summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-11-30 15:08:58 +0000
committerLuke Leighton <lkcl@samba.org>1998-11-30 15:08:58 +0000
commit31044dd8e6419b305779408a4b3b0fbd8eab11b5 (patch)
tree1ed17e61bd4e31ab70454e989a5736f48fbf8262 /source3
parent868b22f5a1b5c9fec82d8c07f93ec0e7d05f23ac (diff)
downloadsamba-31044dd8e6419b305779408a4b3b0fbd8eab11b5.tar.gz
samba-31044dd8e6419b305779408a4b3b0fbd8eab11b5.tar.bz2
samba-31044dd8e6419b305779408a4b3b0fbd8eab11b5.zip
- adding builtin[alias]db.
- lib/sids.c: generate_sam_sid() modified to take a domain name: it now generates "DOMAIN_NAME.SID". reasons: 1) if you run multiple samba servers on the same machine under different netbios names as members of a domain, they won't all use the same SID, which is a _big_ mistake but it would happen _by default_. 2) we have (had) a problem with sid_to_string() and string_to_sid() which cause SIDs to be incorrectly read. one of the major reasons for *NOT* making this change was so as not to disrupt existing users. but as they will be anyway by this bug, we might as well go ahead. - passdb/smbpass.c: wanted to change the meaning of the name in the smbpasswd file to an "nt" name not a "unix" name. this is probably not a good idea: reverted this. - output formatting / bug-fixing in rpcclient query_useraliases code. (This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in6
-rw-r--r--source3/include/proto.h31
-rw-r--r--source3/include/rpcclient.h1
-rw-r--r--source3/lib/domain_namemap.c13
-rw-r--r--source3/lib/sids.c14
-rw-r--r--source3/lib/util_pwdb.c9
-rw-r--r--source3/lsarpcd/srv_lsa.c7
-rw-r--r--source3/passdb/smbpass.c40
-rw-r--r--source3/passdb/smbpassgroupunix.c12
-rw-r--r--source3/rpc_client/cli_lsarpc.c7
-rw-r--r--source3/rpc_server/srv_lsa.c7
-rw-r--r--source3/rpc_server/srv_samr.c23
-rw-r--r--source3/rpcclient/cmd_samr.c39
-rw-r--r--source3/smbd/server.c5
14 files changed, 145 insertions, 69 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 838dd826bd..799b5e22d4 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -150,9 +150,9 @@ RPC_CLIENT_OBJ = \
LOCKING_OBJ = locking/locking.o locking/locking_shm.o locking/locking_slow.o \
locking/shmem.o locking/shmem_sysv.o
-GROUPDB_OBJ = groupdb/groupdb.o groupdb/groupfile.o \
- groupdb/aliasdb.o groupdb/aliasfile.o \
- groupdb/groupunix.o groupdb/aliasunix.o \
+GROUPDB_OBJ = groupdb/groupdb.o groupdb/aliasdb.o groupdb/builtindb.o \
+ groupdb/groupfile.o groupdb/aliasfile.o \
+ groupdb/groupunix.o groupdb/aliasunix.o groupdb/builtinunix.o \
passdb/passgrp.o passdb/smbpassgroup.o \
passdb/smbpassgroupunix.o
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 4902cf06bf..2e7433bb43 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -50,6 +50,35 @@ BOOL get_unixalias_members(struct group *grp,
int *num_mem, LOCAL_GRP_MEMBER **members);
struct aliasdb_ops *unix_initialise_alias_db(void);
+/*The following definitions come from groupdb/builtindb.c */
+
+BOOL initialise_builtin_db(void);
+LOCAL_GRP *iterate_getbuiltingid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *iterate_getbuiltinrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *iterate_getbuiltinntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
+BOOL add_domain_builtin(LOCAL_GRP **blts, int *num_blts, LOCAL_GRP *blt);
+BOOL iterate_getuserbuiltinntnam(const char *user_name, LOCAL_GRP **blts, int *num_blts);
+BOOL enumdombuiltins(LOCAL_GRP **blts, int *num_blts);
+void *startbuiltinent(BOOL update);
+void endbuiltinent(void *vp);
+LOCAL_GRP *getbuiltinent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem);
+BOOL add_builtin_entry(LOCAL_GRP *newblt);
+BOOL mod_builtin_entry(LOCAL_GRP* blt);
