diff options
Diffstat (limited to 'source4/dsdb/common')
-rw-r--r-- | source4/dsdb/common/flags.h | 5 | ||||
-rw-r--r-- | source4/dsdb/common/sidmap.c | 35 |
2 files changed, 24 insertions, 16 deletions
diff --git a/source4/dsdb/common/flags.h b/source4/dsdb/common/flags.h index 8de3f6dc19..36111418e2 100644 --- a/source4/dsdb/common/flags.h +++ b/source4/dsdb/common/flags.h @@ -91,6 +91,11 @@ GROUP_TYPE_ACCOUNT_GROUP| \ GROUP_TYPE_SECURITY_ENABLED \ ) +#define GTYPE_SECURITY_UNIVERSAL_GROUP ( \ + /* 0x80000008 -2147483656 */ \ + GROUP_TYPE_UNIVERSAL_GROUP| \ + GROUP_TYPE_SECURITY_ENABLED \ + ) #define GTYPE_DISTRIBUTION_GLOBAL_GROUP 0x00000002 /* 2 */ #define GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP 0x00000004 /* 4 */ #define GTYPE_DISTRIBUTION_UNIVERSAL_GROUP 0x00000008 /* 8 */ diff --git a/source4/dsdb/common/sidmap.c b/source4/dsdb/common/sidmap.c index 8a594f3fc7..de1f3f3c7a 100644 --- a/source4/dsdb/common/sidmap.c +++ b/source4/dsdb/common/sidmap.c @@ -68,26 +68,26 @@ _PUBLIC_ struct sidmap_context *sidmap_open(TALLOC_CTX *mem_ctx) check the sAMAccountType field of a search result to see if the account is a user account */ -static BOOL is_user_account(struct ldb_message *res) +static bool is_user_account(struct ldb_message *res) { uint_t atype = samdb_result_uint(res, "sAMAccountType", 0); if (atype && (!(atype & ATYPE_ACCOUNT))) { - return False; + return false; } - return True; + return true; } /* check the sAMAccountType field of a search result to see if the account is a group account */ -static BOOL is_group_account(struct ldb_message *res) +static bool is_group_account(struct ldb_message *res) { uint_t atype = samdb_result_uint(res, "sAMAccountType", 0); if (atype && atype == ATYPE_NORMAL_ACCOUNT) { - return False; + return false; } - return True; + return true; } @@ -217,7 +217,7 @@ allocated_sid: /* see if a sid is a group - very inefficient! */ -_PUBLIC_ BOOL sidmap_sid_is_group(struct sidmap_context *sidmap, struct dom_sid *sid) +_PUBLIC_ bool sidmap_sid_is_group(struct sidmap_context *sidmap, struct dom_sid *sid) { const char *attrs[] = { "sAMAccountType", NULL }; int ret; @@ -225,7 +225,7 @@ _PUBLIC_ BOOL sidmap_sid_is_group(struct sidmap_context *sidmap, struct dom_sid struct ldb_message **res; NTSTATUS status; struct dom_sid *domain_sid; - BOOL is_group; + bool is_group; tmp_ctx = talloc_new(sidmap); @@ -240,19 +240,19 @@ _PUBLIC_ BOOL sidmap_sid_is_group(struct sidmap_context *sidmap, struct dom_sid status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid); if (!NT_STATUS_IS_OK(status)) { talloc_free(tmp_ctx); - return False; + return false; } if (dom_sid_in_domain(domain_sid, sid)) { uint32_t rid = sid->sub_auths[sid->num_auths-1]; if (rid >= SIDMAP_LOCAL_GROUP_BASE) { talloc_free(tmp_ctx); - return True; + return true; } } talloc_free(tmp_ctx); - return False; + return false; } /* @@ -550,13 +550,13 @@ _PUBLIC_ NTSTATUS sidmap_allocated_sid_lookup(struct sidmap_context *sidmap, TALLOC_CTX *mem_ctx, const struct dom_sid *sid, const char **name, - uint32_t *atype) + enum lsa_SidType *rtype) { NTSTATUS status; struct dom_sid *domain_sid; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - uint32_t rid; - + uint32_t rid, atype; + status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid); if (!NT_STATUS_IS_OK(status)) { return NT_STATUS_NO_SUCH_DOMAIN; @@ -577,7 +577,9 @@ _PUBLIC_ NTSTATUS sidmap_allocated_sid_lookup(struct sidmap_context *sidmap, if (rid < SIDMAP_LOCAL_GROUP_BASE) { struct passwd *pwd; uid_t uid = rid - SIDMAP_LOCAL_USER_BASE; - *atype = ATYPE_NORMAL_ACCOUNT; + atype = ATYPE_NORMAL_ACCOUNT; + *rtype = samdb_atype_map(atype); + pwd = getpwuid(uid); if (pwd == NULL) { *name = talloc_asprintf(mem_ctx, "uid%u", uid); @@ -587,7 +589,8 @@ _PUBLIC_ NTSTATUS sidmap_allocated_sid_lookup(struct sidmap_context *sidmap, } else { struct group *grp; gid_t gid = rid - SIDMAP_LOCAL_GROUP_BASE; - *atype = ATYPE_LOCAL_GROUP; + atype = ATYPE_LOCAL_GROUP; + *rtype = samdb_atype_map(atype); grp = getgrgid(gid); if (grp == NULL) { *name = talloc_asprintf(mem_ctx, "gid%u", gid); |