s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
authorGünther Deschner <gd@samba.org>
Thu, 26 Aug 2010 13:48:50 +0000 (15:48 +0200)
committerGünther Deschner <gd@samba.org>
Mon, 20 Sep 2010 21:04:37 +0000 (14:04 -0700)
Guenther

35 files changed:
source3/auth/server_info.c
source3/auth/token_util.c
source3/groupdb/mapping_tdb.c
source3/include/proto.h
source3/lib/netapi/localgroup.c
source3/lib/secdesc.c
source3/lib/util_nttoken.c
source3/lib/util_sid.c
source3/libnet/libnet_samsync_passdb.c
source3/libsmb/libsmb_xattr.c
source3/modules/vfs_afsacl.c
source3/passdb/lookup_sid.c
source3/passdb/machine_sid.c
source3/passdb/pdb_get_set.c
source3/passdb/pdb_interface.c
source3/passdb/pdb_ldap.c
source3/passdb/pdb_smbpasswd.c
source3/passdb/util_builtin.c
source3/passdb/util_unixsids.c
source3/passdb/util_wellknown.c
source3/rpc_server/srv_lsa_nt.c
source3/rpc_server/srv_samr_nt.c
source3/rpc_server/srv_spoolss_util.c
source3/smbd/posix_acls.c
source3/torture/torture.c
source3/utils/net_rpc.c
source3/utils/net_rpc_samsync.c
source3/utils/profiles.c
source3/utils/sharesec.c
source3/utils/smbcacls.c
source3/winbindd/idmap_ad.c
source3/winbindd/idmap_ldap.c
source3/winbindd/wb_getgrsid.c
source3/winbindd/winbindd_cache.c
source3/winbindd/winbindd_util.c

index e457bd4..c7cd72b 100644 (file)
@@ -20,6 +20,7 @@
 #include "includes.h"
 #include "../lib/crypto/arcfour.h"
 #include "../librpc/gen_ndr/netlogon.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
@@ -332,7 +333,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
 
        /* check if this is a "Unix Users" domain user,
         * we need to handle it in a special way if that's the case */
-       if (sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) {
+       if (dom_sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) {
                /* in info3 you can only set rids for the user and the
                 * primary group, and the domain sid must be that of
                 * the sam domain.
@@ -358,7 +359,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
 
        /* check if this is a "Unix Groups" domain group,
         * if so we need special handling */
-       if (sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) {
+       if (dom_sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) {
                /* in info3 you can only set rids for the user and the
                 * primary group, and the domain sid must be that of
                 * the sam domain.
index bc7d998..4385dc4 100644 (file)
@@ -27,7 +27,7 @@
 #include "includes.h"
 #include "secrets.h"
 #include "memcache.h"
-
+#include "../libcli/security/dom_sid.h"
 #include "../librpc/gen_ndr/netlogon.h"
 
 /****************************************************************************
@@ -42,7 +42,7 @@ bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token
                return False;
 
        for ( i=0; i<token->num_sids; i++ ) {
-               if ( sid_equal( sid, &token->sids[i] ) )
+               if ( dom_sid_equal( sid, &token->sids[i] ) )
                        return True;
        }
 
index 140fd28..dab2520 100644 (file)
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "groupdb/mapping.h"
 #include "dbwrap.h"
+#include "../libcli/security/dom_sid.h"
 
 static struct db_context *db; /* used for driver files */
 
@@ -340,7 +341,7 @@ static int collect_map(struct db_record *rec, void *private_data)
        }
 
        if ((state->domsid != NULL) &&
-           (sid_compare_domain(state->domsid, &map.sid) != 0)) {
+           (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) {
                DEBUG(11,("enum_group_mapping: group %s is not in domain\n",
                          sid_string_dbg(&map.sid)));
                return 0;
@@ -455,7 +456,7 @@ static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *membe
                return False;
 
        for (i=0; i<num; i++) {
-               if (sid_compare(alias, &sids[i]) == 0) {
+               if (dom_sid_compare(alias, &sids[i]) == 0) {
                        TALLOC_FREE(sids);
                        return True;
                }
@@ -576,7 +577,7 @@ static int collect_aliasmem(struct db_record *rec, void *priv)
                if (!string_to_sid(&alias, alias_string))
                        continue;
 
-               if (sid_compare(state->alias, &alias) != 0)
+               if (dom_sid_compare(state->alias, &alias) != 0)
                        continue;
 
                /* Ok, we found the alias we're looking for in the membership
@@ -656,7 +657,7 @@ static NTSTATUS del_aliasmem(const struct dom_sid *alias, const struct dom_sid *
        }
 
        for (i=0; i<num; i++) {
-               if (sid_compare(&sids[i], alias) == 0) {
+               if (dom_sid_compare(&sids[i], alias) == 0) {
                        found = True;
                        break;
                }
index 9902198..7a9d160 100644 (file)
@@ -1294,9 +1294,6 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid
 void sid_copy(struct dom_sid *dst, const struct dom_sid *src);
 bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid);
 bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid);
-int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2);
-int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2);
-bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2);
 bool non_mappable_sid(struct dom_sid *sid);
 char *sid_binstring(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
 char *sid_binstring_hex(const struct dom_sid *sid);
index 69cf974..c9e1b72 100644 (file)
@@ -27,6 +27,7 @@
 #include "../librpc/gen_ndr/cli_lsa.h"
 #include "rpc_client/cli_lsarpc.h"
 #include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
 
