summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/groupdb/mapping.c10
-rw-r--r--source3/include/sids.h2
-rw-r--r--source3/lib/util_sid.c4
-rw-r--r--source3/passdb/machine_sid.c51
-rw-r--r--source3/passdb/passdb.c16
-rw-r--r--source3/passdb/util_sam_sid.c19
-rw-r--r--source3/printing/nt_printing.c3
-rw-r--r--source3/rpc_server/srv_lsa_nt.c15
-rw-r--r--source3/rpc_server/srv_netlog_nt.c5
-rw-r--r--source3/rpc_server/srv_samr_nt.c39
-rw-r--r--source3/smbd/groupname.c5
-rw-r--r--source3/smbd/server.c2
-rw-r--r--source3/smbd/uid.c4
-rw-r--r--source3/utils/smbgroupedit.c3
14 files changed, 91 insertions, 87 deletions
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 060937fee2..70d6317a77 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -21,8 +21,6 @@
#include "includes.h"
-extern DOM_SID global_sam_sid;
-
static TDB_CONTEXT *tdb; /* used for driver files */
#define DATABASE_VERSION_V1 1 /* native byte format. */
@@ -186,17 +184,17 @@ static BOOL default_group_mapping(void)
/* Add the defaults domain groups */
- sid_copy(&sid_admins, &global_sam_sid);
+ sid_copy(&sid_admins, get_global_sam_sid());
sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS);
sid_to_string(str_admins, &sid_admins);
add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- sid_copy(&sid_users, &global_sam_sid);
+ sid_copy(&sid_users, get_global_sam_sid());
sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS);
sid_to_string(str_users, &sid_users);
add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- sid_copy(&sid_guests, &global_sam_sid);
+ sid_copy(&sid_guests, get_global_sam_sid());
sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS);
sid_to_string(str_guests, &sid_guests);
add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK);
@@ -1070,7 +1068,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv)
/* interim solution until we have a last RID allocated */
- sid_copy(&map->sid, &global_sam_sid);
+ sid_copy(&map->sid, get_global_sam_sid());
sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid));
fstrcpy(map->nt_name, grp->gr_name);
diff --git a/source3/include/sids.h b/source3/include/sids.h
index 860d96b193..279fd86f80 100644
--- a/source3/include/sids.h
+++ b/source3/include/sids.h
@@ -23,7 +23,7 @@
#ifndef _SIDS_H
#define _SIDS_H
-extern DOM_SID global_sam_sid;
+extern DOM_SID *global_sam_sid;
extern fstring global_sam_name;
extern DOM_SID global_member_sid;
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 70c85f4096..21ef9e081b 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -22,10 +22,6 @@
#include "includes.h"
-/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
- equal to the domain SID when we are a DC, otherwise its our
- workstation SID */
-extern DOM_SID global_sam_sid;
extern pstring global_myname;
extern fstring global_myworkgroup;
diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
index 0b4a4ffeba..69d127ec13 100644
--- a/source3/passdb/machine_sid.c
+++ b/source3/passdb/machine_sid.c
@@ -4,6 +4,7 @@
Copyright (C) Jeremy Allison 1996-2002
Copyright (C) Andrew Tridgell 2002
Copyright (C) Gerald (Jerry) Carter 2000
+ Copyright (C) Stefan (metze) Metzmacher 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -22,6 +23,11 @@
#include "includes.h"
+/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
+ equal to the domain SID when we are a DC, otherwise its our
+ workstation SID */
+static DOM_SID *global_sam_sid=NULL;
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
@@ -70,13 +76,17 @@ static void generate_random_sid(DOM_SID *sid)
Generate the global machine sid.