+LOCAL_GRP *getbuiltinntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *getbuiltinrid(uint32 builtin_rid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *getbuiltingid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+BOOL getuserbuiltinntnam(const char *user_name, LOCAL_GRP **blt, int *num_blts);
+void bidb_init_blt(LOCAL_GRP *blt);
+BOOL make_builtin_line(char *p, int max_len,
+ LOCAL_GRP *blt,
+ LOCAL_GRP_MEMBER **mem, int *num_mem);
+
+/*The following definitions come from groupdb/builtinunix.c */
+
+BOOL get_unixbuiltin_members(struct group *grp,
+ int *num_mem, LOCAL_GRP_MEMBER **members);
+struct aliasdb_ops *unix_initialise_builtin_db(void);
+
/*The following definitions come from groupdb/groupdb.c */
BOOL initialise_group_db(void);
@@ -232,7 +261,7 @@ char *rep_inet_ntoa(struct in_addr ip);
void get_sam_domain_name(void);
BOOL get_member_domain_sid(void);
void generate_wellknown_sids(void);
-BOOL generate_sam_sid(void);
+BOOL generate_sam_sid(char *domain_name);
BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain);
BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain);
BOOL split_domain_name(char *fullname, char *domain, char *name);
diff --git a/source3/include/rpcclient.h b/source3/include/rpcclient.h
index dc2be5d2b8..4380c1236f 100644
--- a/source3/include/rpcclient.h
+++ b/source3/include/rpcclient.h
@@ -77,6 +77,7 @@ struct nt_client_info
POLICY_HND samr_pol_connect;
POLICY_HND samr_pol_open_domain;
+ POLICY_HND samr_pol_open_builtindom;
POLICY_HND samr_pol_open_user;
struct acct_info *sam;
diff --git a/source3/lib/domain_namemap.c b/source3/lib/domain_namemap.c
index 3de5b60785..cc96a014c4 100644
--- a/source3/lib/domain_namemap.c
+++ b/source3/lib/domain_namemap.c
@@ -273,8 +273,6 @@ static void delete_map_list(ubi_slList *map_list)
***************************************************************************/
static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
{
- DEBUG(10,("make_mydomain_sid\n"));
-
if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
{
DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
@@ -287,8 +285,10 @@ static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
/*
* only builtin aliases are recognised in S-1-5-20
*/
+ DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n",
+ grp->nt_name));
- if (!lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type))
+ if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0)
{
DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n",
grp->unix_name, grp->nt_name));
@@ -584,9 +584,6 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type)
if (!*unixname)
continue;
- DEBUG(5,("unixname = %s, ntname = %s.\n",
- unixname, nt_name));
-
p = strchr(nt_name, '\\');
if (p == NULL)
@@ -602,9 +599,11 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type)
fstrcpy(nt_group , p);
}
- if (make_name_entry(&new_ep, nt_domain, nt_name, unixname, type))
+ if (make_name_entry(&new_ep, nt_domain, nt_group, unixname, type))
{
ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
+ DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n",
+ unixname, nt_domain, nt_group, new_ep->grp.type));
}
}
diff --git a/source3/lib/sids.c b/source3/lib/sids.c
index 432c3349e3..854e9d5786 100644
--- a/source3/lib/sids.c
+++ b/source3/lib/sids.c
@@ -268,22 +268,24 @@ void generate_wellknown_sids(void)
}
/****************************************************************************
- Generate the global machine sid. Look for the MACHINE.SID file first, if
- not found then look in smb.conf and use it to create the MACHINE.SID file.
+ Generate the global machine sid. Look for the DOMAINNAME.SID file first, if
+ not found then look in smb.conf and use it to create the DOMAINNAME.SID file.
