diff options
-rw-r--r-- | source3/passdb/pdb_interface.c | 37 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 8 | ||||
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 23 |
3 files changed, 41 insertions, 27 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 9605349781..875e264bf0 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1652,24 +1652,38 @@ NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods, BOOL have_mapped = False; BOOL have_unmapped = False; - if (!sid_equal(domain_sid, get_global_sam_sid())) { - /* TODO: Sooner or later we need to look up BUILTIN rids as - * well. -- vl */ + if (sid_check_is_builtin(domain_sid)) { + + for (i=0; i<num_rids; i++) { + fstring name; + + if (lookup_builtin_rid(rids[i], name)) { + attrs[i] = SID_NAME_ALIAS; + names[i] = talloc_strdup(names, name); + if (names[i] == NULL) { + return NT_STATUS_NO_MEMORY; + } + DEBUG(5,("lookup_rids: %s:%d\n", + names[i], attrs[i])); + have_mapped = True; + } else { + have_unmapped = True; + attrs[i] = SID_NAME_UNKNOWN; + } + } goto done; } + /* Should not happen, but better check once too many */ + if (!sid_check_is_domain(domain_sid)) { + return NT_STATUS_INVALID_HANDLE; + } + for (i = 0; i < num_rids; i++) { fstring tmpname; - fstring domname; - DOM_SID sid; enum SID_NAME_USE type; - attrs[i] = SID_NAME_UNKNOWN; - - sid_copy(&sid, domain_sid); - sid_append_rid(&sid, rids[i]); - - if (lookup_sid(&sid, domname, tmpname, &type)) { + if (lookup_global_sam_rid(rids[i], tmpname, &type)) { attrs[i] = (uint32)type; names[i] = talloc_strdup(names, tmpname); if (names[i] == NULL) @@ -1678,6 +1692,7 @@ NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods, have_mapped = True; } else { have_unmapped = True; + attrs[i] = SID_NAME_UNKNOWN; } } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 65bb0ef1ab..b4d699188a 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1516,19 +1516,11 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK if ((num_rids != 0) && ((names == NULL) || (attrs == NULL))) return NT_STATUS_NO_MEMORY; - if (!sid_equal(&pol_sid, get_global_sam_sid())) { - /* TODO: Sooner or later we need to look up BUILTIN rids as - * well. -- vl */ - goto done; - } - become_root(); /* lookup_sid can require root privs */ r_u->status = pdb_lookup_rids(&pol_sid, num_rids, q_u->rid, names, attrs); unbecome_root(); - done: - if(!make_samr_lookup_rids(p->mem_ctx, num_rids, names, &hdr_name, &uni_name)) return NT_STATUS_NO_MEMORY; diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 7727330388..68ceead69d 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1457,8 +1457,8 @@ static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli, char **names; int i; - if (argc < 2) { - printf("Usage: %s rid1 [rid2 [rid3] [...]]\n", argv[0]); + if (argc < 3) { + printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]); return NT_STATUS_OK; } @@ -1470,20 +1470,27 @@ static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, &domain_pol); + if (StrCaseCmp(argv[1], "domain")==0) + result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, &domain_pol); + else if (StrCaseCmp(argv[1], "builtin")==0) + result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &global_sid_Builtin, &domain_pol); + else + return NT_STATUS_OK; if (!NT_STATUS_IS_OK(result)) goto done; /* Look up rids */ - num_rids = argc - 1; + num_rids = argc - 2; rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids); - for (i = 0; i < argc - 1; i++) - sscanf(argv[i + 1], "%i", &rids[i]); + for (i = 0; i < argc - 2; i++) + sscanf(argv[i + 2], "%i", &rids[i]); result = rpccli_samr_lookup_rids(cli, mem_ctx, &domain_pol, num_rids, rids, &num_names, &names, &name_types); |