****************************************************************************/
-BOOL pdb_generate_sam_sid(void)
+static BOOL pdb_generate_sam_sid(void)
{
char *fname = NULL;
extern pstring global_myname;
extern fstring global_myworkgroup;
BOOL is_dc = False;
+ if(global_sam_sid==NULL)
+ if(!(global_sam_sid=(DOM_SID *)malloc(sizeof(DOM_SID))))
+ return False;
+
generate_wellknown_sids();
switch (lp_server_role()) {
@@ -89,7 +99,7 @@ BOOL pdb_generate_sam_sid(void)
break;
}
- if (secrets_fetch_domain_sid(global_myname, &global_sam_sid)) {
+ if (secrets_fetch_domain_sid(global_myname, global_sam_sid)) {
DOM_SID domain_sid;
/* We got our sid. If not a pdc/bdc, we're done. */
@@ -100,19 +110,19 @@ BOOL pdb_generate_sam_sid(void)
/* No domain sid and we're a pdc/bdc. Store it */
- if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n"));
return False;
}
return True;
}
- if (!sid_equal(&domain_sid, &global_sam_sid)) {
+ if (!sid_equal(&domain_sid, global_sam_sid)) {
/* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */
DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n"));
- if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n"));
return False;
}
@@ -126,24 +136,23 @@ BOOL pdb_generate_sam_sid(void)
/* check for an old MACHINE.SID file for backwards compatibility */
asprintf(&fname, "%s/MACHINE.SID", lp_private_dir());
- if (read_sid_from_file(fname, &global_sam_sid)) {
+ if (read_sid_from_file(fname, global_sam_sid)) {
/* remember it for future reference and unlink the old MACHINE.SID */
- if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myname, global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n"));
SAFE_FREE(fname);
return False;
}
unlink(fname);
if (is_dc) {
- if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n"));
SAFE_FREE(fname);
return False;
}
}
- /* Stored the old sid from MACHINE.SID successfully.
- Patch from Stefan "metze" Metzmacher <metze@metzemix.de>*/
+ /* Stored the old sid from MACHINE.SID successfully.*/
SAFE_FREE(fname);
return True;
}
@@ -152,14 +161,14 @@ BOOL pdb_generate_sam_sid(void)
/* we don't have the SID in secrets.tdb, we will need to
generate one and save it */
- generate_random_sid(&global_sam_sid);
+ generate_random_sid(global_sam_sid);
- if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myname, global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n"));
return False;
}
if (is_dc) {
- if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
+ if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n"));
return False;
}
@@ -167,3 +176,19 @@ BOOL pdb_generate_sam_sid(void)
return True;
}
+
+/* return our global_sam_sid */
+DOM_SID *get_global_sam_sid(void)
+{
+ if (global_sam_sid != NULL)
+ return global_sam_sid;
+
+ /* memory for global_sam_sid is allocated in
+ pdb_generate_sam_sid() is needed*/
+
+ if (!pdb_generate_sam_sid())
+ global_sam_sid=NULL;
+
+ return global_sam_sid;
+}
+
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index aa7672731a..154963e2a0 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -32,7 +32,6 @@
* responsible.
*/
-extern DOM_SID global_sam_sid;
extern pstring global_myname;
/************************************************************
@@ -699,7 +698,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
fstrcpy(user, c_user);
- sid_copy(&local_sid, &global_sam_sid);
+ sid_copy(&local_sid, get_global_sam_sid());
/*
* Special case for MACHINE\Everyone. Map to the world_sid.
@@ -787,12 +786,11 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
{
- extern DOM_SID global_sam_sid;
struct passwd *pass;
SAM_ACCOUNT *sam_user = NULL;
fstring str; /* sid string buffer */
- sid_copy(psid, &global_sam_sid);
+ sid_copy(psid, get_global_sam_sid());
if((pass = getpwuid_alloc(uid))) {
@@ -830,8 +828,6 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
{
- extern DOM_SID global_sam_sid;
-
DOM_SID dom_sid;
uint32 rid;
fstring str;
@@ -846,7 +842,7 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
* We can only convert to a uid if this is our local
* Domain SID (ie. we are the controling authority).
