From 050b80356edea52f1bbb0a27599186ad84c18b73 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 19 Mar 2002 13:57:53 +0000 Subject: second step to gain free uid<->rid mapping we still need to free gid<->rid mapping and few other stuff (This used to be commit aa4b6f8181f34196a28951264dd8b631a5deef7f) --- source3/include/passdb.h | 8 ---- source3/include/rpc_misc.h | 15 +++++++ source3/passdb/passdb.c | 49 ++++++++++++++++++--- source3/passdb/pdb_interface.c | 46 +------------------- source3/passdb/pdb_ldap.c | 19 +++++++- source3/passdb/pdb_nisplus.c | 19 ++++++++ source3/passdb/pdb_smbpasswd.c | 39 ++++++++--------- source3/passdb/pdb_tdb.c | 93 ++++++++-------------------------------- source3/rpc_server/srv_samr_nt.c | 92 ++++++++++++++++++++++++++++++++++----- source3/utils/pdbedit.c | 2 + 10 files changed, 216 insertions(+), 166 deletions(-) diff --git a/source3/include/passdb.h b/source3/include/passdb.h index df44dce80c..f17b043fb2 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -50,10 +50,6 @@ typedef struct pdb_context BOOL (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username); - uid_t (*pdb_user_rid_to_uid)(struct pdb_context *, uint32 user_rid); - - uint32 (*pdb_uid_to_user_rid)(struct pdb_context *, uid_t uid); - void (*free_fn)(struct pdb_context **); TALLOC_CTX *mem_ctx; @@ -79,10 +75,6 @@ typedef struct pdb_methods BOOL (*update_sam_account)(struct pdb_context *, const SAM_ACCOUNT *sampass); BOOL (*delete_sam_account)(struct pdb_context *, const SAM_ACCOUNT *username); - - uid_t (*user_rid_to_uid)(struct pdb_context *, uint32 user_rid); - - uint32 (*uid_to_user_rid)(struct pdb_context *, uid_t uid); void *private_data; /* Private data of some kind */ diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h index 686f8e97e9..7398b8ac57 100644 --- a/source3/include/rpc_misc.h +++ b/source3/include/rpc_misc.h @@ -33,11 +33,22 @@ /* RIDs - Well-known users ... */ #define DOMAIN_USER_RID_ADMIN (0x000001F4L) #define DOMAIN_USER_RID_GUEST (0x000001F5L) +#define DOMAIN_USER_RID_KRBTGT (0x000001F6L) /* RIDs - well-known groups ... */ #define DOMAIN_GROUP_RID_ADMINS (0x00000200L) #define DOMAIN_GROUP_RID_USERS (0x00000201L) #define DOMAIN_GROUP_RID_GUESTS (0x00000202L) +#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) + +#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) +#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) +#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) +#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L) + +/* is the following the right number? I bet it is --simo +#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L) +*/ /* RIDs - well-known aliases ... */ #define BUILTIN_ALIAS_RID_ADMINS (0x00000220L) @@ -51,12 +62,16 @@ #define BUILTIN_ALIAS_RID_BACKUP_OPS (0x00000227L) #define BUILTIN_ALIAS_RID_REPLICATOR (0x00000228L) +#define BUILTIN_ALIAS_RID_RAS_SERVERS (0x00000229L) /* * Masks for mappings between unix uid and gid types and * NT RIDS. */ + +#define BASE_RID (0x000003E8L) + /* Take the bottom bit. */ #define RID_TYPE_MASK 1 #define RID_MULTIPLIER 2 diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index c53b300198..6a3c4bb793 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -173,7 +173,9 @@ NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) pdb_set_uid(*new_sam_acct, pwd->pw_uid); pdb_set_gid(*new_sam_acct, pwd->pw_gid); + /* let the backends set the rid!! pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid)); + -- simo */ /* call the mapping code here */ if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { @@ -397,6 +399,7 @@ BOOL pdb_gethexpwd(const char *p, unsigned char *pwd) return (True); } +#if 0 /* seem it is not used by anyone */ /******************************************************************* Group and User RID username mapping function ********************************************************************/ @@ -416,7 +419,7 @@ BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid) /* turn the unix UID into a Domain RID. this is what the posix sub-system does (adds 1000 to the uid) */ - *u_rid = pdb_uid_to_user_rid(pw->pw_uid); + *u_rid = fallback_pdb_uid_to_user_rid(pw->pw_uid); /* absolutely no idea what to do about the unix GID to Domain RID mapping */ /* map it ! */ @@ -427,12 +430,13 @@ BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid) return True; } +#endif /* seem it is not used by anyone */ /******************************************************************* Converts NT user RID to a UNIX uid. ********************************************************************/ -uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid) +static uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid) { return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); } @@ -442,7 +446,7 @@ uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid) converts UNIX uid to an NT User RID. ********************************************************************/ -uint32 fallback_pdb_uid_to_user_rid(uid_t uid) +static uint32 fallback_pdb_uid_to_user_rid(uid_t uid) { return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); } @@ -559,7 +563,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use return True; } - uid = pdb_user_rid_to_uid(rid); + uid = fallback_pdb_user_rid_to_uid(rid); pass = getpwuid_alloc(uid); *psid_name_use = SID_NAME_USER; @@ -683,7 +687,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi pdb_free_sam(&sam_account); if (!found && (pass = Get_Pwnam(user))) { - sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid)); + sid_append_rid( &local_sid, fallback_pdb_uid_to_user_rid(pass->pw_uid)); *psid_name_use = SID_NAME_USER; pdb_free_sam(&sam_account); @@ -745,9 +749,27 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) { extern DOM_SID global_sam_sid; + struct passwd *pass; + SAM_ACCOUNT *sam_user; sid_copy(psid, &global_sam_sid); - sid_append_rid(psid, pdb_uid_to_user_rid(uid)); + + if(!(pass = getpwuid_alloc(uid))) + return NULL; + + if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) + return NULL; + + if (!pdb_getsampwnam(sam_user, pass->pw_name)) { + pdb_free_sam(&sam_user); + return NULL; + } + + passwd_free(&pass); + + sid_append_rid(psid, pdb_get_user_rid(sam_user)); + + pdb_free_sam(&sam_user); return psid; } @@ -764,6 +786,7 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) uint32 rid; fstring str; struct passwd *pass; + SAM_ACCOUNT *sam_user; *name_type = SID_NAME_UNKNOWN; @@ -780,7 +803,19 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) if (!sid_equal(&global_sam_sid, &dom_sid)) return False; - *puid = pdb_user_rid_to_uid(rid); + if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) + return False; + + if (!pdb_getsampwrid(sam_user, rid)) { + pdb_free_sam(&sam_user); + return False; + } + + *puid = pdb_get_uid(sam_user); + if (*puid == -1) + return False; + + pdb_free_sam(&sam_user); /* * Ensure this uid really does exist. diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 2fc04bc3b5..80b268994b 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -121,27 +121,7 @@ static BOOL context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT return context->pdb_selected->delete_sam_account(context, sam_acct); } -static uint32 context_uid_to_user_rid(struct pdb_context *context, uid_t uid) -{ - if ((!context) || (!context->pdb_selected)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return False; - } - - return context->pdb_selected->uid_to_user_rid(context, uid); -} - -static uid_t context_user_rid_to_uid(struct pdb_context *context, uint32 rid) -{ - if ((!context) || (!context->pdb_selected)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return False; - } - - return context->pdb_selected->user_rid_to_uid(context, rid); -} - -static void free_pdb_context(struct pdb_context **context) +static void free_pdb_context(struct pdb_context **context) { if (((*context)->pdb_selected) && ((*context)->pdb_selected->free_private_data)) { (*context)->pdb_selected->free_private_data((*context)->pdb_selected->private_data); @@ -184,8 +164,6 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_add_sam_account = context_add_sam_account; (*context)->pdb_update_sam_account = context_update_sam_account; (*context)->pdb_delete_sam_account = context_delete_sam_account; - (*context)->pdb_uid_to_user_rid = context_uid_to_user_rid; - (*context)->pdb_user_rid_to_uid = context_user_rid_to_uid; (*context)->free_fn = free_pdb_context; @@ -369,28 +347,6 @@ BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct) return pdb_context->pdb_delete_sam_account(pdb_context, sam_acct); } -uid_t