diff options
author | Günther Deschner <gd@samba.org> | 2010-08-26 15:48:50 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-09-20 14:04:37 -0700 |
commit | 4dbd743e467096624961533335afccadc67af0e6 (patch) | |
tree | 221fd5ed097893d3e48f07c926d7ef9bd8313276 | |
parent | 400616017974f057c8a2e817b62b90b1490d4129 (diff) | |
download | samba-4dbd743e467096624961533335afccadc67af0e6.tar.gz samba-4dbd743e467096624961533335afccadc67af0e6.tar.bz2 samba-4dbd743e467096624961533335afccadc67af0e6.zip |
s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
Guenther
35 files changed, 122 insertions, 173 deletions
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index e457bd4ae7..c7cd72bb87 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -20,6 +20,7 @@ #include "includes.h" #include "../lib/crypto/arcfour.h" #include "../librpc/gen_ndr/netlogon.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -332,7 +333,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, /* check if this is a "Unix Users" domain user, * we need to handle it in a special way if that's the case */ - if (sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) { + if (dom_sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) { /* in info3 you can only set rids for the user and the * primary group, and the domain sid must be that of * the sam domain. @@ -358,7 +359,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, /* check if this is a "Unix Groups" domain group, * if so we need special handling */ - if (sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) { + if (dom_sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) { /* in info3 you can only set rids for the user and the * primary group, and the domain sid must be that of * the sam domain. diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index bc7d998341..4385dc400c 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -27,7 +27,7 @@ #include "includes.h" #include "secrets.h" #include "memcache.h" - +#include "../libcli/security/dom_sid.h" #include "../librpc/gen_ndr/netlogon.h" /**************************************************************************** @@ -42,7 +42,7 @@ bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token return False; for ( i=0; i<token->num_sids; i++ ) { - if ( sid_equal( sid, &token->sids[i] ) ) + if ( dom_sid_equal( sid, &token->sids[i] ) ) return True; } diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c index 140fd28d97..dab2520fc1 100644 --- a/source3/groupdb/mapping_tdb.c +++ b/source3/groupdb/mapping_tdb.c @@ -23,6 +23,7 @@ #include "includes.h" #include "groupdb/mapping.h" #include "dbwrap.h" +#include "../libcli/security/dom_sid.h" static struct db_context *db; /* used for driver files */ @@ -340,7 +341,7 @@ static int collect_map(struct db_record *rec, void *private_data) } if ((state->domsid != NULL) && - (sid_compare_domain(state->domsid, &map.sid) != 0)) { + (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) { DEBUG(11,("enum_group_mapping: group %s is not in domain\n", sid_string_dbg(&map.sid))); return 0; @@ -455,7 +456,7 @@ static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *membe return False; for (i=0; i<num; i++) { - if (sid_compare(alias, &sids[i]) == 0) { + if (dom_sid_compare(alias, &sids[i]) == 0) { TALLOC_FREE(sids); return True; } @@ -576,7 +577,7 @@ static int collect_aliasmem(struct db_record *rec, void *priv) if (!string_to_sid(&alias, alias_string)) continue; - if (sid_compare(state->alias, &alias) != 0) + if (dom_sid_compare(state->alias, &alias) != 0) continue; /* Ok, we found the alias we're looking for in the membership @@ -656,7 +657,7 @@ static NTSTATUS del_aliasmem(const struct dom_sid *alias, const struct dom_sid * } for (i=0; i<num; i++) { - if (sid_compare(&sids[i], alias) == 0) { + if (dom_sid_compare(&sids[i], alias) == 0) { found = True; break; } diff --git a/source3/include/proto.h b/source3/include/proto.h index 9902198067..7a9d16090b 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1294,9 +1294,6 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid void sid_copy(struct dom_sid *dst, const struct dom_sid *src); bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid); bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid); -int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2); -int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2); -bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2); bool non_mappable_sid(struct dom_sid *sid); char *sid_binstring(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); char *sid_binstring_hex(const struct dom_sid *sid); diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c index 69cf974225..c9e1b722bd 100644 --- a/source3/lib/netapi/localgroup.c +++ b/source3/lib/netapi/localgroup.c @@ -27,6 +27,7 @@ #include "../librpc/gen_ndr/cli_lsa.h" #include "rpc_client/cli_lsarpc.