diff options
-rw-r--r-- | source3/passdb/lookup_sid.c | 37 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 39 | ||||
-rw-r--r-- | source3/passdb/util_sam_sid.c | 7 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 30 |
4 files changed, 63 insertions, 50 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 6b58210919..5c0bf0aef8 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -76,25 +76,34 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM /* Check if this is our own sid. This should perhaps be done by winbind? For the moment handle it here. */ - if (sid->num_auths == 4 && sid_equal(get_global_sam_sid(), sid)) { - DOM_SID tmp_sid; - sid_copy(&tmp_sid, sid); - return map_domain_sid_to_name(&tmp_sid, dom_name) && - local_lookup_sid(sid, name, name_type); + if (sid_check_is_domain(sid)) { + fstrcpy(dom_name, get_global_sam_name()); + fstrcpy(name, ""); + *name_type = SID_NAME_DOMAIN; + return True; } - if (sid->num_auths == 5) { - DOM_SID tmp_sid; - uint32 rid; + if (sid_check_is_builtin(sid)) { - sid_copy(&tmp_sid, sid); - sid_split_rid(&tmp_sid, &rid); + /* Got through map_domain_sid_to_name here so that the mapping + * of S-1-5-32 to the name "BUILTIN" in as few places as + * possible. We might add i18n... */ + SMB_ASSERT(map_domain_sid_to_name(sid, dom_name)); - if (sid_equal(get_global_sam_sid(), &tmp_sid)) { + /* Yes, W2k3 returns "BUILTIN" both as domain and name here */ + fstrcpy(name, dom_name); - return map_domain_sid_to_name(&tmp_sid, dom_name) && - local_lookup_sid(sid, name, name_type); - } + *name_type = SID_NAME_DOMAIN; + return True; + } + + if (sid_check_is_in_our_domain(sid)) { + uint32 rid; + SMB_ASSERT(sid_peek_rid(sid, &rid)); + + /* For our own domain passdb is responsible */ + fstrcpy(dom_name, get_global_sam_name()); + return local_lookup_rid(rid, name, name_type); } if (winbind_lookup_sid(sid, dom_name, name, name_type)) { diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 14a5b73f16..7d07e4ceba 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -735,31 +735,20 @@ BOOL algorithmic_pdb_rid_is_user(uint32 rid) Convert a rid into a name. Used in the lookup SID rpc. ********************************************************************/ -BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use) +BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) { - uint32 rid; SAM_ACCOUNT *sam_account = NULL; GROUP_MAP map; BOOL ret; + DOM_SID sid; - if (sid_equal(get_global_sam_sid(), sid)) { - *psid_name_use = SID_NAME_DOMAIN; - fstrcpy(name, ""); - DEBUG(5,("local_lookup_sid: SID is our own domain-sid: %s.\n", - sid_string_static(sid))); - return True; - } - - if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){ - DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n", - sid_string_static(&map.sid))); - return False; - } *psid_name_use = SID_NAME_UNKNOWN; - DEBUG(5,("local_lookup_sid: looking up RID %u.\n", (unsigned int)rid)); - + DEBUG(5,("local_lookup_rid: looking up RID %u.\n", (unsigned int)rid)); + sid_copy(&sid, get_global_sam_sid()); + sid_append_rid(&sid, rid); + /* see if the passdb can help us with the name of the user */ if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) { return False; @@ -767,7 +756,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na /* BEING ROOT BLLOCK */ become_root(); - if (pdb_getsampwsid(sam_account, sid)) { + if (pdb_getsampwsid(sam_account, &sid)) { unbecome_root(); /* -----> EXIT BECOME_ROOT() */ fstrcpy(name, pdb_get_username(sam_account)); *psid_name_use = SID_NAME_USER; @@ -778,15 +767,15 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na } pdb_free_sam(&sam_account); - ret = pdb_getgrsid(&map, *sid); + ret = pdb_getgrsid(&map, sid); unbecome_root(); /* END BECOME_ROOT BLOCK */ if ( ret ) { if (map.gid!=(gid_t)-1) { - DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid)); + DEBUG(5,("local_lookup_rid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid)); } else { - DEBUG(5,("local_lookup_sid: mapped group %s to no unix gid. Returning name.\n", map.nt_name)); + DEBUG(5,("local_lookup_rid: mapped group %s to no unix gid. Returning name.