From b0ffabdcca53507a99ce8f00fccf2d4cac78fd6d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Jun 2002 14:33:33 +0000 Subject: Globally replace 'global_sam_sid' with get_global_sam_sid(), a self initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett (This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc) --- source3/groupdb/mapping.c | 10 +++----- source3/include/sids.h | 2 +- source3/lib/util_sid.c | 4 --- source3/passdb/machine_sid.c | 51 ++++++++++++++++++++++++++++---------- source3/passdb/passdb.c | 16 ++++-------- source3/passdb/util_sam_sid.c | 19 ++++++-------- source3/printing/nt_printing.c | 3 +-- source3/rpc_server/srv_lsa_nt.c | 15 ++++++----- source3/rpc_server/srv_netlog_nt.c | 5 ++-- source3/rpc_server/srv_samr_nt.c | 39 ++++++++++++++--------------- source3/smbd/groupname.c | 5 ++-- source3/smbd/server.c | 2 +- source3/smbd/uid.c | 4 +-- source3/utils/smbgroupedit.c | 3 +-- 14 files changed, 91 insertions(+), 87 deletions(-) diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 060937fee2..70d6317a77 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -21,8 +21,6 @@ #include "includes.h" -extern DOM_SID global_sam_sid; - static TDB_CONTEXT *tdb; /* used for driver files */ #define DATABASE_VERSION_V1 1 /* native byte format. */ @@ -186,17 +184,17 @@ static BOOL default_group_mapping(void) /* Add the defaults domain groups */ - sid_copy(&sid_admins, &global_sam_sid); + sid_copy(&sid_admins, get_global_sam_sid()); sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); sid_to_string(str_admins, &sid_admins); add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - sid_copy(&sid_users, &global_sam_sid); + sid_copy(&sid_users, get_global_sam_sid()); sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); sid_to_string(str_users, &sid_users); add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - sid_copy(&sid_guests, &global_sam_sid); + sid_copy(&sid_guests, get_global_sam_sid()); sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); sid_to_string(str_guests, &sid_guests); add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); @@ -1070,7 +1068,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) /* interim solution until we have a last RID allocated */ - sid_copy(&map->sid, &global_sam_sid); + sid_copy(&map->sid, get_global_sam_sid()); sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid)); fstrcpy(map->nt_name, grp->gr_name); diff --git a/source3/include/sids.h b/source3/include/sids.h index 860d96b193..279fd86f80 100644 --- a/source3/include/sids.h +++ b/source3/include/sids.h @@ -23,7 +23,7 @@ #ifndef _SIDS_H #define _SIDS_H -extern DOM_SID global_sam_sid; +extern DOM_SID *global_sam_sid; extern fstring global_sam_name; extern DOM_SID global_member_sid; diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 70c85f4096..21ef9e081b 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -22,10 +22,6 @@ #include "includes.h" -/* NOTE! the global_sam_sid is the SID of our local SAM. This is only - equal to the domain SID when we are a DC, otherwise its our - workstation SID */ -extern DOM_SID global_sam_sid; extern pstring global_myname; extern fstring global_myworkgroup; diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c index 0b4a4ffeba..69d127ec13 100644 --- a/source3/passdb/machine_sid.c +++ b/source3/passdb/machine_sid.c @@ -4,6 +4,7 @@ Copyright (C) Jeremy Allison 1996-2002 Copyright (C) Andrew Tridgell 2002 Copyright (C) Gerald (Jerry) Carter 2000 + Copyright (C) Stefan (metze) Metzmacher 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,6 +23,11 @@ #include "includes.h" +/* NOTE! the global_sam_sid is the SID of our local SAM. This is only + equal to the domain SID when we are a DC, otherwise its our + workstation SID */ +static DOM_SID *global_sam_sid=NULL; + #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -70,13 +76,17 @@ static void generate_random_sid(DOM_SID *sid) Generate the global machine sid. ****************************************************************************/ -BOOL pdb_generate_sam_sid(void) +static BOOL pdb_generate_sam_sid(void) { char *fname = NULL; extern pstring global_myname; extern fstring global_myworkgroup; BOOL is_dc = False; + if(global_sam_sid==NULL) + if(!