pdb_user_rid_to_uid(uint32 rid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return pdb_context->pdb_user_rid_to_uid(pdb_context, rid); -} - -uint32 pdb_uid_to_user_rid(uid_t uid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return pdb_context->pdb_uid_to_user_rid(pdb_context, uid); -} - #endif /* !defined(WITH_NISPLUS_SAM) */ /*************************************************************** diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 4b4ff77eee..a16fb115fc 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -71,6 +71,24 @@ struct ldapsam_privates { static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state); +/******************************************************************* + Converts NT user RID to a UNIX uid. + ********************************************************************/ + +static uid_t pdb_user_rid_to_uid(uint32 user_rid) +{ + return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); +} + +/******************************************************************* + converts UNIX uid to an NT User RID. + ********************************************************************/ + +static uint32 pdb_uid_to_user_rid(uid_t uid) +{ + return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); +} + /******************************************************************* find the ldap password ******************************************************************/ @@ -1498,4 +1516,3 @@ NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method #endif - diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index ce642fa5f5..145e1d4f0c 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -114,6 +114,25 @@ static VOLATILE sig_atomic_t gotalarm; #define NPF_WORKSTATIONS 20 #define NPF_HOURS 21 + +/******************************************************************* + Converts NT user RID to a UNIX uid. + ********************************************************************/ + +static uid_t pdb_user_rid_to_uid(uint32 user_rid) +{ + return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); +} + +/******************************************************************* + converts UNIX uid to an NT User RID. + ********************************************************************/ + +static uint32 pdb_uid_to_user_rid(uid_t uid) +{ + return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); +} + /*************************************************************** Signal function to tell us we timed out. ****************************************************************/ diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 94bab7598e..6f3886a4b5 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -69,6 +69,24 @@ struct smbpasswd_privates enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE }; +/******************************************************************* + Converts NT user RID to a UNIX uid. + ********************************************************************/ + +static uid_t pdb_user_rid_to_uid(uint32 user_rid) +{ + return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); +} + +/******************************************************************* + converts UNIX uid to an NT User RID. + ********************************************************************/ + +static uint32 pdb_uid_to_user_rid(uid_t uid) +{ + return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); +} + /*************************************************************** Lock an fd. Abandon after waitsecs seconds. ****************************************************************/ @@ -1513,25 +1531,6 @@ static BOOL smbpasswd_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_ return True; } -/********************************************************************** - get rid by uid -*********************************************************************/ - -static uint32 smbpasswd_uid_to_rid(struct pdb_context *context, uid_t uid) -{ - return fallback_pdb_uid_to_user_rid(uid); -} - -/********************************************************************** - get uid by rid -*********************************************************************/ - -static uid_t smbpasswd_rid_to_uid(struct pdb_context *context, uint32 rid) -{ - return fallback_pdb_user_rid_to_uid(rid); -} - - static BOOL