diff options
author | Günther Deschner <gd@samba.org> | 2010-05-17 22:04:24 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-05-18 00:44:26 +0200 |
commit | 3b529d50be5613f37cf853714ecf78887df1d01b (patch) | |
tree | d3253ac410fbc74898d8a6543569670b68d2f511 | |
parent | 2deff342b949ef7f91134115aa77c4051e2a4c33 (diff) | |
download | samba-3b529d50be5613f37cf853714ecf78887df1d01b.tar.gz samba-3b529d50be5613f37cf853714ecf78887df1d01b.tar.bz2 samba-3b529d50be5613f37cf853714ecf78887df1d01b.zip |
s3-rpc_misc: clean out include/rpc_misc.h.
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.
Guenther
-rw-r--r-- | source3/auth/auth_util.c | 2 | ||||
-rw-r--r-- | source3/auth/token_util.c | 8 | ||||
-rw-r--r-- | source3/groupdb/mapping.c | 2 | ||||
-rw-r--r-- | source3/include/rpc_misc.h | 20 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 10 | ||||
-rw-r--r-- | source3/passdb/pdb_get_set.c | 4 | ||||
-rw-r--r-- | source3/passdb/pdb_interface.c | 6 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 2 | ||||
-rw-r--r-- | source3/passdb/pdb_smbpasswd.c | 4 | ||||
-rw-r--r-- | source3/printing/nt_printing.c | 10 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 10 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_util.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_wkssvc_nt.c | 4 | ||||
-rw-r--r-- | source3/utils/net_groupmap.c | 4 | ||||
-rw-r--r-- | source3/utils/net_sam.c | 10 | ||||
-rw-r--r-- | source3/winbindd/winbindd_ads.c | 2 | ||||
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 2 | ||||
-rw-r--r-- | source3/winbindd/winbindd_passdb.c | 2 | ||||
-rw-r--r-- | source3/winbindd/winbindd_rpc.c | 2 |
21 files changed, 45 insertions, 65 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5e39dca60a..1f83381606 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -697,7 +697,7 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ser return NT_STATUS_NO_MEMORY; } - sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST); + sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_RID_GUEST); become_root(); ret = pdb_getsampwsid(sampass, &guest_sid); diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index cf4a54143d..d60d929482 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -189,7 +189,7 @@ static NTSTATUS add_builtin_administrators(struct nt_user_token *token, } else { sid_copy(&domadm, dom_sid); } - sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS ); + sid_append_rid( &domadm, DOMAIN_RID_ADMINS ); /* Add Administrators if the user beloongs to Domain Admins */ @@ -280,7 +280,7 @@ NTSTATUS create_builtin_users(const DOM_SID *dom_sid) /* add domain users */ if ((IS_DC || (lp_server_role() == ROLE_DOMAIN_MEMBER)) - && sid_compose(&dom_users, dom_sid, DOMAIN_GROUP_RID_USERS)) + && sid_compose(&dom_users, dom_sid, DOMAIN_RID_USERS)) { status = add_sid_to_builtin(&global_sid_Builtin_Users, &dom_users); @@ -309,7 +309,7 @@ NTSTATUS create_builtin_administrators(const DOM_SID *dom_sid) /* add domain admins */ if ((IS_DC || (lp_server_role() == ROLE_DOMAIN_MEMBER)) - && sid_compose(&dom_admins, dom_sid, DOMAIN_GROUP_RID_ADMINS)) + && sid_compose(&dom_admins, dom_sid, DOMAIN_RID_ADMINS)) { status = add_sid_to_builtin(&global_sid_Builtin_Administrators, &dom_admins); @@ -765,7 +765,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, sid_copy(&group_sids[0], &user_sid); sid_split_rid(&group_sids[0], &dummy); - sid_append_rid(&group_sids[0], DOMAIN_GROUP_RID_USERS); + sid_append_rid(&group_sids[0], DOMAIN_RID_USERS); if (!sid_to_gid(&group_sids[0], gid)) { DEBUG(1, ("sid_to_gid(%s) failed\n", diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 7add05e84c..da5a866619 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -126,7 +126,7 @@ bool get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) sid_peek_rid( &sid, &rid ); - if ( rid == DOMAIN_GROUP_RID_USERS ) { + if ( rid == DOMAIN_RID_USERS ) { fstrcpy( map->nt_name, "None" ); fstrcpy( map->comment, "Ordinary Users" ); sid_copy( &map->sid, &sid ); diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h index ccf7d6a785..d8814e3bc1 100644 --- a/source3/include/rpc_misc.h +++ b/source3/include/rpc_misc.h @@ -30,26 +30,6 @@ * well-known RIDs - Relative IDs **********************************************************************/ -/* RIDs - Well-known users ... */ -#define DOMAIN_USER_RID_ADMIN (0x000001F4L) -#define DOMAIN_USER_RID_GUEST (0x000001F5L) -#define DOMAIN_USER_RID_KRBTGT (0x000001F6L) - -/* RIDs - well-known groups ... */ -#define DOMAIN_GROUP_RID_ADMINS (0x00000200L) -#define DOMAIN_GROUP_RID_USERS (0x00000201L) -#define DOMAIN_GROUP_RID_GUESTS (0x00000202L) -#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) - -#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) -#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) -#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) -#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L) - -/* is the following the right number? I bet it is --simo -#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L) -*/ - /* RIDs - well-known aliases ... */ #define BUILTIN_ALIAS_RID_ADMINS (0x00000220L) #define BUILTIN_ALIAS_RID_USERS (0x00000221L) diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 0adefd5c6d..9514e05254 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -193,7 +193,7 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p /* Special case for the guest account which must have a RID of 501 */ if ( strequal( pwd->pw_name, guest_account ) ) { - if ( !pdb_set_user_sid_from_rid(user, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) { + if ( !pdb_set_user_sid_from_rid(user, DOMAIN_RID_GUEST, PDB_DEFAULT)) { return NT_STATUS_NO_SUCH_USER; } return NT_STATUS_OK; @@ -565,10 +565,10 @@ bool algorithmic_pdb_rid_is_user(uint32 rid) { if ( rid_is_well_known(rid) ) { /* - * The only well known user RIDs are DOMAIN_USER_RID_ADMIN - * and DOMAIN_USER_RID_GUEST. + * The only well known user RIDs are DOMAIN_RID_ADMINISTRATOR + * and DOMAIN_RID_GUEST. */ - if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) + if(rid == DOMAIN_RID_ADMINISTRATOR || rid == DOMAIN_RID_GUEST) return True; } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) { return True; @@ -592,7 +592,7 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid, the group already exists. */ if ( strequal( name, "None" ) ) { - *rid = DOMAIN_GROUP_RID_USERS; + *rid = DOMAIN_RID_USERS; *type = SID_NAME_DOM_GRP; return True; diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 4725e8e2f1..1416e287ac 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -274,7 +274,7 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass) /* Just set it to the 'Domain Users' RID of 513 which will always resolve to a name */ - sid_compose(gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); + sid_compose(gsid, get_global_sam_sid(), DOMAIN_RID_USERS); sampass->group_sid = gsid; @@ -584,7 +584,7 @@ bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_valu /* if we cannot resolve the SID to gid, then just ignore it and store DOMAIN_USERS as the primary groupSID */ - sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); + sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS); if (sid_equal(&dug_sid, g_sid)) { sid_copy(sampass->group_sid, &dug_sid); diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 130909e7fe..abc023081e 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -281,7 +281,7 @@ bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) ) return False; - if ( rid == DOMAIN_USER_RID_GUEST ) { + if ( rid == DOMAIN_RID_GUEST ) { DEBUG(6,("pdb_getsampwsid: Building guest account\n")); return guest_user_info( sam_acct ); } @@ -702,7 +702,7 @@ NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx, sid_peek_rid( sid, &rid ); - if ( rid == DOMAIN_GROUP_RID_USERS ) { + if ( rid == DOMAIN_RID_USERS ) { *p_num_members = 0; *pp_member_rids = NULL; @@ -1536,7 +1536,7 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, return False; } - if ( rid == DOMAIN_GROUP_RID_USERS ) { + if ( rid == DOMAIN_RID_USERS ) { *name = talloc_strdup(mem_ctx, "None" ); *psid_name_use = SID_NAME_DOM_GRP; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index a66ae9791a..e3bd72a629 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -5402,7 +5402,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods, DEBUG(3,("ldapsam_create_user: Creating new posix user\n")); /* retrieve the Domain Users group gid */ - if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS) || + if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_RID_USERS) || !sid_to_gid(&group_sid, &gid)) { DEBUG (0, ("ldapsam_create_user: Unable to get the Domain Users gid: bailing out!\n")); return NT_STATUS_INVALID_PRIMARY_GROUP; diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index a327da4cac..17c7f333d2 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1195,7 +1195,7 @@ static bool build_smb_pass (struct smb_passwd *smb_pw, const struct samu *sampas rid = pdb_get_user_rid(sampass); /* If the user specified a RID, make sure its able to be both stored and retreived */ - if (rid == DOMAIN_USER_RID_GUEST) { + if (rid == DOMAIN_RID_GUEST) { struct passwd *passwd = getpwnam_alloc(NULL, lp_guestaccount()); if (!passwd) { DEBUG(0, ("Could not find guest account via getpwnam()! (%s)\n", lp_guestaccount())); @@ -1332,7 +1332,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam return NT_STATUS_UNSUCCESSFUL; /* More special case 'guest account' hacks... */ - if (rid == DOMAIN_USER_RID_GUEST) { + if (rid == DOMAIN_RID_GUEST) { const char *guest_account = lp_guestaccount(); if (!