summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/include/passdb.h4
-rw-r--r--source3/passdb/passdb.c4
-rw-r--r--source3/passdb/pdb_interface.c10
-rw-r--r--source3/passdb/pdb_ldap.c9
-rw-r--r--source3/passdb/pdb_nisplus.c10
-rw-r--r--source3/passdb/pdb_smbpasswd.c10
-rw-r--r--source3/passdb/pdb_tdb.c11
-rw-r--r--source3/passdb/pdb_unix.c9
-rw-r--r--source3/rpc_server/srv_samr_nt.c135
-rw-r--r--source3/rpc_server/srv_util.c8
10 files changed, 115 insertions, 95 deletions
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index e7f16bad57..bd1d1e159b 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -43,7 +43,7 @@ typedef struct pdb_context
BOOL (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username);
- BOOL (*pdb_getsampwrid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, uint32 rid);
+ BOOL (*pdb_getsampwsid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, DOM_SID *sid);
BOOL (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
@@ -74,7 +74,7 @@ typedef struct pdb_methods
BOOL (*getsampwnam)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const char *username);
- BOOL (*getsampwrid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, uint32 rid);
+ BOOL (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, DOM_SID *Sid);
BOOL (*add_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass);
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 32d6731a9e..aa7672731a 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -618,7 +618,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
}
/* This now does the 'generic' mapping in pdb_unix */
- if (pdb_getsampwrid(sam_account, rid)) {
+ if (pdb_getsampwsid(sam_account, sid)) {
fstrcpy(name, pdb_get_username(sam_account));
*psid_name_use = SID_NAME_USER;
@@ -852,7 +852,7 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
return False;
- if (pdb_getsampwrid(sam_user, rid)) {
+ if (pdb_getsampwsid(sam_user, psid)) {
*puid = pdb_get_uid(sam_user);
if (*puid == -1) {
pdb_free_sam(&sam_user);
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index e57944cda7..d8f69e56b1 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -122,7 +122,7 @@ static BOOL context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_ac
return False;
}
-static BOOL context_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, uint32 rid)
+static BOOL context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, DOM_SID *sid)
{
struct pdb_methods *curmethods;
if ((!context)) {
@@ -133,7 +133,7 @@ static BOOL context_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_ac
curmethods = context->pdb_methods;
while (curmethods){
- if (curmethods->getsampwrid && curmethods->getsampwrid(curmethods, sam_acct, rid) == True){
+ if (curmethods->getsampwsid && curmethods->getsampwsid(curmethods, sam_acct, sid) == True){
sam_acct->methods = curmethods;
return True;
}
@@ -299,7 +299,7 @@ static NTSTATUS make_pdb_context(struct pdb_context **context)
(*context)->pdb_endsampwent = context_endsampwent;
(*context)->pdb_getsampwent = context_getsampwent;
(*context)->pdb_getsampwnam = context_getsampwnam;
- (*context)->pdb_getsampwrid = context_getsampwrid;
+ (*context)->pdb_getsampwsid = context_getsampwsid;
(*context)->pdb_add_sam_account = context_add_sam_account;
(*context)->pdb_update_sam_account = context_update_sam_account;
(*context)->pdb_delete_sam_account = context_delete_sam_account;
@@ -431,7 +431,7 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username)
return pdb_context->pdb_getsampwnam(pdb_context, sam_acct, username);
}
-BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct, uint32 rid)
+BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, DOM_SID *sid)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
@@ -439,7 +439,7 @@ BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct, uint32 rid)
return False;
}
- return pdb_context->pdb_getsampwrid(pdb_context, sam_acct, rid);
+ return pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid);
}
BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct)
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 70f130c0a3..28c08e0f63 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1270,6 +1270,13 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us
}
}
+static BOOL ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
+{
+ uint32 rid;
+ sid_peek_rid(sid, &rid);
+ return ldapsam_getsampwrid(my_methods, user, rid);
