summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/passdb/lookup_sid.c37
-rw-r--r--source3/passdb/passdb.c39
-rw-r--r--source3/passdb/util_sam_sid.c7
-rw-r--r--source3/rpc_server/srv_samr_nt.c30
4 files changed, 63 insertions, 50 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 6b58210919..5c0bf0aef8 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -76,25 +76,34 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM
/* Check if this is our own sid. This should perhaps be done by
winbind? For the moment handle it here. */
- if (sid->num_auths == 4 && sid_equal(get_global_sam_sid(), sid)) {
- DOM_SID tmp_sid;
- sid_copy(&tmp_sid, sid);
- return map_domain_sid_to_name(&tmp_sid, dom_name) &&
- local_lookup_sid(sid, name, name_type);
+ if (sid_check_is_domain(sid)) {
+ fstrcpy(dom_name, get_global_sam_name());
+ fstrcpy(name, "");
+ *name_type = SID_NAME_DOMAIN;
+ return True;
}
- if (sid->num_auths == 5) {
- DOM_SID tmp_sid;
- uint32 rid;
+ if (sid_check_is_builtin(sid)) {
- sid_copy(&tmp_sid, sid);
- sid_split_rid(&tmp_sid, &rid);
+ /* Got through map_domain_sid_to_name here so that the mapping
+ * of S-1-5-32 to the name "BUILTIN" in as few places as
+ * possible. We might add i18n... */
+ SMB_ASSERT(map_domain_sid_to_name(sid, dom_name));
- if (sid_equal(get_global_sam_sid(), &tmp_sid)) {
+ /* Yes, W2k3 returns "BUILTIN" both as domain and name here */
+ fstrcpy(name, dom_name);
- return map_domain_sid_to_name(&tmp_sid, dom_name) &&
- local_lookup_sid(sid, name, name_type);
- }
+ *name_type = SID_NAME_DOMAIN;
+ return True;
+ }
+
+ if (sid_check_is_in_our_domain(sid)) {
+ uint32 rid;
+ SMB_ASSERT(sid_peek_rid(sid, &rid));
+
+ /* For our own domain passdb is responsible */
+ fstrcpy(dom_name, get_global_sam_name());
+ return local_lookup_rid(rid, name, name_type);
}
if (winbind_lookup_sid(sid, dom_name, name, name_type)) {
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 14a5b73f16..7d07e4ceba 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -735,31 +735,20 @@ BOOL algorithmic_pdb_rid_is_user(uint32 rid)
Convert a rid into a name. Used in the lookup SID rpc.
********************************************************************/
-BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use)
+BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
{
- uint32 rid;
SAM_ACCOUNT *sam_account = NULL;
GROUP_MAP map;
BOOL ret;
+ DOM_SID sid;
- if (sid_equal(get_global_sam_sid(), sid)) {
- *psid_name_use = SID_NAME_DOMAIN;
- fstrcpy(name, "");
- DEBUG(5,("local_lookup_sid: SID is our own domain-sid: %s.\n",
- sid_string_static(sid)));
- return True;
- }
-
- if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){
- DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n",
- sid_string_static(&map.sid)));
- return False;
- }
*psid_name_use = SID_NAME_UNKNOWN;
- DEBUG(5,("local_lookup_sid: looking up RID %u.\n", (unsigned int)rid));
-
+ DEBUG(5,("local_lookup_rid: looking up RID %u.\n", (unsigned int)rid));
+ sid_copy(&sid, get_global_sam_sid());
+ sid_append_rid(&sid, rid);
+
/* see if the passdb can help us with the name of the user */
if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
return False;
@@ -767,7 +756,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na
/* BEING ROOT BLLOCK */
become_root();
- if (pdb_getsampwsid(sam_account, sid)) {
+ if (pdb_getsampwsid(sam_account, &sid)) {
unbecome_root(); /* -----> EXIT BECOME_ROOT() */
fstrcpy(name, pdb_get_username(sam_account));
*psid_name_use = SID_NAME_USER;
@@ -778,15 +767,15 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na
}
pdb_free_sam(&sam_account);
- ret = pdb_getgrsid(&map, *sid);
+ ret = pdb_getgrsid(&map, sid);
unbecome_root();
/* END BECOME_ROOT BLOCK */
if ( ret ) {
if (map.gid!=(gid_t)-1) {
- DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
+ DEBUG(5,("local_lookup_rid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
} else {
- DEBUG(5,("local_lookup_sid: mapped group %s to no unix gid. Returning name.\n", map.nt_name));
+ DEBUG(5,("local_lookup_rid: mapped group %s to no unix gid. Returning name.\n", map.nt_name));
}
fstrcpy(name, map.nt_name);
@@ -809,7 +798,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na
uid = algorithmic_pdb_user_rid_to_uid(rid);
pw = sys_getpwuid( uid );
- DEBUG(5,("local_lookup_sid: looking up uid %u %s\n", (unsigned int)uid,
+ DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid,
pw ? "succeeded" : "failed" ));
if ( !pw )
@@ -817,7 +806,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na
else
fstrcpy( name, pw->pw_name );
- DEBUG(5,("local_lookup_sid: found user %s for rid %u\n", name,
+ DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name,
(unsigned int)rid ));
*psid_name_use = SID_NAME_USER;
@@ -832,7 +821,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na
gid = pdb_group_rid_to_gid(rid);
gr = getgrgid(gid);
- DEBUG(5,("local_lookup_sid: looking up gid %u %s\n", (unsigned int)gid,
+ DEBUG(5,("local_lookup_rid: looking up gid %u %s\n", (unsigned int)gid,
gr ? "succeeded" : "failed" ));
if( !gr )
@@ -840,7 +829,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na
else
fstrcpy( name, gr->gr_name);
- DEBUG(5,("local_lookup_sid: found group %s for rid %u\n", name,
+ DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name,
(unsigned int)rid ));
/* assume algorithmic groups are domain global groups */
diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c
index 42e4b6df96..afbc2edcde 100644
--- a/source3/passdb/util_sam_sid.c
+++ b/source3/passdb/util_sam_sid.c
@@ -91,7 +91,7 @@ static struct sid_name_map_info special_domains[] = {
Turns a domain SID into a name, returned in the nt_domain argument.