 static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx,
                                                     struct rpc_pipe_client *pipe_cli,
@@ -1171,7 +1172,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
                for (i=0; i < r->in.total_entries; i++) {
                        bool already_member = false;
                        for (k=0; k < current_sids.num_sids; k++) {
-                               if (sid_equal(&member_sids[i],
+                               if (dom_sid_equal(&member_sids[i],
                                              current_sids.sids[k].sid)) {
                                        already_member = true;
                                        break;
@@ -1193,7 +1194,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
                for (k=0; k < current_sids.num_sids; k++) {
                        bool keep_member = false;
                        for (i=0; i < r->in.total_entries; i++) {
-                               if (sid_equal(&member_sids[i],
+                               if (dom_sid_equal(&member_sids[i],
                                              current_sids.sids[k].sid)) {
                                        keep_member = true;
                                        break;
index b9ed955..b8bb0ac 100644 (file)
@@ -22,6 +22,7 @@
 
 #include "includes.h"
 #include "../librpc/gen_ndr/ndr_security.h"
+#include "../libcli/security/dom_sid.h"
 
 #define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
                                        SECINFO_DACL|SECINFO_SACL|\
@@ -607,10 +608,10 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
                }
 
                /* The CREATOR sids are special when inherited */
-               if (sid_equal(ptrustee, &global_sid_Creator_Owner)) {
+               if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) {
                        creator = &global_sid_Creator_Owner;
                        ptrustee = owner_sid;
-               } else if (sid_equal(ptrustee, &global_sid_Creator_Group)) {
+               } else if (dom_sid_equal(ptrustee, &global_sid_Creator_Group)) {
                        creator = &global_sid_Creator_Group;
                        ptrustee = group_sid;
                }
index 3130ed8..680dd29 100644 (file)
@@ -26,6 +26,7 @@
 /* function(s) moved from auth/auth_util.c to minimize linker deps */
 
 #include "includes.h"
+#include "../libcli/security/dom_sid.h"
 
 /****************************************************************************
  Duplicate a SID token.
@@ -120,7 +121,7 @@ bool token_sid_in_ace(const struct security_token *token, const struct security_
        size_t i;
 
        for (i = 0; i < token->num_sids; i++) {
-               if (sid_equal(&ace->trustee, &token->sids[i]))
+               if (dom_sid_equal(&ace->trustee, &token->sids[i]))
                        return true;
        }
 
index 92218ff..1873692 100644 (file)
@@ -244,7 +244,7 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid
                return False;
        }
 
-       if (sid_compare_domain(exp_dom_sid, sid)!=0){
+       if (dom_sid_compare_domain(exp_dom_sid, sid)!=0){
                *rid=(-1);
                return False;
        }
@@ -307,84 +307,6 @@ bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid)
        return true;
 }
 
-/*****************************************************************
- Compare the auth portion of two sids.
-*****************************************************************/  
-
-static int sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
-       int i;
-
-       if (sid1 == sid2)
-               return 0;
-       if (!sid1)
-               return -1;
-       if (!sid2)
-               return 1;
-
-       if (sid1->sid_rev_num != sid2->sid_rev_num)
-               return sid1->sid_rev_num - sid2->sid_rev_num;
-
-       for (i = 0; i < 6; i++)
-               if (sid1->id_auth[i] != sid2->id_auth[i])
-                       return sid1->id_auth[i] - sid2->id_auth[i];
-
-       return 0;
-}
-
-/*****************************************************************
- Compare two sids.
-*****************************************************************/  
-
-int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
-       int i;
-
-       if (sid1 == sid2)
-               return 0;
-       if (!sid1)
-               return -1;
-       if (!sid2)
-               return 1;
-
-       /* Compare most likely different rids, first: i.e start at end */
-       if (sid1->num_auths != sid2->num_auths)
-               return sid1->num_auths - sid2->num_auths;
-
-       for (i = sid1->num_auths-1; i >= 0; --i)
-               if (sid1->sub_auths[i] != sid2->sub_auths[i])
-                       return sid1->sub_auths[i] - sid2->sub_auths[i];
-
-       return sid_compare_auth(sid1, sid2);
-}
-
-/*****************************************************************
- See if 2 SIDs are in the same domain
- this just compares the leading sub-auths
-*****************************************************************/  
-
-int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
-       int n, i;
-
-       n = MIN(sid1->num_auths, sid2->num_auths);
-
-       for (i = n-1; i >= 0; --i)
-               if (sid1->sub_auths[i] != sid2->sub_auths[i])
-                       return sid1->sub_auths[i] - sid2->sub_auths[i];
-
-       return sid_compare_auth(sid1, sid2);
-}
-
-/*****************************************************************
- Compare two sids.
-*****************************************************************/  
-
-bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
-       return sid_compare(sid1, sid2) == 0;
-}
-
 /*****************************************************************
  Returns true if SID is internal (and non-mappable).
 *****************************************************************/
@@ -397,10 +319,10 @@ bool non_mappable_sid(struct dom_sid *sid)
        sid_copy(&dom, sid);
        sid_split_rid(&dom, &rid);
 
-       if (sid_equal(&dom, &global_sid_Builtin))
+       if (dom_sid_equal(&dom, &global_sid_Builtin))
                return True;
 