+}
+
/**********************************************************************
Delete entry from LDAP for username
*********************************************************************/
@@ -1537,7 +1544,7 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
(*pdb_method)->endsampwent = ldapsam_endsampwent;
(*pdb_method)->getsampwent = ldapsam_getsampwent;
(*pdb_method)->getsampwnam = ldapsam_getsampwnam;
- (*pdb_method)->getsampwrid = ldapsam_getsampwrid;
+ (*pdb_method)->getsampwsid = ldapsam_getsampwsid;
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
(*pdb_method)->update_sam_account = ldapsam_update_sam_account;
(*pdb_method)->delete_sam_account = ldapsam_delete_sam_account;
diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c
index 145e1d4f0c..0c4c2c5bb3 100644
--- a/source3/passdb/pdb_nisplus.c
+++ b/source3/passdb/pdb_nisplus.c
@@ -1030,7 +1030,15 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname)
/*************************************************************************
Routine to search the nisplus passwd file for an entry matching the username
*************************************************************************/
-BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid)
+
+BOOL pdb_getsampwsid(SAM_ACCOUNT * user, DOM_SID *sid)
+{
+ uint32 rid;
+ sid_peek_rid(sid, &rid);
+ return pdb_getsampwrid(user, rid);
+}
+
+static BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid)
{
nis_result *result;
char *nisname;
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index f6214220ea..a6bd66eace 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1411,7 +1411,6 @@ static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *s
return True;
}
-
static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct,uint32 rid)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
@@ -1456,6 +1455,13 @@ static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *s
return True;
}
+static BOOL smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
+{
+ uint32 rid;
+ sid_peek_rid(sid, &rid);
+ return smbpasswd_getsampwrid(my_methods, user, rid);
+}
+
static BOOL smbpasswd_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
@@ -1529,7 +1535,7 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method,
(*pdb_method)->endsampwent = smbpasswd_endsampwent;
(*pdb_method)->getsampwent = smbpasswd_getsampwent;
(*pdb_method)->getsampwnam = smbpasswd_getsampwnam;
- (*pdb_method)->getsampwrid = smbpasswd_getsampwrid;
+ (*pdb_method)->getsampwsid = smbpasswd_getsampwsid;
(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index cda9d68c10..2341210e39 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -277,7 +277,7 @@ done:
Intialize a BYTE buffer from a SAM_ACCOUNT struct
*********************************************************************/
static uint32 init_buffer_from_sam (struct tdbsam_privates *tdb_state,
- uint8 **buf, SAM_ACCOUNT *sampass)
+ uint8 **buf, const SAM_ACCOUNT *sampass)
{
size_t len, buflen;
@@ -668,6 +668,13 @@ static BOOL tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *use
return tdbsam_getsampwnam (my_methods, user, name);
}
+static BOOL tdbsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
+{
+ uint32 rid;
+ sid_peek_rid(sid, &rid);
+ return tdbsam_getsampwrid(my_methods, user, rid);
+}
+
/***************************************************************************
Delete a SAM_ACCOUNT
****************************************************************************/
@@ -910,7 +917,7 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
(*pdb_method)->endsampwent = tdbsam_endsampwent;
(*pdb_method)->getsampwent = tdbsam_getsampwent;
(*pdb_method)->getsampwnam = tdbsam_getsampwnam;
- (*pdb_method)->getsampwrid = tdbsam_getsampwrid;
+ (*pdb_method)->getsampwsid = tdbsam_getsampwsid;
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c
index 1c0ede76d3..85ff5bd933 100644
--- a/source3/passdb/pdb_unix.c
+++ b/source3/passdb/pdb_unix.c
@@ -65,6 +65,13 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods,
return ret;
}
+static BOOL unixsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid)
+{
+ uint32 rid;
+ sid_peek_rid(sid, &rid);
+ return unixsam_getsampwrid(my_methods, user, rid);
+}
+
/***************************************************************************
Adds an existing SAM_ACCOUNT
****************************************************************************/
@@ -109,7 +116,7 @@ NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