smbpasswd_add_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sampass) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data; @@ -1605,8 +1604,6 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, (*pdb_method)->add_sam_account = smbpasswd_add_sam_account; (*pdb_method)->update_sam_account = smbpasswd_update_sam_account; (*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account; - (*pdb_method)->uid_to_user_rid = smbpasswd_uid_to_rid; - (*pdb_method)->user_rid_to_uid = smbpasswd_rid_to_uid; /* Setup private data and free function */ diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index b55a74d290..a8edac917e 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -32,8 +32,6 @@ #define USERPREFIX "USER_" #define RIDPREFIX "RID_" -#define BASE_RID 0x200 - struct tdbsam_privates { TDB_CONTEXT *passwd_tdb; TDB_DATA key; @@ -43,8 +41,8 @@ struct tdbsam_privates { BOOL permit_non_unix_accounts; - uint32 low_nua_rid; - uint32 high_nua_rid; +/* uint32 low_nua_rid; + uint32 high_nua_rid; */ }; /********************************************************************** @@ -81,7 +79,7 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, fullname_len, homedir_len, logon_script_len, profile_path_len, acct_desc_len, workstations_len; - uint32 /* uid, gid,*/ user_rid, group_rid, unknown_3, hours_len, unknown_5, unknown_6; + uint32 user_rid, group_rid, unknown_3, hours_len, unknown_5, unknown_6; uint16 acct_ctrl, logon_divs; uint8 *hours; static uint8 *lm_pw_ptr, *nt_pw_ptr; @@ -89,8 +87,10 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, uint32 lmpwlen, ntpwlen, hourslen; BOOL ret = True; BOOL setflag; - gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */ pstring sub_buffer; + struct passwd *pw; + uid_t uid; + gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */ if(sampass == NULL || buf == NULL) { DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n")); @@ -134,22 +134,19 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, goto done; } - if ((tdb_state->permit_non_unix_accounts) - && (user_rid >= tdb_state->low_nua_rid) - && (user_rid <= tdb_state->high_nua_rid)) { - - } else { - struct passwd *pw; - uid_t uid; - /* validate the account and fill in UNIX uid and gid. Standard - * getpwnam() is used instead of Get_Pwnam() as we do not need - * to try case permutations - */ - if (!username || !(pw = getpwnam_alloc(username))) { - DEBUG(0,("tdbsam: getpwnam_alloc(%s) return NULL. User does not exist!\n", username?username:"NULL")); + /* validate the account and fill in UNIX uid and gid. Standard + * getpwnam() is used instead of Get_Pwnam() as we do not need + * to try case permutations + */ + if (!username || !(pw = getpwnam_alloc(username))) { + if (!(tdb_state->permit_non_unix_accounts)) { + DEBUG(0,("tdbsam: getpwnam_alloc(%s) return NULL. User does not exist!\n", username)); ret = False; goto done; } + } + + if (pw) { uid = pw->pw_uid; gid = pw->pw_gid; @@ -650,56 +647,6 @@ static BOOL tdbsam_getsampwrid (struct pdb_context *context, SAM_ACCOUNT *user, return tdbsam_getsampwnam (context, user, name); } -/*************************************************************************** - Search by rid and give back the uid! - **************************************************************************/ - -uid_t tdbsam_rid_to_uid (struct pdb_context *context, uint32 rid) -{ - uid_t ret; - SAM_ACCOUNT *sa; - - if (!NT_STATUS_IS_OK(pdb_init_sam(&sa))) return -1; - if (!tdbsam_getsampwrid (context, sa, rid)) { - ret = -1; - goto done; - } - else { - ret = pdb_get_uid(sa); - } -done: - pdb_free_sam(&sa); - return ret; -} - -/*************************************************************************** - Search by uid and give back the rid! - **************************************************************************/ - -uint32 tdbsam_uid_to_rid (struct pdb_context *context, uid_t uid) -{ - uint32 ret; - char *name; - struct passwd *pw; - SAM_ACCOUNT *sa; - - if (!NT_STATUS_IS_OK(pdb_init_sam(&sa))) return 0; - pw = getpwuid(uid); - if (!pw) return 0; - name = strdup(pw->pw_name); - if (!tdbsam_getsampwnam (context, sa, name)) { - ret = 0; - goto done; - } - else { - ret = pdb_get_user_rid(sa); - } -done: - SAFE_FREE(name); - pdb_free_sam(&sa); - return ret; -} - /*************************************************************************** Delete a SAM_ACCOUNT ****************************************************************************/ @@ -787,7 +734,7 @@ static BOOL tdb_update_sam(struct pdb_context *context, const SAM_ACCOUNT* newpw } /* if flag == TDB_INSERT then make up a new RID else throw an error. */ - if (!pdb_get_user_rid(newpwd)) { + if (!