****************************************************************************/
-BOOL generate_sam_sid(void)
+BOOL generate_sam_sid(char *domain_name)
{
int fd;
int i;
char *p;
pstring sid_file;
fstring sid_string;
+ fstring file_name;
SMB_STRUCT_STAT st;
uchar raw_sid_data[12];
pstrcpy(sid_file, lp_smb_passwd_file());
p = strrchr(sid_file, '/');
- if (p != NULL) {
+ if (p != NULL)
+ {
*++p = '\0';
}
@@ -295,7 +297,9 @@ BOOL generate_sam_sid(void)
}
}
- pstrcat(sid_file, "MACHINE.SID");
+ slprintf(file_name, sizeof(file_name)-1, "%s.SID", domain_name);
+ strupper(file_name);
+ pstrcat(sid_file, file_name);
if ((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) {
DEBUG(0,("unable to open or create file %s. Error was %s\n",
diff --git a/source3/lib/util_pwdb.c b/source3/lib/util_pwdb.c
index 50cc0510d8..74d5ff6794 100644
--- a/source3/lib/util_pwdb.c
+++ b/source3/lib/util_pwdb.c
@@ -176,8 +176,6 @@ uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain,
rid = builtin_alias_rids[i].rid;
als_name = builtin_alias_rids[i].name;
- i++;
-
if (strequal(als_name, alias_name))
{
if (sid != NULL)
@@ -193,6 +191,8 @@ uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain,
return 0x0;
}
+ i++;
+
} while (als_name != NULL);
return 0xC0000000 | NT_STATUS_NONE_MAPPED;
@@ -431,9 +431,10 @@ BOOL pwdb_initialise(void)
generate_wellknown_sids();
- if (!generate_sam_sid())
+ if (!generate_sam_sid(global_sam_name))
{
- DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
+ DEBUG(0,("ERROR: Samba cannot create a SAM SID for its domain (%s).\n",
+ global_sam_name));
return False;
}
diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c
index abbe4ccd93..62c8f8a0cd 100644
--- a/source3/lsarpcd/srv_lsa.c
+++ b/source3/lsarpcd/srv_lsa.c
@@ -32,9 +32,7 @@ extern DOM_SID global_sam_sid;
extern fstring global_sam_name;
extern DOM_SID global_member_sid;
extern fstring global_myworkgroup;
-extern DOM_SID global_sid_S_1_1;
-extern DOM_SID global_sid_S_1_3;
-extern DOM_SID global_sid_S_1_5;
+extern DOM_SID global_sid_S_1_5_20;
/***************************************************************************
lsa_reply_open_policy2
@@ -264,7 +262,8 @@ static void make_lsa_trans_names(DOM_R_REF *ref,
else if (sid_split_rid (&find_sid, &rid) &&
map_domain_sid_to_name(&find_sid, dom_name))
{
- if (sid_equal(&find_sid, &global_sam_sid))
+ if (sid_equal(&find_sid, &global_sam_sid) ||
+ sid_equal(&find_sid, &global_sid_S_1_5_20))
{
status = lookup_sid(&tmp_sid, name, &sid_name_use);
}
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index 0de09e6085..8972351d90 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -73,7 +73,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
{
/* Static buffers we will return. */
static struct smb_passwd pw_buf;
- static pstring nt_name;
+ static pstring unix_name;
static unsigned char smbpwd[16];
static unsigned char smbntpwd[16];
char linebuf[256];
@@ -115,7 +115,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
* As 256 is shorter than a pstring we don't need to check
* length here - if this ever changes....