(*pdb_method)->endsampwent = NULL;
(*pdb_method)->getsampwent = NULL;
(*pdb_method)->getsampwnam = unixsam_getsampwnam;
- (*pdb_method)->getsampwrid = unixsam_getsampwrid;
+ (*pdb_method)->getsampwsid = unixsam_getsampwsid;
(*pdb_method)->add_sam_account = unixsam_add_sam_account;
(*pdb_method)->update_sam_account = unixsam_update_sam_account;
(*pdb_method)->delete_sam_account = NULL;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index c889581fae..7c16bc7128 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1390,7 +1390,6 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN
SAM_ACCOUNT *sampass=NULL;
DOM_SID sid;
POLICY_HND domain_pol = q_u->domain_pol;
- uint32 user_rid = q_u->user_rid;
POLICY_HND *user_pol = &r_u->user_pol;
struct samr_info *info = NULL;
BOOL ret;
@@ -1401,13 +1400,21 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN
if (!find_policy_by_hnd(p, &domain_pol, NULL))
return NT_STATUS_INVALID_HANDLE;
+ /* Get the domain SID stored in the domain policy */
+ if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid))
+ return NT_STATUS_INVALID_HANDLE;
+
+ /* append the user's RID to it */
+ if(!sid_append_rid(&sid, q_u->user_rid))
+ return NT_STATUS_NO_SUCH_USER;
+
pdb_init_sam(&sampass);
become_root();
- ret=pdb_getsampwrid(sampass, user_rid);
+ ret=pdb_getsampwsid(sampass, &sid);
unbecome_root();
- /* check that the RID exists in our domain. */
+ /* check that the SID exists in our domain. */
if (ret == False) {
pdb_free_sam(&sampass);
return NT_STATUS_NO_SUCH_USER;
@@ -1415,14 +1422,6 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN
pdb_free_sam(&sampass);
- /* Get the domain SID stored in the domain policy */
- if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid))
- return NT_STATUS_INVALID_HANDLE;
-
- /* append the user's RID to it */
- if(!sid_append_rid(&sid, user_rid))
- return NT_STATUS_NO_SUCH_USER;
-
/* associate the user's SID with the new handle. */
if ((info = get_samr_info_by_sid(&sid)) == NULL)
return NT_STATUS_NO_MEMORY;
@@ -1438,7 +1437,7 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN
get_user_info_10. Safe. Only gives out acb bits.
*************************************************************************/
-static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
+static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, DOM_SID *user_sid)
{
SAM_ACCOUNT *smbpass=NULL;
BOOL ret;
@@ -1446,11 +1445,11 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
pdb_init_sam(&smbpass);
become_root();
- ret = pdb_getsampwrid(smbpass, user_rid);
+ ret = pdb_getsampwsid(smbpass, user_sid);
unbecome_root();
if (ret==False) {
- DEBUG(4,("User 0x%x not found\n", user_rid));
+ DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
pdb_free_sam(&smbpass);
return False;
}
@@ -1471,7 +1470,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
user. JRA.
*************************************************************************/
-static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint32 user_rid)
+static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, DOM_SID *user_sid)
{
SAM_ACCOUNT *smbpass=NULL;
BOOL ret;
@@ -1487,10 +1486,10 @@ static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint3
*/
pdb_init_sam(&smbpass);
- ret = pdb_getsampwrid(smbpass, user_rid);
+ ret = pdb_getsampwsid(smbpass, user_sid);
if (ret == False) {
- DEBUG(4, ("User 0x%x not found\n", user_rid));
+ DEBUG(4, ("User %s not found\n", sid_string_static(user_sid)));
pdb_free_sam(&smbpass);
return (geteuid() == (uid_t)0) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED;
}
@@ -1514,7 +1513,7 @@ static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint3
get_user_info_20
*************************************************************************/
-static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid)
+static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, DOM_SID *user_sid)
{
SAM_ACCOUNT *sampass=NULL;
BOOL ret;
@@ -1522,11 +1521,11 @@ static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid)
pdb_init_sam(&sampass);
become_root();
- ret = pdb_getsampwrid(sampass, user_rid);
+ ret = pdb_getsampwsid(sampass, user_sid);
unbecome_root();
if (ret == False) {
- DEBUG(4,("User 0x%x not found\n", user_rid));
+ DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
pdb_free_sam(&sampass);
return False;