*/
- if (!sid_equal(&global_sam_sid, &dom_sid))
+ if (!sid_equal(get_global_sam_sid(), &dom_sid))
return False;
if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
@@ -878,10 +874,9 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
{
- extern DOM_SID global_sam_sid;
GROUP_MAP map;
- sid_copy(psid, &global_sam_sid);
+ sid_copy(psid, get_global_sam_sid());
if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
sid_copy(psid, &map.sid);
@@ -899,7 +894,6 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
{
- extern DOM_SID global_sam_sid;
DOM_SID dom_sid;
uint32 rid;
fstring str;
@@ -917,7 +911,7 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
* Or in the Builtin SID too. JFM, 11/30/2001
*/
- if (!sid_equal(&global_sam_sid, &dom_sid))
+ if (!sid_equal(get_global_sam_sid(), &dom_sid))
return False;
if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c
index a9cec5c5ca..2c574f4a61 100644
--- a/source3/passdb/util_sam_sid.c
+++ b/source3/passdb/util_sam_sid.c
@@ -22,14 +22,9 @@
#include "includes.h"
-DOM_SID global_sam_sid;
extern pstring global_myname;
extern fstring global_myworkgroup;
-/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
- equal to the domain SID when we are a DC, otherwise its our
- workstation SID */
-
#define MAX_SID_NAMES 7
typedef struct _known_sid_users {
@@ -99,17 +94,17 @@ static void init_sid_name_map (void)
generate_wellknown_sids();
if ((lp_security() == SEC_USER) && lp_domain_logons()) {
- sid_name_map[i].sid = &global_sam_sid;
+ sid_name_map[i].sid = get_global_sam_sid();
sid_name_map[i].name = global_myworkgroup;
sid_name_map[i].known_users = NULL;
i++;
- sid_name_map[i].sid = &global_sam_sid;
+ sid_name_map[i].sid = get_global_sam_sid();
sid_name_map[i].name = global_myname;
sid_name_map[i].known_users = NULL;
i++;
}
else {
- sid_name_map[i].sid = &global_sam_sid;
+ sid_name_map[i].sid = get_global_sam_sid();
sid_name_map[i].name = global_myname;
sid_name_map[i].known_users = NULL;
i++;
@@ -224,14 +219,14 @@ BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain)
if (nt_domain == NULL) {
DEBUG(5,("map_domain_name_to_sid: mapping NULL domain to our SID.\n"));
- sid_copy(sid, &global_sam_sid);
+ sid_copy(sid, get_global_sam_sid());
return True;
}
if (nt_domain[0] == 0) {
fstrcpy(nt_domain, global_myname);
DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n", nt_domain));
- sid_copy(sid, &global_sam_sid);
+ sid_copy(sid, get_global_sam_sid());
return True;
}
@@ -261,7 +256,7 @@ BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain)
*****************************************************************/
BOOL sid_check_is_domain(const DOM_SID *sid)
{
- return sid_equal(sid, &global_sam_sid);
+ return sid_equal(sid, get_global_sam_sid());
}
/*****************************************************************
@@ -275,6 +270,6 @@ BOOL sid_check_is_in_our_domain(const DOM_SID *sid)
sid_copy(&dom_sid, sid);
sid_split_rid(&dom_sid, &rid);
- return sid_equal(&dom_sid, &global_sam_sid);
+ return sid_equal(&dom_sid, get_global_sam_sid());
}
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 9b79eac3e0..ecf873c1ba 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -3683,7 +3683,6 @@ WERROR nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr)
static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
{
- extern DOM_SID global_sam_sid;
SEC_ACE ace[3];
SEC_ACCESS sa;
SEC_ACL *psa = NULL;
@@ -3709,7 +3708,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
This should emulate a lanman printer as security
settings can't be changed. */
- sid_copy(&owner_sid, &global_sam_sid);
+ sid_copy(&owner_sid, get_global_sam_sid());
sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
}
