summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/passdb.h8
-rw-r--r--source3/include/rpc_misc.h15
-rw-r--r--source3/passdb/passdb.c49
-rw-r--r--source3/passdb/pdb_interface.c46
-rw-r--r--source3/passdb/pdb_ldap.c19
-rw-r--r--source3/passdb/pdb_nisplus.c19
-rw-r--r--source3/passdb/pdb_smbpasswd.c39
-rw-r--r--source3/passdb/pdb_tdb.c93
-rw-r--r--source3/rpc_server/srv_samr_nt.c92
-rw-r--r--source3/utils/pdbedit.c2
10 files changed, 216 insertions, 166 deletions
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index df44dce80c..f17b043fb2 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -50,10 +50,6 @@ typedef struct pdb_context
BOOL (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username);
- uid_t (*pdb_user_rid_to_uid)(struct pdb_context *, uint32 user_rid);
-
- uint32 (*pdb_uid_to_user_rid)(struct pdb_context *, uid_t uid);
-
void (*free_fn)(struct pdb_context **);
TALLOC_CTX *mem_ctx;
@@ -79,10 +75,6 @@ typedef struct pdb_methods
BOOL (*update_sam_account)(struct pdb_context *, const SAM_ACCOUNT *sampass);
BOOL (*delete_sam_account)(struct pdb_context *, const SAM_ACCOUNT *username);
-
- uid_t (*user_rid_to_uid)(struct pdb_context *, uint32 user_rid);
-
- uint32 (*uid_to_user_rid)(struct pdb_context *, uid_t uid);
void *private_data; /* Private data of some kind */
diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h
index 686f8e97e9..7398b8ac57 100644
--- a/source3/include/rpc_misc.h
+++ b/source3/include/rpc_misc.h
@@ -33,11 +33,22 @@
/* RIDs - Well-known users ... */
#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
#define DOMAIN_USER_RID_GUEST (0x000001F5L)
+#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
/* RIDs - well-known groups ... */
#define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
#define DOMAIN_GROUP_RID_USERS (0x00000201L)
#define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
+#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
+
+#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
+#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
+#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
+#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
+
+/* is the following the right number? I bet it is --simo
+#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
+*/
/* RIDs - well-known aliases ... */
#define BUILTIN_ALIAS_RID_ADMINS (0x00000220L)
@@ -51,12 +62,16 @@
#define BUILTIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
#define BUILTIN_ALIAS_RID_REPLICATOR (0x00000228L)
+#define BUILTIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
/*
* Masks for mappings between unix uid and gid types and
* NT RIDS.
*/
+
+#define BASE_RID (0x000003E8L)
+
/* Take the bottom bit. */
#define RID_TYPE_MASK 1
#define RID_MULTIPLIER 2
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index c53b300198..6a3c4bb793 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -173,7 +173,9 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd)
pdb_set_uid(*new_sam_acct, pwd->pw_uid);
pdb_set_gid(*new_sam_acct, pwd->pw_gid);
+ /* let the backends set the rid!!
pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid));
+ -- simo */
/* call the mapping code here */
if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
@@ -397,6 +399,7 @@ BOOL pdb_gethexpwd(const char *p, unsigned char *pwd)
return (True);
}
+#if 0 /* seem it is not used by anyone */
/*******************************************************************
Group and User RID username mapping function
********************************************************************/
@@ -416,7 +419,7 @@ BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid)
/* turn the unix UID into a Domain RID. this is what the posix
sub-system does (adds 1000 to the uid) */
- *u_rid = pdb_uid_to_user_rid(pw->pw_uid);
+ *u_rid = fallback_pdb_uid_to_user_rid(pw->pw_uid);
/* absolutely no idea what to do about the unix GID to Domain RID mapping */
/* map it ! */
@@ -427,12 +430,13 @@ BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid)
return True;
}
+#endif /* seem it is not used by anyone */
/*******************************************************************
Converts NT user RID to a UNIX uid.