}
@@ -1547,7 +1546,7 @@ static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid)
get_user_info_21
*************************************************************************/
-static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
+static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, DOM_SID *user_sid)
{
SAM_ACCOUNT *sampass=NULL;
BOOL ret;
@@ -1555,11 +1554,11 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
pdb_init_sam(&sampass);
become_root();
- ret = pdb_getsampwrid(sampass, user_rid);
+ ret = pdb_getsampwsid(sampass, user_sid);
unbecome_root();
if (ret == False) {
- DEBUG(4,("User 0x%x not found\n", user_rid));
+ DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
pdb_free_sam(&sampass);
return False;
}
@@ -1583,7 +1582,6 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_QUERY_USERINFO *r_u)
{
SAM_USERINFO_CTR *ctr;
- uint32 rid = 0;
struct samr_info *info = NULL;
r_u->status=NT_STATUS_OK;
@@ -1595,9 +1593,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_
if (!sid_check_is_in_our_domain(&info->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- sid_peek_rid(&info->sid, &rid);
-
- DEBUG(5,("_samr_query_userinfo: rid:0x%x\n", rid));
+ DEBUG(5,("_samr_query_userinfo: sid:%s\n", sid_string_static(&info->sid)));
ctr = (SAM_USERINFO_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_USERINFO_CTR));
if (!ctr)
@@ -1614,7 +1610,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_
if (ctr->info.id10 == NULL)
return NT_STATUS_NO_MEMORY;
- if (!get_user_info_10(ctr->info.id10, rid))
+ if (!get_user_info_10(ctr->info.id10, &info->sid))
return NT_STATUS_NO_SUCH_USER;
break;
@@ -1649,7 +1645,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_
if (ctr->info.id12 == NULL)
return NT_STATUS_NO_MEMORY;
- if (NT_STATUS_IS_ERR(r_u->status = get_user_info_12(p, ctr->info.id12, rid)))
+ if (NT_STATUS_IS_ERR(r_u->status = get_user_info_12(p, ctr->info.id12, &info->sid)))
return r_u->status;
break;
@@ -1657,7 +1653,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_
ctr->info.id20 = (SAM_USER_INFO_20 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_20));
if (ctr->info.id20 == NULL)
return NT_STATUS_NO_MEMORY;
- if (!get_user_info_20(ctr->info.id20, rid))
+ if (!get_user_info_20(ctr->info.id20, &info->sid))
return NT_STATUS_NO_SUCH_USER;
break;
@@ -1665,7 +1661,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_
ctr->info.id21 = (SAM_USER_INFO_21 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_21));
if (ctr->info.id21 == NULL)
return NT_STATUS_NO_MEMORY;
- if (!get_user_info_21(ctr->info.id21, rid))
+ if (!get_user_info_21(ctr->info.id21, &info->sid))
return NT_STATUS_NO_SUCH_USER;
break;
@@ -1689,7 +1685,6 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
SAM_ACCOUNT *sam_pass=NULL;
DOM_GID *gids = NULL;
int num_groups = 0;
- uint32 rid;
struct samr_info *info = NULL;
BOOL ret;
@@ -1716,12 +1711,10 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
if (!sid_check_is_in_our_domain(&info->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- sid_peek_rid(&info->sid, &rid);
-
pdb_init_sam(&sam_pass);
become_root();
- ret = pdb_getsampwrid(sam_pass, rid);
+ ret = pdb_getsampwsid(sam_pass, &info->sid);
unbecome_root();
if (ret == False) {
@@ -2223,14 +2216,14 @@ NTSTATUS _api_samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OP
set_user_info_10
********************************************************************/
-static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid)
+static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, DOM_SID *sid)
{
SAM_ACCOUNT *pwd =NULL;
BOOL ret;
pdb_init_sam(&pwd);
- ret = pdb_getsampwrid(pwd, rid);
+ ret = pdb_getsampwsid(pwd, sid);
if(ret==False) {
pdb_free_sam(&pwd);
@@ -2262,13 +2255,13 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid)
set_user_info_12
********************************************************************/
-static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid)
+static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, DOM_SID *sid)
{
SAM_ACCOUNT *pwd = NULL;
pdb_init_sam(&pwd);
- if(!pdb_getsampwrid(pwd, rid)) {
+ if(!pdb_getsampwsid(pwd, sid)) {
pdb_free_sam(&pwd);
return False;
}
@@ -2305,7 +2298,7 @@ static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid)
set_user_info_21
********************************************************************/
-static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid)
