From a27a0e01e2f0c48a4a8d84b17693390a268310f8 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 26 May 2002 19:11:52 +0000 Subject: change: pdb_getsampwrid() ->pdb_getsampwsid() passdb interface change, now the passdb modules will be asked for SID not for rid, the modules have been updated with a passthrough function that calls the old getsampwrid() functions. srv_samr_nt.c functions that made use of the pdb_getsampwrid funcion has been updated to use the SID one. (This used to be commit f5c6496c33fa7f5c2826540ffb4a49d8a5790fb3) --- source3/include/passdb.h | 4 +- source3/passdb/passdb.c | 4 +- source3/passdb/pdb_interface.c | 10 +-- source3/passdb/pdb_ldap.c | 9 ++- source3/passdb/pdb_nisplus.c | 10 ++- source3/passdb/pdb_smbpasswd.c | 10 ++- source3/passdb/pdb_tdb.c | 11 +++- source3/passdb/pdb_unix.c | 9 ++- source3/rpc_server/srv_samr_nt.c | 135 +++++++++++++++++---------------------- source3/rpc_server/srv_util.c | 8 ++- 10 files changed, 115 insertions(+), 95 deletions(-) diff --git a/source3/include/passdb.h b/source3/include/passdb.h index e7f16bad57..bd1d1e159b 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -43,7 +43,7 @@ typedef struct pdb_context BOOL (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username); - BOOL (*pdb_getsampwrid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, uint32 rid); + BOOL (*pdb_getsampwsid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, DOM_SID *sid); BOOL (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass); @@ -74,7 +74,7 @@ typedef struct pdb_methods BOOL (*getsampwnam)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const char *username); - BOOL (*getsampwrid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, uint32 rid); + BOOL (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, DOM_SID *Sid); BOOL (*add_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass); diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 32d6731a9e..aa7672731a 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -618,7 +618,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use } /* This now does the 'generic' mapping in pdb_unix */ - if (pdb_getsampwrid(sam_account, rid)) { + if (pdb_getsampwsid(sam_account, sid)) { fstrcpy(name, pdb_get_username(sam_account)); *psid_name_use = SID_NAME_USER; @@ -852,7 +852,7 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) return False; - if (pdb_getsampwrid(sam_user, rid)) { + if (pdb_getsampwsid(sam_user, psid)) { *puid = pdb_get_uid(sam_user); if (*puid == -1) { pdb_free_sam(&sam_user); diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index e57944cda7..d8f69e56b1 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -122,7 +122,7 @@ static BOOL context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_ac return False; } -static BOOL context_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, uint32 rid) +static BOOL context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, DOM_SID *sid) { struct pdb_methods *curmethods; if ((!context)) { @@ -133,7 +133,7 @@ static BOOL context_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_ac curmethods = context->pdb_methods; while (curmethods){ - if (curmethods->getsampwrid && curmethods->getsampwrid(curmethods, sam_acct, rid) == True){ + if (curmethods->getsampwsid && curmethods->getsampwsid(curmethods, sam_acct, sid) == True){ sam_acct->methods = curmethods; return True; } @@ -299,7 +299,7 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_endsampwent = context_endsampwent; (*context)->pdb_getsampwent = context_getsampwent; (*context)->pdb_getsampwnam = context_getsampwnam; - (*context)->pdb_getsampwrid = context_getsampwrid; + (*context)->pdb_getsampwsid = context_getsampwsid; (*context)->pdb_add_sam_account = context_add_sam_account; (*context)->pdb_update_sam_account = context_update_sam_account; (*context)->pdb_delete_sam_account = context_delete_sam_account; @@ -431,7 +431,7 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username) return pdb_context->pdb_getsampwnam(pdb_context, sam_acct, username); } -BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct, uint32 rid) +BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, DOM_SID *sid) { struct pdb_context *pdb_context = pdb_get_static_context(False); @@ -439,7 +439,7 @@ BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct, uint32 rid) return False; } - return pdb_context->pdb_getsampwrid(pdb_context, sam_acct, rid); + return