-       if (sid_equal(&dom, &global_sid_NT_Authority))
+       if (dom_sid_equal(&dom, &global_sid_NT_Authority))
                return True;
 
        return False;
@@ -494,7 +416,7 @@ NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
        size_t i;
 
        for (i=0; i<(*num_sids); i++) {
-               if (sid_compare(sid, &(*sids)[i]) == 0)
+               if (dom_sid_compare(sid, &(*sids)[i]) == 0)
                        return NT_STATUS_OK;
        }
 
@@ -515,7 +437,7 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t
                /* if we find the SID, then decrement the count
                   and break out of the loop */
 
-               if ( sid_equal(sid, &sid_list[i]) ) {
+               if ( dom_sid_equal(sid, &sid_list[i]) ) {
                        *num -= 1;
                        break;
                }
@@ -555,7 +477,7 @@ bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
 bool is_null_sid(const struct dom_sid *sid)
 {
        static const struct dom_sid null_sid = {0};
-       return sid_equal(sid, &null_sid);
+       return dom_sid_equal(sid, &null_sid);
 }
 
 bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid)
@@ -563,7 +485,7 @@ bool is_sid_in_token(const struct security_token *token, const struct dom_sid *s
         int i;
 
         for (i=0; i<token->num_sids; i++) {
-                if (sid_compare(sid, &token->sids[i]) == 0)
+                if (dom_sid_compare(sid, &token->sids[i]) == 0)
                         return true;
         }
         return false;
index 224598a..a837ecd 100644 (file)
@@ -25,6 +25,7 @@
 
 #include "includes.h"
 #include "libnet/libnet_samsync.h"
+#include "../libcli/security/dom_sid.h"
 
 /* Convert a struct samu_DELTA to a struct samu. */
 #define STRING_CHANGED (old_string && !new_string) ||\
@@ -608,7 +609,7 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx,
        map.gid = grp->gr_gid;
        map.sid = alias_sid;
 
-       if (sid_equal(dom_sid, &global_sid_Builtin))
+       if (dom_sid_equal(dom_sid, &global_sid_Builtin))
                map.sid_name_use = SID_NAME_WKN_GRP;
        else
                map.sid_name_use = SID_NAME_ALIAS;
index cc87715..bc329bf 100644 (file)
@@ -27,6 +27,7 @@
 #include "libsmb_internal.h"
 #include "../librpc/gen_ndr/ndr_lsa.h"
 #include "rpc_client/cli_lsarpc.h"
+#include "../libcli/security/dom_sid.h"
 
 
 /*
@@ -121,8 +122,8 @@ ace_compare(struct security_ace *ace1,
                return ace2->type - ace1->type;
         }
 
-       if (sid_compare(&ace1->trustee, &ace2->trustee)) {
-               return sid_compare(&ace1->trustee, &ace2->trustee);
+       if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
+               return dom_sid_compare(&ace1->trustee, &ace2->trustee);
         }
 
        if (ace1->flags != ace2->flags) {
@@ -1608,7 +1609,7 @@ cacl_set(SMBCCTX *context,
                        bool found = False;
 
                        for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
-                               if (sid_equal(&sd->dacl->aces[i].trustee,
+                               if (dom_sid_equal(&sd->dacl->aces[i].trustee,
                                              &old->dacl->aces[j].trustee)) {
                                         if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
                                                 err = EEXIST;
index 9dd5df8..8e61351 100644 (file)
@@ -417,7 +417,7 @@ static void split_afs_acl(struct afs_acl *acl,
 static bool same_principal(struct afs_ace *x, struct afs_ace *y)
 {
        return ( (x->positive == y->positive) &&
-                (sid_compare(&x->sid, &y->sid) == 0) );
+                (dom_sid_compare(&x->sid, &y->sid) == 0) );
 }
 
 static void merge_afs_acls(struct afs_acl *dir_acl,
@@ -699,16 +699,16 @@ static bool mappable_sid(const struct dom_sid *sid)
 {
        struct dom_sid domain_sid;
        
-       if (sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
+       if (dom_sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
                return True;
 
-       if (sid_compare(sid, &global_sid_World) == 0)
+       if (dom_sid_compare(sid, &global_sid_World) == 0)
                return True;
 
-       if (sid_compare(sid, &global_sid_Authenticated_Users) == 0)
+       if (dom_sid_compare(sid, &global_sid_Authenticated_Users) == 0)
                return True;
 
-       if (sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
+       if (dom_sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
                return True;
 
        string_to_sid(&domain_sid, "S-1-5-21");
@@ -757,22 +757,22 @@ static bool nt_to_afs_acl(const char *filename,
                        continue;
                }
 
-               if (sid_compare(&ace->trustee,
+               if (dom_sid_compare(&ace->trustee,
                                &global_sid_Builtin_Administrators) == 0) {
 
                        name = "system:administrators";
 
-               } else if (sid_compare(&ace->trustee,
+               } else if (dom_sid_compare(&ace->trustee,
                                       &global_sid_World) == 0) {
 
                        name = "system:anyuser";
 
-               } else if (sid_compare(&ace->trustee,
+               } else if (dom_sid_compare(&ace->trustee,
                                       &global_sid_Authenticated_Users) == 0) {
 
                        name = "system:authuser";
 
-               } else if (sid_compare(&ace->trustee,
+               } else if (dom_sid_compare(&ace->trustee,
                                       &global_sid_Builtin_Backup_Operators)
                           == 0) {
 
index 0e2385f..fa855f3 100644 (file)
@@ -24,6 +24,7 @@
 #include "secrets.h"
 #include "memcache.h"
 #include "idmap_cache.h"
+#include "../libcli/security/dom_sid.h"
 
