summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/server_info.c5
-rw-r--r--source3/auth/token_util.c4
-rw-r--r--source3/groupdb/mapping_tdb.c9
-rw-r--r--source3/include/proto.h3
-rw-r--r--source3/lib/netapi/localgroup.c5
-rw-r--r--source3/lib/secdesc.c5
-rw-r--r--source3/lib/util_nttoken.c3
-rw-r--r--source3/lib/util_sid.c92
-rw-r--r--source3/libnet/libnet_samsync_passdb.c3
-rw-r--r--source3/libsmb/libsmb_xattr.c7
-rw-r--r--source3/modules/vfs_afsacl.c18
-rw-r--r--source3/passdb/lookup_sid.c7
-rw-r--r--source3/passdb/machine_sid.c5
-rw-r--r--source3/passdb/pdb_get_set.c3
-rw-r--r--source3/passdb/pdb_interface.c3
-rw-r--r--source3/passdb/pdb_ldap.c9
-rw-r--r--source3/passdb/pdb_smbpasswd.c3
-rw-r--r--source3/passdb/util_builtin.c3
-rw-r--r--source3/passdb/util_unixsids.c5
-rw-r--r--source3/passdb/util_wellknown.c5
-rw-r--r--source3/rpc_server/srv_lsa_nt.c3
-rw-r--r--source3/rpc_server/srv_samr_nt.c3
-rw-r--r--source3/rpc_server/srv_spoolss_util.c3
-rw-r--r--source3/smbd/posix_acls.c35
-rw-r--r--source3/torture/torture.c2
-rw-r--r--source3/utils/net_rpc.c3
-rw-r--r--source3/utils/net_rpc_samsync.c3
-rw-r--r--source3/utils/profiles.c9
-rw-r--r--source3/utils/sharesec.c7
-rw-r--r--source3/utils/smbcacls.c7
-rw-r--r--source3/winbindd/idmap_ad.c3
-rw-r--r--source3/winbindd/idmap_ldap.c3
-rw-r--r--source3/winbindd/wb_getgrsid.c3
-rw-r--r--source3/winbindd/winbindd_cache.c7
-rw-r--r--source3/winbindd/winbindd_util.c7
35 files changed, 122 insertions, 173 deletions
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index e457bd4ae7..c7cd72bb87 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "../lib/crypto/arcfour.h"
#include "../librpc/gen_ndr/netlogon.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -332,7 +333,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
/* check if this is a "Unix Users" domain user,
* we need to handle it in a special way if that's the case */
- if (sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) {
+ if (dom_sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) {
/* in info3 you can only set rids for the user and the
* primary group, and the domain sid must be that of
* the sam domain.
@@ -358,7 +359,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
/* check if this is a "Unix Groups" domain group,
* if so we need special handling */
- if (sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) {
+ if (dom_sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) {
/* in info3 you can only set rids for the user and the
* primary group, and the domain sid must be that of
* the sam domain.
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index bc7d998341..4385dc400c 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -27,7 +27,7 @@
#include "includes.h"
#include "secrets.h"
#include "memcache.h"
-
+#include "../libcli/security/dom_sid.h"
#include "../librpc/gen_ndr/netlogon.h"
/****************************************************************************
@@ -42,7 +42,7 @@ bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token
return False;
for ( i=0; i<token->num_sids; i++ ) {
- if ( sid_equal( sid, &token->sids[i] ) )
+ if ( dom_sid_equal( sid, &token->sids[i] ) )
return True;
}
diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c
index 140fd28d97..dab2520fc1 100644
--- a/source3/groupdb/mapping_tdb.c
+++ b/source3/groupdb/mapping_tdb.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "groupdb/mapping.h"
#include "dbwrap.h"
+#include "../libcli/security/dom_sid.h"
static struct db_context *db; /* used for driver files */
@@ -340,7 +341,7 @@ static int collect_map(struct db_record *rec, void *private_data)
}
if ((state->domsid != NULL) &&
- (sid_compare_domain(state->domsid, &map.sid) != 0)) {
+ (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) {
DEBUG(11,("enum_group_mapping: group %s is not in domain\n",
sid_string_dbg(&map.sid)));
return 0;
@@ -455,7 +456,7 @@ static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *membe
return False;
for (i=0; i<num; i++) {
- if (sid_compare(alias, &sids[i]) == 0) {
+ if (dom_sid_compare(alias, &sids[i]) == 0) {
TALLOC_FREE(sids);
return True;
}
@@ -576,7 +577,7 @@ static int collect_aliasmem(struct db_record *rec, void *priv)
if (!string_to_sid(&alias, alias_string))
continue;
- if (sid_compare(state->alias, &alias) != 0)
+ if (dom_sid_compare(state->alias, &alias) != 0)
continue;
/* Ok, we found the alias we're looking for in the membership
@@ -656,7 +657,7 @@ static NTSTATUS del_aliasmem(const struct dom_sid *alias, const struct dom_sid *
}
for (i=0; i<num; i++) {
- if (sid_compare(&sids[i], alias) == 0) {
+ if (dom_sid_compare(&sids[i], alias) == 0) {
found = True;
break;
}
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9902198067..7a9d16090b 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1294,9 +1294,6 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid
void sid_copy(struct dom_sid *dst, const struct dom_sid *src);
bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid);
bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid);
