domain aliases added a bit better: does local aliases if you query

for sid S-1-5-20 and does (nothing at the moment) if you query for
your own sid.
(This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)

5 files changed, 70 insertions, 34 deletions

diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 93584b5acf..a355f0b311 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -28,7 +28,7 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
-extern DOM_SID global_machine_sid;
+extern DOM_SID global_sam_sid;
 
 /***************************************************************************
 lsa_reply_open_policy2
@@ -373,7 +373,7 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data,
 	pstrcpy(dom_name, lp_workgroup());
 
 	/* construct reply.  return status is always 0x0 */
-	lsa_reply_query_info(&q_i, rdata, dom_name, &global_machine_sid);
+	lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid);
 }
 
 /***************************************************************************
@@ -406,7 +406,7 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
         string_to_sid(&sid_S_1_5, "S-1-5");
 
 	dom_names[0] = dom_name;
-	sid_array[0] = &global_machine_sid;
+	sid_array[0] = &global_sam_sid;
 
 	dom_names[1] = "Everyone";
 	sid_array[1] = &sid_S_1_1;
@@ -458,7 +458,7 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
         string_to_sid(&sid_S_1_5, "S-1-5");
 
 	dom_names[0] = dom_name;
-	sid_array[0] = &global_machine_sid;
+	sid_array[0] = &global_sam_sid;
 
 	dom_names[1] = "Everyone";
 	sid_array[1] = &sid_S_1_1;
diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c
index b1e695360f..b807c40604 100644
--- a/source3/rpc_server/srv_lsa_hnd.c
+++ b/source3/rpc_server/srv_lsa_hnd.c
@@ -225,7 +225,28 @@ BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
 }
 
 /****************************************************************************
-  set samr rid
+  get samr sid
+****************************************************************************/
+BOOL get_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
+{
+	struct policy *p = find_lsa_policy(hnd);
+
+	if (p != NULL && p->open)
+	{
+		pstring sidstr;
+		memcpy(sid, &p->dev.samr.sid, sizeof(*sid));
+		DEBUG(3,("Getting policy sid=%s pnum=%x\n",
+			 sid_to_string(sidstr, sid), p->pnum));
+
+		return True;
+	}
+
+	DEBUG(3,("Error getting policy\n"));
+	return False;
+}
+
+/****************************************************************************
+  get samr rid
 ****************************************************************************/
 uint32 get_lsa_policy_samr_rid(POLICY_HND *hnd)
 {
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 79a659faf8..4228eab3e0 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -32,7 +32,7 @@ extern int DEBUGLEVEL;
 extern BOOL sam_logon_in_ssb;
 extern pstring samlogon_user;
 extern pstring global_myname;
-extern DOM_SID global_machine_sid;
+extern DOM_SID global_sam_sid;
 
 /*************************************************************************
  make_net_r_req_chal:
@@ -790,7 +790,7 @@ static void api_net_sam_logon( uint16 vuid,
                           my_name     , /* char *logon_srv */
                           my_workgroup, /* char *logon_dom */
 
-                          &global_machine_sid,     /* DOM_SID *dom_sid */
+                          &global_sam_sid,     /* DOM_SID *dom_sid */
                           NULL); /* char *other_sids */
     }
     else
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 06ed6603b3..9a37f76121 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -32,10 +32,11 @@ extern BOOL sam_logon_in_ssb;
 extern pstring samlogon_user;
 extern pstring global_myworkgroup;
 extern pstring global_myname;
-extern DOM_SID global_machine_sid;
+extern DOM_SID global_sam_sid;
 
 extern rid_name domain_group_rids[];
 extern rid_name domain_alias_rids[];
+extern rid_name builtin_alias_rids[];
 
 /*******************************************************************
   This next function should be replaced with something that
@@ -295,7 +296,7 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
 		DOM_SID user_sid;
 		DOM_SID everyone_sid;
 
-		user_sid = global_machine_sid;
+		user_sid = global_sam_sid;
 
 		SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1);
 
@@ -457,29 +458,44 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
 	SAMR_R_ENUM_DOM_ALIASES r_e;
 	SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
 	int num_entries;
-	BOOL got_aliases;
-	char *dummy_alias = "admins";
+	DOM_SID sid;
+	fstring sid_str;
+	fstring sam_sid_str;
 
 	r_e.status = 0x0;
 	r_e.num_entries = 0;
 
 	/* find the policy handle.  open a policy on it. */
-	if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
+	if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid))
 	{
 		r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
 	}
 
-	DEBUG(5,("samr_reply_enum_dom_aliases: %d\n", __LINE__));
+	sid_to_string(sid_str, &sid);
+	sid_to_string(sam_sid_str, &global_sam_sid);
 