 /*****************************************************************
  Dissect a user-provided name into domain, name, sid and type.
@@ -655,7 +656,7 @@ static bool lookup_as_domain(const struct dom_sid *sid, TALLOC_CTX *mem_ctx,
                }
 
                for (i=0; i<num_domains; i++) {
-                       if (sid_equal(sid, &domains[i]->sid)) {
+                       if (dom_sid_equal(sid, &domains[i]->sid)) {
                                *name = talloc_strdup(mem_ctx,
                                                      domains[i]->name);
                                return true;
@@ -834,7 +835,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
                        if (!dom_infos[j].valid) {
                                break;
                        }
-                       if (sid_equal(&sid, &dom_infos[j].sid)) {
+                       if (dom_sid_equal(&sid, &dom_infos[j].sid)) {
                                break;
                        }
                }
@@ -1581,7 +1582,7 @@ NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx,
                /* We need a sid within our domain */
                sid_copy(&domain_sid, group_sid);
                sid_split_rid(&domain_sid, &rid);
-               if (sid_equal(&domain_sid, get_global_sam_sid())) {
+               if (dom_sid_equal(&domain_sid, get_global_sam_sid())) {
                        /*
                         * As shortcut for the expensive lookup_sid call
                         * compare the domain sid part
index c3534f7..6e5a970 100644 (file)
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "secrets.h"
 #include "dbwrap.h"
+#include "../libcli/security/dom_sid.h"
 
 /* NOTE! the global_sam_sid is the SID of our local SAM. This is only
    equal to the domain SID when we are a DC, otherwise its our
@@ -113,7 +114,7 @@ static struct dom_sid *pdb_generate_sam_sid(void)
                        return sam_sid;
                }
 
-               if (!sid_equal(&domain_sid, sam_sid)) {
+               if (!dom_sid_equal(&domain_sid, sam_sid)) {
 
                        /* Domain name sid doesn't match global sam sid. Re-store domain sid as 'local' sid. */
 
@@ -232,7 +233,7 @@ void reset_global_sam_sid(void)
 
 bool sid_check_is_domain(const struct dom_sid *sid)
 {
-       return sid_equal(sid, get_global_sam_sid());
+       return dom_sid_equal(sid, get_global_sam_sid());
 }
 
 /*****************************************************************
index 3e2510e..493e9ed 100644 (file)
@@ -23,6 +23,7 @@
 
 #include "includes.h"
 #include "../libcli/auth/libcli_auth.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
@@ -509,7 +510,7 @@ bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum p
 
        sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS);
 
-       if (sid_equal(&dug_sid, g_sid)) {
+       if (dom_sid_equal(&dug_sid, g_sid)) {
                sid_copy(sampass->group_sid, &dug_sid);
        } else if (sid_to_gid( g_sid, &gid ) ) {
                sid_copy(sampass->group_sid, g_sid);
index 4f93b33..9f3a172 100644 (file)
@@ -25,6 +25,7 @@
 #include "../librpc/gen_ndr/samr.h"
 #include "memcache.h"
 #include "nsswitch/winbind_client.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
@@ -890,7 +891,7 @@ static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
        }
 
        for (i=0; i<num_groups; i++) {
-               if (sid_equal(group_sid, &sids[i])) {
+               if (dom_sid_equal(group_sid, &sids[i])) {
                        return True;
                }
        }
index 658d774..d046a52 100644 (file)
@@ -47,6 +47,7 @@
 #include "../libcli/auth/libcli_auth.h"
 #include "secrets.h"
 #include "idmap_cache.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
@@ -1106,7 +1107,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
 
                gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid);
                primary_gsid = pdb_get_group_sid(sampass);
-               if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) {
+               if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) {
                        store_gid_sid_cache(primary_gsid,
                                            sampass->unix_pw->pw_gid);
                        idmap_cache_set_sid2gid(primary_gsid,
@@ -2682,7 +2683,7 @@ static bool ldapsam_extract_rid_from_entry(LDAP *ldap_struct,
                return False;
        }
 
-       if (sid_compare_domain(&sid, domain_sid) != 0) {
+       if (dom_sid_compare_domain(&sid, domain_sid) != 0) {
                DEBUG(10, ("SID %s is not in expected domain %s\n",
                           str, sid_string_dbg(domain_sid)));
                return False;
@@ -3055,7 +3056,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
                }
        }
 
-       if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
+       if (dom_sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
                DEBUG(3, ("primary group of [%s] not found\n",
                          pdb_get_username(user)));
                goto done;
@@ -6668,7 +6669,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
                }
                found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,
                                                     &secrets_domain_sid);
-               if (!found_sid || !sid_equal(&secrets_domain_sid,
+               if (!found_sid || !dom_sid_equal(&secrets_domain_sid,
                                             &ldap_domain_sid)) {
                        DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain "
                                  "%s based on pdb_ldap results %s -> %s\n",
index dd89c8e..9369726 100644 (file)
@@ -22,6 +22,7 @@
 
 #include "includes.h"
 #include "../librpc/gen_ndr/samr.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
@@ -1372,7 +1373,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam
                return nt_status;
 
