From 3eeb40f9b54a4a48a4860a498991fd78274b44cf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 7 May 2003 08:21:06 +0000
Subject: Set our 'global sam name' in one place.  For domain controllers, this
 is lp_workgroup(), for all other server this is global_myname().

This is the name of the domain for accounts on *this* system, and getting
this wrong caused interesting bugs with 'take ownership' on member servers
and standalone servers at Snap.

(They lookup the username that they got, then convert that to a SID - but
becouse the domain out of the smbpasswd entry was wrong, we would fail the
lookup).

Andrew Bartlett
(This used to be commit 5fc78eba20411f3f5a8ccadfcba5c4ab73180dba)
---
 source3/passdb/passdb.c          | 14 ++++++++------
 source3/passdb/pdb_ldap.c        |  2 +-
 source3/passdb/pdb_smbpasswd.c   |  2 +-
 source3/rpc_server/srv_lsa_nt.c  | 23 ++++-------------------
 source3/rpc_server/srv_samr_nt.c |  9 +--------
 5 files changed, 15 insertions(+), 35 deletions(-)

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index bbccb86d82..c3afcbc7d9 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -26,11 +26,13 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
 
-/*
- * This is set on startup - it defines the SID for this
- * machine, and therefore the SAM database for which it is
- * responsible.
- */
+const char *get_global_sam_name() 
+{
+	if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
+		return lp_workgroup();
+	}
+	return global_myname();
+}
 
 /************************************************************
  Fill the SAM_ACCOUNT with default values.
@@ -182,7 +184,7 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
 
 	pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET);
 
-	pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT);
+	pdb_set_domain (sam_account, get_global_sam_name(), PDB_DEFAULT);
 
 	pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET);
 	pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET);
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 4abc7b569c..021b2e621e 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -3144,7 +3144,7 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met
 		ldap_state->uri = "ldap://localhost";
 	}
 
-	ldap_state->domain_name = talloc_strdup(pdb_context->mem_ctx, lp_workgroup());
+	ldap_state->domain_name = talloc_strdup(pdb_context->mem_ctx, get_global_sam_name());
 	if (!ldap_state->domain_name) {
 		return NT_STATUS_NO_MEMORY;
 	}
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index cd66cf269c..cfbb37ce91 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1215,7 +1215,7 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
 			*/
 			pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS, PDB_SET); 
 			pdb_set_username (sam_pass, pw_buf->smb_name, PDB_SET);
-			pdb_set_domain (sam_pass, lp_workgroup(), PDB_DEFAULT);
+			pdb_set_domain (sam_pass, get_global_sam_name(), PDB_DEFAULT);
 			
 		} else {
 			DEBUG(0,("build_sam_account: smbpasswd database is corrupt!  username %s with uid %u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid));
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index e7e13d7a84..2a24d7faa5 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -547,7 +547,7 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
 		switch (lp_server_role()) {
 			case ROLE_DOMAIN_PDC:
 			case ROLE_DOMAIN_BDC:
-				name = lp_workgroup();
+				name = get_global_sam_name();
 				sid = get_global_sam_sid();
 				break;
 			case ROLE_DOMAIN_MEMBER:
@@ -573,23 +573,8 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
 			return NT_STATUS_ACCESS_DENIED;
 
 		/* Request PolicyAccountDomainInformation. */
-		switch (lp_server_role()) {
-			case ROLE_DOMAIN_PDC:
-			case ROLE_DOMAIN_BDC:
-				name = lp_workgroup();
-				sid = get_global_sam_sid();
-				break;
-			case ROLE_DOMAIN_MEMBER:
-				name = global_myname();
-				sid = get_global_sam_sid();
-				break;
-			case ROLE_STANDALONE:
-				name = global_myname();
-				sid = get_global_sam_sid();
-				break;
-			default:
-				return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-		}
+		name = get_global_sam_name();
+		sid = get_global_sam_sid();
 		init_dom_query(&r_u->dom.id5, name, sid);
 		break;
 	case 0x06:
@@ -1240,7 +1225,7 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
 		switch (lp_server_role()) {
 			case ROLE_DOMAIN_PDC:
 			case ROLE_DOMAIN_BDC:
-				nb_name = lp_workgroup();
+				nb_name = get_global_sam_name();
 				/* ugly temp hack for these next two */
 
 				/* This should be a 'netbios domain -> DNS domain' mapping */
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 62d5f8ab0c..970756d47c 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2575,14 +2575,7 @@ NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_EN
 		return r_u->status;
 	}
 
-	switch (lp_server_role()) {
-	case ROLE_DOMAIN_PDC:
-	case ROLE_DOMAIN_BDC:
-		name = lp_workgroup();
-		break;
-	default:
-		name = global_myname();
-	}
+	name = get_global_sam_name();
 
 	fstrcpy(dom[0],name);
 	strupper(dom[0]);
-- 
cgit