From adc31b9235f70d06d2739b38867dc0fadb33d082 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 14 Dec 2007 07:47:07 +0100 Subject: Revert "Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames." As it breaks all tests which try to join a new machine account. So more testing is needed... metze This reverts commit dd320c0924ce393a89b1cab020fd5cffc5b80380. (This used to be commit cccb80b7b7980fbe1298ce266375e51bacb4a425) --- source3/passdb/lookup_sid.c | 45 ++++++++++++----------------------------- source3/rpc_server/srv_lsa_nt.c | 37 +++++++++------------------------ 2 files changed, 22 insertions(+), 60 deletions(-) diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 54db14fbfe..bb54959e96 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -59,19 +59,16 @@ bool lookup_name(TALLOC_CTX *mem_ctx, name = talloc_strdup(tmp_ctx, full_name); } + DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n", + full_name, domain, name)); + if ((domain == NULL) || (name == NULL)) { DEBUG(0, ("talloc failed\n")); TALLOC_FREE(tmp_ctx); return false; } - DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n", - full_name, domain, name)); - DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags)); - - if ((flags & LOOKUP_NAME_DOMAIN) && - strequal(domain, get_global_sam_name())) - { + if (strequal(domain, get_global_sam_name())) { /* It's our own domain, lookup the name in passdb */ if (lookup_global_sam_name(name, flags, &rid, &type)) { @@ -83,9 +80,8 @@ bool lookup_name(TALLOC_CTX *mem_ctx, return false; } - if ((flags & LOOKUP_NAME_BUILTIN) && - strequal(domain, builtin_domain_name())) - { + if (strequal(domain, builtin_domain_name())) { + /* Explicit request for a name in BUILTIN */ if (lookup_builtin_name(name, &rid)) { sid_copy(&sid, &global_sid_Builtin); @@ -101,7 +97,6 @@ bool lookup_name(TALLOC_CTX *mem_ctx, * domain yet at this point yet. This comes later. */ if ((domain[0] != '\0') && - (flags & ~(LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED)) && (winbind_lookup_name(domain, name, &sid, &type))) { goto ok; } @@ -136,18 +131,14 @@ bool lookup_name(TALLOC_CTX *mem_ctx, /* 1. well-known names */ - if ((flags & LOOKUP_NAME_WKN) && - lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) - { + if (lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) { type = SID_NAME_WKN_GRP; goto ok; } /* 2. Builtin domain as such */ - if ((flags & (LOOKUP_NAME_BUILTIN|LOOKUP_NAME_REMOTE)) && - strequal(name, builtin_domain_name())) - { + if (strequal(name, builtin_domain_name())) { /* Swap domain and name */ tmp = name; name = domain; domain = tmp; sid_copy(&sid, &global_sid_Builtin); @@ -157,9 +148,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, /* 3. Account domain */ - if ((flags & LOOKUP_NAME_DOMAIN) && - strequal(name, get_global_sam_name())) - { + if (strequal(name, get_global_sam_name())) { if (!secrets_fetch_domain_sid(name, &sid)) { DEBUG(3, ("Could not fetch my SID\n")); TALLOC_FREE(tmp_ctx); @@ -173,9 +162,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, /* 4. Primary domain */ - if ((flags & LOOKUP_NAME_DOMAIN) && !IS_DC && - strequal(name, lp_workgroup())) - { + if (!IS_DC && strequal(name, lp_workgroup())) { if (!secrets_fetch_domain_sid(name, &sid)) { DEBUG(3, ("Could not fetch the domain SID\n")); TALLOC_FREE(tmp_ctx); @@ -190,9 +177,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, /* 5. Trusted domains as such, to me it looks as if members don't do this, tested an XP workstation in a NT domain -- vl */ - if ((flags & LOOKUP_NAME_REMOTE) && IS_DC && - (secrets_fetch_trusted_domain_password(name, NULL, &sid, NULL))) - { + if (IS_DC && (pdb_get_trusteddom_pw(name, NULL, &sid, NULL))) { /* Swap domain and name */ tmp = name; name = domain; domain = tmp; type = SID_NAME_DOMAIN; @@ -201,9 +186,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, /* 6. Builtin aliases */ - if ((flags & LOOKUP_NAME_BUILTIN) && - lookup_builtin_name(name, &rid)) - { + if (lookup_builtin_name(name, &rid)) { domain = talloc_strdup(tmp_ctx, builtin_domain_name()); sid_copy(&sid, &global_sid_Builtin); sid_append_rid(&sid, rid); @@ -216,9 +199,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, /* Both cases are done by looking at our passdb */ - if ((flags & LOOKUP_NAME_DOMAIN) && - lookup_global_sam_name(name, flags, &rid, &type)) - { + if (lookup_global_sam_name(name, flags, &rid, &type)) { domain = talloc_strdup(tmp_ctx, get_global_sam_name()); sid_copy(&sid, get_global_sam_sid()); sid_append_rid(&sid, rid); diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index c5f0c7b6ab..20655082a5 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1035,31 +1035,6 @@ NTSTATUS _lsa_lookup_sids3(pipes_struct *p, return r_u->status; } -static int lsa_lookup_level_to_flags(uint16 level) -{ - int flags; - - switch (level) { - case 1: - flags = LOOKUP_NAME_ALL; - break; - case 2: - flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_REMOTE|LOOKUP_NAME_ISOLATED; - break; - case 3: - flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED; - break; - case 4: - case 5: - case 6: - default: - flags = LOOKUP_NAME_NONE; - break; - } - - return flags; -} - /*************************************************************************** lsa_reply_lookup_names ***************************************************************************/ @@ -1079,7 +1054,10 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries)); } - flags = lsa_lookup_level_to_flags(q_u->lookup_level); + /* Probably the lookup_level is some sort of bitmask. */ + if (q_u->lookup_level == 1) { + flags = LOOKUP_NAME_ALL; + } ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); if (!ref) { @@ -1145,8 +1123,11 @@ NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOO num_entries = MAX_LOOKUP_SIDS; DEBUG(5,("_lsa_lookup_names2: truncating name lookup list to %d\n", num_entries)); } - - flags = lsa_lookup_level_to_flags(q_u->lookup_level); + + /* Probably the lookup_level is some sort of bitmask. */ + if (q_u->lookup_level == 1) { + flags = LOOKUP_NAME_ALL; + } ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); if (ref == NULL) { -- cgit