+static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, DOM_SID *sid)
{
SAM_ACCOUNT *pwd = NULL;
@@ -2316,7 +2309,7 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid)
pdb_init_sam(&pwd);
- if (!pdb_getsampwrid(pwd, rid)) {
+ if (!pdb_getsampwsid(pwd, sid)) {
pdb_free_sam(&pwd);
return False;
}
@@ -2345,7 +2338,7 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid)
set_user_info_23
********************************************************************/
-static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
+static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid)
{
SAM_ACCOUNT *pwd = NULL;
pstring plaintext_buf;
@@ -2359,7 +2352,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
pdb_init_sam(&pwd);
- if (!pdb_getsampwrid(pwd, rid)) {
+ if (!pdb_getsampwsid(pwd, sid)) {
pdb_free_sam(&pwd);
return False;
}
@@ -2412,7 +2405,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
set_user_info_pw
********************************************************************/
-static BOOL set_user_info_pw(char *pass, uint32 rid)
+static BOOL set_user_info_pw(char *pass, DOM_SID *sid)
{
SAM_ACCOUNT *pwd = NULL;
uint32 len;
@@ -2421,7 +2414,7 @@ static BOOL set_user_info_pw(char *pass, uint32 rid)
pdb_init_sam(&pwd);
- if (!pdb_getsampwrid(pwd, rid)) {
+ if (!pdb_getsampwsid(pwd, sid)) {
pdb_free_sam(&pwd);
return False;
}
@@ -2480,7 +2473,6 @@ static BOOL set_user_info_pw(char *pass, uint32 rid)
NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_USERINFO *r_u)
{
- uint32 rid = 0x0;
DOM_SID sid;
POLICY_HND *pol = &q_u->pol;
uint16 switch_value = q_u->switch_value;
@@ -2494,9 +2486,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
if (!get_lsa_policy_samr_sid(p, pol, &sid))
return NT_STATUS_INVALID_HANDLE;
- sid_split_rid(&sid, &rid);
-
- DEBUG(5, ("_samr_set_userinfo: rid:0x%x, level:%d\n", rid, switch_value));
+ DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n", sid_string_static(&sid), switch_value));
if (ctr == NULL) {
DEBUG(5, ("_samr_set_userinfo: NULL info level\n"));
@@ -2506,7 +2496,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch (switch_value) {
case 0x12:
- if (!set_user_info_12(ctr->info.id12, rid))
+ if (!set_user_info_12(ctr->info.id12, &sid))
return NT_STATUS_ACCESS_DENIED;
break;
@@ -2515,7 +2505,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
dump_data(100, (char *)ctr->info.id24->pass, 516);
- if (!set_user_info_pw((char *)ctr->info.id24->pass, rid))
+ if (!set_user_info_pw((char *)ctr->info.id24->pass, &sid))
return NT_STATUS_ACCESS_DENIED;
break;
@@ -2533,7 +2523,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
dump_data(100, (char *)ctr->info.id25->pass, 532);
- if (!set_user_info_pw(ctr->info.id25->pass, rid))
+ if (!set_user_info_pw(ctr->info.id25->pass, &sid))
return NT_STATUS_ACCESS_DENIED;
break;
#endif
@@ -2544,7 +2534,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
dump_data(100, (char *)ctr->info.id23->pass, 516);
- if (!set_user_info_23(ctr->info.id23, rid))
+ if (!set_user_info_23(ctr->info.id23, &sid))
return NT_STATUS_ACCESS_DENIED;
break;
@@ -2562,7 +2552,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SET_USERINFO2 *r_u)
{
DOM_SID sid;
- uint32 rid = 0x0;
SAM_USERINFO_CTR *ctr = q_u->ctr;
POLICY_HND *pol = &q_u->pol;
uint16 switch_value = q_u->switch_value;
@@ -2575,9 +2564,7 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_
if (!get_lsa_policy_samr_sid(p, pol, &sid))
return NT_STATUS_INVALID_HANDLE;
- sid_split_rid(&sid, &rid);
-
- DEBUG(5, ("samr_reply_set_userinfo2: rid:0x%x\n", rid));
+ DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n", sid_string_static(&sid)));
if (ctr == NULL) {
DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n"));
@@ -2589,16 +2576,16 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch (switch_value) {
case 21:
- if (!set_user_info_21(ctr->info.id21, rid))
+ if (!set_user_info_21(ctr->info.id21, &sid))
return NT_STATUS_ACCESS_DENIED;
break;
case 16:
- if (!set_user_info_10(ctr->info.id10, rid))
+ if (!set_user_info_10(ctr->info.id10, &sid))
return NT_STATUS_ACCESS_DENIED;
break;
case 18:
/* Used by AS/U JRA. */
- if (!set_user_info_12(ctr->info.id12, rid))
+ if (!set_user_info_12(ctr->info.id12, &sid))
return NT_STATUS_ACCESS_DENIED;
break;
default:
@@ -2886,7 +2873,6 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
struct passwd *pwd;
struct group *grp;
fstring grp_name;