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index a5e3f5003c..c74f25f77a 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -26,7 +26,6 @@
#include "includes.h"
-extern DOM_SID global_sam_sid;
extern fstring global_myworkgroup;
extern pstring global_myname;
extern PRIVS privs[];
@@ -320,7 +319,7 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
init_sec_access(&mask, POLICY_EXECUTE);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
- sid_copy(&adm_sid, &global_sam_sid);
+ sid_copy(&adm_sid, get_global_sam_sid());
sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
init_sec_access(&mask, POLICY_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
@@ -367,7 +366,7 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(info);
- info->sid = global_sam_sid;
+ sid_copy(&info->sid,get_global_sam_sid());
info->access = acc_granted;
/* set up the LSA QUERY INFO response */
@@ -405,7 +404,7 @@ NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL *
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(info);
- info->sid = global_sam_sid;
+ sid_copy(&info->sid,get_global_sam_sid());
info->access = acc_granted;
/* set up the LSA QUERY INFO response */
@@ -502,7 +501,7 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
name = global_myworkgroup;
- sid = &global_sam_sid;
+ sid = get_global_sam_sid();
break;
case ROLE_DOMAIN_MEMBER:
name = global_myworkgroup;
@@ -532,15 +531,15 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
name = global_myworkgroup;
- sid = &global_sam_sid;
+ sid = get_global_sam_sid();
break;
case ROLE_DOMAIN_MEMBER:
name = global_myname;
- sid = &global_sam_sid;
+ sid = get_global_sam_sid();
break;
case ROLE_STANDALONE:
name = global_myname;
- sid = &global_sam_sid;
+ sid = get_global_sam_sid();
break;
default:
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 21ad86b0dc..9b917cdda5 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -27,7 +27,6 @@
#include "includes.h"
extern pstring global_myname;
-extern DOM_SID global_sam_sid;
/*************************************************************************
init_net_r_req_chal:
@@ -705,7 +704,9 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
NULL, /* uchar sess_key[16] */
my_name , /* char *logon_srv */
my_workgroup, /* char *logon_dom */
- &global_sam_sid, /* DOM_SID *dom_sid */
+ get_global_sam_sid(), /* DOM_SID *dom_sid */
+ /* Should be users domain sid, not servers - for trusted domains */
+
NULL); /* char *other_sids */
}
free_server_info(&server_info);
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 71b48210e4..0b4fa1cf2d 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -31,7 +31,6 @@
extern fstring global_myworkgroup;
extern pstring global_myname;
-extern DOM_SID global_sam_sid;
extern DOM_SID global_sid_Builtin;
extern rid_name domain_group_rids[];
@@ -684,7 +683,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM
}
SAFE_FREE(map);
- } else if (sid_equal(sid, &global_sam_sid) && !lp_hide_local_users()) {
+ } else if (sid_equal(sid, get_global_sam_sid()) && !lp_hide_local_users()) {
struct sys_grent *glist;
struct sys_grent *grp;
struct passwd *pw;
@@ -1386,7 +1385,7 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK
group_attrs[i] = SID_NAME_UNKNOWN;
*group_names[i] = '\0';
- if (sid_equal(&pol_sid, &global_sam_sid)) {
+ if (sid_equal(&pol_sid, get_global_sam_sid())) {
sid_copy(&sid, &pol_sid);
sid_append_rid(&sid, q_u->rid[i]);
@@ -1841,7 +1840,7 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
num_users=info->disp_info.num_user_account;
free_samr_db(info);
- r_u->status=load_group_domain_entries(info, &global_sam_sid);
+ r_u->status=load_group_domain_entries(info, get_global_sam_sid());
if (!NT_STATUS_IS_OK(r_u->status)) {