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *pipe_cli, @@ -1171,7 +1172,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx, for (i=0; i < r->in.total_entries; i++) { bool already_member = false; for (k=0; k < current_sids.num_sids; k++) { - if (sid_equal(&member_sids[i], + if (dom_sid_equal(&member_sids[i], current_sids.sids[k].sid)) { already_member = true; break; @@ -1193,7 +1194,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx, for (k=0; k < current_sids.num_sids; k++) { bool keep_member = false; for (i=0; i < r->in.total_entries; i++) { - if (sid_equal(&member_sids[i], + if (dom_sid_equal(&member_sids[i], current_sids.sids[k].sid)) { keep_member = true; break; diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index b9ed955dee..b8bb0acf7b 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -22,6 +22,7 @@ #include "includes.h" #include "../librpc/gen_ndr/ndr_security.h" +#include "../libcli/security/dom_sid.h" #define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\ SECINFO_DACL|SECINFO_SACL|\ @@ -607,10 +608,10 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } /* The CREATOR sids are special when inherited */ - if (sid_equal(ptrustee, &global_sid_Creator_Owner)) { + if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) { creator = &global_sid_Creator_Owner; ptrustee = owner_sid; - } else if (sid_equal(ptrustee, &global_sid_Creator_Group)) { + } else if (dom_sid_equal(ptrustee, &global_sid_Creator_Group)) { creator = &global_sid_Creator_Group; ptrustee = group_sid; } diff --git a/source3/lib/util_nttoken.c b/source3/lib/util_nttoken.c index 3130ed89fb..680dd29ba7 100644 --- a/source3/lib/util_nttoken.c +++ b/source3/lib/util_nttoken.c @@ -26,6 +26,7 @@ /* function(s) moved from auth/auth_util.c to minimize linker deps */ #include "includes.h" +#include "../libcli/security/dom_sid.h" /**************************************************************************** Duplicate a SID token. @@ -120,7 +121,7 @@ bool token_sid_in_ace(const struct security_token *token, const struct security_ size_t i; for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->trustee, &token->sids[i])) + if (dom_sid_equal(&ace->trustee, &token->sids[i])) return true; } diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 92218ff2b2..1873692f0f 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -244,7 +244,7 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid return False; } - if (sid_compare_domain(exp_dom_sid, sid)!=0){ + if (dom_sid_compare_domain(exp_dom_sid, sid)!=0){ *rid=(-1); return False; } @@ -308,84 +308,6 @@ bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid) } /***************************************************************** - Compare the auth portion of two sids. -*****************************************************************/ - -static int sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int i; - - if (sid1 == sid2) - return 0; - if (!sid1) - return -1; - if (!sid2) - return 1; - - if (sid1->sid_rev_num != sid2->sid_rev_num) - return sid1->sid_rev_num - sid2->sid_rev_num; - - for (i = 0; i < 6; i++) - if (sid1->id_auth[i] != sid2->id_auth[i]) - return sid1->id_auth[i] - sid2->id_auth[i]; - - return 0; -} - -/***************************************************************** - Compare two sids. -*****************************************************************/ - -int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int i; - - if (sid1 == sid2) - return 0; - if (!sid1) - return -1; - if (!sid2) - return 1; - - /* Compare most likely different rids, first: i.e start at end */ - if (sid1->num_auths != sid2->num_auths) - return sid1->num_auths - sid2->num_auths; - - for (i = sid1->num_auths-1; i >= 0; --i) - if (sid1->sub_auths[i] != sid2->sub_auths[i]) - return sid1->sub_auths[i] - sid2->sub_auths[i]; - - return sid_compare_auth(sid1, sid2); -} - -/***************************************************************** - See if 2 SIDs are in the same domain - this just compares the leading sub-auths -*****************************************************************/ - -int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int n, i; - - n = MIN(sid1->num_auths, sid2->num_auths); - - for (i = n-1; i >= 0; --i) - if (sid1->sub_auths[i] != sid2->sub_auths[i]) - return sid1->sub_auths[i] - sid2->sub_auths[i]; - - return sid_compare_auth(sid1, sid2); -} - -/***************************************************************** - Compare two sids. -*****************************************************************/ - -bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - return sid_compare(sid1, sid2) == 0; -} - -/***************************************************************** Returns true if SID is internal (and non-mappable). *****************************************************************/ @@ -397,10 +319,10 @@ bool non_mappable_sid(struct dom_sid *sid) sid_copy(&dom, sid); sid_split_rid(&dom, &rid); - if (sid_equal(&dom, &global_sid_Builtin)) + if (dom_sid_equal(&dom, &global_sid_Builtin)) return True; - if (sid_equal(&dom, &global_sid_NT_Authority)) + if (dom_sid_equal(&dom, &global_sid_NT_Authority)) return True; return False; @@ -494,7 +416,7 @@ NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, size_t i; for (i=0; i<(*num_sids); i++) { - if (sid_compare(sid, &(*sids)[i]) == 0) + if (dom_sid_compare(sid, &(*sids)[i]) == 0) return NT_STATUS_OK; } @@ -515,7 +437,7 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t /* if we find the SID, then decrement the count and break out of the loop */ - if ( sid_equal(sid, &sid_list[i]) ) { + if ( dom_sid_equal(sid, &sid_list[i]) ) { *num -= 1; break; } @@ -555,7 +477,7 @@ bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx, bool is_null_sid(const struct dom_sid *sid) { static const struct dom_sid null_sid = {0}; - return sid_equal(sid, &null_sid); + return dom_sid_equal(sid, &null_sid); } bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid) @@ -563,7 +485,7 @@ bool is_sid_in_token(const struct security_token *token, const struct dom_sid *s int i; for (i=0; i<token->num_sids; i++) { - if (sid_compare(sid, &token->sids[i]) == 0) + if (dom_sid_compare(sid, &token->sids[i]) == 0) return true; } return false; diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 224598a480..a837ecd6dc 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -25,6 +25,7 @@ #include "includes.h" #include "libnet/libnet_samsync.h" +#include "../libcli/security/dom_sid.h" /* Convert a struct samu_DELTA to a struct samu. */ #define STRING_CHANGED (old_string && !new_string) ||\ @@ -608,7 +609,7 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx, map.gid = grp->gr_gid; map.sid = alias_sid; - if (sid_equal(dom_sid, &global_sid_Builtin)) + if (dom_sid_equal(dom_sid, &global_sid_Builtin)) map.sid_name_use = SID_NAME_WKN_GRP; else map.sid_name_use = SID_NAME_ALIAS; diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c index cc87715d8f..bc329bf226 100644 --- a/source3/libsmb/libsmb_xattr.c +++ b/source3/libsmb/libsmb_xattr.c @@ -27,6 +27,7 @@ #include "libsmb_internal.h" #include "../librpc/gen_ndr/ndr_lsa.h" #include "rpc_client/cli_lsarpc.h" +#include "../libcli/security/dom_sid.h" /* @@ -121,8 +122,8 @@ ace_compare(struct security_ace *ace1, return ace2->type - ace1->type; } - if (sid_compare(&ace1->trustee, &ace2->trustee)) { - return sid_compare(&ace1->trustee, &ace2->trustee); + if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) { + return dom_sid_compare(&ace1->trustee, &ace2->trustee); } if (ace1->flags != ace2->flags) { @@ -1608,7 +1609,7 @@ cacl_set(SMBCCTX *context, bool found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sid_equal(&sd->dacl->aces[i].trustee, + if (dom_sid_equal(&sd->dacl->aces[i].trustee, &old->dacl->aces[j].trustee)) { if (!(flags & SMBC_XATTR_FLAG_CREATE)) { err = EEXIST; diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 9dd5df87ec..8e61351a1a 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -417,7 +417,7 @@ static void split_afs_acl(struct afs_acl *acl, static bool same_principal(struct afs_ace *x, struct afs_ace *y) { return ( (x->positive == y->positive) && - (sid_compare(&x->sid, &y->sid) == 0) ); + (dom_sid_compare(&x->sid, &y->sid) == 0) ); } static void merge_afs_acls(struct afs_acl *dir_acl, @@ -699,16 +699,16 @@ static bool mappable_sid(const struct dom_sid *sid) { struct dom_sid domain_sid; - if (sid_compare(sid, &global_sid_Builtin_Administrators) == 0) + if (dom_sid_compare(sid, &global_sid_Builtin_Administrators) == 0) return True; - if (sid_compare(sid, &global_sid_World) == 0) + if (dom_sid_compare(sid, &global_sid_World) == 0) return True; - if (sid_compare(sid, &global_sid_Authenticated_Users) == 0) + if (dom_sid_compare(sid, &global_sid_Authenticated_Users) == 0) return True; - if (sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0) + if (dom_sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0) return True; string_to_sid(&domain_sid, "S-1-5-21"); @@ -757,22 +757,22 @@ static bool nt_to_afs_acl(const char *filename, continue; } - if (sid_compare(&ace->trustee, + if (dom_sid_compare(&ace->trustee, &global_sid_Builtin_Administrators) == 0) { name = "system:administrators"; - } else if (sid_compare(&ace->trustee, + } else if (dom_sid_compare(&ace->trustee, &global_sid_World) == 0) { name = "system:anyuser"; - } else if (sid_compare(&ace->trustee, + } else if (dom_sid_compare(&ace->trustee, &global_sid_Authenticated_Users) == 0) { name = "system:authuser"; - } else if (sid_compare(&ace->trustee, + } else if (dom_sid_compare(&ace->trustee, &global_sid_Builtin_Backup_Operators) == 0) { diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 0e2385f43f..fa855f3467 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -24,6 +24,7 @@ #include "secrets.h" #include "memcache.h" #include "idmap_cache.h" +#include "../libcli/security/dom_sid.h" /***************************************************************** Dissect a user-provided name into domain, name, sid and type. @@ -655,7 +656,7 @@ static bool lookup_as_domain(const