*/
- p = strncpyn(nt_name, linebuf, sizeof(nt_name), ':');
+ p = strncpyn(unix_name, linebuf, sizeof(unix_name), ':');
/* Go past ':' */
p++;
@@ -124,7 +124,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
p = Atoic( p, &uidval, ":");
- pw_buf.nt_name = nt_name;
+ pw_buf.unix_name = unix_name;
pw_buf.unix_uid = uidval;
/*
@@ -139,7 +139,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
if (*p == '*' || *p == 'X')
{
/* Password deliberately invalid - end here. */
- DEBUG(10, ("getsmbfilepwent: entry invalidated for nt user %s\n", nt_name));
+ DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name));
pw_buf.smb_nt_passwd = NULL;
pw_buf.smb_passwd = NULL;
pw_buf.acct_ctrl |= ACB_DISABLED;
@@ -194,8 +194,8 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
p += 33;
}
- DEBUG(5,("getsmbfilepwent: returning passwd entry for nt user %s, unix uid %d\n",
- nt_name, uidval));
+ DEBUG(5,("getsmbfilepwent: returning passwd entry for unix user %s, unix uid %d\n",
+ unix_name, uidval));
if (*p == '[')
{
@@ -226,7 +226,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
* password file as 'normal accounts'. If this changes
* we will have to fix this code. JRA.
*/
- if (pw_buf.nt_name[strlen(pw_buf.nt_name) - 1] == '$')
+ if (pw_buf.unix_name[strlen(pw_buf.unix_name) - 1] == '$')
{
pw_buf.acct_ctrl &= ~ACB_NORMAL;
pw_buf.acct_ctrl |= ACB_WSTRUST;
@@ -272,8 +272,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
*/
while ((pwd = getsmbfilepwent(fp)) != NULL) {
- if (strequal(newpwd->nt_name, pwd->nt_name)) {
- DEBUG(0, ("add_smbfilepwd_entry: entry with nt name %s already exists\n", pwd->nt_name));
+ if (strequal(newpwd->unix_name, pwd->unix_name)) {
+ DEBUG(0, ("add_smbfilepwd_entry: entry with unix name %s already exists\n", pwd->unix_name));
endsmbfilepwent(fp);
return False;
}
@@ -290,21 +290,21 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
+Error was %s\n", newpwd->unix_name, pfile, strerror(errno)));
endsmbfilepwent(fp);
return False;
}
- new_entry_length = strlen(newpwd->nt_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
+ new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
+Error was %s\n", newpwd->unix_name, pfile, strerror(errno)));
endsmbfilepwent(fp);
return False;
}
- slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->nt_name, (unsigned)newpwd->unix_uid);
+ slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->unix_name, (unsigned)newpwd->unix_uid);
p = &new_entry[strlen(new_entry)];
if(newpwd->smb_passwd != NULL) {
@@ -349,13 +349,13 @@ Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) {
DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
-Error was %s\n", wr_len, newpwd->nt_name, pfile, strerror(errno)));
+Error was %s\n", wr_len, newpwd->unix_name, pfile, strerror(errno)));
/* Remove the entry we just wrote. */
if(sys_ftruncate(fd, offpos) == -1) {
DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
Error was %s. Password file may be corrupt ! Please examine by hand !\n",
- newpwd->nt_name, strerror(errno)));
+ newpwd->unix_name, strerror(errno)));
}
endsmbfilepwent(fp);
@@ -380,7 +380,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
{
/* Static buffers we will return. */
- static pstring nt_name;
+ static pstring unix_name;
char linebuf[256];
char readbuf[1024];
@@ -498,9 +498,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
* As 256 is shorter than a pstring we don't need to check
* length here - if this ever changes....
*/
- strncpy(nt_name, linebuf, PTR_DIFF(p, linebuf));
- nt_name[PTR_DIFF(p, linebuf)] = '\0';
- if (strequal(nt_name, pwd->nt_name)) {
+ strncpy(unix_name, linebuf, PTR_DIFF(p, linebuf));
+ unix_name[PTR_DIFF(p, linebuf)] = '\0';
+ if (strequal(unix_name, pwd->unix_name)) {
found_entry = True;
break;
}
@@ -545,7 +545,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
if (!override && (*p == '*' || *p == 'X')) {
/* Password deliberately invalid - end here. */
- DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for nt user %s\n", nt_name));
+ DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for unix user %s\n", unix_name));
file_unlock(lockfd, &pw_file_lock_depth);
fclose(fp);
return False;
diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c
index 26c6d6ff13..38f9cdf2e4 100644
--- a/source3/passdb/smbpassgroupunix.c
+++ b/source3/passdb/smbpassgroupunix.c
@@ -107,6 +107,7 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
if (als_rids == NULL && grp_rids == NULL)
{
+ /* they didn't want to know the members. */
return pwdb_sam_to_smb(pw_buf);
}
@@ -131,6 +132,17 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
* find the unix name for each user's group.