- uint32 rid;
GROUP_MAP map;
NTSTATUS ret;
SAM_ACCOUNT *sam_user = NULL;
@@ -2914,13 +2900,11 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
return NT_STATUS_NO_SUCH_ALIAS;
}
- sid_split_rid(&q_u->sid.sid, &rid);
-
ret = pdb_init_sam(&sam_user);
if (NT_STATUS_IS_ERR(ret))
return ret;
- check = pdb_getsampwrid(sam_user, rid);
+ check = pdb_getsampwsid(sam_user, &q_u->sid.sid);
if (check != True) {
pdb_free_sam(&sam_user);
@@ -2974,7 +2958,6 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE
fstring alias_sid_str;
struct group *grp;
fstring grp_name;
- uint32 rid;
GROUP_MAP map;
SAM_ACCOUNT *sam_pass=NULL;
@@ -3000,11 +2983,9 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE
/* we need to copy the name otherwise it's overloaded in user_in_group_list */
fstrcpy(grp_name, grp->gr_name);
- sid_peek_rid(&q_u->sid.sid, &rid);
-
/* check if the user exists before trying to remove it from the group */
pdb_init_sam(&sam_pass);
- if(!pdb_getsampwrid(sam_pass, rid)) {
+ if(!pdb_getsampwsid(sam_pass, &q_u->sid.sid)) {
DEBUG(5,("_samr_del_aliasmem:User %s doesn't exist.\n", pdb_get_username(sam_pass)));
pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
@@ -3035,6 +3016,7 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE
NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_ADD_GROUPMEM *r_u)
{
DOM_SID group_sid;
+ DOM_SID user_sid;
fstring group_sid_str;
struct passwd *pwd;
struct group *grp;
@@ -3060,11 +3042,14 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
+ sid_copy(&user_sid, &global_sam_sid);
+ sid_append_rid(&user_sid, q_u->rid);
+
ret = pdb_init_sam(&sam_user);
if (NT_STATUS_IS_ERR(ret))
return ret;
- check = pdb_getsampwrid(sam_user, q_u->rid);
+ check = pdb_getsampwsid(sam_user, &user_sid);
if (check != True) {
pdb_free_sam(&sam_user);
@@ -3117,8 +3102,8 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DEL_GROUPMEM *r_u)
{
DOM_SID group_sid;
+ DOM_SID user_sid;
SAM_ACCOUNT *sam_pass=NULL;
- uint32 rid;
GROUP_MAP map;
fstring grp_name;
struct group *grp;
@@ -3136,7 +3121,8 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE
if(!sid_check_is_in_our_domain(&group_sid))
return NT_STATUS_NO_SUCH_GROUP;
- rid=q_u->rid;
+ sid_copy(&user_sid, &global_sam_sid);
+ sid_append_rid(&user_sid, q_u->rid);
if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
@@ -3149,7 +3135,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE
/* check if the user exists before trying to remove it from the group */
pdb_init_sam(&sam_pass);
- if(!pdb_getsampwrid(sam_pass, rid)) {
+ if(!pdb_getsampwsid(sam_pass, &user_sid)) {
DEBUG(5,("User %s doesn't exist.\n", pdb_get_username(sam_pass)));
pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
@@ -3200,7 +3186,6 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
{
DOM_SID user_sid;
SAM_ACCOUNT *sam_pass=NULL;
- uint32 rid;
DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__));
@@ -3211,11 +3196,9 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
if (!sid_check_is_in_our_domain(&user_sid))
return NT_STATUS_CANNOT_DELETE;
- sid_peek_rid(&user_sid, &rid);
-
/* check if the user exists before trying to delete */
pdb_init_sam(&sam_pass);
- if(!pdb_getsampwrid(sam_pass, rid)) {
+ if(!pdb_getsampwsid(sam_pass, &user_sid)) {
DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", pdb_get_username(sam_pass)));
pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 53bbebb95e..af653ba0e8 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -114,11 +114,9 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
- sid_peek_rid(q_sid, &rid);
-
pdb_init_sam(&sam_pass);
become_root();
- ret = pdb_getsampwrid(sam_pass, rid);
+ ret = pdb_getsampwsid(sam_pass, q_sid);
unbecome_root();
if (ret == False) {
pdb_free_sam(&sam_pass);
@@ -404,6 +402,8 @@ NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
return NT_STATUS_NONE_MAPPED;
}
+
+#if 0 /*Nobody uses this function just now*/
/*******************************************************************
Look up a local user rid and return a name and type.
********************************************************************/
@@ -448,6 +448,8 @@ NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
return NT_STATUS_NONE_MAPPED;
}
+#endif
+
/*******************************************************************
Look up a local (domain) group name and return a rid
********************************************************************/