-int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2);
-int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2);
-bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2);
bool non_mappable_sid(struct dom_sid *sid);
char *sid_binstring(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
char *sid_binstring_hex(const struct dom_sid *sid);
diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
index 69cf974225..c9e1b722bd 100644
--- a/source3/lib/netapi/localgroup.c
+++ b/source3/lib/netapi/localgroup.c
@@ -27,6 +27,7 @@
#include "../librpc/gen_ndr/cli_lsa.h"
#include "rpc_client/cli_lsarpc.h"
#include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *pipe_cli,
@@ -1171,7 +1172,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
for (i=0; i < r->in.total_entries; i++) {
bool already_member = false;
for (k=0; k < current_sids.num_sids; k++) {
- if (sid_equal(&member_sids[i],
+ if (dom_sid_equal(&member_sids[i],
current_sids.sids[k].sid)) {
already_member = true;
break;
@@ -1193,7 +1194,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
for (k=0; k < current_sids.num_sids; k++) {
bool keep_member = false;
for (i=0; i < r->in.total_entries; i++) {
- if (sid_equal(&member_sids[i],
+ if (dom_sid_equal(&member_sids[i],
current_sids.sids[k].sid)) {
keep_member = true;
break;
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index b9ed955dee..b8bb0acf7b 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "../librpc/gen_ndr/ndr_security.h"
+#include "../libcli/security/dom_sid.h"
#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
SECINFO_DACL|SECINFO_SACL|\
@@ -607,10 +608,10 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
}
/* The CREATOR sids are special when inherited */
- if (sid_equal(ptrustee, &global_sid_Creator_Owner)) {
+ if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) {
creator = &global_sid_Creator_Owner;
ptrustee = owner_sid;
- } else if (sid_equal(ptrustee, &global_sid_Creator_Group)) {
+ } else if (dom_sid_equal(ptrustee, &global_sid_Creator_Group)) {
creator = &global_sid_Creator_Group;
ptrustee = group_sid;
}
diff --git a/source3/lib/util_nttoken.c b/source3/lib/util_nttoken.c
index 3130ed89fb..680dd29ba7 100644
--- a/source3/lib/util_nttoken.c
+++ b/source3/lib/util_nttoken.c
@@ -26,6 +26,7 @@
/* function(s) moved from auth/auth_util.c to minimize linker deps */
#include "includes.h"
+#include "../libcli/security/dom_sid.h"
/****************************************************************************
Duplicate a SID token.
@@ -120,7 +121,7 @@ bool token_sid_in_ace(const struct security_token *token, const struct security_
size_t i;
for (i = 0; i < token->num_sids; i++) {
- if (sid_equal(&ace->trustee, &token->sids[i]))
+ if (dom_sid_equal(&ace->trustee, &token->sids[i]))
return true;
}
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 92218ff2b2..1873692f0f 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -244,7 +244,7 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid
return False;
}
- if (sid_compare_domain(exp_dom_sid, sid)!=0){
+ if (dom_sid_compare_domain(exp_dom_sid, sid)!=0){
*rid=(-1);
return False;
}
@@ -308,84 +308,6 @@ bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid)
}
/*****************************************************************
- Compare the auth portion of two sids.
-*****************************************************************/
-
-static int sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
- int i;
-
- if (sid1 == sid2)
- return 0;
- if (!sid1)
- return -1;
- if (!sid2)
- return 1;
-
- if (sid1->sid_rev_num != sid2->sid_rev_num)
- return sid1->sid_rev_num - sid2->sid_rev_num;
-
- for (i = 0; i < 6; i++)
- if (sid1->id_auth[i] != sid2->id_auth[i])
- return sid1->id_auth[i] - sid2->id_auth[i];
-
- return 0;
-}
-
-/*****************************************************************
- Compare two sids.
-*****************************************************************/
-
-int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
- int i;
-
- if (sid1 == sid2)
- return 0;
- if (!sid1)
- return -1;
- if (!sid2)
- return 1;
-
- /* Compare most likely different rids, first: i.e start at end */
- if (sid1->num_auths != sid2->num_auths)
- return sid1->num_auths - sid2->num_auths;
-
- for (i = sid1->num_auths-1; i >= 0; --i)
- if (sid1->sub_auths[i] != sid2->sub_auths[i])
- return sid1->sub_auths[i] - sid2->sub_auths[i];
-
- return sid_compare_auth(sid1, sid2);
-}
-
-/*****************************************************************
- See if 2 SIDs are in the same domain
- this just compares the leading sub-auths
-*****************************************************************/
-
-int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
- int n, i;
-
- n = MIN(sid1->num_auths, sid2->num_auths);
-
- for (i = n-1; i >= 0; --i)
- if (sid1->sub_auths[i] != sid2->sub_auths[i])
- return sid1->sub_auths[i] - sid2->sub_auths[i];
-
- return sid_compare_auth(sid1, sid2);
-}
-
-/*****************************************************************
- Compare two sids.