-	got_aliases = True;
-	num_entries = 1;
-	make_unistr2(&(pass[0].uni_user_name), dummy_alias, strlen(dummy_alias));
-	pass[0].user_rid = BUILTIN_ALIAS_RID_ADMINS;
+	DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
 
-	if (r_e.status == 0 && got_aliases)
+	/* well-known aliases */
+	if (strequal(sid_str, "S-1-5-20"))
 	{
-		make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status);
+		char *name;
+		while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL))
+		{
+			make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name));
+			pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid;
+			num_entries++;
+		}
 	}
+	else if (strequal(sid_str, sam_sid_str))
+	{
+		/* local aliases */
+		/* oops!  there's no code to deal with this */
+		DEBUG(3,("samr_reply_enum_dom_aliases: enum of aliases in our domain not supported yet\n"));
+		num_entries = 0;
+	}
+		
+	make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status);
 
 	/* store the response in the SMB stream */
 	samr_io_r_enum_dom_aliases("", &r_e, rdata, 0);
@@ -1276,12 +1292,12 @@ static void api_samr_query_usergroups( uint16 vuid, prs_struct *data, prs_struct
 
 
 /*******************************************************************
- samr_reply_unknown_8
+ samr_reply_query_dom_info
  ********************************************************************/
-static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
+static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
 				prs_struct *rdata)
 {
-	SAMR_R_UNKNOWN_8 r_u;
+	SAMR_R_QUERY_DOMAIN_INFO r_u;
 	SAM_UNK_CTR ctr;
 	uint16 switch_value = 0x0;
 	uint32 status = 0x0;
@@ -1291,13 +1307,13 @@ static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
 
 	r_u.ctr = &ctr;
 
-	DEBUG(5,("samr_reply_unknown_8: %d\n", __LINE__));
+	DEBUG(5,("samr_reply_query_dom_info: %d\n", __LINE__));
 
 	/* find the policy handle.  open a policy on it. */
 	if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1))
 	{
 		r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
-		DEBUG(5,("samr_reply_unknown_8: invalid handle\n"));
+		DEBUG(5,("samr_reply_query_dom_info: invalid handle\n"));
 	}
 
 	if (status == 0x0)
@@ -1319,27 +1335,27 @@ static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
 		}
 	}
 
-	make_samr_r_unknown_8(&r_u, switch_value, &ctr, status);
+	make_samr_r_query_dom_info(&r_u, switch_value, &ctr, status);
 
 	/* store the response in the SMB stream */
-	samr_io_r_unknown_8("", &r_u, rdata, 0);
+	samr_io_r_query_dom_info("", &r_u, rdata, 0);
 
-	DEBUG(5,("samr_unknown_8: %d\n", __LINE__));
+	DEBUG(5,("samr_query_dom_info: %d\n", __LINE__));
 
 }
 
 /*******************************************************************
- api_samr_unknown_8
+ api_samr_query_dom_info
  ********************************************************************/
-static void api_samr_unknown_8( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static void api_samr_query_dom_info( uint16 vuid, prs_struct *data, prs_struct *rdata)
 {
-	SAMR_Q_UNKNOWN_8 q_e;
+	SAMR_Q_QUERY_DOMAIN_INFO q_e;
 
 	/* grab the samr unknown 8 command */
-	samr_io_q_unknown_8("", &q_e, data, 0);
+	samr_io_q_query_dom_info("", &q_e, data, 0);
 
 	/* construct reply. */
-	samr_reply_unknown_8(&q_e, rdata);
+	samr_reply_query_dom_info(&q_e, rdata);
 }
 
 
@@ -1595,7 +1611,7 @@ static struct api_struct api_samr_cmds [] =
 	{ "SAMR_LOOKUP_NAMES"     , SAMR_LOOKUP_NAMES     , api_samr_lookup_names     },
 	{ "SAMR_OPEN_USER"        , SAMR_OPEN_USER        , api_samr_open_user        },
 	{ "SAMR_QUERY_USERINFO"   , SAMR_QUERY_USERINFO   , api_samr_query_userinfo   },
-	{ "SAMR_UNKNOWN_8"        , SAMR_UNKNOWN_8        , api_samr_unknown_8        },
+	{ "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info        },
 	{ "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
 	{ "SAMR_QUERY_DISPINFO"   , SAMR_QUERY_DISPINFO   , api_samr_query_dispinfo   },
 	{ "SAMR_QUERY_ALIASINFO"  , SAMR_QUERY_ALIASINFO  , api_samr_query_aliasinfo  },
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 4756d2f338..b3557c7768 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -42,7 +42,6 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
-extern DOM_SID global_machine_sid;
 
 /*
  * A list of the rids of well known BUILTIN and Domain users