***************************************************************************/
-BOOL map_domain_sid_to_name(DOM_SID *sid, fstring nt_domain)
+BOOL map_domain_sid_to_name(const DOM_SID *sid, fstring nt_domain)
{
fstring sid_str;
int i = 0;
@@ -100,11 +100,6 @@ BOOL map_domain_sid_to_name(DOM_SID *sid, fstring nt_domain)
DEBUG(5,("map_domain_sid_to_name: %s\n", sid_str));
- if (sid_check_is_domain(sid)) {
- fstrcpy(nt_domain, get_global_sam_name());
- return True;
- }
-
while (special_domains[i].sid != NULL) {
DEBUG(5,("map_domain_sid_to_name: compare: %s\n",
sid_string_static(special_domains[i].sid)));
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 9a09b5f544..ec2bc3fe4a 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -72,11 +72,31 @@ struct samr_info {
TALLOC_CTX *mem_ctx;
};
-struct generic_mapping sam_generic_mapping = {GENERIC_RIGHTS_SAM_READ, GENERIC_RIGHTS_SAM_WRITE, GENERIC_RIGHTS_SAM_EXECUTE, GENERIC_RIGHTS_SAM_ALL_ACCESS};
-struct generic_mapping dom_generic_mapping = {GENERIC_RIGHTS_DOMAIN_READ, GENERIC_RIGHTS_DOMAIN_WRITE, GENERIC_RIGHTS_DOMAIN_EXECUTE, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS};
-struct generic_mapping usr_generic_mapping = {GENERIC_RIGHTS_USER_READ, GENERIC_RIGHTS_USER_WRITE, GENERIC_RIGHTS_USER_EXECUTE, GENERIC_RIGHTS_USER_ALL_ACCESS};
-struct generic_mapping grp_generic_mapping = {GENERIC_RIGHTS_GROUP_READ, GENERIC_RIGHTS_GROUP_WRITE, GENERIC_RIGHTS_GROUP_EXECUTE, GENERIC_RIGHTS_GROUP_ALL_ACCESS};
-struct generic_mapping ali_generic_mapping = {GENERIC_RIGHTS_ALIAS_READ, GENERIC_RIGHTS_ALIAS_WRITE, GENERIC_RIGHTS_ALIAS_EXECUTE, GENERIC_RIGHTS_ALIAS_ALL_ACCESS};
+static struct generic_mapping sam_generic_mapping = {
+ GENERIC_RIGHTS_SAM_READ,
+ GENERIC_RIGHTS_SAM_WRITE,
+ GENERIC_RIGHTS_SAM_EXECUTE,
+ GENERIC_RIGHTS_SAM_ALL_ACCESS};
+static struct generic_mapping dom_generic_mapping = {
+ GENERIC_RIGHTS_DOMAIN_READ,
+ GENERIC_RIGHTS_DOMAIN_WRITE,
+ GENERIC_RIGHTS_DOMAIN_EXECUTE,
+ GENERIC_RIGHTS_DOMAIN_ALL_ACCESS};
+static struct generic_mapping usr_generic_mapping = {
+ GENERIC_RIGHTS_USER_READ,
+ GENERIC_RIGHTS_USER_WRITE,
+ GENERIC_RIGHTS_USER_EXECUTE,
+ GENERIC_RIGHTS_USER_ALL_ACCESS};
+static struct generic_mapping grp_generic_mapping = {
+ GENERIC_RIGHTS_GROUP_READ,
+ GENERIC_RIGHTS_GROUP_WRITE,
+ GENERIC_RIGHTS_GROUP_EXECUTE,
+ GENERIC_RIGHTS_GROUP_ALL_ACCESS};
+static struct generic_mapping ali_generic_mapping = {
+ GENERIC_RIGHTS_ALIAS_READ,
+ GENERIC_RIGHTS_ALIAS_WRITE,
+ GENERIC_RIGHTS_ALIAS_EXECUTE,
+ GENERIC_RIGHTS_ALIAS_ALL_ACCESS};
/*******************************************************************
*******************************************************************/