-*****************************************************************/
-
-bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
- return sid_compare(sid1, sid2) == 0;
-}
-
-/*****************************************************************
Returns true if SID is internal (and non-mappable).
*****************************************************************/
@@ -397,10 +319,10 @@ bool non_mappable_sid(struct dom_sid *sid)
sid_copy(&dom, sid);
sid_split_rid(&dom, &rid);
- if (sid_equal(&dom, &global_sid_Builtin))
+ if (dom_sid_equal(&dom, &global_sid_Builtin))
return True;
- if (sid_equal(&dom, &global_sid_NT_Authority))
+ if (dom_sid_equal(&dom, &global_sid_NT_Authority))
return True;
return False;
@@ -494,7 +416,7 @@ NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
size_t i;
for (i=0; i<(*num_sids); i++) {
- if (sid_compare(sid, &(*sids)[i]) == 0)
+ if (dom_sid_compare(sid, &(*sids)[i]) == 0)
return NT_STATUS_OK;
}
@@ -515,7 +437,7 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t
/* if we find the SID, then decrement the count
and break out of the loop */
- if ( sid_equal(sid, &sid_list[i]) ) {
+ if ( dom_sid_equal(sid, &sid_list[i]) ) {
*num -= 1;
break;
}
@@ -555,7 +477,7 @@ bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
bool is_null_sid(const struct dom_sid *sid)
{
static const struct dom_sid null_sid = {0};
- return sid_equal(sid, &null_sid);
+ return dom_sid_equal(sid, &null_sid);
}
bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid)
@@ -563,7 +485,7 @@ bool is_sid_in_token(const struct security_token *token, const struct dom_sid *s
int i;
for (i=0; i<token->num_sids; i++) {
- if (sid_compare(sid, &token->sids[i]) == 0)
+ if (dom_sid_compare(sid, &token->sids[i]) == 0)
return true;
}
return false;
diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c
index 224598a480..a837ecd6dc 100644
--- a/source3/libnet/libnet_samsync_passdb.c
+++ b/source3/libnet/libnet_samsync_passdb.c
@@ -25,6 +25,7 @@
#include "includes.h"
#include "libnet/libnet_samsync.h"
+#include "../libcli/security/dom_sid.h"
/* Convert a struct samu_DELTA to a struct samu. */
#define STRING_CHANGED (old_string && !new_string) ||\
@@ -608,7 +609,7 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx,
map.gid = grp->gr_gid;
map.sid = alias_sid;
- if (sid_equal(dom_sid, &global_sid_Builtin))
+ if (dom_sid_equal(dom_sid, &global_sid_Builtin))
map.sid_name_use = SID_NAME_WKN_GRP;
else
map.sid_name_use = SID_NAME_ALIAS;
diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c
index cc87715d8f..bc329bf226 100644
--- a/source3/libsmb/libsmb_xattr.c
+++ b/source3/libsmb/libsmb_xattr.c
@@ -27,6 +27,7 @@
#include "libsmb_internal.h"
#include "../librpc/gen_ndr/ndr_lsa.h"
#include "rpc_client/cli_lsarpc.h"
+#include "../libcli/security/dom_sid.h"
/*
@@ -121,8 +122,8 @@ ace_compare(struct security_ace *ace1,
return ace2->type - ace1->type;
}
- if (sid_compare(&ace1->trustee, &ace2->trustee)) {
- return sid_compare(&ace1->trustee, &ace2->trustee);
+ if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
+ return dom_sid_compare(&ace1->trustee, &ace2->trustee);
}
if (ace1->flags != ace2->flags) {
@@ -1608,7 +1609,7 @@ cacl_set(SMBCCTX *context,
bool found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->aces[i].trustee,
+ if (dom_sid_equal(&sd->dacl->aces[i].trustee,
&old->dacl->aces[j].trustee)) {
if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
err = EEXIST;
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c
index 9dd5df87ec..8e61351a1a 100644
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -417,7 +417,7 @@ static void split_afs_acl(struct afs_acl *acl,
static bool same_principal(struct afs_ace *x, struct afs_ace *y)
{
return ( (x->positive == y->positive) &&
- (sid_compare(&x->sid, &y->sid) == 0) );
+ (dom_sid_compare(&x->sid, &y->sid) == 0) );
}
static void merge_afs_acls(struct afs_acl *dir_acl,
@@ -699,16 +699,16 @@ static bool mappable_sid(const struct dom_sid *sid)
{
struct dom_sid domain_sid;
- if (sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
+ if (dom_sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
return True;
- if (sid_compare(sid, &global_sid_World) == 0)
+ if (dom_sid_compare(sid, &global_sid_World) == 0)
return True;
- if (sid_compare(sid, &global_sid_Authenticated_Users) == 0)
+ if (dom_sid_compare(sid, &global_sid_Authenticated_Users) == 0)
return True;
- if (sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
+ if (dom_sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
return True;
string_to_sid(&domain_sid, "S-1-5-21");
@@ -757,22 +757,22 @@ static bool nt_to_afs_acl(const char *filename,
continue;
}
- if (sid_compare(&ace->trustee,
+ if (dom_sid_compare(&ace->trustee,
&global_sid_Builtin_Administrators) == 0) {
name = "system:administrators";
- } else if (sid_compare(&ace->trustee,
+ } else if (dom_sid_compare(&ace->trustee,
&global_sid_World) == 0) {
name = "system:anyuser";
- } else if (sid_compare(&ace->trustee,
+ } else if (dom_sid_compare(&ace->trustee,
&global_sid_Authenticated_Users) == 0) {
name = "system:authuser";
- } else if (sid_compare(&ace->trustee,
+ } else if (dom_sid_compare(&ace->trustee,
&global_sid_Builtin_Backup_Operators)
== 0) {
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 0e2385f43f..fa855f3467 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -24,6 +24,7 @@
#include "secrets.h"
#include "memcache.h"
#include "idmap_cache.h"
+#include "../libcli/security/dom_sid.h"
/*****************************************************************
Dissect a user-provided name into domain, name, sid and type.