(guest_account && *guest_account)) { DEBUG(1, ("Guest account not specfied!\n")); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index a8bc577370..76f112f818 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -2653,7 +2653,7 @@ WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx, DOM_SID domadmins_sid; sid_compose(&domadmins_sid, get_global_sam_sid(), - DOMAIN_GROUP_RID_ADMINS); + DOMAIN_RID_ADMINS); sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &domadmins_sid, @@ -2663,7 +2663,7 @@ WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx, sa, SEC_ACE_FLAG_CONTAINER_INHERIT); } else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) { - sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN); + sid_append_rid(&adm_sid, DOMAIN_RID_ADMINISTRATOR); sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &adm_sid, @@ -5606,7 +5606,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) DOM_SID domadmins_sid; sid_compose(&domadmins_sid, get_global_sam_sid(), - DOMAIN_GROUP_RID_ADMINS); + DOMAIN_RID_ADMINS); sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &domadmins_sid, @@ -5616,7 +5616,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) sa, SEC_ACE_FLAG_CONTAINER_INHERIT); } else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) { - sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN); + sid_append_rid(&adm_sid, DOMAIN_RID_ADMINISTRATOR); sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &adm_sid, @@ -5725,7 +5725,7 @@ bool nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s /* Create new sd */ - sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN); + sid_append_rid(&owner_sid, DOMAIN_RID_ADMINISTRATOR); psd = make_sec_desc(ctx, (*secdesc_ctr)->sd->revision, (*secdesc_ctr)->sd->type, &owner_sid, diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 297af4ea01..afb85baef2 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -335,7 +335,7 @@ static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); /* Add Full Access for Domain Admins */ - sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS); + sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_RID_ADMINS); init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 97ed381824..70c162be9d 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -146,7 +146,7 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd if ( IS_DC ) { sid_compose(&domadmin_sid, get_global_sam_sid(), - DOMAIN_GROUP_RID_ADMINS); + DOMAIN_RID_ADMINS); init_sec_ace(&ace[i++], &domadmin_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); } @@ -267,7 +267,7 @@ void map_max_allowed_access(const NT_USER_TOKEN *nt_token, if ( IS_DC ) { DOM_SID domadmin_sid; sid_compose(&domadmin_sid, get_global_sam_sid(), - DOMAIN_GROUP_RID_ADMINS); + DOMAIN_RID_ADMINS); if (is_sid_in_token(nt_token, &domadmin_sid)) { *pacc_requested |= GENERIC_ALL_ACCESS; return; @@ -2319,13 +2319,13 @@ NTSTATUS _samr_OpenUser(pipes_struct *p, } /* * Cheat - allow GENERIC_RIGHTS_USER_WRITE if pipe user is - * in DOMAIN_GROUP_RID_ADMINS. This is almost certainly not + * in DOMAIN_RID_ADMINS. This is almost certainly not * what Windows does but is a hack for people who haven't * set up privileges on groups in Samba. */ if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) { if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->ptok, - DOMAIN_GROUP_RID_ADMINS)) { + DOMAIN_RID_ADMINS)) { des_access &= ~GENERIC_RIGHTS_USER_WRITE; extra_access = GENERIC_RIGHTS_USER_WRITE; DEBUG(4,("_samr_OpenUser: Allowing " @@ -3811,7 +3811,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, se_priv_copy(&se_rights, &se_priv_none); can_add_account = nt_token_check_domain_rid( p->server_info->ptok, - DOMAIN_GROUP_RID_ADMINS ); + DOMAIN_RID_ADMINS ); } DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n", diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c index 1752329e4c..d9df1a0a5f 100644 --- a/source3/rpc_server/srv_spoolss_util.c +++ b/source3/rpc_server/srv_spoolss_util.c @@ -2297,7 +2297,7 @@ create_default: size_t size; /* Create new sd */ - sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN); + sid_append_rid(&owner_sid, DOMAIN_RID_ADMINISTRATOR); new_secdesc = make_sec_desc(tmp_ctx, secdesc->revision, diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 6d86074a54..ef320d0ec6 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1292,7 +1292,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, if ((p->server_info->utok.uid != sec_initial_uid()) && ( ! nt_token_check_domain_rid(p->server_info->ptok, - DOMAIN_GROUP_RID_ADMINS))) { + DOMAIN_RID_ADMINS))) { goto done; } diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index a8cbfba368..4106bc10bc 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -800,7 +800,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, } if (!user_has_privileges(token, &se_machine_account) && - !