diff options
author | Jean-François Micouleau <jfm@samba.org> | 2001-12-04 21:53:47 +0000 |
---|---|---|
committer | Jean-François Micouleau <jfm@samba.org> | 2001-12-04 21:53:47 +0000 |
commit | 922eb763d7365716fd3c20aa069746fc9bfb8ab3 (patch) | |
tree | 5aa576e627be2c74803509ec298881dbc3c57864 /source3/rpc_server/srv_lsa_nt.c | |
parent | 4d3ec230b4319510826b2cccc0b957096d8a53fe (diff) | |
download | samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.tar.gz samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.tar.bz2 samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.zip |
added a boolean to the group mapping functions to specify if we need or
not the privileges. Usually we don't need them, so the memory is free
early.
lib/util_sid.c: added some helper functions to check an SID.
passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass
an RID all the way. If the group doesn't exist on the domain SID,
don't return a faked one as it can collide with a builtin one. Some rpc
structures have been badly designed, they return only rids and force the
client to do subsequent lsa_lookup_sid() on the domain sid and the builtin
sid !
rpc_server/srv_util.c: wrote a new version of get_domain_user_groups().
Only the samr code uses it atm. It uses the group mapping code instead of
a bloody hard coded crap. The netlogon code will use it too, but I have to
do some test first.
J.F.
(This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
Diffstat (limited to 'source3/rpc_server/srv_lsa_nt.c')
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index b16e3836f6..da5597132d 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -622,7 +622,7 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU return NT_STATUS_INVALID_HANDLE; /* get the list of mapped groups (domain, local, builtin) */ - if(!enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED)) + if(!enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) return NT_STATUS_OK; if (q_u->enum_context >= num_entries) @@ -727,7 +727,7 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LS if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - if (!get_group_map_from_sid(info->sid, &map)) + if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV)) return NT_STATUS_NO_SUCH_GROUP; DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set.count)); @@ -768,7 +768,7 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - if (!get_group_map_from_sid(info->sid, &map)) + if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_GROUP; /* @@ -799,7 +799,7 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - if (!get_group_map_from_sid(info->sid, &map)) + if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV)) return NT_STATUS_NO_SUCH_GROUP; map.systemaccount=q_u->access; @@ -807,6 +807,8 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA if(!add_mapping_entry(&map, TDB_REPLACE)) return NT_STATUS_NO_SUCH_GROUP; + free_privilege(&map.priv_set); + return r_u->status; } @@ -829,7 +831,7 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - if (!get_group_map_from_sid(info->sid, &map)) + if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV)) return NT_STATUS_NO_SUCH_GROUP; set=&q_u->set; @@ -873,7 +875,7 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - if (!get_group_map_from_sid(info->sid, &map)) + if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV)) return NT_STATUS_NO_SUCH_GROUP; if (q_u->allrights!=0) { |