DEBUG(5, ("_samr_query_dispinfo: load_group_domain_entries failed\n"));
return r_u->status;
@@ -2770,7 +2769,7 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_
if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
} else {
- if (sid_equal(&alias_sid, &global_sam_sid)) {
+ if (sid_equal(&alias_sid, get_global_sam_sid())) {
DEBUG(10, ("lookup on Server SID\n"));
if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
@@ -2789,7 +2788,7 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_
struct passwd *pass;
uint32 rid;
- sid_copy(&temp_sid, &global_sam_sid);
+ sid_copy(&temp_sid, get_global_sam_sid());
pass = getpwuid_alloc(uid[i]);
if (!pass) continue;
@@ -2863,7 +2862,7 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
DEBUG(10, ("sid is %s\n", group_sid_str));
/* can we get a query for an SID outside our domain ? */
- if (!sid_equal(&group_sid, &global_sam_sid))
+ if (!sid_equal(&group_sid, get_global_sam_sid()))
return NT_STATUS_NO_SUCH_GROUP;
sid_append_rid(&group_sid, group_rid);
@@ -2946,7 +2945,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
sid_to_string(alias_sid_str, &alias_sid);
DEBUG(10, ("sid is %s\n", alias_sid_str));
- if (sid_compare(&alias_sid, &global_sam_sid)>0) {
+ if (sid_compare(&alias_sid, get_global_sam_sid())>0) {
DEBUG(10, ("adding member on Server SID\n"));
if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
@@ -3095,7 +3094,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
sid_to_string(group_sid_str, &group_sid);
DEBUG(10, ("sid is %s\n", group_sid_str));
- if (sid_compare(&group_sid, &global_sam_sid)<=0)
+ if (sid_compare(&group_sid, get_global_sam_sid())<=0)
return NT_STATUS_NO_SUCH_GROUP;
DEBUG(10, ("lookup on Domain SID\n"));
@@ -3103,7 +3102,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
- sid_copy(&user_sid, &global_sam_sid);
+ sid_copy(&user_sid, get_global_sam_sid());
sid_append_rid(&user_sid, q_u->rid);
ret = pdb_init_sam(&sam_user);
@@ -3182,7 +3181,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE
if(!sid_check_is_in_our_domain(&group_sid))
return NT_STATUS_NO_SUCH_GROUP;
- sid_copy(&user_sid, &global_sam_sid);
+ sid_copy(&user_sid, get_global_sam_sid());
sid_append_rid(&user_sid, q_u->rid);
if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
@@ -3315,7 +3314,7 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S
DEBUG(10, ("sid is %s\n", group_sid_str));
/* we check if it's our SID before deleting */
- if (!sid_equal(&dom_sid, &global_sam_sid))
+ if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_NO_SUCH_GROUP;
DEBUG(10, ("lookup on Domain SID\n"));
@@ -3372,7 +3371,7 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S
DEBUG(10, ("sid is %s\n", alias_sid_str));
/* we check if it's our SID before deleting */
- if (!sid_equal(&dom_sid, &global_sam_sid))
+ if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_NO_SUCH_ALIAS;
DEBUG(10, ("lookup on Local SID\n"));
@@ -3422,7 +3421,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid))
return NT_STATUS_INVALID_HANDLE;
- if (!sid_equal(&dom_sid, &global_sam_sid))
+ if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
/* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/
@@ -3443,7 +3442,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
/* add the group to the mapping table */
- sid_copy(&info_sid, &global_sam_sid);
+ sid_copy(&info_sid, get_global_sam_sid());
sid_append_rid(&info_sid, r_u->rid);
sid_to_string(sid_string, &info_sid);
@@ -3480,7 +3479,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid))
return NT_STATUS_INVALID_HANDLE;
- if (!sid_equal(&dom_sid, &global_sam_sid))
+ if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
/* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/