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && + !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) && !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) { DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have " "sufficient privileges\n")); @@ -871,7 +871,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, } if (!user_has_privileges(token, &se_machine_account) && - !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && + !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) && !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) { DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have " "sufficient privileges\n")); diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c index b39a52ed02..9b46808b8b 100644 --- a/source3/utils/net_groupmap.c +++ b/source3/utils/net_groupmap.c @@ -200,10 +200,10 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv) for ( i=0; i<argc; i++ ) { if ( !StrnCaseCmp(argv[i], "rid", strlen("rid")) ) { rid = get_int_param(argv[i]); - if ( rid < DOMAIN_GROUP_RID_ADMINS ) { + if ( rid < DOMAIN_RID_ADMINS ) { d_fprintf(stderr, _("RID must be greater than %d\n"), - (uint32)DOMAIN_GROUP_RID_ADMINS-1); + (uint32)DOMAIN_RID_ADMINS-1); return -1; } } diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 5c3f4e5b96..9b842aedd3 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1639,7 +1639,7 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv) d_printf(_("Checking for Domain Users group.\n")); - sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); + sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_USERS); if (!pdb_getgrsid(&gmap, gsid)) { LDAPMod **mods = NULL; @@ -1696,7 +1696,7 @@ domu_done: d_printf(_("Checking for Domain Admins group.\n")); - sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS); + sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_ADMINS); if (!pdb_getgrsid(&gmap, gsid)) { LDAPMod **mods = NULL; @@ -1803,7 +1803,7 @@ doma_done: goto failed; } - sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_ADMIN); + sid_compose(&sid, get_global_sam_sid(), DOMAIN_RID_ADMINISTRATOR); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT); @@ -1880,7 +1880,7 @@ doma_done: } } - sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST); + sid_compose(&sid, get_global_sam_sid(), DOMAIN_RID_GUEST); dn = talloc_asprintf(tc, "uid=%s,%s", pwd->pw_name, lp_ldap_user_suffix ()); uidstr = talloc_asprintf(tc, "%u", (unsigned int)pwd->pw_uid); @@ -1959,7 +1959,7 @@ doma_done: goto failed; } - sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS); + sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_GUESTS); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index f647a3ffaf..50abcc30c3 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -506,7 +506,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, /* Assume "Domain Users" for the primary group */ - sid_compose(&info->group_sid, &domain->sid, DOMAIN_GROUP_RID_USERS ); + sid_compose(&info->group_sid, &domain->sid, DOMAIN_RID_USERS ); /* Try to fill in what the nss_info backend can do */ diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 9554339769..34f1fbc341 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1039,7 +1039,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, DEBUG(10,("winbindd_dual_pam_auth_cached: failed to get password properties.\n")); } - if ((my_info3->base.rid != DOMAIN_USER_RID_ADMIN) || + if ((my_info3->base.rid != DOMAIN_RID_ADMINISTRATOR) || (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)) { my_info3->base.acct_flags |= ACB_AUTOLOCK; } diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index 34b5990a3f..023f68f1b3 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -467,7 +467,7 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain, something like that. */ sid_compose(&(*info)[i].group_sid, &domain->sid, - DOMAIN_GROUP_RID_USERS); + DOMAIN_RID_USERS); } TALLOC_FREE(ps); diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 87494db2bb..793cc430f0 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -124,7 +124,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, something like that. */ sid_compose(&dst->group_sid, &domain->sid, - DOMAIN_GROUP_RID_USERS); + DOMAIN_RID_USERS); } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); |