(global_sam_sid=(DOM_SID *)malloc(sizeof(DOM_SID)))) + return False; + generate_wellknown_sids(); switch (lp_server_role()) { @@ -89,7 +99,7 @@ BOOL pdb_generate_sam_sid(void) break; } - if (secrets_fetch_domain_sid(global_myname, &global_sam_sid)) { + if (secrets_fetch_domain_sid(global_myname, global_sam_sid)) { DOM_SID domain_sid; /* We got our sid. If not a pdc/bdc, we're done. */ @@ -100,19 +110,19 @@ BOOL pdb_generate_sam_sid(void) /* No domain sid and we're a pdc/bdc. Store it */ - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n")); return False; } return True; } - if (!sid_equal(&domain_sid, &global_sam_sid)) { + if (!sid_equal(&domain_sid, global_sam_sid)) { /* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */ DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n")); - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n")); return False; } @@ -126,24 +136,23 @@ BOOL pdb_generate_sam_sid(void) /* check for an old MACHINE.SID file for backwards compatibility */ asprintf(&fname, "%s/MACHINE.SID", lp_private_dir()); - if (read_sid_from_file(fname, &global_sam_sid)) { + if (read_sid_from_file(fname, global_sam_sid)) { /* remember it for future reference and unlink the old MACHINE.SID */ - if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myname, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n")); SAFE_FREE(fname); return False; } unlink(fname); if (is_dc) { - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n")); SAFE_FREE(fname); return False; } } - /* Stored the old sid from MACHINE.SID successfully. - Patch from Stefan "metze" Metzmacher */ + /* Stored the old sid from MACHINE.SID successfully.*/ SAFE_FREE(fname); return True; } @@ -152,14 +161,14 @@ BOOL pdb_generate_sam_sid(void) /* we don't have the SID in secrets.tdb, we will need to generate one and save it */ - generate_random_sid(&global_sam_sid); + generate_random_sid(global_sam_sid); - if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myname, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n")); return False; } if (is_dc) { - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n")); return False; } @@ -167,3 +176,19 @@ BOOL pdb_generate_sam_sid(void) return True; } + +/* return our global_sam_sid */ +DOM_SID *get_global_sam_sid(void) +{ + if (global_sam_sid != NULL) + return global_sam_sid; + + /* memory for global_sam_sid is allocated in + pdb_generate_sam_sid() is needed*/ + + if (!pdb_generate_sam_sid()) + global_sam_sid=NULL; + + return global_sam_sid; +} + diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index aa7672731a..154963e2a0 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -32,7 +32,6 @@ * responsible. */ -extern DOM_SID global_sam_sid; extern pstring global_myname; /************************************************************ @@ -699,7 +698,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi fstrcpy(user, c_user); - sid_copy(&local_sid, &global_sam_sid); + sid_copy(&local_sid, get_global_sam_sid()); /* * Special case for MACHINE\Everyone. Map to the world_sid. @@ -787,12 +786,11 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) { - extern DOM_SID global_sam_sid; struct passwd *pass; SAM_ACCOUNT *sam_user = NULL; fstring str; /* sid string buffer */ - sid_copy(psid, &global_sam_sid); + sid_copy(psid, get_global_sam_sid()); if((pass = getpwuid_alloc(uid))) { @@ -830,8 +828,6 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) { - extern DOM_SID global_sam_sid; - DOM_SID dom_sid; uint32 rid; fstring str; @@ -846,7 +842,7 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) * We can only convert to a uid if this is our local * Domain SID (ie. we are the controling authority). */ - if (!sid_equal(&global_sam_sid, &dom_sid)) + if (!sid_equal(get_global_sam_sid(), &dom_sid)) return False; if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) @@ -878,10 +874,9 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) { - extern DOM_SID global_sam_sid; GROUP_MAP map; - sid_copy(psid, &global_sam_sid); + sid_copy(psid, get_global_sam_sid()); if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) { sid_copy(psid, &map.sid); @@ -899,7 +894,6 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) { - extern DOM_SID global_sam_sid; DOM_SID dom_sid; uint32 rid; fstring str; @@ -917,7 +911,7 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) * Or in the Builtin SID too. JFM, 11/30/2001 */ - if (!sid_equal(&global_sam_sid, &dom_sid)) + if (!sid_equal(get_global_sam_sid(), &dom_sid)) return False; if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) { diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c index a9cec5c5ca..2c574f4a61 100644 --- a/source3/passdb/util_sam_sid.c +++ b/source3/passdb/util_sam_sid.c @@ -22,14 +22,9 @@ #include "includes.h" -DOM_SID global_sam_sid; extern pstring global_myname; extern fstring global_myworkgroup; -/* NOTE! the