struct dom_sid *sid, TALLOC_CTX *mem_ctx, } for (i=0; i<num_domains; i++) { - if (sid_equal(sid, &domains[i]->sid)) { + if (dom_sid_equal(sid, &domains[i]->sid)) { *name = talloc_strdup(mem_ctx, domains[i]->name); return true; @@ -834,7 +835,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, if (!dom_infos[j].valid) { break; } - if (sid_equal(&sid, &dom_infos[j].sid)) { + if (dom_sid_equal(&sid, &dom_infos[j].sid)) { break; } } @@ -1581,7 +1582,7 @@ NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx, /* We need a sid within our domain */ sid_copy(&domain_sid, group_sid); sid_split_rid(&domain_sid, &rid); - if (sid_equal(&domain_sid, get_global_sam_sid())) { + if (dom_sid_equal(&domain_sid, get_global_sam_sid())) { /* * As shortcut for the expensive lookup_sid call * compare the domain sid part diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c index c3534f7fa7..6e5a970f4c 100644 --- a/source3/passdb/machine_sid.c +++ b/source3/passdb/machine_sid.c @@ -23,6 +23,7 @@ #include "includes.h" #include "secrets.h" #include "dbwrap.h" +#include "../libcli/security/dom_sid.h" /* NOTE! the global_sam_sid is the SID of our local SAM. This is only equal to the domain SID when we are a DC, otherwise its our @@ -113,7 +114,7 @@ static struct dom_sid *pdb_generate_sam_sid(void) return sam_sid; } - if (!sid_equal(&domain_sid, sam_sid)) { + if (!dom_sid_equal(&domain_sid, sam_sid)) { /* Domain name sid doesn't match global sam sid. Re-store domain sid as 'local' sid. */ @@ -232,7 +233,7 @@ void reset_global_sam_sid(void) bool sid_check_is_domain(const struct dom_sid *sid) { - return sid_equal(sid, get_global_sam_sid()); + return dom_sid_equal(sid, get_global_sam_sid()); } /***************************************************************** diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 3e2510e74c..493e9ed0dd 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -23,6 +23,7 @@ #include "includes.h" #include "../libcli/auth/libcli_auth.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -509,7 +510,7 @@ bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum p sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS); - if (sid_equal(&dug_sid, g_sid)) { + if (dom_sid_equal(&dug_sid, g_sid)) { sid_copy(sampass->group_sid, &dug_sid); } else if (sid_to_gid( g_sid, &gid ) ) { sid_copy(sampass->group_sid, g_sid); diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 4f93b33a54..9f3a1725a4 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -25,6 +25,7 @@ #include "../librpc/gen_ndr/samr.h" #include "memcache.h" #include "nsswitch/winbind_client.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -890,7 +891,7 @@ static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account, } for (i=0; i<num_groups; i++) { - if (sid_equal(group_sid, &sids[i])) { + if (dom_sid_equal(group_sid, &sids[i])) { return True; } } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 658d774fef..d046a527a6 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -47,6 +47,7 @@ #include "../libcli/auth/libcli_auth.h" #include "secrets.h" #include "idmap_cache.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -1106,7 +1107,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state, gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid); primary_gsid = pdb_get_group_sid(sampass); - if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) { + if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) { store_gid_sid_cache(primary_gsid, sampass->unix_pw->pw_gid); idmap_cache_set_sid2gid(primary_gsid, @@ -2682,7 +2683,7 @@ static bool ldapsam_extract_rid_from_entry(LDAP *ldap_struct, return False; } - if (sid_compare_domain(&sid, domain_sid) != 0) { + if (dom_sid_compare_domain(&sid, domain_sid) != 0) { DEBUG(10, ("SID %s is not in expected domain %s\n", str, sid_string_dbg(domain_sid))); return False; @@ -3055,7 +3056,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, } } - if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) { + if (dom_sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) { DEBUG(3, ("primary group of [%s] not found\n", pdb_get_username(user))); goto done; @@ -6668,7 +6669,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location) } found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, &secrets_domain_sid); - if (!found_sid || !sid_equal(&secrets_domain_sid, + if (!found_sid || !dom_sid_equal(&secrets_domain_sid, &ldap_domain_sid)) { DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain " "%s based on pdb_ldap results %s -> %s\n", diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index dd89c8e10b..9369726988 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -22,6 +22,7 @@ #include "includes.h" #include "../librpc/gen_ndr/samr.