(user_rid = pdb_get_user_rid(newpwd))) { if (flag & TDB_INSERT) { user_rid = BASE_RID; tdb_ret = tdb_change_int32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); @@ -919,8 +866,6 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; - (*pdb_method)->uid_to_user_rid = tdbsam_uid_to_rid; - (*pdb_method)->user_rid_to_uid = tdbsam_rid_to_uid; tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates)); @@ -967,10 +912,10 @@ NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, return NT_STATUS_UNSUCCESSFUL; } - tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid); +/* tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid); tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid); - +*/ return NT_STATUS_OK; } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 542e4796c2..d6aea7cd63 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2719,6 +2719,8 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ fstring alias_sid_str; DOM_SID temp_sid; + SAM_ACCOUNT *sam_user; + BOOL check; /* find the policy handle. open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) @@ -2751,8 +2753,40 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ return NT_STATUS_NO_MEMORY; for (i = 0; i < num_uids; i++) { + struct passwd *pass; + uint32 rid; + sid_copy(&temp_sid, &global_sam_sid); - sid_append_rid(&temp_sid, pdb_uid_to_user_rid(uid[i])); + + pass = getpwuid_alloc(uid[i]); + if (!pass) continue; + + if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) { + passwd_free(&pass); + continue; + } + + become_root(); + check = pdb_getsampwnam(sam_user, pass->pw_name); + unbecome_root(); + + if (check != True) { + pdb_free_sam(&sam_user); + passwd_free(&pass); + continue; + } + + rid = pdb_get_user_rid(sam_user); + if (rid == 0) { + pdb_free_sam(&sam_user); + passwd_free(&pass); + continue; + } + + pdb_free_sam(&sam_user); + passwd_free(&pass); + + sid_append_rid(&temp_sid, rid); init_dom_sid2(&sid[i], &temp_sid); } @@ -2781,6 +2815,9 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ uint32 *rid=NULL; uint32 *attr=NULL; + SAM_ACCOUNT *sam_user; + BOOL check; + /* find the policy handle. open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid)) @@ -2812,7 +2849,38 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ return NT_STATUS_NO_MEMORY; for (i=0; ipw_name); + unbecome_root(); + + if (check != True) { + pdb_free_sam(&sam_user); + passwd_free(&pass); + continue; + } + + urid = pdb_get_user_rid(sam_user); + if (urid == 0) { + pdb_free_sam(&sam_user); + passwd_free(&pass); + continue; + } + + pdb_free_sam(&sam_user); + passwd_free(&pass); + + rid[i] = urid; attr[i] = SID_NAME_USER; } @@ -2867,16 +2935,18 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD if (NT_STATUS_IS_ERR(ret)) return ret; - become_root(); check = pdb_getsampwrid(sam_user, rid); - unbecome_root(); - if (check != True) + if (check != True) { + pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; + } uid = pdb_get_uid(sam_user); - if (uid == -1) + if (uid == -1) { + pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; + } pdb_free_sam(&sam_user); @@ -3006,16 +3076,18 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD if (NT_STATUS_IS_ERR(ret)) return ret; - become_root(); check = pdb_getsampwrid(sam_user, q_u->rid); - unbecome_root(); - if (check != True) + if (check != True) { + pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; + } uid = pdb_get_uid(sam_user); - if (uid == -1) + if (uid == -1) { + pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; + } pdb_free_sam(&sam_user); diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 71abcc74ee..1fb1f2355b 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -305,6 +305,8 @@ static int new_machine (char *machinename) pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST); + pdb_set_group_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS); + if (pdb_add_sam_account (sam_pwent)) { print_user_info (name, True, False); } else { -- cgit