        /* build_sam_account might change the SID on us, if the name was for the guest account */
-       if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) {
+       if (NT_STATUS_IS_OK(nt_status) && !dom_sid_equal(pdb_get_user_sid(sam_acct), sid)) {
                DEBUG(1, ("looking for user with sid %s instead returned %s "
                          "for account %s!?!\n", sid_string_dbg(sid),
                          sid_string_dbg(pdb_get_user_sid(sam_acct)),
index 05a4637..cf483bb 100644 (file)
@@ -18,6 +18,7 @@
 */
 
 #include "includes.h"
+#include "../libcli/security/dom_sid.h"
 
 struct rid_name_map {
        uint32 rid;
@@ -104,7 +105,7 @@ const char *builtin_domain_name(void)
 
 bool sid_check_is_builtin(const struct dom_sid *sid)
 {
-       return sid_equal(sid, &global_sid_Builtin);
+       return dom_sid_equal(sid, &global_sid_Builtin);
 }
 
 /*****************************************************************
index 0894804..1bd07c7 100644 (file)
 */
 
 #include "includes.h"
+#include "../libcli/security/dom_sid.h"
 
 bool sid_check_is_unix_users(const struct dom_sid *sid)
 {
-       return sid_equal(sid, &global_sid_Unix_Users);
+       return dom_sid_equal(sid, &global_sid_Unix_Users);
 }
 
 bool sid_check_is_in_unix_users(const struct dom_sid *sid)
@@ -79,7 +80,7 @@ bool lookup_unix_user_name(const char *name, struct dom_sid *sid)
 
 bool sid_check_is_unix_groups(const struct dom_sid *sid)
 {
-       return sid_equal(sid, &global_sid_Unix_Groups);
+       return dom_sid_equal(sid, &global_sid_Unix_Groups);
 }
 
 bool sid_check_is_in_unix_groups(const struct dom_sid *sid)
index 7f670f9..4f6f3f3 100644 (file)
@@ -21,6 +21,7 @@
 */
 
 #include "includes.h"
+#include "../libcli/security/dom_sid.h"
 
 struct rid_name_map {
        uint32 rid;
@@ -75,7 +76,7 @@ bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name)
        int i;
 
        for (i=0; special_domains[i].sid != NULL; i++) {
-               if (sid_equal(sid, special_domains[i].sid)) {
+               if (dom_sid_equal(sid, special_domains[i].sid)) {
                        if (name != NULL) {
                                *name = special_domains[i].name;
                        }
@@ -115,7 +116,7 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
        }
 
        for (i=0; special_domains[i].sid != NULL; i++) {
-               if (sid_equal(&dom_sid, special_domains[i].sid)) {
+               if (dom_sid_equal(&dom_sid, special_domains[i].sid)) {
                        *domain = talloc_strdup(mem_ctx,
                                                special_domains[i].name);
                        users = special_domains[i].known_users;
index 49bdca7..02cb578 100644 (file)
@@ -34,6 +34,7 @@
 #include "secrets.h"
 #include "../librpc/gen_ndr/netlogon.h"
 #include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
@@ -91,7 +92,7 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
 
        if (dom_name != NULL) {
                for (num = 0; num < ref->count; num++) {
-                       if (sid_equal(dom_sid, ref->domains[num].sid)) {
+                       if (dom_sid_equal(dom_sid, ref->domains[num].sid)) {
                                return num;
                        }
                }
index bc71146..40790cf 100644 (file)
@@ -39,6 +39,7 @@
 #include "../lib/crypto/arcfour.h"
 #include "secrets.h"
 #include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
@@ -712,7 +713,7 @@ NTSTATUS _samr_SetSecurity(struct pipes_struct *p,
 
        dacl = r->in.sdbuf->sd->dacl;
        for (i=0; i < dacl->num_aces; i++) {
-               if (sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) {
+               if (dom_sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) {
                        ret = pdb_set_pass_can_change(sampass,
                                (dacl->aces[i].access_mask &
                                 SAMR_USER_ACCESS_CHANGE_PASSWORD) ?
index 2ebce91..cd5ffe2 100644 (file)
@@ -28,6 +28,7 @@
 #include "../librpc/gen_ndr/ndr_security.h"
 #include "secrets.h"
 #include "rpc_server/rpc_ncacn_np.h"
+#include "../libcli/security/dom_sid.h"
 
 #define TOP_LEVEL_PRINT_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print"
 #define TOP_LEVEL_PRINT_PRINTERS_KEY TOP_LEVEL_PRINT_KEY "\\Printers"
@@ -2387,7 +2388,7 @@ create_default:
        /* If security descriptor is owned by S-1-1-0 and winbindd is up,
           this security descriptor has been created when winbindd was
           down.  Take ownership of security descriptor. */
-       if (sid_equal(secdesc->owner_sid, &global_sid_World)) {
+       if (dom_sid_equal(secdesc->owner_sid, &global_sid_World)) {
                struct dom_sid owner_sid;
 
                /* Change sd owner to workgroup administrator */
index 9470447..dc3585d 100644 (file)
@@ -20,6 +20,7 @@
 */
 
 #include "includes.h"
+#include "../libcli/security/dom_sid.h"
 
 extern const struct generic_mapping file_generic_mapping;
 
@@ -944,10 +945,10 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
                         * ensure the POSIX ACL types are the same. */
 