@@ -655,7 +656,7 @@ static bool lookup_as_domain(const struct dom_sid *sid, TALLOC_CTX *mem_ctx,
}
for (i=0; i<num_domains; i++) {
- if (sid_equal(sid, &domains[i]->sid)) {
+ if (dom_sid_equal(sid, &domains[i]->sid)) {
*name = talloc_strdup(mem_ctx,
domains[i]->name);
return true;
@@ -834,7 +835,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
if (!dom_infos[j].valid) {
break;
}
- if (sid_equal(&sid, &dom_infos[j].sid)) {
+ if (dom_sid_equal(&sid, &dom_infos[j].sid)) {
break;
}
}
@@ -1581,7 +1582,7 @@ NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx,
/* We need a sid within our domain */
sid_copy(&domain_sid, group_sid);
sid_split_rid(&domain_sid, &rid);
- if (sid_equal(&domain_sid, get_global_sam_sid())) {
+ if (dom_sid_equal(&domain_sid, get_global_sam_sid())) {
/*
* As shortcut for the expensive lookup_sid call
* compare the domain sid part
diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
index c3534f7fa7..6e5a970f4c 100644
--- a/source3/passdb/machine_sid.c
+++ b/source3/passdb/machine_sid.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "secrets.h"
#include "dbwrap.h"
+#include "../libcli/security/dom_sid.h"
/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
equal to the domain SID when we are a DC, otherwise its our
@@ -113,7 +114,7 @@ static struct dom_sid *pdb_generate_sam_sid(void)
return sam_sid;
}
- if (!sid_equal(&domain_sid, sam_sid)) {
+ if (!dom_sid_equal(&domain_sid, sam_sid)) {
/* Domain name sid doesn't match global sam sid. Re-store domain sid as 'local' sid. */
@@ -232,7 +233,7 @@ void reset_global_sam_sid(void)
bool sid_check_is_domain(const struct dom_sid *sid)
{
- return sid_equal(sid, get_global_sam_sid());
+ return dom_sid_equal(sid, get_global_sam_sid());
}
/*****************************************************************
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 3e2510e74c..493e9ed0dd 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
@@ -509,7 +510,7 @@ bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum p
sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS);
- if (sid_equal(&dug_sid, g_sid)) {
+ if (dom_sid_equal(&dug_sid, g_sid)) {
sid_copy(sampass->group_sid, &dug_sid);
} else if (sid_to_gid( g_sid, &gid ) ) {
sid_copy(sampass->group_sid, g_sid);
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 4f93b33a54..9f3a1725a4 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -25,6 +25,7 @@
#include "../librpc/gen_ndr/samr.h"
#include "memcache.h"
#include "nsswitch/winbind_client.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
@@ -890,7 +891,7 @@ static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
}
for (i=0; i<num_groups; i++) {
- if (sid_equal(group_sid, &sids[i])) {
+ if (dom_sid_equal(group_sid, &sids[i])) {
return True;
}
}
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 658d774fef..d046a527a6 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -47,6 +47,7 @@
#include "../libcli/auth/libcli_auth.h"
#include "secrets.h"
#include "idmap_cache.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
@@ -1106,7 +1107,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid);
primary_gsid = pdb_get_group_sid(sampass);
- if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) {
+ if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) {
store_gid_sid_cache(primary_gsid,
sampass->unix_pw->pw_gid);
idmap_cache_set_sid2gid(primary_gsid,
@@ -2682,7 +2683,7 @@ static bool ldapsam_extract_rid_from_entry(LDAP *ldap_struct,
return False;
}
- if (sid_compare_domain(&sid, domain_sid) != 0) {
+ if (dom_sid_compare_domain(&sid, domain_sid) != 0) {
DEBUG(10, ("SID %s is not in expected domain %s\n",
str, sid_string_dbg(domain_sid)));
return False;
@@ -3055,7 +3056,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
}
}
- if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
+ if (dom_sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
DEBUG(3, ("primary group of [%s] not found\n",
pdb_get_username(user)));
goto done;
@@ -6668,7 +6669,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
}
found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,
&secrets_domain_sid);
- if (!found_sid || !sid_equal(&secrets_domain_sid,
+ if (!found_sid || !dom_sid_equal(&secrets_domain_sid,
&ldap_domain_sid)) {
DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain "
"%s based on pdb_ldap results %s -> %s\n",
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index dd89c8e10b..9369726988 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "../librpc/gen_ndr/samr.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
@@ -1372,7 +1373,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam
return nt_status;
/* build_sam_account might change the SID on us, if the name was for the guest account */
- if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) {
+ if (NT_STATUS_IS_OK(nt_status) && !dom_sid_equal(pdb_get_user_sid(sam_acct), sid)) {
DEBUG(1, ("looking for user with sid %s instead returned %s "
"for account %s!?!\n", sid_string_dbg(sid),
sid_string_dbg(pdb_get_user_sid(sam_acct)),
diff --git a/source3/passdb/util_builtin.c b/source3/passdb/util_builtin.c
index 05a46371b3..cf483bbb96 100644
--- a/source3/passdb/util_builtin.c
+++ b/source3/passdb/util_builtin.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "../libcli/security/dom_sid.h"
struct rid_name_map {
uint32 rid;
@@ -104,7 +105,7 @@ const char *builtin_domain_name(void)
bool sid_check_is_builtin(const struct dom_sid *sid)
{
- return sid_equal(sid, &global_sid_Builtin);
+ return dom_sid_equal(sid, &global_sid_Builtin);
}
/*****************************************************************
diff --git a/source3/passdb/util_unixsids.c b/source3/passdb/util_unixsids.c
index 0894804c5b..1bd07c7a2f 100644
--- a/source3/passdb/util_unixsids.c
+++ b/source3/passdb/util_unixsids.c
@@ -18,10 +18,11 @@
*/
#include "includes.h"
+#include "../libcli/security/dom_sid.h"
bool sid_check_is_unix_users(const struct dom_sid *sid)
{
- return sid_equal(sid, &global_sid_Unix_Users);
+ return dom_sid_equal(sid, &global_sid_Unix_Users);
}
bool sid_check_is_in_unix_users(const struct dom_sid *sid)
@@ -79,7 +80,7 @@ bool lookup_unix_user_name(const char *name, struct dom_sid *sid)
bool sid_check_is_unix_groups(const struct dom_sid *sid)
{
- return sid_equal(sid, &global_sid_Unix_Groups);
+ return dom_sid_equal(sid, &global_sid_Unix_Groups);
}
bool sid_check_is_in_unix_groups(const struct dom_sid *sid)
diff --git a/source3/passdb/util_wellknown.c b/source3/passdb/util_wellknown.c
index 7f670f9225..4f6f3f308d 100644
--- a/source3/passdb/util_wellknown.c
+++ b/source3/passdb/util_wellknown.c
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "../libcli/security/dom_sid.h"
struct rid_name_map {
uint32 rid;
@@ -75,7 +76,7 @@ bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name)
int i;
for (i=0; special_domains[i].sid != NULL; i++) {
- if (sid_equal(sid, special_domains[i].sid)) {
+ if (dom_sid_equal(sid, special_domains[i].sid)) {
if (name != NULL) {
*name = special_domains[i].name;
}
@@ -115,7 +116,7 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
}
for (i=0; special_domains[i].sid != NULL; i++) {
- if (sid_equal(&dom_sid, special_domains[i].sid)) {
+ if (dom_sid_equal(&dom_sid, special_domains[i].sid)) {
*domain = talloc_strdup(mem_ctx,
special_domains[i].name);
users = special_domains[i].known_users;
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 49bdca7b7f..02cb578671 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -34,6 +34,7 @@
#include "secrets.h"
#include "../librpc/gen_ndr/netlogon.h"
#include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
@@ -91,7 +92,7 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
if (dom_name != NULL) {
for (num = 0; num < ref->count; num++) {
- if (sid_equal(dom_sid, ref->domains[num].sid)) {
+ if (dom_sid_equal(dom_sid, ref->domains[num].sid)) {
return num;
}
}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index bc71146f38..40790cfc18 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -39,6 +39,7 @@
#include "../lib/crypto/arcfour.h"
#include "secrets.h"
#include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
@@ -712,7 +713,7 @@ NTSTATUS _samr_SetSecurity(struct pipes_struct *p,
dacl = r->in.sdbuf->sd->dacl;
for (i=0; i < dacl->num_aces; i++) {
- if (sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) {
+ if (dom_sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) {
ret = pdb_set_pass_can_change(sampass,
(dacl->aces[i].access_mask &
SAMR_USER_ACCESS_CHANGE_PASSWORD) ?
diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c
index 2ebce91c52..cd5ffe245f 100644
--- a/source3/rpc_server/srv_spoolss_util.c
+++ b/source3/rpc_server/srv_spoolss_util.c
@@ -28,6 +28,7 @@
#include "../librpc/gen_ndr/ndr_security.h"
#include "secrets.h"
#include "rpc_server/rpc_ncacn_np.h"
+#include "../libcli/security/dom_sid.h"
#define TOP_LEVEL_PRINT_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print"
#define TOP_LEVEL_PRINT_PRINTERS_KEY TOP_LEVEL_PRINT_KEY "\\Printers"
@@ -2387,7 +2388,7 @@ create_default:
/* If security descriptor is owned by S-1-1-0 and winbindd is up,
this security descriptor has been created when winbindd was
down. Take ownership of security descriptor. */
- if (sid_equal(secdesc->owner_sid, &global_sid_World)) {
+ if (dom_sid_equal(secdesc->owner_sid, &global_sid_World)) {
struct dom_sid owner_sid;
/* Change sd owner to workgroup administrator */
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 9470447f53..dc3585d81b 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "../libcli/security/dom_sid.h"
extern const struct generic_mapping file_generic_mapping;
@@ -944,10 +945,10 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
* ensure the POSIX ACL types are the same. */
if (!dir_acl) {
- can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+ can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace->attr == curr_ace_outer->attr));
} else {
- can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+ can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace->type == curr_ace_outer->type) &&
(curr_ace->attr == curr_ace_outer->attr));
}
@@ -996,7 +997,7 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
* we've put on the ACL, we know the deny must be the first one.
*/
- if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+ if (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
if( DEBUGLVL( 10 )) {
@@ -1297,7 +1298,7 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano
/* "Everyone" always matches every uid. */
- if (sid_equal(&group_ace->trustee, &global_sid_World))
+ if (dom_sid_equal(&group_ace->trustee, &global_sid_World))
return True;
/*
@@ -1513,12 +1514,12 @@ static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, s
for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
if (!got_user_obj && current_ace->owner_type == UID_ACE &&
- sid_equal(&current_ace->trustee, pfile_owner_sid)) {
+ dom_sid_equal(&current_ace->trustee, pfile_owner_sid)) {
current_ace->type = SMB_ACL_USER_OBJ;
got_user_obj = True;
}
if (!got_group_obj && current_ace->owner_type == GID_ACE &&
- sid_equal(&current_ace->trustee, pfile_grp_sid)) {
+ dom_sid_equal(&current_ace->trustee, pfile_grp_sid)) {
current_ace->type = SMB_ACL_GROUP_OBJ;
got_group_obj = True;
}
@@ -1549,7 +1550,7 @@ static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace)
*/
if (ace->type == SMB_ACL_USER_OBJ &&
- !(sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {
+ !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {
canon_ace *dup_ace = dup_canon_ace(ace);
if (dup_ace == NULL) {
@@ -1560,7 +1561,7 @@ static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace)
}
if (ace->type == SMB_ACL_GROUP_OBJ &&
- !(sid_equal(&ace->trustee, &global_sid_Creator_Group))) {
+ !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Group))) {
canon_ace *dup_ace = dup_canon_ace(ace);
if (dup_ace == NULL) {
@@ -1646,7 +1647,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
if (psa1->access_mask != psa2->access_mask)
continue;
- if (!sid_equal(&psa1->trustee, &psa2->trustee))
+ if (!dom_sid_equal(&psa1->trustee, &psa2->trustee))
continue;
/*
@@ -1692,11 +1693,11 @@ static bool create_canon_ace_lists(files_struct *fsp,
* Note what kind of a POSIX ACL this should map to.
*/
- if( sid_equal(&current_ace->trustee, &global_sid_World)) {
+ if( dom_sid_equal(&current_ace->trustee, &global_sid_World)) {
current_ace->owner_type = WORLD_ACE;
current_ace->unix_ug.world = -1;
current_ace->type = SMB_ACL_OTHER;
- } else if (sid_equal(&current_ace->trustee, &global_sid_Creator_Owner)) {
+ } else if (dom_sid_equal(&current_ace->trustee, &global_sid_Creator_Owner)) {
current_ace->owner_type = UID_ACE;
current_ace->unix_ug.uid = pst->st_ex_uid;
current_ace->type = SMB_ACL_USER_OBJ;
@@ -1709,7 +1710,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
- } else if (sid_equal(&current_ace->trustee, &global_sid_Creator_Group)) {
+ } else if (dom_sid_equal(&current_ace->trustee, &global_sid_Creator_Group)) {
current_ace->owner_type = GID_ACE;
current_ace->unix_ug.gid = pst->st_ex_gid;
current_ace->type = SMB_ACL_GROUP_OBJ;
@@ -2085,7 +2086,7 @@ static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list )
continue;
}
- if (!sid_equal(&curr_ace->trustee, &global_sid_World))
+ if (!dom_sid_equal(&curr_ace->trustee, &global_sid_World))
continue;
/* JRATEST - assert. */
@@ -3080,7 +3081,7 @@ static size_t merge_default_aces( struct security_ace *nt_ace_list, size_t num_a
if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
(nt_ace_list[i].size == nt_ace_list[j].size) &&
(nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
- sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
+ dom_sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
(i_inh == j_inh) &&
