diff options
Diffstat (limited to 'source/passdb')
-rw-r--r-- | source/passdb/machine_sid.c | 51 | ||||
-rw-r--r-- | source/passdb/passdb.c | 16 | ||||
-rw-r--r-- | source/passdb/util_sam_sid.c | 19 |
3 files changed, 50 insertions, 36 deletions
diff --git a/source/passdb/machine_sid.c b/source/passdb/machine_sid.c index 0b4a4ffeba3..69d127ec13a 100644 --- a/source/passdb/machine_sid.c +++ b/source/passdb/machine_sid.c @@ -4,6 +4,7 @@ Copyright (C) Jeremy Allison 1996-2002 Copyright (C) Andrew Tridgell 2002 Copyright (C) Gerald (Jerry) Carter 2000 + Copyright (C) Stefan (metze) Metzmacher 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,6 +23,11 @@ #include "includes.h" +/* NOTE! the global_sam_sid is the SID of our local SAM. This is only + equal to the domain SID when we are a DC, otherwise its our + workstation SID */ +static DOM_SID *global_sam_sid=NULL; + #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -70,13 +76,17 @@ static void generate_random_sid(DOM_SID *sid) Generate the global machine sid. ****************************************************************************/ -BOOL pdb_generate_sam_sid(void) +static BOOL pdb_generate_sam_sid(void) { char *fname = NULL; extern pstring global_myname; extern fstring global_myworkgroup; BOOL is_dc = False; + if(global_sam_sid==NULL) + if(!(global_sam_sid=(DOM_SID *)malloc(sizeof(DOM_SID)))) + return False; + generate_wellknown_sids(); switch (lp_server_role()) { @@ -89,7 +99,7 @@ BOOL pdb_generate_sam_sid(void) break; } - if (secrets_fetch_domain_sid(global_myname, &global_sam_sid)) { + if (secrets_fetch_domain_sid(global_myname, global_sam_sid)) { DOM_SID domain_sid; /* We got our sid. If not a pdc/bdc, we're done. */ @@ -100,19 +110,19 @@ BOOL pdb_generate_sam_sid(void) /* No domain sid and we're a pdc/bdc. Store it */ - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n")); return False; } return True; } - if (!sid_equal(&domain_sid, &global_sam_sid)) { + if (!sid_equal(&domain_sid, global_sam_sid)) { /* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */ DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n")); - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n")); return False; } @@ -126,24 +136,23 @@ BOOL pdb_generate_sam_sid(void) /* check for an old MACHINE.SID file for backwards compatibility */ asprintf(&fname, "%s/MACHINE.SID", lp_private_dir()); - if (read_sid_from_file(fname, &global_sam_sid)) { + if (read_sid_from_file(fname, global_sam_sid)) { /* remember it for future reference and unlink the old MACHINE.SID */ - if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myname, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n")); SAFE_FREE(fname); return False; } unlink(fname); if (is_dc) { - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n")); SAFE_FREE(fname); return False; } } - /* Stored the old sid from MACHINE.SID successfully. - Patch from Stefan "metze" Metzmacher <metze@metzemix.de>*/ + /* Stored the old sid from MACHINE.SID successfully.*/ SAFE_FREE(fname); return True; } @@ -152,14 +161,14 @@ BOOL pdb_generate_sam_sid(void) /* we don't have the SID in secrets.tdb, we will need to generate one and save it */ - generate_random_sid(&global_sam_sid); + generate_random_sid(global_sam_sid); - if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myname, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n")); return False; } if (is_dc) { - if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) { + if (!secrets_store_domain_sid(global_myworkgroup, global_sam_sid)) { DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n")); return False; } @@ -167,3 +176,19 @@ BOOL pdb_generate_sam_sid(void) return True; } + +/* return our global_sam_sid */ +DOM_SID *get_global_sam_sid(void) +{ + if (global_sam_sid != NULL) + return global_sam_sid; + + /* memory for global_sam_sid is allocated in + pdb_generate_sam_sid() is needed*/ + + if (!pdb_generate_sam_sid()) + global_sam_sid=NULL; + + return global_sam_sid; +} + diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index aa7672731a4..154963e2a0a 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -32,7 +32,6 @@ * responsible. */ -extern DOM_SID global_sam_sid; extern pstring global_myname; /************************************************************ @@ -699,7 +698,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi fstrcpy(user, c_user); - sid_copy(&local_sid, &global_sam_sid); + sid_copy(&local_sid, get_global_sam_sid()); /* * Special case for MACHINE\Everyone. Map to the world_sid. @@ -787,12 +786,11 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) { - extern DOM_SID global_sam_sid; struct passwd *pass; SAM_ACCOUNT *sam_user = NULL; fstring str; /* sid string buffer */ - sid_copy(psid, &global_sam_sid); + sid_copy(psid, get_global_sam_sid()); if((pass = getpwuid_alloc(uid))) { @@ -830,8 +828,6 @@ DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) { - extern DOM_SID global_sam_sid; - DOM_SID dom_sid; uint32 rid; fstring str; @@ -846,7 +842,7 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) * We can only convert to a uid if this is our local * Domain SID (ie. we are the controling authority). */ - if (!sid_equal(&global_sam_sid, &dom_sid)) + if (!sid_equal(get_global_sam_sid(), &dom_sid)) return False; if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) @@ -878,10 +874,9 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type) DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) { - extern DOM_SID global_sam_sid; GROUP_MAP map; - sid_copy(psid, &global_sam_sid); + sid_copy(psid, get_global_sam_sid()); if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) { sid_copy(psid, &map.sid); @@ -899,7 +894,6 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) { - extern DOM_SID global_sam_sid; DOM_SID dom_sid; uint32 rid; fstring str; @@ -917,7 +911,7 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type) * Or in the Builtin SID too. JFM, 11/30/2001 */ - if (!sid_equal(&global_sam_sid, &dom_sid)) + if (!sid_equal(get_global_sam_sid(), &dom_sid)) return False; if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) { diff --git a/source/passdb/util_sam_sid.c b/source/passdb/util_sam_sid.c index a9cec5c5cae..2c574f4a61e 100644 --- a/source/passdb/util_sam_sid.c +++ b/source/passdb/util_sam_sid.c @@ -22,14 +22,9 @@ #include "includes.h" -DOM_SID global_sam_sid; extern pstring global_myname; extern fstring global_myworkgroup; -/* NOTE! the global_sam_sid is the SID of our local SAM. This is only - equal to the domain SID when we are a DC, otherwise its our - workstation SID */ - #define MAX_SID_NAMES 7 typedef struct _known_sid_users { @@ -99,17 +94,17 @@ static void init_sid_name_map (void) generate_wellknown_sids(); if ((lp_security() == SEC_USER) && lp_domain_logons()) { - sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = global_myworkgroup; sid_name_map[i].known_users = NULL; i++; - sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = global_myname; sid_name_map[i].known_users = NULL; i++; } else { - sid_name_map[i].sid = &global_sam_sid; + sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = global_myname; sid_name_map[i].known_users = NULL; i++; @@ -224,14 +219,14 @@ BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain) if (nt_domain == NULL) { DEBUG(5,("map_domain_name_to_sid: mapping NULL domain to our SID.\n")); - sid_copy(sid, &global_sam_sid); + sid_copy(sid, get_global_sam_sid()); return True; } if (nt_domain[0] == 0) { fstrcpy(nt_domain, global_myname); DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n", nt_domain)); - sid_copy(sid, &global_sam_sid); + sid_copy(sid, get_global_sam_sid()); return True; } @@ -261,7 +256,7 @@ BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain) *****************************************************************/ BOOL sid_check_is_domain(const DOM_SID *sid) { - return sid_equal(sid, &global_sam_sid); + return sid_equal(sid, get_global_sam_sid()); } /***************************************************************** @@ -275,6 +270,6 @@ BOOL sid_check_is_in_our_domain(const DOM_SID *sid) sid_copy(&dom_sid, sid); sid_split_rid(&dom_sid, &rid); - return sid_equal(&dom_sid, &global_sam_sid); + return sid_equal(&dom_sid, get_global_sam_sid()); } |