* assume the unix group is an nt name (alias? group? user?)
* (user or not our own domain will be an error).
+ *
+ * oh, oh, can anyone spot what's missing heeere?
+ * you guessed it: built-in aliases. those are in
+ * Domain S-1-5-20, and NT Domain Users can only
+ * have lists of RIDs as groups.
+ *
+ * doesn't stop you making NT Domain Users a member
+ * of a BUILTIN Alias (e.g "Administrators" or "Power Users")
+ * it's just that there's no way to tell that from this
+ * API call: wrong domain, sorry.
+ *
*/
DOM_NAME_MAP gmep;
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index e8f1cac19b..087ee5dade 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -306,10 +306,11 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli,
if (dom_idx != 0xffffffff)
{
- fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer));
- fstrcpy(name , unistr2(t_names.uni_name[i].buffer));
+ fstrcpy(dom_name, unistr2_to_str(&ref.ref_dom[dom_idx].uni_dom_name));
+ fstrcpy(name , unistr2_to_str(&t_names.uni_name[i]));
- slprintf(full_name, sizeof(full_name), "%s\\%s",
+ memset(full_name, 0, sizeof(full_name));
+ slprintf(full_name, sizeof(full_name)-1, "%s\\%s",
dom_name, name);
(*names)[i] = strdup(full_name);
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index abbe4ccd93..62c8f8a0cd 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -32,9 +32,7 @@ extern DOM_SID global_sam_sid;
extern fstring global_sam_name;
extern DOM_SID global_member_sid;
extern fstring global_myworkgroup;
-extern DOM_SID global_sid_S_1_1;
-extern DOM_SID global_sid_S_1_3;
-extern DOM_SID global_sid_S_1_5;
+extern DOM_SID global_sid_S_1_5_20;
/***************************************************************************
lsa_reply_open_policy2
@@ -264,7 +262,8 @@ static void make_lsa_trans_names(DOM_R_REF *ref,
else if (sid_split_rid (&find_sid, &rid) &&
map_domain_sid_to_name(&find_sid, dom_name))
{
- if (sid_equal(&find_sid, &global_sam_sid))
+ if (sid_equal(&find_sid, &global_sam_sid) ||
+ sid_equal(&find_sid, &global_sid_S_1_5_20))
{
status = lookup_sid(&tmp_sid, name, &sid_name_use);
}
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index fb613c3c51..d0f139645c 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -732,6 +732,7 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
{
uint32 status = 0;
+ LOCAL_GRP *mem_grp = NULL;
uint32 *rid = NULL;
int num_rids = 0;
struct sam_passwd *sam_pass;
@@ -781,21 +782,32 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
if (status == 0x0)
{
+ DEBUG(10,("sid is %s\n", dom_sid_str));
+
if (sid_equal(&dom_sid, &global_sid_S_1_5_20))
{
DEBUG(10,("lookup on S-1-5-20\n"));
+
+ become_root(True);
+ getuserbuiltinntnam(sam_pass->nt_name, &mem_grp, &num_rids);
+ unbecome_root(True);
}
else if (sid_equal(&dom_sid, &usr_sid))
{
- LOCAL_GRP *mem_grp = NULL;
- num_rids = 0;
-
DEBUG(10,("lookup on Domain SID\n"));
become_root(True);
getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids);
unbecome_root(True);
+ }
+ else
+ {
+ status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+ }
+ }
+ if (status == 0x0 && num_rids > 0)
+ {
rid = malloc(num_rids * sizeof(uint32));
if (mem_grp != NULL && rid != NULL)
{
@@ -805,11 +817,6 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
rid[i] = mem_grp[i].rid;
}
free(mem_grp);
- }
- }
- else
- {
- status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