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -1372,7 +1373,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam return nt_status; /* build_sam_account might change the SID on us, if the name was for the guest account */ - if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) { + if (NT_STATUS_IS_OK(nt_status) && !dom_sid_equal(pdb_get_user_sid(sam_acct), sid)) { DEBUG(1, ("looking for user with sid %s instead returned %s " "for account %s!?!\n", sid_string_dbg(sid), sid_string_dbg(pdb_get_user_sid(sam_acct)), diff --git a/source3/passdb/util_builtin.c b/source3/passdb/util_builtin.c index 05a46371b3..cf483bbb96 100644 --- a/source3/passdb/util_builtin.c +++ b/source3/passdb/util_builtin.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "../libcli/security/dom_sid.h" struct rid_name_map { uint32 rid; @@ -104,7 +105,7 @@ const char *builtin_domain_name(void) bool sid_check_is_builtin(const struct dom_sid *sid) { - return sid_equal(sid, &global_sid_Builtin); + return dom_sid_equal(sid, &global_sid_Builtin); } /***************************************************************** diff --git a/source3/passdb/util_unixsids.c b/source3/passdb/util_unixsids.c index 0894804c5b..1bd07c7a2f 100644 --- a/source3/passdb/util_unixsids.c +++ b/source3/passdb/util_unixsids.c @@ -18,10 +18,11 @@ */ #include "includes.h" +#include "../libcli/security/dom_sid.h" bool sid_check_is_unix_users(const struct dom_sid *sid) { - return sid_equal(sid, &global_sid_Unix_Users); + return dom_sid_equal(sid, &global_sid_Unix_Users); } bool sid_check_is_in_unix_users(const struct dom_sid *sid) @@ -79,7 +80,7 @@ bool lookup_unix_user_name(const char *name, struct dom_sid *sid) bool sid_check_is_unix_groups(const struct dom_sid *sid) { - return sid_equal(sid, &global_sid_Unix_Groups); + return dom_sid_equal(sid, &global_sid_Unix_Groups); } bool sid_check_is_in_unix_groups(const struct dom_sid *sid) diff --git a/source3/passdb/util_wellknown.c b/source3/passdb/util_wellknown.c index 7f670f9225..4f6f3f308d 100644 --- a/source3/passdb/util_wellknown.c +++ b/source3/passdb/util_wellknown.c @@ -21,6 +21,7 @@ */ #include "includes.h" +#include "../libcli/security/dom_sid.h" struct rid_name_map { uint32 rid; @@ -75,7 +76,7 @@ bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name) int i; for (i=0; special_domains[i].sid != NULL; i++) { - if (sid_equal(sid, special_domains[i].sid)) { + if (dom_sid_equal(sid, special_domains[i].sid)) { if (name != NULL) { *name = special_domains[i].name; } @@ -115,7 +116,7 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, } for (i=0; special_domains[i].sid != NULL; i++) { - if (sid_equal(&dom_sid, special_domains[i].sid)) { + if (dom_sid_equal(&dom_sid, special_domains[i].sid)) { *domain = talloc_strdup(mem_ctx, special_domains[i].name); users = special_domains[i].known_users; diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 49bdca7b7f..02cb578671 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -34,6 +34,7 @@ #include "secrets.h" #include "../librpc/gen_ndr/netlogon.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -91,7 +92,7 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx, if (dom_name != NULL) { for (num = 0; num < ref->count; num++) { - if (sid_equal(dom_sid, ref->domains[num].sid)) { + if (dom_sid_equal(dom_sid, ref->domains[num].sid)) { return num; } } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index bc71146f38..40790cfc18 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -39,6 +39,7 @@ #include "../lib/crypto/arcfour.h" #include "secrets.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -712,7 +713,7 @@ NTSTATUS _samr_SetSecurity(struct pipes_struct *p, dacl = r->in.sdbuf->sd->dacl; for (i=0; i < dacl->num_aces; i++) { - if (sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) { + if (dom_sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) { ret = pdb_set_pass_can_change(sampass, (dacl->aces[i].access_mask & SAMR_USER_ACCESS_CHANGE_PASSWORD) ? diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c index 2ebce91c52..cd5ffe245f 100644 --- a/source3/rpc_server/srv_spoolss_util.c +++ b/source3/rpc_server/srv_spoolss_util.c @@ -28,6 +28,7 @@ #include "../librpc/gen_ndr/ndr_security.h" #include "secrets.h" #include "rpc_server/rpc_ncacn_np.h" +#include "../libcli/security/dom_sid.h" #define TOP_LEVEL_PRINT_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print" #define TOP_LEVEL_PRINT_PRINTERS_KEY TOP_LEVEL_PRINT_KEY "\\Printers" @@ -2387,7 +2388,7 @@ create_default: /* If security descriptor is owned by S-1-1-0 and winbindd is up, this security descriptor has been created when winbindd was down. Take ownership of security descriptor. */ - if (sid_equal(secdesc->owner_sid, &global_sid_World)) { + if (dom_sid_equal(secdesc->owner_sid, &global_sid_World)) { struct dom_sid owner_sid; /* Change sd owner to workgroup administrator */ diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 9470447f53..dc3585d81b 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "../libcli/security/dom_sid.h" extern const struct generic_mapping file_generic_mapping; @@ -944,10 +945,10 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl) * ensure