                        if (!dir_acl) {
-                               can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+                               can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
                                                (curr_ace->attr == curr_ace_outer->attr));
                        } else {
-                               can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+                               can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
                                                (curr_ace->type == curr_ace_outer->type) &&
                                                (curr_ace->attr == curr_ace_outer->attr));
                        }
@@ -996,7 +997,7 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
                         * we've put on the ACL, we know the deny must be the first one.
                         */
 
-                       if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+                       if (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
                                (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
 
                                if( DEBUGLVL( 10 )) {
@@ -1297,7 +1298,7 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano
 
        /* "Everyone" always matches every uid. */
 
-       if (sid_equal(&group_ace->trustee, &global_sid_World))
+       if (dom_sid_equal(&group_ace->trustee, &global_sid_World))
                return True;
 
        /*
@@ -1513,12 +1514,12 @@ static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, s
 
        for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
                if (!got_user_obj && current_ace->owner_type == UID_ACE &&
-                               sid_equal(&current_ace->trustee, pfile_owner_sid)) {
+                               dom_sid_equal(&current_ace->trustee, pfile_owner_sid)) {
                        current_ace->type = SMB_ACL_USER_OBJ;
                        got_user_obj = True;
                }
                if (!got_group_obj && current_ace->owner_type == GID_ACE &&
-                               sid_equal(&current_ace->trustee, pfile_grp_sid)) {
+                               dom_sid_equal(&current_ace->trustee, pfile_grp_sid)) {
                        current_ace->type = SMB_ACL_GROUP_OBJ;
                        got_group_obj = True;
                }
@@ -1549,7 +1550,7 @@ static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace)
        */
 
        if (ace->type == SMB_ACL_USER_OBJ &&
-                       !(sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {
+                       !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {
                canon_ace *dup_ace = dup_canon_ace(ace);
 
                if (dup_ace == NULL) {
@@ -1560,7 +1561,7 @@ static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace)
        }
 
        if (ace->type == SMB_ACL_GROUP_OBJ &&
-                       !(sid_equal(&ace->trustee, &global_sid_Creator_Group))) {
+                       !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Group))) {
                canon_ace *dup_ace = dup_canon_ace(ace);
 
                if (dup_ace == NULL) {
@@ -1646,7 +1647,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
                        if (psa1->access_mask != psa2->access_mask)
                                continue;
 
-                       if (!sid_equal(&psa1->trustee, &psa2->trustee))
+                       if (!dom_sid_equal(&psa1->trustee, &psa2->trustee))
                                continue;
 
                        /*
@@ -1692,11 +1693,11 @@ static bool create_canon_ace_lists(files_struct *fsp,
                 * Note what kind of a POSIX ACL this should map to.
                 */
 
-               if( sid_equal(&current_ace->trustee, &global_sid_World)) {
+               if( dom_sid_equal(&current_ace->trustee, &global_sid_World)) {
                        current_ace->owner_type = WORLD_ACE;
                        current_ace->unix_ug.world = -1;
                        current_ace->type = SMB_ACL_OTHER;
-               } else if (sid_equal(&current_ace->trustee, &global_sid_Creator_Owner)) {
+               } else if (dom_sid_equal(&current_ace->trustee, &global_sid_Creator_Owner)) {
                        current_ace->owner_type = UID_ACE;
                        current_ace->unix_ug.uid = pst->st_ex_uid;
                        current_ace->type = SMB_ACL_USER_OBJ;
@@ -1709,7 +1710,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
 
                        psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
 
-               } else if (sid_equal(&current_ace->trustee, &global_sid_Creator_Group)) {
+               } else if (dom_sid_equal(&current_ace->trustee, &global_sid_Creator_Group)) {
                        current_ace->owner_type = GID_ACE;
                        current_ace->unix_ug.gid = pst->st_ex_gid;
                        current_ace->type = SMB_ACL_GROUP_OBJ;
@@ -2085,7 +2086,7 @@ static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list )
                        continue;
                }
 
-               if (!sid_equal(&curr_ace->trustee, &global_sid_World))
+               if (!dom_sid_equal(&curr_ace->trustee, &global_sid_World))
                        continue;
 
                /* JRATEST - assert. */
@@ -3080,7 +3081,7 @@ static size_t merge_default_aces( struct security_ace *nt_ace_list, size_t num_a
                        if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
                                (nt_ace_list[i].size == nt_ace_list[j].size) &&
                                (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
-                               sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
+                               dom_sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
                                (i_inh == j_inh) &&
                                (i_flags_ni == 0) &&
                                (j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT|
@@ -3144,7 +3145,7 @@ static void add_or_replace_ace(struct security_ace *nt_ace_list, size_t *num_ace
 
        /* first search for a duplicate */
        for (i = 0; i < *num_aces; i++) {
-               if (sid_equal(&nt_ace_list[i].trustee, sid) &&
+               if (dom_sid_equal(&nt_ace_list[i].trustee, sid) &&
                    (nt_ace_list[i].flags == flags)) break;
        }
 
