- adding builtin[alias]db.
authorLuke Leighton <lkcl@samba.org>
Mon, 30 Nov 1998 15:08:58 +0000 (15:08 +0000)
committerLuke Leighton <lkcl@samba.org>
Mon, 30 Nov 1998 15:08:58 +0000 (15:08 +0000)
- lib/sids.c:

generate_sam_sid() modified to take a domain name: it now
generates "DOMAIN_NAME.SID".  reasons:

1) if you run multiple samba servers on the same machine
under different netbios names as members of a domain,
they won't all use the same SID, which is a _big_ mistake
but it would happen _by default_.

2) we have (had) a problem with sid_to_string() and string_to_sid()
which cause SIDs to be incorrectly read.  one of the major
reasons for *NOT* making this change was so as not to disrupt
existing users.  but as they will be anyway by this bug,
we might as well go ahead.

- passdb/smbpass.c:

wanted to change the meaning of the name in the smbpasswd
file to an "nt" name not a "unix" name.  this is probably
not a good idea: reverted this.

- output formatting / bug-fixing in rpcclient query_useraliases code.

14 files changed:
source/Makefile.in
source/include/proto.h
source/include/rpcclient.h
source/lib/domain_namemap.c
source/lib/sids.c
source/lib/util_pwdb.c
source/lsarpcd/srv_lsa.c
source/passdb/smbpass.c
source/passdb/smbpassgroupunix.c
source/rpc_client/cli_lsarpc.c
source/rpc_server/srv_lsa.c
source/rpc_server/srv_samr.c
source/rpcclient/cmd_samr.c
source/smbd/server.c

index 838dd826bdebc30f954ca4b66936e1cdffa2227b..799b5e22d4d1e253a2e9dd256b88750982d21a1e 100644 (file)
@@ -150,9 +150,9 @@ RPC_CLIENT_OBJ = \
 LOCKING_OBJ = locking/locking.o locking/locking_shm.o locking/locking_slow.o \
               locking/shmem.o locking/shmem_sysv.o
 
-GROUPDB_OBJ = groupdb/groupdb.o groupdb/groupfile.o \
-               groupdb/aliasdb.o groupdb/aliasfile.o \
-               groupdb/groupunix.o groupdb/aliasunix.o \
+GROUPDB_OBJ = groupdb/groupdb.o groupdb/aliasdb.o groupdb/builtindb.o \
+               groupdb/groupfile.o groupdb/aliasfile.o \
+               groupdb/groupunix.o groupdb/aliasunix.o groupdb/builtinunix.o \
                passdb/passgrp.o passdb/smbpassgroup.o \
                passdb/smbpassgroupunix.o
 
index 4902cf06bf8ca39db687843a7ba1c60c4a04ccf0..2e7433bb43b9409634c7718fc03666847ec03327 100644 (file)
@@ -50,6 +50,35 @@ BOOL get_unixalias_members(struct group *grp,
                                int *num_mem, LOCAL_GRP_MEMBER **members);
 struct aliasdb_ops *unix_initialise_alias_db(void);
 
+/*The following definitions come from  groupdb/builtindb.c  */
+
+BOOL initialise_builtin_db(void);
+LOCAL_GRP *iterate_getbuiltingid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *iterate_getbuiltinrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *iterate_getbuiltinntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
+BOOL add_domain_builtin(LOCAL_GRP **blts, int *num_blts, LOCAL_GRP *blt);
+BOOL iterate_getuserbuiltinntnam(const char *user_name, LOCAL_GRP **blts, int *num_blts);
+BOOL enumdombuiltins(LOCAL_GRP **blts, int *num_blts);
+void *startbuiltinent(BOOL update);
+void endbuiltinent(void *vp);
+LOCAL_GRP *getbuiltinent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem);
+BOOL add_builtin_entry(LOCAL_GRP *newblt);
+BOOL mod_builtin_entry(LOCAL_GRP* blt);
+LOCAL_GRP *getbuiltinntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *getbuiltinrid(uint32 builtin_rid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+LOCAL_GRP *getbuiltingid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem);
+BOOL getuserbuiltinntnam(const char *user_name, LOCAL_GRP **blt, int *num_blts);
+void bidb_init_blt(LOCAL_GRP *blt);
+BOOL make_builtin_line(char *p, int max_len,
+                               LOCAL_GRP *blt,
+                               LOCAL_GRP_MEMBER **mem, int *num_mem);
+
+/*The following definitions come from  groupdb/builtinunix.c  */
+
+BOOL get_unixbuiltin_members(struct group *grp,
+                               int *num_mem, LOCAL_GRP_MEMBER **members);
+struct aliasdb_ops *unix_initialise_builtin_db(void);
+
 /*The following definitions come from  groupdb/groupdb.c  */
 
 BOOL initialise_group_db(void);
@@ -232,7 +261,7 @@ char *rep_inet_ntoa(struct in_addr ip);
 void get_sam_domain_name(void);
 BOOL get_member_domain_sid(void);
 void generate_wellknown_sids(void);
-BOOL generate_sam_sid(void);
+BOOL generate_sam_sid(char *domain_name);
 BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain);
 BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain);
 BOOL split_domain_name(char *fullname, char *domain, char *name);
index dc2be5d2b856a2df45f199025c49beb28b4dc846..4380c1236fcc773bc017529870604321db0b55ed 100644 (file)
@@ -77,6 +77,7 @@ struct nt_client_info
 