\n", map.nt_name)); } fstrcpy(name, map.nt_name); @@ -809,7 +798,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na uid = algorithmic_pdb_user_rid_to_uid(rid); pw = sys_getpwuid( uid ); - DEBUG(5,("local_lookup_sid: looking up uid %u %s\n", (unsigned int)uid, + DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid, pw ? "succeeded" : "failed" )); if ( !pw ) @@ -817,7 +806,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na else fstrcpy( name, pw->pw_name ); - DEBUG(5,("local_lookup_sid: found user %s for rid %u\n", name, + DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name, (unsigned int)rid )); *psid_name_use = SID_NAME_USER; @@ -832,7 +821,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na gid = pdb_group_rid_to_gid(rid); gr = getgrgid(gid); - DEBUG(5,("local_lookup_sid: looking up gid %u %s\n", (unsigned int)gid, + DEBUG(5,("local_lookup_rid: looking up gid %u %s\n", (unsigned int)gid, gr ? "succeeded" : "failed" )); if( !gr ) @@ -840,7 +829,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na else fstrcpy( name, gr->gr_name); - DEBUG(5,("local_lookup_sid: found group %s for rid %u\n", name, + DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name, (unsigned int)rid )); /* assume algorithmic groups are domain global groups */ diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c index 42e4b6df96..afbc2edcde 100644 --- a/source3/passdb/util_sam_sid.c +++ b/source3/passdb/util_sam_sid.c @@ -91,7 +91,7 @@ static struct sid_name_map_info special_domains[] = { Turns a domain SID into a name, returned in the nt_domain argument. ***************************************************************************/ -BOOL map_domain_sid_to_name(DOM_SID *sid, fstring nt_domain) +BOOL map_domain_sid_to_name(const DOM_SID *sid, fstring nt_domain) { fstring sid_str; int i = 0; @@ -100,11 +100,6 @@ BOOL map_domain_sid_to_name(DOM_SID *sid, fstring nt_domain) DEBUG(5,("map_domain_sid_to_name: %s\n", sid_str)); - if (sid_check_is_domain(sid)) { - fstrcpy(nt_domain, get_global_sam_name()); - return True; - } - while (special_domains[i].sid != NULL) { DEBUG(5,("map_domain_sid_to_name: compare: %s\n", sid_string_static(special_domains[i].sid))); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 9a09b5f544..ec2bc3fe4a 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -72,11 +72,31 @@ struct samr_info { TALLOC_CTX *mem_ctx; }; -struct generic_mapping sam_generic_mapping = {GENERIC_RIGHTS_SAM_READ, GENERIC_RIGHTS_SAM_WRITE, GENERIC_RIGHTS_SAM_EXECUTE, GENERIC_RIGHTS_SAM_ALL_ACCESS}; -struct generic_mapping dom_generic_mapping = {GENERIC_RIGHTS_DOMAIN_READ, GENERIC_RIGHTS_DOMAIN_WRITE, GENERIC_RIGHTS_DOMAIN_EXECUTE, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS}; -struct generic_mapping usr_generic_mapping = {GENERIC_RIGHTS_USER_READ, GENERIC_RIGHTS_USER_WRITE, GENERIC_RIGHTS_USER_EXECUTE, GENERIC_RIGHTS_USER_ALL_ACCESS}; -struct generic_mapping grp_generic_mapping = {GENERIC_RIGHTS_GROUP_READ, GENERIC_RIGHTS_GROUP_WRITE, GENERIC_RIGHTS_GROUP_EXECUTE, GENERIC_RIGHTS_GROUP_ALL_ACCESS}; -struct generic_mapping ali_generic_mapping = {GENERIC_RIGHTS_ALIAS_READ, GENERIC_RIGHTS_ALIAS_WRITE, GENERIC_RIGHTS_ALIAS_EXECUTE, GENERIC_RIGHTS_ALIAS_ALL_ACCESS}; +static struct generic_mapping sam_generic_mapping = { + GENERIC_RIGHTS_SAM_READ, + GENERIC_RIGHTS_SAM_WRITE, + GENERIC_RIGHTS_SAM_EXECUTE, + GENERIC_RIGHTS_SAM_ALL_ACCESS}; +static struct generic_mapping dom_generic_mapping = { + GENERIC_RIGHTS_DOMAIN_READ, + GENERIC_RIGHTS_DOMAIN_WRITE, + GENERIC_RIGHTS_DOMAIN_EXECUTE, + GENERIC_RIGHTS_DOMAIN_ALL_ACCESS}; +static struct generic_mapping usr_generic_mapping = { + GENERIC_RIGHTS_USER_READ, + GENERIC_RIGHTS_USER_WRITE, + GENERIC_RIGHTS_USER_EXECUTE, + GENERIC_RIGHTS_USER_ALL_ACCESS}; +static struct generic_mapping grp_generic_mapping = { + GENERIC_RIGHTS_GROUP_READ, + GENERIC_RIGHTS_GROUP_WRITE, + GENERIC_RIGHTS_GROUP_EXECUTE, + GENERIC_RIGHTS_GROUP_ALL_ACCESS}; +static struct generic_mapping ali_generic_mapping = { + GENERIC_RIGHTS_ALIAS_READ, + GENERIC_RIGHTS_ALIAS_WRITE, + GENERIC_RIGHTS_ALIAS_EXECUTE, + GENERIC_RIGHTS_ALIAS_ALL_ACCESS}; /******************************************************************* *******************************************************************/ |