global_sam_sid is the SID of our local SAM. This is only - equal to the domain SID when we are a DC, otherwise its our - workstation SID */ - #define MAX_SID_NAMES 7 typedef struct _known_sid_users { @@ -99,17 +94,17 @@ static void init_sid_name_map (void) generate_wellknown_sids(); if ((lp_security() == SEC_USER) && lp_domain_logons()) { - sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = global_myworkgroup; sid_name_map[i].known_users = NULL; i++; - sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = global_myname; sid_name_map[i].known_users = NULL; i++; } else { - sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = global_myname; sid_name_map[i].known_users = NULL; i++; @@ -224,14 +219,14 @@ BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain) if (nt_domain == NULL) { DEBUG(5,("map_domain_name_to_sid: mapping NULL domain to our SID.\n")); - sid_copy(sid, &global_sam_sid); + sid_copy(sid, get_global_sam_sid()); return True; } if (nt_domain[0] == 0) { fstrcpy(nt_domain, global_myname); DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n", nt_domain)); - sid_copy(sid, &global_sam_sid); + sid_copy(sid, get_global_sam_sid()); return True; } @@ -261,7 +256,7 @@ BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain) *****************************************************************/ BOOL sid_check_is_domain(const DOM_SID *sid) { - return sid_equal(sid, &global_sam_sid); + return sid_equal(sid, get_global_sam_sid()); } /***************************************************************** @@ -275,6 +270,6 @@ BOOL sid_check_is_in_our_domain(const DOM_SID *sid) sid_copy(&dom_sid, sid); sid_split_rid(&dom_sid, &rid); - return sid_equal(&dom_sid, &global_sam_sid); + return sid_equal(&dom_sid, get_global_sam_sid()); } diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 9b79eac3e0..ecf873c1ba 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -3683,7 +3683,6 @@ WERROR nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr) static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) { - extern DOM_SID global_sam_sid; SEC_ACE ace[3]; SEC_ACCESS sa; SEC_ACL *psa = NULL; @@ -3709,7 +3708,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) This should emulate a lanman printer as security settings can't be changed. */ - sid_copy(&owner_sid, &global_sam_sid); + sid_copy(&owner_sid, get_global_sam_sid()); sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN); } diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index a5e3f5003c..c74f25f77a 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -26,7 +26,6 @@ #include "includes.h" -extern DOM_SID global_sam_sid; extern fstring global_myworkgroup; extern pstring global_myname; extern PRIVS privs[]; @@ -320,7 +319,7 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s init_sec_access(&mask, POLICY_EXECUTE); init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - sid_copy(&adm_sid, &global_sam_sid); + sid_copy(&adm_sid, get_global_sam_sid()); sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS); init_sec_access(&mask, POLICY_ALL_ACCESS); init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); @@ -367,7 +366,7 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL return NT_STATUS_NO_MEMORY; ZERO_STRUCTP(info); - info->sid = global_sam_sid; + sid_copy(&info->sid,get_global_sam_sid()); info->access = acc_granted; /* set up the LSA QUERY INFO response */ @@ -405,7 +404,7 @@ NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL * return NT_STATUS_NO_MEMORY; ZERO_STRUCTP(info); - info->sid = global_sam_sid; + sid_copy(&info->sid,get_global_sam_sid()); info->access = acc_granted; /* set up the LSA QUERY INFO response */ @@ -502,7 +501,7 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: name = global_myworkgroup; - sid = &global_sam_sid; + sid = get_global_sam_sid(); break; case ROLE_DOMAIN_MEMBER: name = global_myworkgroup; @@ -532,15 +531,15 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: name = global_myworkgroup; - sid = &global_sam_sid; + sid = get_global_sam_sid(); break; case ROLE_DOMAIN_MEMBER: name = global_myname; - sid = &global_sam_sid; + sid = get_global_sam_sid(); break; case ROLE_STANDALONE: name = global_myname; - sid = &global_sam_sid; + sid = get_global_sam_sid(); break; default: return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 21ad86b0dc..9b917cdda5 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -27,7 +27,6 @@ #include "includes.h" extern pstring global_myname; -extern DOM_SID global_sam_sid; /************************************************************************* init_net_r_req_chal: @@ -705,7 +704,9 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * NULL, /* uchar sess_key[16] */ my_name , /* char *logon_srv */ my_workgroup, /* char *logon_dom */ - &global_sam_sid, /* DOM_SID *dom_sid */ + get_global_sam_sid(), /* DOM_SID *dom_sid */ + /* Should be users domain sid, not servers - for trusted domains */ + NULL); /* char *other_sids */ } free_server_info(&server_info); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 71b48210e4..0b4fa1cf2d 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -31,7 +31,6 @@ extern fstring global_myworkgroup; extern pstring global_myname; -extern DOM_SID global_sam_sid; extern DOM_SID global_sid_Builtin; extern rid_name domain_group_rids[]; @@ -684,7 +683,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM } SAFE_FREE(map); - } else if (sid_equal(sid, &global_sam_sid) && !lp_hide_local_users()) { + } else if (sid_equal(sid, get_global_sam_sid()) && !lp_hide_local_users()) { struct sys_grent *glist; struct sys_grent *grp; struct passwd *pw; @@ -1386,7 +1385,7 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK group_attrs[i] = SID_NAME_UNKNOWN; *group_names[i] = '\0'; - if (sid_equal(&pol_sid, &global_sam_sid)) { + if (sid_equal(&pol_sid, get_global_sam_sid())) { sid_copy(&sid, &pol_sid); sid_append_rid(&sid, q_u->rid[i]); @@ -1841,7 +1840,7 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA num_users=info->disp_info.num_user_account; free_samr_db(info); - r_u->status=load_group_domain_entries(info, &global_sam_sid); + r_u->status=load_group_domain_entries(info, get_global_sam_sid()); if (!NT_STATUS_IS_OK(r_u->status)) { DEBUG(5, ("_samr_query_dispinfo: load_group_domain_entries failed\n")); return r_u->status; @@ -2770,7 +2769,7 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_ALIAS; } else { - if (sid_equal(&alias_sid, &global_sam_sid)) { + if (sid_equal(&alias_sid, get_global_sam_sid())) { DEBUG(10, ("lookup on Server SID\n")); if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_ALIAS; @@ -2789,7 +2788,7 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ struct passwd *pass; uint32 rid; - sid_copy(&temp_sid, &global_sam_sid); + sid_copy(&temp_sid, get_global_sam_sid()); pass = getpwuid_alloc(uid[i]); if (!pass) continue; @@ -2863,7 +2862,7 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ DEBUG(10, ("sid is %s\n", group_sid_str)); /* can we get a query for an SID outside our domain ? */ - if (!sid_equal(&group_sid, &global_sam_sid)) + if (!sid_equal(&group_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_GROUP; sid_append_rid(&group_sid, group_rid); @@ -2946,7 +2945,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD sid_to_string(alias_sid_str, &alias_sid); DEBUG(10, ("sid is %s\n", alias_sid_str)); - if (sid_compare(&alias_sid, &global_sam_sid)>0) { + if (sid_compare(&alias_sid, get_global_sam_sid())>0) { DEBUG(10, ("adding member on Server SID\n")); if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_ALIAS; @@ -3095,7 +3094,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD sid_to_string(group_sid_str, &group_sid); DEBUG(10, ("sid is %s\n", group_sid_str)); - if (sid_compare(&group_sid, &global_sam_sid)<=0) + if (sid_compare(&group_sid, get_global_sam_sid())<=0) return NT_STATUS_NO_SUCH_GROUP; DEBUG(10, ("lookup on Domain SID\n")); @@ -3103,7 +3102,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) return NT_STATUS_NO_SUCH_GROUP; - sid_copy(&user_sid, &global_sam_sid); + sid_copy(&user_sid, get_global_sam_sid()); sid_append_rid(&user_sid, q_u->rid); ret = pdb_init_sam(&sam_user); @@ -3182,7 +3181,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE if(!sid_check_is_in_our_domain(&group_sid)) return NT_STATUS_NO_SUCH_GROUP; - sid_copy(&user_sid, &global_sam_sid); + sid_copy(&user_sid, get_global_sam_sid()); sid_append_rid(&user_sid, q_u->rid); if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) @@ -3315,7 +3314,7 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S DEBUG(10, ("sid is %s\n", group_sid_str)); /* we check if it's our SID before deleting */ - if (!sid_equal(&dom_sid, &global_sam_sid)) + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_GROUP; DEBUG(10, ("lookup on Domain SID\n")); @@ -3372,7 +3371,7 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S DEBUG(10, ("sid is %s\n", alias_sid_str)); /* we check if it's our SID before deleting */ - if (!sid_equal(&dom_sid, &global_sam_sid)) + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_ALIAS; DEBUG(10, ("lookup on Local SID\n")); @@ -3422,7 +3421,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid)) return NT_STATUS_INVALID_HANDLE; - if (!sid_equal(&dom_sid, &global_sam_sid)) + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_ACCESS_DENIED; /* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/ @@ -3443,7 +3442,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); /* add the group to the mapping table */ - sid_copy(&info_sid, &global_sam_sid); + sid_copy(&info_sid, get_global_sam_sid()); sid_append_rid(&info_sid, r_u->rid); sid_to_string(sid_string, &info_sid); @@ -3480,7 +3479,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid)) return NT_STATUS_INVALID_HANDLE; - if (!sid_equal(&dom_sid, &global_sam_sid)) + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_ACCESS_DENIED; /* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/ @@ -3500,7 +3499,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); - sid_copy(&info_sid, &global_sam_sid); + sid_copy(&info_sid, get_global_sam_sid()); sid_append_rid(&info_sid, r_u->rid); sid_to_string(sid_string, &info_sid); @@ -3686,10 +3685,10 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G return NT_STATUS_INVALID_HANDLE; /* this should not be hard-coded like this */ - if (!sid_equal(&sid, &global_sam_sid)) + if (!sid_equal(&sid, get_global_sam_sid())) return NT_STATUS_ACCESS_DENIED; - sid_copy(&info_sid, &global_sam_sid); + sid_copy(&info_sid, get_global_sam_sid()); sid_append_rid(&info_sid, q_u->rid_group); sid_to_string(sid_string, &info_sid); @@ -3778,7 +3777,7 @@ NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOW num_users=info->disp_info.num_user_account; free_samr_db(info); - r_u->status=load_group_domain_entries(info, &global_sam_sid); + r_u->status=load_group_domain_entries(info, get_global_sam_sid()); if (NT_STATUS_IS_ERR(r_u->status)) { DEBUG(5, ("_samr_query_dispinfo: load_group_domain_entries failed\n")); return r_u->status; diff --git a/source3/smbd/groupname.c b/source3/smbd/groupname.c index 812488571a..5147ae4b95 100644 --- a/source3/smbd/groupname.c +++ b/source3/smbd/groupname.c @@ -21,7 +21,6 @@ #ifdef USING_GROUPNAME_MAP #include "includes.h" -extern DOM_SID global_sam_sid; /************************************************************************** Groupname map functionality. The code loads a groupname map file and @@ -160,7 +159,7 @@ Error was %s.\n", unixname, strerror(errno) )); * It's not a well known name, convert the UNIX gid_t * to a rid within this domain SID. */ - tmp_sid = global_sam_sid; + sid_copy(&tmp_sid,get_global_sam_sid()); tmp_sid.sub_auths[tmp_sid.num_auths++] = pdb_gid_to_group_rid(gid); } @@ -228,7 +227,7 @@ void map_gid_to_sid( gid_t gid, DOM_SID *psid) * If there's no map, convert the UNIX gid_t * to a rid within this domain SID. */ - *psid = global_sam_sid; + sid_copy(psid,get_global_sam_sid()); psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid); return; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 5f8f7044a6..6296e13f1c 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -860,7 +860,7 @@ static void usage(char *pname) /* possibly reload the services file. */ reload_services(True); - if(!pdb_generate_sam_sid()) { + if(!get_global_sam_sid()) { DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n")); exit(1); } diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 8b0ffbd73f..cb4a975881 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -504,7 +504,7 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE sid_copy(&tmp_sid, sid); sid_split_rid(&tmp_sid, &rid); - if (sid_equal(&global_sam_sid, &tmp_sid)) { + if (sid_equal(get_global_sam_sid(), &tmp_sid)) { return map_domain_sid_to_name(&tmp_sid, dom_name) && local_lookup_sid(sid, name, name_type); @@ -598,7 +598,7 @@ BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype) fstring sid_str; /* if we know its local then don't try winbindd */ - if (sid_compare_domain(&global_sam_sid, psid) == 0) { + if (sid_compare_domain(get_global_sam_sid(), psid) == 0) { return local_sid_to_uid(puid, psid, sidtype); } diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c index 04d46f4559..3fdc07c2d5 100644 --- a/source3/utils/smbgroupedit.c +++ b/source3/utils/smbgroupedit.c @@ -23,7 +23,6 @@ extern pstring global_myname; extern pstring global_myworkgroup; -extern DOM_SID global_sam_sid; /* * Next two lines needed for SunOS and don't @@ -306,7 +305,7 @@ int main (int argc, char **argv) exit(1); } - if(pdb_generate_sam_sid()==False) { + if(get_global_sam_sid()==False) { fprintf(stderr, "Can not read machine SID\n"); return 0; } -- cgit