd/groupname.c

@@ -23,7 +23,7 @@
 
 #include "includes.h"
 extern int DEBUGLEVEL;
-extern DOM_SID global_machine_sid;
+extern DOM_SID global_sam_sid;
 
 
 /**************************************************************************
@@ -164,7 +164,7 @@ Error was %s.\n", unixname, strerror(errno) ));
        * It's not a well known name, convert the UNIX gid_t
        * to a rid within this domain SID.
        */
-      tmp_sid = global_machine_sid;
+      tmp_sid = global_sam_sid;
       tmp_sid.sub_auths[tmp_sid.num_auths++] = 
                     pdb_gid_to_group_rid((gid_t)gptr->gr_gid);
     }
@@ -233,7 +233,7 @@ void map_gid_to_sid( gid_t gid, DOM_SID *psid)
    * If there's no map, convert the UNIX gid_t
    * to a rid within this domain SID.
    */
-  *psid = global_machine_sid;
+  *psid = global_sam_sid;
   psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid);
 
   return;

source/smbd/server.c

@@ -644,8 +644,8 @@ static void usage(char *pname)
 
 	pstrcpy(global_myworkgroup, lp_workgroup());
 
-	if(!pdb_generate_machine_sid()) {
+	if(!pdb_generate_sam_sid()) {
-		DEBUG(0,("ERROR: Samba cannot get a machine SID.\n"));
+		DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
 		exit(1);
 	}