********************************************************************/
-uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
+static uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
{
return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
}
@@ -442,7 +446,7 @@ uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
converts UNIX uid to an NT User RID.
********************************************************************/
-uint32 fallback_pdb_uid_to_user_rid(uid_t uid)
+static uint32 fallback_pdb_uid_to_user_rid(uid_t uid)
{
return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
}
@@ -559,7 +563,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
return True;
}
- uid = pdb_user_rid_to_uid(rid);
+ uid = fallback_pdb_user_rid_to_uid(rid);
pass = getpwuid_alloc(uid);
*psid_name_use = SID_NAME_USER;
@@ -683,7 +687,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
pdb_free_sam(&sam_account);
if (!found && (pass = Get_Pwnam(user))) {
- sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));
+ sid_append_rid( &local_sid, fallback_pdb_uid_to_user_rid(pass->pw_uid));
*psid_name_use = SID_NAME_USER;
pdb_free_sam(&sam_account);
@@ -745,9 +749,27 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
{
extern DOM_SID global_sam_sid;
+ struct passwd *pass;
+ SAM_ACCOUNT *sam_user;
sid_copy(psid, &global_sam_sid);
- sid_append_rid(psid, pdb_uid_to_user_rid(uid));
+
+ if(!(pass = getpwuid_alloc(uid)))
+ return NULL;
+
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
+ return NULL;
+
+ if (!pdb_getsampwnam(sam_user, pass->pw_name)) {
+ pdb_free_sam(&sam_user);
+ return NULL;
+ }
+
+ passwd_free(&pass);
+
+ sid_append_rid(psid, pdb_get_user_rid(sam_user));
+
+ pdb_free_sam(&sam_user);
return psid;
}
@@ -764,6 +786,7 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
uint32 rid;
fstring str;
struct passwd *pass;
+ SAM_ACCOUNT *sam_user;
*name_type = SID_NAME_UNKNOWN;
@@ -780,7 +803,19 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
if (!sid_equal(&global_sam_sid, &dom_sid))
return False;
- *puid = pdb_user_rid_to_uid(rid);
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
+ return False;
+
+ if (!pdb_getsampwrid(sam_user, rid)) {
+ pdb_free_sam(&sam_user);
+ return False;
+ }
+
+ *puid = pdb_get_uid(sam_user);
+ if (*puid == -1)
+ return False;
+
+ pdb_free_sam(&sam_user);
/*
* Ensure this uid really does exist.
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 2fc04bc3b5..80b268994b 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -121,27 +121,7 @@ static BOOL context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT
return context->pdb_selected->delete_sam_account(context, sam_acct);
}
-static uint32 context_uid_to_user_rid(struct pdb_context *context, uid_t uid)
-{
- if ((!context) || (!context->pdb_selected)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return False;
- }
-
- return context->pdb_selected->uid_to_user_rid(context, uid);
-}
-
-static uid_t context_user_rid_to_uid(struct pdb_context *context, uint32 rid)
-{
- if ((!context) || (!context->pdb_selected)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return False;
- }
-
- return context->pdb_selected->user_rid_to_uid(context, rid);
-}
-
-static void free_pdb_context(struct pdb_context **context)
+static void free_pdb_context(struct pdb_context **context)
{
if (((*context)->pdb_selected) && ((*context)->pdb_selected->free_private_data)) {
(*context)->pdb_selected->free_private_data((*context)->pdb_selected->private_data);
@@ -184,8 +164,6 @@ static NTSTATUS make_pdb_context(struct pdb_context **context)
(*context)->pdb_add_sam_account = context_add_sam_account;
(*context)->pdb_update_sam_account = context_update_sam_account;
(*context)->pdb_delete_sam_account = context_delete_sam_account;
- (*context)->pdb_uid_to_user_rid = context_uid_to_user_rid;
- (*context)->pdb_user_rid_to_uid = context_user_rid_to_uid;
(*context)->free_fn = free_pdb_context;
@@ -369,28 +347,6 @@ BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct)