the POSIX ACL types are the same. */ if (!dir_acl) { - can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && + can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && (curr_ace->attr == curr_ace_outer->attr)); } else { - can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && + can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && (curr_ace->type == curr_ace_outer->type) && (curr_ace->attr == curr_ace_outer->attr)); } @@ -996,7 +997,7 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl) * we've put on the ACL, we know the deny must be the first one. */ - if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && + if (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) { if( DEBUGLVL( 10 )) { @@ -1297,7 +1298,7 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano /* "Everyone" always matches every uid. */ - if (sid_equal(&group_ace->trustee, &global_sid_World)) + if (dom_sid_equal(&group_ace->trustee, &global_sid_World)) return True; /* @@ -1513,12 +1514,12 @@ static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, s for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) { if (!got_user_obj && current_ace->owner_type == UID_ACE && - sid_equal(¤t_ace->trustee, pfile_owner_sid)) { + dom_sid_equal(¤t_ace->trustee, pfile_owner_sid)) { current_ace->type = SMB_ACL_USER_OBJ; got_user_obj = True; } if (!got_group_obj && current_ace->owner_type == GID_ACE && - sid_equal(¤t_ace->trustee, pfile_grp_sid)) { + dom_sid_equal(¤t_ace->trustee, pfile_grp_sid)) { current_ace->type = SMB_ACL_GROUP_OBJ; got_group_obj = True; } @@ -1549,7 +1550,7 @@ static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace) */ if (ace->type == SMB_ACL_USER_OBJ && - !(sid_equal(&ace->trustee, &global_sid_Creator_Owner))) { + !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Owner))) { canon_ace *dup_ace = dup_canon_ace(ace); if (dup_ace == NULL) { @@ -1560,7 +1561,7 @@ static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace) } if (ace->type == SMB_ACL_GROUP_OBJ && - !(sid_equal(&ace->trustee, &global_sid_Creator_Group))) { + !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Group))) { canon_ace *dup_ace = dup_canon_ace(ace); if (dup_ace == NULL) { @@ -1646,7 +1647,7 @@ static bool create_canon_ace_lists(files_struct *fsp, if (psa1->access_mask != psa2->access_mask) continue; - if (!sid_equal(&psa1->trustee, &psa2->trustee)) + if (!dom_sid_equal(&psa1->trustee, &psa2->trustee)) continue; /* @@ -1692,11 +1693,11 @@ static bool create_canon_ace_lists(files_struct *fsp, * Note what kind of a POSIX ACL this should map to. */ - if( sid_equal(¤t_ace->trustee, &global_sid_World)) { + if( dom_sid_equal(¤t_ace->trustee, &global_sid_World)) { current_ace->owner_type = WORLD_ACE; current_ace->unix_ug.world = -1; current_ace->type = SMB_ACL_OTHER; - } else if (sid_equal(¤t_ace->trustee, &global_sid_Creator_Owner)) { + } else if (dom_sid_equal(¤t_ace->trustee, &global_sid_Creator_Owner)) { current_ace->owner_type = UID_ACE; current_ace->unix_ug.uid = pst->st_ex_uid; current_ace->type = SMB_ACL_USER_OBJ; @@ -1709,7 +1710,7 @@ static bool create_canon_ace_lists(files_struct *fsp, psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY; - } else if (sid_equal(¤t_ace->trustee, &global_sid_Creator_Group)) { + } else if (dom_sid_equal(¤t_ace->trustee, &global_sid_Creator_Group)) { current_ace->owner_type = GID_ACE; current_ace->unix_ug.gid = pst->st_ex_gid; current_ace->type = SMB_ACL_GROUP_OBJ; @@ -2085,7 +2086,7 @@ static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list ) continue; } - if (!sid_equal(&curr_ace->trustee, &global_sid_World)) + if (!dom_sid_equal(&curr_ace->trustee, &global_sid_World)) continue; /* JRATEST - assert. */ @@ -3080,7 +3081,7 @@ static size_t merge_default_aces( struct security_ace *nt_ace_list, size_t num_a if ((nt_ace_list[i].type == nt_ace_list[j].type) && (nt_ace_list[i].size == nt_ace_list[j].size) && (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) && - sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) && + dom_sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) && (i_inh == j_inh) && (i_flags_ni == 0) && (j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT| @@ -3144,7 +3145,7 @@ static void add_or_replace_ace(struct security_ace *nt_ace_list, size_t *num_ace /* first search for a duplicate */ for (i = 0; i < *num_aces; i++) { - if (sid_equal(&nt_ace_list[i].trustee, sid) && + if (dom_sid_equal(&nt_ace_list[i].trustee, sid) && (nt_ace_list[i].flags == flags)) break; } @@ -3367,7 +3368,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, if (lp_profile_acls(SNUM(conn))) { for (i = 0; i < num_aces; i++) { - if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) { + if (dom_sid_equal(&nt_ace_list[i].trustee, &owner_sid)) { add_or_replace_ace(nt_ace_list, &num_aces, &orig_owner_sid, nt_ace_list[i].type, @@ -3756,7 +3757,7 @@ NTSTATUS append_parent_acl(files_struct *fsp, * same SID. This is order N^2. Ouch :-(. JRA. */ unsigned int k; for (k = 0; k < psd->dacl->num_aces; k++) { - if (sid_equal(&psd->dacl->aces[k].trustee, + if (dom_sid_equal(&psd->dacl->aces[k].trustee, &se->trustee)) { break; } diff --git a/source3/torture/torture.c b/source3/torture/torture.c index d19c983866..588ed14675 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -6852,7 +6852,7 @@ static bool run_local_string_to_sid(int dummy) { printf("could not parse S-1-5-32-545\n"); return false; } - if (!sid_equal(&sid, &global_sid_Builtin_Users)) { + if (!dom_sid_equal(&sid, &global_sid_Builtin_Users)) { printf("mis-parsed S-1-5-32-545 as %s\n", sid_string_tos(&sid)); return false; diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 671f7e81e9..96b3626391 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -36,6 +36,7 @@ #include "secrets.h" #include "lib/netapi/netapi.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" static int net_mode_share; static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); @@ -4171,7 +4172,7 @@ static bool is_alias_member(struct dom_sid *sid, struct full_alias *alias) int i; for (i=0; i<alias->num_members; i++) { - if (sid_compare(sid, &alias->members[i]) == 0) + if (dom_sid_compare(sid, &alias->members[i]) == 0) return true; } diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 8b5a90838e..c9bb96c18c 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -29,6 +29,7 @@ #include "../librpc/gen_ndr/ndr_drsuapi.h" #include "libnet/libnet_samsync.h" #include "libnet/libnet_dssync.h" +#include "../libcli/security/dom_sid.h" static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx, int argc, @@ -187,7 +188,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, NTSTATUS result; struct samsync_context *ctx = NULL; - if (!sid_equal(domain_sid, get_global_sam_sid())) { + if (!dom_sid_equal(domain_sid, get_global_sam_sid())) { d_printf(_("Cannot import users from %s at this time, " "as the current domain:\n\t%s: %s\nconflicts " "with the remote domain\n\t%s: %s\n" diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c index f6f500a2aa..faec8e2c3b 100644 --- a/source3/utils/profiles.c +++ b/source3/utils/profiles.c @@ -23,6 +23,7 @@ #include "popt_common.h" #include "registry/reg_objects.h" #include "regfio.h" +#include "../libcli/security/dom_sid.h" /* GLOBAL VARIABLES */ @@ -64,7 +65,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, bool update = False; verbose_output(" Owner SID: %s\n", sid_string_tos(sd->owner_sid)); - if ( sid_equal( sd->owner_sid, s1 ) ) { + if ( dom_sid_equal( sd->owner_sid, s1 ) ) { sid_copy( sd->owner_sid, s2 ); update = True; verbose_output(" New Owner SID: %s\n", @@ -73,7 +74,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, } verbose_output(" Group SID: %s\n", sid_string_tos(sd->group_sid)); - if ( sid_equal( sd->group_sid, s1 ) ) { + if ( dom_sid_equal( sd->group_sid, s1 ) ) { sid_copy( sd->group_sid, s2 ); update = True; verbose_output(" New Group SID: %s\n", @@ -85,7 +86,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, for ( i=0; i<theacl->num_aces; i++ ) { verbose_output(" Trustee SID: %s\n", sid_string_tos(&theacl->aces[i].trustee)); - if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) { + if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) { sid_copy( &theacl->aces[i].trustee, s2 ); update = True; verbose_output(" New Trustee SID: %s\n", @@ -99,7 +100,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, for ( i=0; i<theacl->num_aces; i++ ) { verbose_output(" Trustee SID: %s\n", sid_string_tos(&theacl->aces[i].trustee)); - if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) { + if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) { sid_copy( &theacl->aces[i].trustee, s2 ); update = True; verbose_output(" New Trustee SID: %s\n", diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c index 79078b234a..decd063913 100644 --- a/source3/utils/sharesec.c +++ b/source3/utils/sharesec.c @@ -24,6 +24,7 @@ #include "includes.h" #include "popt_common.h" +#include "../libcli/security/dom_sid.h" static TALLOC_CTX *ctx; @@ -370,8 +371,8 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2) if (ace1->type != ace2->type) return ace2->type - ace1->type; - if (sid_compare(&ace1->trustee, &ace2->trustee)) - return sid_compare(&ace1->trustee, &ace2->trustee); + if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) + return dom_sid_compare(&ace1->trustee, &ace2->trustee); if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; @@ -459,7 +460,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th bool found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sid_equal(&sd->dacl->aces[i].trustee, + if (dom_sid_equal(&sd->dacl->aces[i].trustee, &old->dacl->aces[j].trustee)) { old->dacl->aces[j] = sd->dacl->aces[i]; found = True; diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 65fec1041b..fa039f639f 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -25,6 +25,7 @@ #include "popt_common.h" #include "../librpc/gen_ndr/ndr_lsa.h" #include "rpc_client/cli_lsarpc.h" +#include "../libcli/security/dom_sid.h" extern bool AllowDebugChange; @@ -835,8 +836,8 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2) if (ace1->type != ace2->type) return ace2->type - ace1->type; - if (sid_compare(&ace1->trustee, &ace2->trustee)) - return sid_compare(&ace1->trustee, &ace2->trustee); + if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) + return dom_sid_compare(&ace1->trustee, &ace2->trustee); if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; @@ -929,7 +930,7 @@ static int cacl_set(struct cli_state *cli, const char *filename, bool found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sid_equal(&sd->dacl->aces[i].trustee, + if (dom_sid_equal(&sd->dacl->aces[i].trustee, &old->dacl->aces[j].trustee)) { old->dacl->aces[j] = sd->dacl->aces[i]; found = True; diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 3d47baadc9..f2e47a7042 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -33,6 +33,7 @@ #include "nss_info.h" #include "secrets.h" #include "idmap.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -266,7 +267,7 @@ static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid) int i; for (i = 0; maps[i] && i<IDMAP_AD_MAX_IDS; i++) { - if (sid_equal(maps[i]->sid, sid)) { + if (dom_sid_equal(maps[i]->sid, sid)) { return maps[i]; } } diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c index 39df489be7..dcdc14f277 100644 --- a/source3/winbindd/idmap_ldap.c +++ b/source3/winbindd/idmap_ldap.c @@ -28,6 +28,7 @@ #include "secrets.h" #include "idmap.h" #include "idmap_rw.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -1030,7 +1031,7 @@ static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid) if (maps[i] == NULL) { /* end of the run */ return NULL; } - if (sid_equal(maps[i]->sid, sid)) { + if (dom_sid_equal(maps[i]->sid, sid)) { return maps[i]; } } diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c index bb93be2174..8accc639af 100644 --- a/source3/winbindd/wb_getgrsid.c +++ b/source3/winbindd/wb_getgrsid.c @@ -20,6 +20,7 @@ #include "includes.h" #include "winbindd.h" #include "librpc/gen_ndr/cli_wbint.h" +#include "../libcli/security/dom_sid.h" struct wb_getgrsid_state { struct tevent_context *ev; @@ -55,7 +56,7 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx, if (lp_winbind_trusted_domains_only()) { struct winbindd_domain *our_domain = find_our_domain(); - if (sid_compare_domain(group_sid, &our_domain->sid) == 0) { + if (dom_sid_compare_domain(group_sid, &our_domain->sid) == 0) { DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting " "getgrsid() for %s\n", sid_string_tos(group_sid))); tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP); diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 1ae0c70e2e..c2ce0a2713 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -30,6 +30,7 @@ #include "../librpc/gen_ndr/ndr_wbint.h" #include "ads.h" #include "nss_info.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -118,7 +119,7 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain) } if (strequal(domain->name, get_global_sam_name()) && - sid_equal(&domain->sid, get_global_sam_sid())) { + dom_sid_equal(&domain->sid, get_global_sam_sid())) { domain->backend = &sam_passdb_methods; domain->initialized = True; } @@ -644,7 +645,7 @@ static struct cache_entry *wcache_fetch_raw(char *kstr) static bool is_my_own_sam_domain(struct winbindd_domain *domain) { if (strequal(domain->name, get_global_sam_name()) && - sid_equal(&domain->sid, get_global_sam_sid())) { + dom_sid_equal(&domain->sid, get_global_sam_sid())) { return true; } @@ -654,7 +655,7 @@ static bool is_my_own_sam_domain(struct winbindd_domain *domain) static bool is_builtin_domain(struct winbindd_domain *domain) { if (strequal(domain->name, "BUILTIN") && - sid_equal(&domain->sid, &global_sid_Builtin)) { + dom_sid_equal(&domain->sid, &global_sid_Builtin)) { return true; } diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 671c868273..14be0e26fa 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -23,6 +23,7 @@ #include "includes.h" #include "winbindd.h" #include "secrets.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -135,7 +136,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const continue; } - if (sid_equal(sid, &domain->sid)) { + if (dom_sid_equal(sid, &domain->sid)) { break; } } @@ -146,7 +147,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const * We found a match. Possibly update the SID */ if ((sid != NULL) - && sid_equal(&domain->sid, &global_sid_NULL)) { + && dom_sid_equal(&domain->sid, &global_sid_NULL)) { sid_copy( &domain->sid, sid ); } return domain; @@ -740,7 +741,7 @@ struct winbindd_domain *find_domain_from_sid_noinit(const struct dom_sid *sid) /* Search through list */ for (domain = domain_list(); domain != NULL; domain = domain->next) { - if (sid_compare_domain(sid, &domain->sid) == 0) + if (dom_sid_compare_domain(sid, &domain->sid) == 0) return domain; } |