(i_flags_ni == 0) &&
(j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT|
@@ -3144,7 +3145,7 @@ static void add_or_replace_ace(struct security_ace *nt_ace_list, size_t *num_ace
/* first search for a duplicate */
for (i = 0; i < *num_aces; i++) {
- if (sid_equal(&nt_ace_list[i].trustee, sid) &&
+ if (dom_sid_equal(&nt_ace_list[i].trustee, sid) &&
(nt_ace_list[i].flags == flags)) break;
}
@@ -3367,7 +3368,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
if (lp_profile_acls(SNUM(conn))) {
for (i = 0; i < num_aces; i++) {
- if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
+ if (dom_sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
add_or_replace_ace(nt_ace_list, &num_aces,
&orig_owner_sid,
nt_ace_list[i].type,
@@ -3756,7 +3757,7 @@ NTSTATUS append_parent_acl(files_struct *fsp,
* same SID. This is order N^2. Ouch :-(. JRA. */
unsigned int k;
for (k = 0; k < psd->dacl->num_aces; k++) {
- if (sid_equal(&psd->dacl->aces[k].trustee,
+ if (dom_sid_equal(&psd->dacl->aces[k].trustee,
&se->trustee)) {
break;
}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index d19c983866..588ed14675 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -6852,7 +6852,7 @@ static bool run_local_string_to_sid(int dummy) {
printf("could not parse S-1-5-32-545\n");
return false;
}
- if (!sid_equal(&sid, &global_sid_Builtin_Users)) {
+ if (!dom_sid_equal(&sid, &global_sid_Builtin_Users)) {
printf("mis-parsed S-1-5-32-545 as %s\n",
sid_string_tos(&sid));
return false;
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 671f7e81e9..96b3626391 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -36,6 +36,7 @@
#include "secrets.h"
#include "lib/netapi/netapi.h"
#include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
static int net_mode_share;
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
@@ -4171,7 +4172,7 @@ static bool is_alias_member(struct dom_sid *sid, struct full_alias *alias)
int i;
for (i=0; i<alias->num_members; i++) {
- if (sid_compare(sid, &alias->members[i]) == 0)
+ if (dom_sid_compare(sid, &alias->members[i]) == 0)
return true;
}
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 8b5a90838e..c9bb96c18c 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -29,6 +29,7 @@
#include "../librpc/gen_ndr/ndr_drsuapi.h"
#include "libnet/libnet_samsync.h"
#include "libnet/libnet_dssync.h"
+#include "../libcli/security/dom_sid.h"
static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx,
int argc,
@@ -187,7 +188,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c,
NTSTATUS result;
struct samsync_context *ctx = NULL;
- if (!sid_equal(domain_sid, get_global_sam_sid())) {
+ if (!dom_sid_equal(domain_sid, get_global_sam_sid())) {
d_printf(_("Cannot import users from %s at this time, "
"as the current domain:\n\t%s: %s\nconflicts "
"with the remote domain\n\t%s: %s\n"
diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c
index f6f500a2aa..faec8e2c3b 100644
--- a/source3/utils/profiles.c
+++ b/source3/utils/profiles.c
@@ -23,6 +23,7 @@
#include "popt_common.h"
#include "registry/reg_objects.h"
#include "regfio.h"
+#include "../libcli/security/dom_sid.h"
/* GLOBAL VARIABLES */
@@ -64,7 +65,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
bool update = False;
verbose_output(" Owner SID: %s\n", sid_string_tos(sd->owner_sid));
- if ( sid_equal( sd->owner_sid, s1 ) ) {
+ if ( dom_sid_equal( sd->owner_sid, s1 ) ) {
sid_copy( sd->owner_sid, s2 );
update = True;
verbose_output(" New Owner SID: %s\n",
@@ -73,7 +74,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
}
verbose_output(" Group SID: %s\n", sid_string_tos(sd->group_sid));
- if ( sid_equal( sd->group_sid, s1 ) ) {
+ if ( dom_sid_equal( sd->group_sid, s1 ) ) {
sid_copy( sd->group_sid, s2 );
update = True;
verbose_output(" New Group SID: %s\n",
@@ -85,7 +86,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
for ( i=0; i<theacl->num_aces; i++ ) {
verbose_output(" Trustee SID: %s\n",
sid_string_tos(&theacl->aces[i].trustee));
- if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) {
+ if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
sid_copy( &theacl->aces[i].trustee, s2 );
update = True;
verbose_output(" New Trustee SID: %s\n",
@@ -99,7 +100,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
for ( i=0; i<theacl->num_aces; i++ ) {
verbose_output(" Trustee SID: %s\n",
sid_string_tos(&theacl->aces[i].trustee));
- if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) {
+ if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
sid_copy( &theacl->aces[i].trustee, s2 );
update = True;
verbose_output(" New Trustee SID: %s\n",
diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c
index 79078b234a..decd063913 100644
--- a/source3/utils/sharesec.c
+++ b/source3/utils/sharesec.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "popt_common.h"
+#include "../libcli/security/dom_sid.h"
static TALLOC_CTX *ctx;
@@ -370,8 +371,8 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2)
if (ace1->type != ace2->type)
return ace2->type - ace1->type;
- if (sid_compare(&ace1->trustee, &ace2->trustee))
- return sid_compare(&ace1->trustee, &ace2->trustee);
+ if (dom_sid_compare(&ace1->trustee, &ace2->trustee))
+ return dom_sid_compare(&ace1->trustee, &ace2->trustee);
if (ace1->flags != ace2->flags)