return pdb_context->pdb_delete_sam_account(pdb_context, sam_acct);
}
-uid_t pdb_user_rid_to_uid(uint32 rid)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return pdb_context->pdb_user_rid_to_uid(pdb_context, rid);
-}
-
-uint32 pdb_uid_to_user_rid(uid_t uid)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return pdb_context->pdb_uid_to_user_rid(pdb_context, uid);
-}
-
#endif /* !defined(WITH_NISPLUS_SAM) */
/***************************************************************
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 4b4ff77eee..a16fb115fc 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -72,6 +72,24 @@ struct ldapsam_privates {
static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state);
/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t pdb_user_rid_to_uid(uint32 user_rid)
+{
+ return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 pdb_uid_to_user_rid(uid_t uid)
+{
+ return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
+/*******************************************************************
find the ldap password
******************************************************************/
static BOOL fetch_ldapsam_pw(char *dn, char* pw, int len)
@@ -1498,4 +1516,3 @@ NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method
#endif
-
diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c
index ce642fa5f5..145e1d4f0c 100644
--- a/source3/passdb/pdb_nisplus.c
+++ b/source3/passdb/pdb_nisplus.c
@@ -114,6 +114,25 @@ static VOLATILE sig_atomic_t gotalarm;
#define NPF_WORKSTATIONS 20
#define NPF_HOURS 21
+
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t pdb_user_rid_to_uid(uint32 user_rid)
+{
+ return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 pdb_uid_to_user_rid(uid_t uid)
+{
+ return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
/***************************************************************
Signal function to tell us we timed out.
****************************************************************/
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 94bab7598e..6f3886a4b5 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -69,6 +69,24 @@ struct smbpasswd_privates
enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t pdb_user_rid_to_uid(uint32 user_rid)
+{
+ return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 pdb_uid_to_user_rid(uid_t uid)
+{
+ return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
/***************************************************************
Lock an fd. Abandon after waitsecs seconds.
****************************************************************/
@@ -1513,25 +1531,6 @@ static BOOL smbpasswd_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_
return True;
}
-/**********************************************************************
- get rid by uid
-*********************************************************************/
-
-static uint32 smbpasswd_uid_to_rid(struct pdb_context *context, uid_t uid)
-{
- return fallback_pdb_uid_to_user_rid(uid);
-}
-
-/**********************************************************************
- get uid by rid
-*********************************************************************/
-
-static uid_t smbpasswd_rid_to_uid(struct pdb_context *context, uint32 rid)
-{
- return fallback_pdb_user_rid_to_uid(rid);
-}
-
-
static BOOL smbpasswd_add_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sampass)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data;
@@ -1605,8 +1604,6 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method,
(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
- (*pdb_method)->uid_to_user_rid = smbpasswd_uid_to_rid;
- (*pdb_method)->user_rid_to_uid = smbpasswd_rid_to_uid;
/* Setup private data and free function */
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index b55a74d290..a8edac917e 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -32,8 +32,6 @@
#define USERPREFIX "USER_"
#define RIDPREFIX "RID_"
-#define BASE_RID 0x200