pdb_context->pdb_getsampwsid(pdb_context, sam_acct, sid); } BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct) diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 70f130c0a3..28c08e0f63 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1270,6 +1270,13 @@ static BOOL ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT * us } } +static BOOL ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + sid_peek_rid(sid, &rid); + return ldapsam_getsampwrid(my_methods, user, rid); +} + /********************************************************************** Delete entry from LDAP for username *********************************************************************/ @@ -1537,7 +1544,7 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co (*pdb_method)->endsampwent = ldapsam_endsampwent; (*pdb_method)->getsampwent = ldapsam_getsampwent; (*pdb_method)->getsampwnam = ldapsam_getsampwnam; - (*pdb_method)->getsampwrid = ldapsam_getsampwrid; + (*pdb_method)->getsampwsid = ldapsam_getsampwsid; (*pdb_method)->add_sam_account = ldapsam_add_sam_account; (*pdb_method)->update_sam_account = ldapsam_update_sam_account; (*pdb_method)->delete_sam_account = ldapsam_delete_sam_account; diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 145e1d4f0c..0c4c2c5bb3 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -1030,7 +1030,15 @@ BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname) /************************************************************************* Routine to search the nisplus passwd file for an entry matching the username *************************************************************************/ -BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid) + +BOOL pdb_getsampwsid(SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + sid_peek_rid(sid, &rid); + return pdb_getsampwrid(user, rid); +} + +static BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid) { nis_result *result; char *nisname; diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index f6214220ea..a6bd66eace 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1411,7 +1411,6 @@ static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *s return True; } - static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct,uint32 rid) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; @@ -1456,6 +1455,13 @@ static BOOL smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *s return True; } +static BOOL smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + sid_peek_rid(sid, &rid); + return smbpasswd_getsampwrid(my_methods, user, rid); +} + static BOOL smbpasswd_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; @@ -1529,7 +1535,7 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, (*pdb_method)->endsampwent = smbpasswd_endsampwent; (*pdb_method)->getsampwent = smbpasswd_getsampwent; (*pdb_method)->getsampwnam = smbpasswd_getsampwnam; - (*pdb_method)->getsampwrid = smbpasswd_getsampwrid; + (*pdb_method)->getsampwsid = smbpasswd_getsampwsid; (*pdb_method)->add_sam_account = smbpasswd_add_sam_account; (*pdb_method)->update_sam_account = smbpasswd_update_sam_account; (*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account; diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index cda9d68c10..2341210e39 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -277,7 +277,7 @@ done: Intialize a BYTE buffer from a SAM_ACCOUNT struct *********************************************************************/ static uint32 init_buffer_from_sam (struct tdbsam_privates *tdb_state, - uint8 **buf, SAM_ACCOUNT *sampass) + uint8 **buf, const SAM_ACCOUNT *sampass) { size_t len, buflen; @@ -668,6 +668,13 @@ static BOOL tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT *use return tdbsam_getsampwnam (my_methods, user, name); } +static BOOL tdbsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + sid_peek_rid(sid, &rid); + return tdbsam_getsampwrid(my_methods, user, rid); +} + /*************************************************************************** Delete a SAM_ACCOUNT ****************************************************************************/ @@ -910,7 +917,7 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con (*pdb_method)->endsampwent = tdbsam_endsampwent; (*pdb_method)->getsampwent = tdbsam_getsampwent; (*pdb_method)->getsampwnam = tdbsam_getsampwnam; - (*pdb_method)->getsampwrid = tdbsam_getsampwrid; + (*pdb_method)->getsampwsid = tdbsam_getsampwsid; (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c index 1c0ede76d3..85ff5bd933 100644 --- a/source3/passdb/pdb_unix.c +++ b/source3/passdb/pdb_unix.c @@ -65,6 +65,13 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods, return ret; } +static BOOL unixsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, DOM_SID *sid) +{ + uint32 rid; + sid_peek_rid(sid, &rid); + return unixsam_getsampwrid(my_methods, user, rid); +} + /*************************************************************************** Adds an existing SAM_ACCOUNT ****************************************************************************/ @@ -109,7 +116,7 @@ NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co (*pdb_method)->endsampwent = NULL; (*pdb_method)->getsampwent = NULL; (*pdb_method)->getsampwnam = unixsam_getsampwnam; - (*pdb_method)->getsampwrid = unixsam_getsampwrid; + (*pdb_method)->getsampwsid = unixsam_getsampwsid; (*pdb_method)->add_sam_account = unixsam_add_sam_account; (*pdb_method)->update_sam_account = unixsam_update_sam_account; (*pdb_method)->delete_sam_account = NULL; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index c889581fae..7c16bc7128 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1390,7 +1390,6 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN SAM_ACCOUNT *sampass=NULL; DOM_SID sid; POLICY_HND domain_pol = q_u->domain_pol; - uint32 user_rid = q_u->user_rid; POLICY_HND *user_pol = &r_u->user_pol; struct samr_info *info = NULL; BOOL ret; @@ -1401,13 +1400,21 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN if (!find_policy_by_hnd(p, &domain_pol, NULL)) return NT_STATUS_INVALID_HANDLE; + /* Get the domain SID stored in the domain policy */ + if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid)) + return NT_STATUS_INVALID_HANDLE; + + /* append the user's RID to it */ + if(!sid_append_rid(&sid, q_u->user_rid)) + return NT_STATUS_NO_SUCH_USER; + pdb_init_sam(&sampass); become_root(); - ret=pdb_getsampwrid(sampass, user_rid); + ret=pdb_getsampwsid(sampass, &sid); unbecome_root(); - /* check that the RID exists in our domain. */ + /* check that the SID exists in our domain. */ if (ret == False) { pdb_free_sam(&sampass); return NT_STATUS_NO_SUCH_USER; @@ -1415,14 +1422,6 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN pdb_free_sam(&sampass); - /* Get the domain SID stored in the domain policy */ - if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid)) - return NT_STATUS_INVALID_HANDLE; - - /* append the user's RID to it */ - if(!sid_append_rid(&sid, user_rid)) - return NT_STATUS_NO_SUCH_USER; - /* associate the user's SID with the new handle. */ if ((info = get_samr_info_by_sid(&sid)) == NULL) return NT_STATUS_NO_MEMORY; @@ -1438,7 +1437,7 @@ NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN get_user_info_10. Safe. Only gives out acb bits. *************************************************************************/ -static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) +static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, DOM_SID *user_sid) { SAM_ACCOUNT *smbpass=NULL; BOOL ret; @@ -1446,11 +1445,11 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) pdb_init_sam(&smbpass); become_root(); - ret = pdb_getsampwrid(smbpass, user_rid); + ret = pdb_getsampwsid(smbpass, user_sid); unbecome_root(); if (ret==False) { - DEBUG(4,("User 0x%x not found\n", user_rid)); + DEBUG(4,("User %s not found\n", sid_string_static(user_sid))); pdb_free_sam(&smbpass); return False; } @@ -1471,7 +1470,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) user. JRA. *************************************************************************/ -static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint32 user_rid) +static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, DOM_SID *user_sid) { SAM_ACCOUNT *smbpass=NULL; BOOL ret; @@ -1487,10 +1486,10 @@ static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint3 */ pdb_init_sam(&smbpass); - ret = pdb_getsampwrid(smbpass, user_rid); + ret = pdb_getsampwsid(smbpass, user_sid); if (ret == False) { - DEBUG(4, ("User 0x%x not found\n", user_rid)); + DEBUG(4, ("User %s not found\n", sid_string_static(user_sid))); pdb_free_sam(&smbpass); return (geteuid() == (uid_t)0) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED; } @@ -1514,7 +1513,7 @@ static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint3 get_user_info_20 *************************************************************************/ -static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid) +static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, DOM_SID *user_sid) { SAM_ACCOUNT *sampass=NULL; BOOL ret; @@ -1522,11 +1521,11 @@ static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid) pdb_init_sam(&sampass); become_root(); - ret = pdb_getsampwrid(sampass, user_rid); + ret = pdb_getsampwsid(sampass, user_sid); unbecome_root(); if (ret == False) { - DEBUG(4,("User 0x%x not found\n", user_rid)); + DEBUG(4,("User %s not found\n", sid_string_static(user_sid))); pdb_free_sam(&sampass); return False; } @@ -1547,7 +1546,7 @@ static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid) get_user_info_21 *************************************************************************/ -static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) +static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, DOM_SID *user_sid) { SAM_ACCOUNT *sampass=NULL; BOOL ret; @@ -1555,11 +1554,11 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) pdb_init_sam(&sampass); become_root(); - ret = pdb_getsampwrid(sampass, user_rid); + ret = pdb_getsampwsid(sampass, user_sid); unbecome_root(); if (ret == False) { - DEBUG(4,("User 0x%x not found\n", user_rid)); + DEBUG(4,("User %s not found\n", sid_string_static(user_sid))); pdb_free_sam(&sampass); return False; } @@ -1583,7 +1582,6 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_QUERY_USERINFO *r_u) { SAM_USERINFO_CTR *ctr; - uint32 rid = 0; struct samr_info *info = NULL; r_u->status=NT_STATUS_OK; @@ -1595,9 +1593,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ if (!sid_check_is_in_our_domain(&info->sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; - sid_peek_rid(&info->sid, &rid); - - DEBUG(5,("_samr_query_userinfo: rid:0x%x\n", rid)); + DEBUG(5,("_samr_query_userinfo: sid:%s\n", sid_string_static(&info->sid))); ctr = (SAM_USERINFO_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_USERINFO_CTR)); if (!ctr) @@ -1614,7 +1610,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ if (ctr->info.id10 == NULL) return NT_STATUS_NO_MEMORY; - if (!get_user_info_10(ctr->info.id10, rid)) + if (!get_user_info_10(ctr->info.id10, &info->sid)) return NT_STATUS_NO_SUCH_USER; break; @@ -1649,7 +1645,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ if (ctr->info.id12 == NULL) return NT_STATUS_NO_MEMORY; - if (NT_STATUS_IS_ERR(r_u->status = get_user_info_12(p, ctr->info.id12, rid))) + if (NT_STATUS_IS_ERR(r_u->status = get_user_info_12(p, ctr->info.id12, &info->sid))) return r_u->status; break; @@ -1657,7 +1653,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ ctr->info.id20 = (SAM_USER_INFO_20 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_20)); if (ctr->info.id20 == NULL) return NT_STATUS_NO_MEMORY; - if (!get_user_info_20(ctr->info.id20, rid)) + if (!get_user_info_20(ctr->info.id20, &info->sid)) return NT_STATUS_NO_SUCH_USER; break; @@ -1665,7 +1661,7 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ ctr->info.id21 = (SAM_USER_INFO_21 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_21)); if (ctr->info.id21 == NULL) return NT_STATUS_NO_MEMORY; - if (!get_user_info_21(ctr->info.id21, rid)) + if (!get_user_info_21(ctr->info.id21, &info->sid)) return NT_STATUS_NO_SUCH_USER; break; @@ -1689,7 +1685,6 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S SAM_ACCOUNT *sam_pass=NULL; DOM_GID *gids = NULL; int num_groups = 0; - uint32 rid; struct samr_info *info = NULL; BOOL ret; @@ -1716,12 +1711,10 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S if (!sid_check_is_in_our_domain(&info->sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; - sid_peek_rid(&info->sid, &rid); - pdb_init_sam(&sam_pass); become_root(); - ret = pdb_getsampwrid(sam_pass, rid); + ret = pdb_getsampwsid(sam_pass, &info->sid); unbecome_root(); if (ret == False) { @@ -2223,14 +2216,14 @@ NTSTATUS _api_samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OP set_user_info_10 ********************************************************************/ -static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) +static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, DOM_SID *sid) { SAM_ACCOUNT *pwd =NULL; BOOL ret; pdb_init_sam(&pwd); - ret = pdb_getsampwrid(pwd, rid); + ret = pdb_getsampwsid(pwd, sid); if(ret==False) { pdb_free_sam(&pwd); @@ -2262,13 +2255,13 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) set_user_info_12 ********************************************************************/ -static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid) +static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, DOM_SID *sid) { SAM_ACCOUNT *pwd = NULL; pdb_init_sam(&pwd); - if(!pdb_getsampwrid(pwd, rid)) { + if(!pdb_getsampwsid(pwd, sid)) { pdb_free_sam(&pwd); return