diff options
| author | Jean-François Micouleau <jfm@samba.org> | 2001-12-04 21:53:47 +0000 |
|---|---|---|
| committer | Jean-François Micouleau <jfm@samba.org> | 2001-12-04 21:53:47 +0000 |
| commit | 6c87e96149101995b7d049657d5c26eefef37d8c (patch) | |
| tree | 7b650f28b03cf2deee2039f6e1b2bc83c0b9725d /source/lib | |
| parent | 9b7182a9da24b53f3501f6562dc66bed67fb9133 (diff) | |
| download | samba-6c87e96149101995b7d049657d5c26eefef37d8c.tar.gz samba-6c87e96149101995b7d049657d5c26eefef37d8c.tar.xz samba-6c87e96149101995b7d049657d5c26eefef37d8c.zip | |
added a boolean to the group mapping functions to specify if we need or
not the privileges. Usually we don't need them, so the memory is free
early.
lib/util_sid.c: added some helper functions to check an SID.
passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass
an RID all the way. If the group doesn't exist on the domain SID,
don't return a faked one as it can collide with a builtin one. Some rpc
structures have been badly designed, they return only rids and force the
client to do subsequent lsa_lookup_sid() on the domain sid and the builtin
sid !
rpc_server/srv_util.c: wrote a new version of get_domain_user_groups().
Only the samr code uses it atm. It uses the group mapping code instead of
a bloody hard coded crap. The netlogon code will use it too, but I have to
do some test first.
J.F.
Diffstat (limited to 'source/lib')
| -rw-r--r-- | source/lib/util_sid.c | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c index 7e9299b053b..923037f479a 100644 --- a/source/lib/util_sid.c +++ b/source/lib/util_sid.c @@ -582,6 +582,53 @@ BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2) /***************************************************************** + Check if the SID is our domain SID (S-1-5-21-x-y-z). +*****************************************************************/ +BOOL sid_check_is_domain(const DOM_SID *sid) +{ + return sid_equal(sid, &global_sam_sid); +} + + +/***************************************************************** + Check if the SID is the builtin SID (S-1-5-32). +*****************************************************************/ +BOOL sid_check_is_builtin(const DOM_SID *sid) +{ + return sid_equal(sid, &global_sid_Builtin); +} + + +/***************************************************************** + Check if the SID is our domain SID (S-1-5-21-x-y-z). +*****************************************************************/ +BOOL sid_check_is_in_our_domain(const DOM_SID *sid) +{ + DOM_SID dom_sid; + uint32 rid; + + sid_copy(&dom_sid, sid); + sid_split_rid(&dom_sid, &rid); + + return sid_equal(&dom_sid, &global_sam_sid); +} + +/***************************************************************** + Check if the SID is our domain SID (S-1-5-21-x-y-z). +*****************************************************************/ +BOOL sid_check_is_in_builtin(const DOM_SID *sid) +{ + DOM_SID dom_sid; + uint32 rid; + + sid_copy(&dom_sid, sid); + sid_split_rid(&dom_sid, &rid); + + return sid_equal(&dom_sid, &global_sid_Builtin); +} + + +/***************************************************************** Calculates size of a sid. *****************************************************************/ @@ -608,7 +655,7 @@ BOOL non_mappable_sid(DOM_SID *sid) if (sid_equal(&dom, &global_sid_Builtin)) return True; - if (sid_equal(&dom, &global_sid_Creator_Owner_Domain)) + if (sid_equal(&dom, &global_sid_Creator_Owner_Domain)) return True; if (sid_equal(&dom, &global_sid_NT_Authority)) |