-
struct tdbsam_privates {
TDB_CONTEXT *passwd_tdb;
TDB_DATA key;
@@ -43,8 +41,8 @@ struct tdbsam_privates {
BOOL permit_non_unix_accounts;
- uint32 low_nua_rid;
- uint32 high_nua_rid;
+/* uint32 low_nua_rid;
+ uint32 high_nua_rid; */
};
/**********************************************************************
@@ -81,7 +79,7 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
fullname_len, homedir_len, logon_script_len,
profile_path_len, acct_desc_len, workstations_len;
- uint32 /* uid, gid,*/ user_rid, group_rid, unknown_3, hours_len, unknown_5, unknown_6;
+ uint32 user_rid, group_rid, unknown_3, hours_len, unknown_5, unknown_6;
uint16 acct_ctrl, logon_divs;
uint8 *hours;
static uint8 *lm_pw_ptr, *nt_pw_ptr;
@@ -89,8 +87,10 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
uint32 lmpwlen, ntpwlen, hourslen;
BOOL ret = True;
BOOL setflag;
- gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */
pstring sub_buffer;
+ struct passwd *pw;
+ uid_t uid;
+ gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */
if(sampass == NULL || buf == NULL) {
DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n"));
@@ -134,22 +134,19 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
goto done;
}
- if ((tdb_state->permit_non_unix_accounts)
- && (user_rid >= tdb_state->low_nua_rid)
- && (user_rid <= tdb_state->high_nua_rid)) {
-
- } else {
- struct passwd *pw;
- uid_t uid;
- /* validate the account and fill in UNIX uid and gid. Standard
- * getpwnam() is used instead of Get_Pwnam() as we do not need
- * to try case permutations
- */
- if (!username || !(pw = getpwnam_alloc(username))) {
- DEBUG(0,("tdbsam: getpwnam_alloc(%s) return NULL. User does not exist!\n", username?username:"NULL"));
+ /* validate the account and fill in UNIX uid and gid. Standard
+ * getpwnam() is used instead of Get_Pwnam() as we do not need
+ * to try case permutations
+ */
+ if (!username || !(pw = getpwnam_alloc(username))) {
+ if (!(tdb_state->permit_non_unix_accounts)) {
+ DEBUG(0,("tdbsam: getpwnam_alloc(%s) return NULL. User does not exist!\n", username));
ret = False;
goto done;
}
+ }
+
+ if (pw) {
uid = pw->pw_uid;
gid = pw->pw_gid;
@@ -651,56 +648,6 @@ static BOOL tdbsam_getsampwrid (struct pdb_context *context, SAM_ACCOUNT *user,
}
/***************************************************************************
- Search by rid and give back the uid!
- **************************************************************************/
-
-uid_t tdbsam_rid_to_uid (struct pdb_context *context, uint32 rid)
-{
- uid_t ret;
- SAM_ACCOUNT *sa;
-
- if (!NT_STATUS_IS_OK(pdb_init_sam(&sa))) return -1;
- if (!tdbsam_getsampwrid (context, sa, rid)) {
- ret = -1;
- goto done;
- }
- else {
- ret = pdb_get_uid(sa);
- }
-done:
- pdb_free_sam(&sa);
- return ret;
-}
-
-/***************************************************************************
- Search by uid and give back the rid!
- **************************************************************************/
-
-uint32 tdbsam_uid_to_rid (struct pdb_context *context, uid_t uid)
-{
- uint32 ret;
- char *name;
- struct passwd *pw;
- SAM_ACCOUNT *sa;
-
- if (!NT_STATUS_IS_OK(pdb_init_sam(&sa))) return 0;
- pw = getpwuid(uid);
- if (!pw) return 0;
- name = strdup(pw->pw_name);
- if (!tdbsam_getsampwnam (context, sa, name)) {
- ret = 0;
- goto done;
- }
- else {
- ret = pdb_get_user_rid(sa);
- }
-done:
- SAFE_FREE(name);
- pdb_free_sam(&sa);
- return ret;
-}
-
-/***************************************************************************
Delete a SAM_ACCOUNT
****************************************************************************/
@@ -787,7 +734,7 @@ static BOOL tdb_update_sam(struct pdb_context *context, const SAM_ACCOUNT* newpw
}
/* if flag == TDB_INSERT then make up a new RID else throw an error. */
- if (!pdb_get_user_rid(newpwd)) {
+ if (!(user_rid = pdb_get_user_rid(newpwd))) {
if (flag & TDB_INSERT) {
user_rid = BASE_RID;
tdb_ret = tdb_change_int32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
