diff options
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/sids.c | 80 | ||||
-rw-r--r-- | source3/lib/util_pwdb.c | 29 |
2 files changed, 69 insertions, 40 deletions
diff --git a/source3/lib/sids.c b/source3/lib/sids.c index cd64f1b097..4a2a5d4805 100644 --- a/source3/lib/sids.c +++ b/source3/lib/sids.c @@ -149,19 +149,10 @@ void get_sam_domain_name(void) } /**************************************************************************** - obtain the sid from the PDC. do some verification along the way... + obtain the sid from the PDC. ****************************************************************************/ BOOL get_member_domain_sid(void) { - POLICY_HND pol; - fstring srv_name; - struct cli_state cli; - BOOL res = True; - DOM_SID sid3; - DOM_SID sid5; - fstring dom3; - fstring dom5; - switch (lp_server_role()) { case ROLE_DOMAIN_NONE: @@ -181,6 +172,27 @@ BOOL get_member_domain_sid(void) } } + return get_domain_sids(NULL, &global_member_sid); +} + +/**************************************************************************** + obtain the sid from the PDC. do some verification along the way... +****************************************************************************/ +BOOL get_domain_sids(DOM_SID *sid3, DOM_SID *sid5) +{ + POLICY_HND pol; + fstring srv_name; + struct cli_state cli; + BOOL res = True; + fstring dom3; + fstring dom5; + + if (sid3 == NULL && sid5 == NULL) + { + /* don't waste my time... */ + return False; + } + if (!cli_connect_serverlist(&cli, lp_passwordserver())) { DEBUG(0,("get_member_domain_sid: unable to initialise client connection.\n")); @@ -194,8 +206,14 @@ BOOL get_member_domain_sid(void) fstrcpy(dom3, ""); fstrcpy(dom5, ""); - ZERO_STRUCT(sid3); - ZERO_STRUCT(sid5); + if (sid3 != NULL) + { + ZERO_STRUCTP(sid3); + } + if (sid5 != NULL) + { + ZERO_STRUCTP(sid5); + } fstrcpy(srv_name, "\\\\"); fstrcat(srv_name, global_myname); @@ -207,11 +225,17 @@ BOOL get_member_domain_sid(void) /* lookup domain controller; receive a policy handle */ res = res ? do_lsa_open_policy(&cli, srv_name, &pol, False) : False; - /* send client info query, level 3. receive domain name and sid */ - res = res ? do_lsa_query_info_pol(&cli, &pol, 3, dom3, &sid3) : False; + if (sid3 != NULL) + { + /* send client info query, level 3. receive domain name and sid */ + res = res ? do_lsa_query_info_pol(&cli, &pol, 3, dom3, sid3) : False; + } - /* send client info query, level 5. receive domain name and sid */ - res = res ? do_lsa_query_info_pol(&cli, &pol, 5, dom5, &sid5) : False; + if (sid5 != NULL) + { + /* send client info query, level 5. receive domain name and sid */ + res = res ? do_lsa_query_info_pol(&cli, &pol, 5, dom5, sid5) : False; + } /* close policy handle */ res = res ? do_lsa_close(&cli, &pol) : False; @@ -225,10 +249,16 @@ BOOL get_member_domain_sid(void) { pstring sid; DEBUG(2,("LSA Query Info Policy\n")); - sid_to_string(sid, &sid3); - DEBUG(2,("Domain Member - Domain: %s SID: %s\n", dom3, sid)); - sid_to_string(sid, &sid5); - DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", dom5, sid)); + if (sid3 != NULL) + { + sid_to_string(sid, sid3); + DEBUG(2,("Domain Member - Domain: %s SID: %s\n", dom3, sid)); + } + if (sid5 != NULL) + { + sid_to_string(sid, sid5); + DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", dom5, sid)); + } if (!strequal(dom3, global_myworkgroup) || !strequal(dom5, global_myworkgroup)) @@ -243,16 +273,6 @@ BOOL get_member_domain_sid(void) DEBUG(1,("lsa query info failed\n")); } - if (!res) - { - DEBUG(0,("get_member_domain_sid: unable to obtain Domain member SID\n")); - } - else - { - /* this is a _lot_ of trouble to go to for just this info: */ - global_member_sid = sid5; - } - return res; } diff --git a/source3/lib/util_pwdb.c b/source3/lib/util_pwdb.c index 588070f7b8..8008e9de71 100644 --- a/source3/lib/util_pwdb.c +++ b/source3/lib/util_pwdb.c @@ -26,9 +26,11 @@ extern int DEBUGLEVEL; extern DOM_SID global_sam_sid; extern fstring global_sam_name; -extern DOM_SID global_sid_S_1_5_20; + +extern DOM_SID global_member_sid; extern fstring global_myworkgroup; +extern DOM_SID global_sid_S_1_5_20; /* * A list of the rids of well known BUILTIN and Domain users * and groups. @@ -416,7 +418,7 @@ BOOL pwdb_gethexpwd(const char *p, char *pwd) /************************************************************* initialise password databases, domain names, domain sid. **************************************************************/ -BOOL pwdb_initialise(void) +BOOL pwdb_initialise(BOOL is_server) { fstrcpy(global_myworkgroup, lp_workgroup()); @@ -430,15 +432,22 @@ BOOL pwdb_initialise(void) generate_wellknown_sids(); - if (!generate_sam_sid(global_sam_name)) + if (is_server) { - DEBUG(0,("ERROR: Samba cannot create a SAM SID for its domain (%s).\n", - global_sam_name)); - return False; + if (!generate_sam_sid(global_sam_name)) + { + DEBUG(0,("ERROR: Samba cannot create a SAM SID for its domain (%s).\n", + global_sam_name)); + return False; + } + } + else + { + if (!get_domain_sids(&global_member_sid, &global_sam_sid)) + { + return False; + } } - if(!initialise_password_db()) - return False; - - return True; + return initialise_password_db(); } |