@@ -3367,7 +3368,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
 
                        if (lp_profile_acls(SNUM(conn))) {
                                for (i = 0; i < num_aces; i++) {
-                                       if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
+                                       if (dom_sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
                                                add_or_replace_ace(nt_ace_list, &num_aces,
                                                                   &orig_owner_sid,
                                                                   nt_ace_list[i].type,
@@ -3756,7 +3757,7 @@ NTSTATUS append_parent_acl(files_struct *fsp,
                         * same SID. This is order N^2. Ouch :-(. JRA. */
                        unsigned int k;
                        for (k = 0; k < psd->dacl->num_aces; k++) {
-                               if (sid_equal(&psd->dacl->aces[k].trustee,
+                               if (dom_sid_equal(&psd->dacl->aces[k].trustee,
                                                &se->trustee)) {
                                        break;
                                }
index d19c983..588ed14 100644 (file)
@@ -6852,7 +6852,7 @@ static bool run_local_string_to_sid(int dummy) {
                printf("could not parse S-1-5-32-545\n");
                return false;
        }
-       if (!sid_equal(&sid, &global_sid_Builtin_Users)) {
+       if (!dom_sid_equal(&sid, &global_sid_Builtin_Users)) {
                printf("mis-parsed S-1-5-32-545 as %s\n",
                       sid_string_tos(&sid));
                return false;
index 671f7e8..96b3626 100644 (file)
@@ -36,6 +36,7 @@
 #include "secrets.h"
 #include "lib/netapi/netapi.h"
 #include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
 
 static int net_mode_share;
 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
@@ -4171,7 +4172,7 @@ static bool is_alias_member(struct dom_sid *sid, struct full_alias *alias)
        int i;
 
        for (i=0; i<alias->num_members; i++) {
-               if (sid_compare(sid, &alias->members[i]) == 0)
+               if (dom_sid_compare(sid, &alias->members[i]) == 0)
                        return true;
        }
 
index 8b5a908..c9bb96c 100644 (file)
@@ -29,6 +29,7 @@
 #include "../librpc/gen_ndr/ndr_drsuapi.h"
 #include "libnet/libnet_samsync.h"
 #include "libnet/libnet_dssync.h"
+#include "../libcli/security/dom_sid.h"
 
 static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx,
                                                      int argc,
@@ -187,7 +188,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c,
        NTSTATUS result;
        struct samsync_context *ctx = NULL;
 
-       if (!sid_equal(domain_sid, get_global_sam_sid())) {
+       if (!dom_sid_equal(domain_sid, get_global_sam_sid())) {
                d_printf(_("Cannot import users from %s at this time, "
                           "as the current domain:\n\t%s: %s\nconflicts "
                           "with the remote domain\n\t%s: %s\n"
index f6f500a..faec8e2 100644 (file)
@@ -23,6 +23,7 @@
 #include "popt_common.h"
 #include "registry/reg_objects.h"
 #include "regfio.h"
+#include "../libcli/security/dom_sid.h"
 
 /* GLOBAL VARIABLES */
 
@@ -64,7 +65,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
        bool update = False;
 
        verbose_output("  Owner SID: %s\n", sid_string_tos(sd->owner_sid));
-       if ( sid_equal( sd->owner_sid, s1 ) ) {
+       if ( dom_sid_equal( sd->owner_sid, s1 ) ) {
                sid_copy( sd->owner_sid, s2 );
                update = True;
                verbose_output("  New Owner SID: %s\n",
@@ -73,7 +74,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
        }
 
        verbose_output("  Group SID: %s\n", sid_string_tos(sd->group_sid));
-       if ( sid_equal( sd->group_sid, s1 ) ) {
+       if ( dom_sid_equal( sd->group_sid, s1 ) ) {
                sid_copy( sd->group_sid, s2 );
                update = True;
                verbose_output("  New Group SID: %s\n",
@@ -85,7 +86,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
        for ( i=0; i<theacl->num_aces; i++ ) {
                verbose_output("    Trustee SID: %s\n",
                        sid_string_tos(&theacl->aces[i].trustee));
-               if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) {
+               if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
                        sid_copy( &theacl->aces[i].trustee, s2 );
                        update = True;
                        verbose_output("    New Trustee SID: %s\n",
@@ -99,7 +100,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1,
        for ( i=0; i<theacl->num_aces; i++ ) {
                verbose_output("    Trustee SID: %s\n",
                        sid_string_tos(&theacl->aces[i].trustee));
-               if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) {
+               if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
                        sid_copy( &theacl->aces[i].trustee, s2 );
                        update = True;
                        verbose_output("    New Trustee SID: %s\n",
index 79078b2..decd063 100644 (file)
@@ -24,6 +24,7 @@
 
 #include "includes.h"
 #include "popt_common.h"
+#include "../libcli/security/dom_sid.h"
 
 static TALLOC_CTX *ctx;
 
@@ -370,8 +371,8 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2)
        if (ace1->type != ace2->type)
                return ace2->type - ace1->type;
 
-       if (sid_compare(&ace1->trustee, &ace2->trustee))
-               return sid_compare(&ace1->trustee, &ace2->trustee);
+       if (dom_sid_compare(&ace1->trustee, &ace2->trustee))
+               return dom_sid_compare(&ace1->trustee, &ace2->trustee);
 
        if (ace1->flags != ace2->flags)
                return ace1->flags - ace2->flags;
@@ -459,7 +460,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
                bool found = False;
 
                for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
-                   if (sid_equal(&sd->dacl->aces[i].trustee,
+                   if (dom_sid_equal(&sd->dacl->aces[i].trustee,
                        &old->dacl->aces[j].trustee)) {
                        old->dacl->aces[j] = sd->dacl->aces[i];
                        found = True;
index 65fec10..fa039f6 100644 (file)
@@ -25,6 +25,7 @@
 #include "popt_common.h"
 #include "../librpc/gen_ndr/ndr_lsa.h"
 #include "rpc_client/cli_lsarpc.h"
+#include "../libcli/security/dom_sid.h"
 
 extern bool AllowDebugChange;
 