@@ -3500,7 +3499,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
- sid_copy(&info_sid, &global_sam_sid);
+ sid_copy(&info_sid, get_global_sam_sid());
sid_append_rid(&info_sid, r_u->rid);
sid_to_string(sid_string, &info_sid);
@@ -3686,10 +3685,10 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G
return NT_STATUS_INVALID_HANDLE;
/* this should not be hard-coded like this */
- if (!sid_equal(&sid, &global_sam_sid))
+ if (!sid_equal(&sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
- sid_copy(&info_sid, &global_sam_sid);
+ sid_copy(&info_sid, get_global_sam_sid());
sid_append_rid(&info_sid, q_u->rid_group);
sid_to_string(sid_string, &info_sid);
@@ -3778,7 +3777,7 @@ NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOW
num_users=info->disp_info.num_user_account;
free_samr_db(info);
- r_u->status=load_group_domain_entries(info, &global_sam_sid);
+ r_u->status=load_group_domain_entries(info, get_global_sam_sid());
if (NT_STATUS_IS_ERR(r_u->status)) {
DEBUG(5, ("_samr_query_dispinfo: load_group_domain_entries failed\n"));
return r_u->status;
diff --git a/source3/smbd/groupname.c b/source3/smbd/groupname.c
index 812488571a..5147ae4b95 100644
--- a/source3/smbd/groupname.c
+++ b/source3/smbd/groupname.c
@@ -21,7 +21,6 @@
#ifdef USING_GROUPNAME_MAP
#include "includes.h"
-extern DOM_SID global_sam_sid;
/**************************************************************************
Groupname map functionality. The code loads a groupname map file and
@@ -160,7 +159,7 @@ Error was %s.\n", unixname, strerror(errno) ));
* It's not a well known name, convert the UNIX gid_t
* to a rid within this domain SID.
*/
- tmp_sid = global_sam_sid;
+ sid_copy(&tmp_sid,get_global_sam_sid());
tmp_sid.sub_auths[tmp_sid.num_auths++] =
pdb_gid_to_group_rid(gid);
}
@@ -228,7 +227,7 @@ void map_gid_to_sid( gid_t gid, DOM_SID *psid)
* If there's no map, convert the UNIX gid_t
* to a rid within this domain SID.
*/
- *psid = global_sam_sid;
+ sid_copy(psid,get_global_sam_sid());
psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid);
return;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 5f8f7044a6..6296e13f1c 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -860,7 +860,7 @@ static void usage(char *pname)
/* possibly reload the services file. */
reload_services(True);
- if(!pdb_generate_sam_sid()) {
+ if(!get_global_sam_sid()) {
DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
exit(1);
}
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 8b0ffbd73f..cb4a975881 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -504,7 +504,7 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE
sid_copy(&tmp_sid, sid);
sid_split_rid(&tmp_sid, &rid);
- if (sid_equal(&global_sam_sid, &tmp_sid)) {
+ if (sid_equal(get_global_sam_sid(), &tmp_sid)) {
return map_domain_sid_to_name(&tmp_sid, dom_name) &&
local_lookup_sid(sid, name, name_type);
@@ -598,7 +598,7 @@ BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
fstring sid_str;
/* if we know its local then don't try winbindd */
- if (sid_compare_domain(&global_sam_sid, psid) == 0) {
+ if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
return local_sid_to_uid(puid, psid, sidtype);
}
diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c
index 04d46f4559..3fdc07c2d5 100644
--- a/source3/utils/smbgroupedit.c
+++ b/source3/utils/smbgroupedit.c
@@ -23,7 +23,6 @@
extern pstring global_myname;
extern pstring global_myworkgroup;
-extern DOM_SID global_sam_sid;
/*
* Next two lines needed for SunOS and don't
@@ -306,7 +305,7 @@ int main (int argc, char **argv)
exit(1);
}
- if(pdb_generate_sam_sid()==False) {
+ if(get_global_sam_sid()==False) {
fprintf(stderr, "Can not read machine SID\n");
return 0;
}