False; } @@ -2305,7 +2298,7 @@ static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid) set_user_info_21 ********************************************************************/ -static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) +static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, DOM_SID *sid) { SAM_ACCOUNT *pwd = NULL; @@ -2316,7 +2309,7 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) pdb_init_sam(&pwd); - if (!pdb_getsampwrid(pwd, rid)) { + if (!pdb_getsampwsid(pwd, sid)) { pdb_free_sam(&pwd); return False; } @@ -2345,7 +2338,7 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) set_user_info_23 ********************************************************************/ -static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) +static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid) { SAM_ACCOUNT *pwd = NULL; pstring plaintext_buf; @@ -2359,7 +2352,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) pdb_init_sam(&pwd); - if (!pdb_getsampwrid(pwd, rid)) { + if (!pdb_getsampwsid(pwd, sid)) { pdb_free_sam(&pwd); return False; } @@ -2412,7 +2405,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) set_user_info_pw ********************************************************************/ -static BOOL set_user_info_pw(char *pass, uint32 rid) +static BOOL set_user_info_pw(char *pass, DOM_SID *sid) { SAM_ACCOUNT *pwd = NULL; uint32 len; @@ -2421,7 +2414,7 @@ static BOOL set_user_info_pw(char *pass, uint32 rid) pdb_init_sam(&pwd); - if (!pdb_getsampwrid(pwd, rid)) { + if (!pdb_getsampwsid(pwd, sid)) { pdb_free_sam(&pwd); return False; } @@ -2480,7 +2473,6 @@ static BOOL set_user_info_pw(char *pass, uint32 rid) NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_USERINFO *r_u) { - uint32 rid = 0x0; DOM_SID sid; POLICY_HND *pol = &q_u->pol; uint16 switch_value = q_u->switch_value; @@ -2494,9 +2486,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE if (!get_lsa_policy_samr_sid(p, pol, &sid)) return NT_STATUS_INVALID_HANDLE; - sid_split_rid(&sid, &rid); - - DEBUG(5, ("_samr_set_userinfo: rid:0x%x, level:%d\n", rid, switch_value)); + DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n", sid_string_static(&sid), switch_value)); if (ctr == NULL) { DEBUG(5, ("_samr_set_userinfo: NULL info level\n")); @@ -2506,7 +2496,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { case 0x12: - if (!set_user_info_12(ctr->info.id12, rid)) + if (!set_user_info_12(ctr->info.id12, &sid)) return NT_STATUS_ACCESS_DENIED; break; @@ -2515,7 +2505,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE dump_data(100, (char *)ctr->info.id24->pass, 516); - if (!set_user_info_pw((char *)ctr->info.id24->pass, rid)) + if (!set_user_info_pw((char *)ctr->info.id24->pass, &sid)) return NT_STATUS_ACCESS_DENIED; break; @@ -2533,7 +2523,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE dump_data(100, (char *)ctr->info.id25->pass, 532); - if (!set_user_info_pw(ctr->info.id25->pass, rid)) + if (!set_user_info_pw(ctr->info.id25->pass, &sid)) return NT_STATUS_ACCESS_DENIED; break; #endif @@ -2544,7 +2534,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE dump_data(100, (char *)ctr->info.id23->pass, 516); - if (!set_user_info_23(ctr->info.id23, rid)) + if (!set_user_info_23(ctr->info.id23, &sid)) return NT_STATUS_ACCESS_DENIED; break; @@ -2562,7 +2552,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SET_USERINFO2 *r_u) { DOM_SID sid; - uint32 rid = 0x0; SAM_USERINFO_CTR *ctr = q_u->ctr; POLICY_HND *pol = &q_u->pol; uint16 switch_value = q_u->switch_value; @@ -2575,9 +2564,7 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ if (!get_lsa_policy_samr_sid(p, pol, &sid)) return NT_STATUS_INVALID_HANDLE; - sid_split_rid(&sid, &rid); - - DEBUG(5, ("samr_reply_set_userinfo2: rid:0x%x\n", rid)); + DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n", sid_string_static(&sid))); if (ctr == NULL) { DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n")); @@ -2589,16 +2576,16 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { case 21: - if (!set_user_info_21(ctr->info.id21, rid)) + if (!set_user_info_21(ctr->info.id21, &sid)) return NT_STATUS_ACCESS_DENIED; break; case 16: - if (!set_user_info_10(ctr->info.id10, rid)) + if (!set_user_info_10(ctr->info.id10, &sid)) return NT_STATUS_ACCESS_DENIED; break; case 18: /* Used by AS/U JRA. */ - if (!set_user_info_12(ctr->info.id12, rid)) + if (!set_user_info_12(ctr->info.id12, &sid)) return NT_STATUS_ACCESS_DENIED; break; default: @@ -2886,7 +2873,6 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD struct passwd *pwd; struct group *grp; fstring grp_name; - uint32 rid; GROUP_MAP map; NTSTATUS ret; SAM_ACCOUNT *sam_user = NULL; @@ -2914,13 +2900,11 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD return NT_STATUS_NO_SUCH_ALIAS; } - sid_split_rid(&q_u->sid.sid, &rid); - ret = pdb_init_sam(&sam_user); if (NT_STATUS_IS_ERR(ret)) return ret; - check = pdb_getsampwrid(sam_user, rid); + check = pdb_getsampwsid(sam_user, &q_u->sid.sid); if (check != True) { pdb_free_sam(&sam_user); @@ -2974,7 +2958,6 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE fstring alias_sid_str; struct group *grp; fstring grp_name; - uint32 rid; GROUP_MAP map; SAM_ACCOUNT *sam_pass=NULL; @@ -3000,11 +2983,9 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE /* we need to copy the name otherwise it's overloaded in user_in_group_list */ fstrcpy(grp_name, grp->gr_name); - sid_peek_rid(&q_u->sid.sid, &rid); - /* check if the user exists before trying to remove it from the group */ pdb_init_sam(&sam_pass); - if(!pdb_getsampwrid(sam_pass, rid)) { + if(!pdb_getsampwsid(sam_pass, &q_u->sid.sid)) { DEBUG(5,("_samr_del_aliasmem:User %s doesn't exist.\n", pdb_get_username(sam_pass))); pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; @@ -3035,6 +3016,7 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_ADD_GROUPMEM *r_u) { DOM_SID group_sid; + DOM_SID user_sid; fstring group_sid_str; struct passwd *pwd; struct group *grp; @@ -3060,11 +3042,14 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_GROUP; + sid_copy(&user_sid, &global_sam_sid); + sid_append_rid(&user_sid, q_u->rid); + ret = pdb_init_sam(&sam_user); if (NT_STATUS_IS_ERR(ret)) return ret; - check = pdb_getsampwrid(sam_user, q_u->rid); + check = pdb_getsampwsid(sam_user, &user_sid); if (check != True) { pdb_free_sam(&sam_user); @@ -3117,8 +3102,8 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DEL_GROUPMEM *r_u) { DOM_SID group_sid; + DOM_SID user_sid; SAM_ACCOUNT *sam_pass=NULL; - uint32 rid; GROUP_MAP map; fstring grp_name; struct group *grp; @@ -3136,7 +3121,8 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE if(!sid_check_is_in_our_domain(&group_sid)) return NT_STATUS_NO_SUCH_GROUP; - rid=q_u->rid; + sid_copy(&user_sid, &global_sam_sid); + sid_append_rid(&user_sid, q_u->rid); if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_GROUP; @@ -3149,7 +3135,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE /* check if the user exists before trying to remove it from the group */ pdb_init_sam(&sam_pass); - if(!pdb_getsampwrid(sam_pass, rid)) { + if(!pdb_getsampwsid(sam_pass, &user_sid)) { DEBUG(5,("User %s doesn't exist.\n", pdb_get_username(sam_pass))); pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; @@ -3200,7 +3186,6 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM { DOM_SID user_sid; SAM_ACCOUNT *sam_pass=NULL; - uint32 rid; DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__)); @@ -3211,11 +3196,9 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM if (!sid_check_is_in_our_domain(&user_sid)) return NT_STATUS_CANNOT_DELETE; - sid_peek_rid(&user_sid, &rid); - /* check if the user exists before trying to delete */ pdb_init_sam(&sam_pass); - if(!pdb_getsampwrid(sam_pass, rid)) { + if(!pdb_getsampwsid(sam_pass, &user_sid)) { DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", pdb_get_username(sam_pass))); pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 53bbebb95e..af653ba0e8 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -114,11 +114,9 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid))); - sid_peek_rid(q_sid, &rid); - pdb_init_sam(&sam_pass); become_root(); - ret = pdb_getsampwrid(sam_pass, rid); + ret = pdb_getsampwsid(sam_pass, q_sid); unbecome_root(); if (ret == False) { pdb_free_sam(&sam_pass); @@ -404,6 +402,8 @@ NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type) return NT_STATUS_NONE_MAPPED; } + +#if 0 /*Nobody uses this function just now*/ /******************************************************************* Look up a local user rid and return a name and type. ********************************************************************/ @@ -448,6 +448,8 @@ NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type) return NT_STATUS_NONE_MAPPED; } +#endif + /******************************************************************* Look up a local (domain) group name and return a rid ********************************************************************/ -- cgit