return ace1->flags - ace2->flags;
@@ -459,7 +460,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
bool found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->aces[i].trustee,
+ if (dom_sid_equal(&sd->dacl->aces[i].trustee,
&old->dacl->aces[j].trustee)) {
old->dacl->aces[j] = sd->dacl->aces[i];
found = True;
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 65fec1041b..fa039f639f 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -25,6 +25,7 @@
#include "popt_common.h"
#include "../librpc/gen_ndr/ndr_lsa.h"
#include "rpc_client/cli_lsarpc.h"
+#include "../libcli/security/dom_sid.h"
extern bool AllowDebugChange;
@@ -835,8 +836,8 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2)
if (ace1->type != ace2->type)
return ace2->type - ace1->type;
- if (sid_compare(&ace1->trustee, &ace2->trustee))
- return sid_compare(&ace1->trustee, &ace2->trustee);
+ if (dom_sid_compare(&ace1->trustee, &ace2->trustee))
+ return dom_sid_compare(&ace1->trustee, &ace2->trustee);
if (ace1->flags != ace2->flags)
return ace1->flags - ace2->flags;
@@ -929,7 +930,7 @@ static int cacl_set(struct cli_state *cli, const char *filename,
bool found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->aces[i].trustee,
+ if (dom_sid_equal(&sd->dacl->aces[i].trustee,
&old->dacl->aces[j].trustee)) {
old->dacl->aces[j] = sd->dacl->aces[i];
found = True;
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 3d47baadc9..f2e47a7042 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -33,6 +33,7 @@
#include "nss_info.h"
#include "secrets.h"
#include "idmap.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
@@ -266,7 +267,7 @@ static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid)
int i;
for (i = 0; maps[i] && i<IDMAP_AD_MAX_IDS; i++) {
- if (sid_equal(maps[i]->sid, sid)) {
+ if (dom_sid_equal(maps[i]->sid, sid)) {
return maps[i];
}
}
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 39df489be7..dcdc14f277 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -28,6 +28,7 @@
#include "secrets.h"
#include "idmap.h"
#include "idmap_rw.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
@@ -1030,7 +1031,7 @@ static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid)
if (maps[i] == NULL) { /* end of the run */
return NULL;
}
- if (sid_equal(maps[i]->sid, sid)) {
+ if (dom_sid_equal(maps[i]->sid, sid)) {
return maps[i];
}
}
diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index bb93be2174..8accc639af 100644
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "winbindd.h"
#include "librpc/gen_ndr/cli_wbint.h"
+#include "../libcli/security/dom_sid.h"
struct wb_getgrsid_state {
struct tevent_context *ev;
@@ -55,7 +56,7 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
if (lp_winbind_trusted_domains_only()) {
struct winbindd_domain *our_domain = find_our_domain();
- if (sid_compare_domain(group_sid, &our_domain->sid) == 0) {
+ if (dom_sid_compare_domain(group_sid, &our_domain->sid) == 0) {
DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
"getgrsid() for %s\n", sid_string_tos(group_sid)));
tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 1ae0c70e2e..c2ce0a2713 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -30,6 +30,7 @@
#include "../librpc/gen_ndr/ndr_wbint.h"
#include "ads.h"
#include "nss_info.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
@@ -118,7 +119,7 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
}
if (strequal(domain->name, get_global_sam_name()) &&
- sid_equal(&domain->sid, get_global_sam_sid())) {
+ dom_sid_equal(&domain->sid, get_global_sam_sid())) {
domain->backend = &sam_passdb_methods;
domain->initialized = True;
}
@@ -644,7 +645,7 @@ static struct cache_entry *wcache_fetch_raw(char *kstr)
static bool is_my_own_sam_domain(struct winbindd_domain *domain)
{
if (strequal(domain->name, get_global_sam_name()) &&
- sid_equal(&domain->sid, get_global_sam_sid())) {
+ dom_sid_equal(&domain->sid, get_global_sam_sid())) {
return true;
}
@@ -654,7 +655,7 @@ static bool is_my_own_sam_domain(struct winbindd_domain *domain)
static bool is_builtin_domain(struct winbindd_domain *domain)
{
if (strequal(domain->name, "BUILTIN") &&
- sid_equal(&domain->sid, &global_sid_Builtin)) {
+ dom_sid_equal(&domain->sid, &global_sid_Builtin)) {
return true;
}
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 671c868273..14be0e26fa 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "winbindd.h"
#include "secrets.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
@@ -135,7 +136,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
continue;
}
- if (sid_equal(sid, &domain->sid)) {
+ if (dom_sid_equal(sid, &domain->sid)) {
break;
}
}
@@ -146,7 +147,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
* We found a match. Possibly update the SID
*/
if ((sid != NULL)
- && sid_equal(&domain->sid, &global_sid_NULL)) {
+ && dom_sid_equal(&domain->sid, &global_sid_NULL)) {
sid_copy( &domain->sid, sid );
}
return domain;
@@ -740,7 +741,7 @@ struct winbindd_domain *find_domain_from_sid_noinit(const struct dom_sid *sid)
/* Search through list */
for (domain = domain_list(); domain != NULL; domain = domain->next) {
- if (sid_compare_domain(sid, &domain->sid) == 0)
+ if (dom_sid_compare_domain(sid, &domain->sid) == 0)
return domain;
}