}
}
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 7a65fc5c37..4d77f67b54 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -181,8 +181,10 @@ void cmd_sam_enum_users(struct client_info *info)
fstring domain;
fstring sid;
DOM_SID sid1;
+ DOM_SID sid_1_5_20;
int user_idx;
BOOL res = True;
+ BOOL res1 = True;
BOOL request_user_info = False;
BOOL request_group_info = False;
BOOL request_alias_info = False;
@@ -218,6 +220,10 @@ void cmd_sam_enum_users(struct client_info *info)
request_group_info |= strequal(tmp, "-g");
request_alias_info |= strequal(tmp, "-a");
}
+ else
+ {
+ break;
+ }
}
#ifdef DEBUG_TESTING
@@ -242,6 +248,8 @@ void cmd_sam_enum_users(struct client_info *info)
}
#endif
+ string_to_sid(&sid_1_5_20, "S-1-5-32");
+
fprintf(out_hnd, "SAM Enumerate Users\n");
fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
info->myhostname, srv_name, domain, sid);
@@ -264,6 +272,11 @@ void cmd_sam_enum_users(struct client_info *info)
&info->dom.samr_pol_connect, admin_rid, &sid1,
&info->dom.samr_pol_open_domain) : False;
+ /* connect to the S-1-5-20 domain */
+ res1 = res ? do_samr_open_domain(smb_cli,
+ &info->dom.samr_pol_connect, admin_rid, &sid_1_5_20,
+ &info->dom.samr_pol_open_builtindom) : False;
+
/* read some users */
res = res ? do_samr_enum_dom_users(smb_cli,
&info->dom.samr_pol_open_domain,
@@ -275,12 +288,8 @@ void cmd_sam_enum_users(struct client_info *info)
fprintf(out_hnd, "No users\n");
}
- if (request_user_info || request_group_info || request_alias_info)
- {
/* query all the users */
- user_idx = 0;
-
- while (res && user_idx < info->dom.num_sam_entries)
+ for (user_idx = 0; res && user_idx < info->dom.num_sam_entries; user_idx++)
{
uint32 user_rid = info->dom.sam[user_idx].user_rid;
SAM_USER_INFO_21 usr;
@@ -332,16 +341,26 @@ void cmd_sam_enum_users(struct client_info *info)
&info->dom.samr_pol_open_domain,
&als_sid, &num_aliases, rid))
{
- display_alias_rid_info(out_hnd, ACTION_HEADER , &als_sid, num_aliases, rid);
- display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &als_sid, num_aliases, rid);
- display_alias_rid_info(out_hnd, ACTION_FOOTER , &als_sid, num_aliases, rid);
- }
+ display_alias_rid_info(out_hnd, ACTION_HEADER , &sid1, num_aliases, rid);
+ display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &sid1, num_aliases, rid);
+ display_alias_rid_info(out_hnd, ACTION_FOOTER , &sid1, num_aliases, rid);
}
- user_idx++;
+ /* send user alias query */
+ if (res1 && do_samr_query_useraliases(smb_cli,
+ &info->dom.samr_pol_open_builtindom,
+ &als_sid, &num_aliases, rid))
+ {
+ display_alias_rid_info(out_hnd, ACTION_HEADER , &sid_1_5_20, num_aliases, rid);
+ display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &sid_1_5_20, num_aliases, rid);
+ display_alias_rid_info(out_hnd, ACTION_FOOTER , &sid_1_5_20, num_aliases, rid);
+ }
}
}
+ res1 = res1 ? do_samr_close(smb_cli,
+ &info->dom.samr_pol_open_builtindom) : False;
+
res = res ? do_samr_close(smb_cli,
&info->dom.samr_pol_open_domain) : False;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 3a32e1871f..7a16d8abf3 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -676,6 +676,11 @@ static void usage(char *pname)
exit(1);
}
+ if(!initialise_builtin_db())
+ {
+ exit(1);
+ }
+
if (!get_member_domain_sid())
{
DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n",