@@ -835,8 +836,8 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2)
        if (ace1->type != ace2->type)
                return ace2->type - ace1->type;
 
-       if (sid_compare(&ace1->trustee, &ace2->trustee))
-               return sid_compare(&ace1->trustee, &ace2->trustee);
+       if (dom_sid_compare(&ace1->trustee, &ace2->trustee))
+               return dom_sid_compare(&ace1->trustee, &ace2->trustee);
 
        if (ace1->flags != ace2->flags)
                return ace1->flags - ace2->flags;
@@ -929,7 +930,7 @@ static int cacl_set(struct cli_state *cli, const char *filename,
                        bool found = False;
 
                        for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
-                               if (sid_equal(&sd->dacl->aces[i].trustee,
+                               if (dom_sid_equal(&sd->dacl->aces[i].trustee,
                                              &old->dacl->aces[j].trustee)) {
                                        old->dacl->aces[j] = sd->dacl->aces[i];
                                        found = True;
index 3d47baa..f2e47a7 100644 (file)
@@ -33,6 +33,7 @@
 #include "nss_info.h"
 #include "secrets.h"
 #include "idmap.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_IDMAP
@@ -266,7 +267,7 @@ static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid)
        int i;
 
        for (i = 0; maps[i] && i<IDMAP_AD_MAX_IDS; i++) {
-               if (sid_equal(maps[i]->sid, sid)) {
+               if (dom_sid_equal(maps[i]->sid, sid)) {
                        return maps[i];
                }
        }
index 39df489..dcdc14f 100644 (file)
@@ -28,6 +28,7 @@
 #include "secrets.h"
 #include "idmap.h"
 #include "idmap_rw.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_IDMAP
@@ -1030,7 +1031,7 @@ static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid)
                if (maps[i] == NULL) { /* end of the run */
                        return NULL;
                }
-               if (sid_equal(maps[i]->sid, sid)) {
+               if (dom_sid_equal(maps[i]->sid, sid)) {
                        return maps[i];
                }
        }
index bb93be2..8accc63 100644 (file)
@@ -20,6 +20,7 @@
 #include "includes.h"
 #include "winbindd.h"
 #include "librpc/gen_ndr/cli_wbint.h"
+#include "../libcli/security/dom_sid.h"
 
 struct wb_getgrsid_state {
        struct tevent_context *ev;
@@ -55,7 +56,7 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
        if (lp_winbind_trusted_domains_only()) {
                struct winbindd_domain *our_domain = find_our_domain();
 
-               if (sid_compare_domain(group_sid, &our_domain->sid) == 0) {
+               if (dom_sid_compare_domain(group_sid, &our_domain->sid) == 0) {
                        DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
                                  "getgrsid() for %s\n", sid_string_tos(group_sid)));
                        tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
index 1ae0c70..c2ce0a2 100644 (file)
@@ -30,6 +30,7 @@
 #include "../librpc/gen_ndr/ndr_wbint.h"
 #include "ads.h"
 #include "nss_info.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
@@ -118,7 +119,7 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
        }
 
        if (strequal(domain->name, get_global_sam_name()) &&
-           sid_equal(&domain->sid, get_global_sam_sid())) {
+           dom_sid_equal(&domain->sid, get_global_sam_sid())) {
                domain->backend = &sam_passdb_methods;
                domain->initialized = True;
        }
@@ -644,7 +645,7 @@ static struct cache_entry *wcache_fetch_raw(char *kstr)
 static bool is_my_own_sam_domain(struct winbindd_domain *domain)
 {
        if (strequal(domain->name, get_global_sam_name()) &&
-            sid_equal(&domain->sid, get_global_sam_sid())) {
+            dom_sid_equal(&domain->sid, get_global_sam_sid())) {
                return true;
        }
 
@@ -654,7 +655,7 @@ static bool is_my_own_sam_domain(struct winbindd_domain *domain)
 static bool is_builtin_domain(struct winbindd_domain *domain)
 {
        if (strequal(domain->name, "BUILTIN") &&
-           sid_equal(&domain->sid, &global_sid_Builtin)) {
+           dom_sid_equal(&domain->sid, &global_sid_Builtin)) {
                return true;
        }
 
index 671c868..14be0e2 100644 (file)
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "winbindd.h"
 #include "secrets.h"
+#include "../libcli/security/dom_sid.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
@@ -135,7 +136,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
                                continue;
                        }
 
-                       if (sid_equal(sid, &domain->sid)) {
+                       if (dom_sid_equal(sid, &domain->sid)) {
                                break;
                        }
                }
@@ -146,7 +147,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
                 * We found a match. Possibly update the SID
                 */
                if ((sid != NULL)
-                   && sid_equal(&domain->sid, &global_sid_NULL)) {
+                   && dom_sid_equal(&domain->sid, &global_sid_NULL)) {
                        sid_copy( &domain->sid, sid );
                }
                return domain;
@@ -740,7 +741,7 @@ struct winbindd_domain *find_domain_from_sid_noinit(const struct dom_sid *sid)
        /* Search through list */
 
        for (domain = domain_list(); domain != NULL; domain = domain->next) {
-               if (sid_compare_domain(sid, &domain->sid) == 0)
+               if (dom_sid_compare_domain(sid, &domain->sid) == 0)
                        return domain;
        }