@@ -919,8 +866,6 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
- (*pdb_method)->uid_to_user_rid = tdbsam_uid_to_rid;
- (*pdb_method)->user_rid_to_uid = tdbsam_rid_to_uid;
tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
@@ -967,10 +912,10 @@ NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method,
return NT_STATUS_UNSUCCESSFUL;
}
- tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
+/* tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid);
-
+*/
return NT_STATUS_OK;
}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 542e4796c2..d6aea7cd63 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2719,6 +2719,8 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_
fstring alias_sid_str;
DOM_SID temp_sid;
+ SAM_ACCOUNT *sam_user;
+ BOOL check;
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid))
@@ -2751,8 +2753,40 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_
return NT_STATUS_NO_MEMORY;
for (i = 0; i < num_uids; i++) {
+ struct passwd *pass;
+ uint32 rid;
+
sid_copy(&temp_sid, &global_sam_sid);
- sid_append_rid(&temp_sid, pdb_uid_to_user_rid(uid[i]));
+
+ pass = getpwuid_alloc(uid[i]);
+ if (!pass) continue;
+
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) {
+ passwd_free(&pass);
+ continue;
+ }
+
+ become_root();
+ check = pdb_getsampwnam(sam_user, pass->pw_name);
+ unbecome_root();
+
+ if (check != True) {
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+ continue;
+ }
+
+ rid = pdb_get_user_rid(sam_user);
+ if (rid == 0) {
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+ continue;
+ }
+
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+
+ sid_append_rid(&temp_sid, rid);
init_dom_sid2(&sid[i], &temp_sid);
}
@@ -2781,6 +2815,9 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
uint32 *rid=NULL;
uint32 *attr=NULL;
+ SAM_ACCOUNT *sam_user;
+ BOOL check;
+
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid))
@@ -2812,7 +2849,38 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
return NT_STATUS_NO_MEMORY;
for (i=0; i<num_uids; i++) {
- rid[i]=pdb_uid_to_user_rid(uid[i]);
+ struct passwd *pass;
+ uint32 urid;
+
+ pass = getpwuid_alloc(uid[i]);
+ if (!pass) continue;
+
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) {
+ passwd_free(&pass);
+ continue;
+ }
+
+ become_root();
+ check = pdb_getsampwnam(sam_user, pass->pw_name);
+ unbecome_root();
+
+ if (check != True) {
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+ continue;
+ }
+
+ urid = pdb_get_user_rid(sam_user);
+ if (urid == 0) {
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+ continue;
+ }
+
+ pdb_free_sam(&sam_user);
+ passwd_free(&pass);
+
+ rid[i] = urid;
attr[i] = SID_NAME_USER;
}
@@ -2867,16 +2935,18 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
if (NT_STATUS_IS_ERR(ret))
return ret;
- become_root();
check = pdb_getsampwrid(sam_user, rid);
- unbecome_root();
- if (check != True)
+ if (check != True) {
+ pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
+ }
uid = pdb_get_uid(sam_user);
- if (uid == -1)
+ if (uid == -1) {
+ pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
+ }
pdb_free_sam(&sam_user);
@@ -3006,16 +3076,18 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
if (NT_STATUS_IS_ERR(ret))
return ret;
- become_root();
check = pdb_getsampwrid(sam_user, q_u->rid);
- unbecome_root();
- if (check != True)
+ if (check != True) {
+ pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
+ }
uid = pdb_get_uid(sam_user);
- if (uid == -1)
+ if (uid == -1) {
+ pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
+ }
pdb_free_sam(&sam_user);
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index 71abcc74ee..1fb1f2355b 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -305,6 +305,8 @@ static int new_machine (char *machinename)
pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
+ pdb_set_group_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
+
if (pdb_add_sam_account (sam_pwent)) {
print_user_info (name, True, False);
} else {