     POLICY_HND samr_pol_connect;
     POLICY_HND samr_pol_open_domain;
+    POLICY_HND samr_pol_open_builtindom;
     POLICY_HND samr_pol_open_user;
 
     struct acct_info *sam;
index 3de5b6078554f3bd623d548d414c81c51532c35e..cc96a014c461116ca19cb47e54f66d30ab989e01 100644 (file)
@@ -273,8 +273,6 @@ static void delete_map_list(ubi_slList *map_list)
 ***************************************************************************/
 static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
 {
-       DEBUG(10,("make_mydomain_sid\n"));
-
        if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
        {
                DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
@@ -287,8 +285,10 @@ static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
                /*
                 * only builtin aliases are recognised in S-1-5-20
                 */
+               DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n",
+                          grp->nt_name));
 
-               if (!lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type))
+               if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0)
                {
                        DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n",
                                  grp->unix_name, grp->nt_name));
@@ -584,9 +584,6 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type)
                if (!*unixname)
                        continue;
 
-               DEBUG(5,("unixname = %s, ntname = %s.\n",
-                         unixname, nt_name));
-
                p = strchr(nt_name, '\\');
 
                if (p == NULL)
@@ -602,9 +599,11 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type)
                        fstrcpy(nt_group , p);
                }
 
-               if (make_name_entry(&new_ep, nt_domain, nt_name, unixname, type))
+               if (make_name_entry(&new_ep, nt_domain, nt_group, unixname, type))
                {
                        ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
+                       DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n",
+                                 unixname, nt_domain, nt_group, new_ep->grp.type));
                }
        }
 
index 432c3349e337dbb1c94825a1c0f48d02e558576e..854e9d578674c14a0bc6f6b59eae3287b37bafce 100644 (file)
@@ -268,22 +268,24 @@ void generate_wellknown_sids(void)
 }
 
 /****************************************************************************
- Generate the global machine sid. Look for the MACHINE.SID file first, if
- not found then look in smb.conf and use it to create the MACHINE.SID file.
+ Generate the global machine sid. Look for the DOMAINNAME.SID file first, if
+ not found then look in smb.conf and use it to create the DOMAINNAME.SID file.
 ****************************************************************************/
-BOOL generate_sam_sid(void)
+BOOL generate_sam_sid(char *domain_name)
 {
        int fd;
        int i;
        char *p;
        pstring sid_file;
        fstring sid_string;
+       fstring file_name;
        SMB_STRUCT_STAT st;
        uchar raw_sid_data[12];
 
        pstrcpy(sid_file, lp_smb_passwd_file());
        p = strrchr(sid_file, '/');
-       if (p != NULL) {
+       if (p != NULL)
+       {
                *++p = '\0';
        }
 
@@ -295,7 +297,9 @@ BOOL generate_sam_sid(void)
                }
        }
 
-       pstrcat(sid_file, "MACHINE.SID");
+       slprintf(file_name, sizeof(file_name)-1, "%s.SID", domain_name);
+       strupper(file_name);
+       pstrcat(sid_file, file_name);
     
        if ((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) {
                DEBUG(0,("unable to open or create file %s. Error was %s\n",
index 50cc0510d8a3e05f3703916ae6d575aa3f9e96d7..74d5ff6794c17b12cd810c85c92d196d8a44ea6b 100644 (file)
@@ -176,8 +176,6 @@ uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain,
                rid      = builtin_alias_rids[i].rid;
                als_name = builtin_alias_rids[i].name;
 
-               i++;
-
                if (strequal(als_name, alias_name))
                {
                        if (sid != NULL)
@@ -193,6 +191,8 @@ uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain,
                        return 0x0;
                }
                        
+               i++;
+
        } while (als_name != NULL);
 
        return 0xC0000000 | NT_STATUS_NONE_MAPPED;
@@ -431,9 +431,10 @@ BOOL pwdb_initialise(void)
 
        generate_wellknown_sids();
 
-       if (!generate_sam_sid())
+       if (!generate_sam_sid(global_sam_name))
        {
-               DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
+               DEBUG(0,("ERROR: Samba cannot create a SAM SID for its domain (%s).\n",
+                         global_sam_name));
                return False;
        }
 
index abbe4ccd936970d3669fdb991c165b684640a2bf..62c8f8a0cd80c181e00c5c25566a8c737c28affb 100644 (file)
@@ -32,9 +32,7 @@ extern DOM_SID global_sam_sid;
 extern fstring global_sam_name;
 extern DOM_SID global_member_sid;
 extern fstring global_myworkgroup;
-extern DOM_SID global_sid_S_1_1;
-extern DOM_SID global_sid_S_1_3;
-extern DOM_SID global_sid_S_1_5;
+extern DOM_SID global_sid_S_1_5_20;
 
 /***************************************************************************
 lsa_reply_open_policy2
@@ -264,7 +262,8 @@ static void make_lsa_trans_names(DOM_R_REF *ref,
                else if (sid_split_rid         (&find_sid, &rid) &&
                         map_domain_sid_to_name(&find_sid, dom_name))
                {
-                       if (sid_equal(&find_sid, &global_sam_sid))
+                       if (sid_equal(&find_sid, &global_sam_sid) ||
+                           sid_equal(&find_sid, &global_sid_S_1_5_20))
                        {
                                status = lookup_sid(&tmp_sid, name, &sid_name_use);
                        }
index 0de09e60853a11f35497790fa5426cf2dcf604ad..8972351d90ee48c7353b9d1eef6566f7fbf5745c 100644 (file)
@@ -73,7 +73,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 {
        /* Static buffers we will return. */
        static struct smb_passwd pw_buf;
-       static pstring  nt_name;
+       static pstring  unix_name;
        static unsigned char smbpwd[16];
        static unsigned char smbntpwd[16];
        char            linebuf[256];
@@ -115,7 +115,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
                 * As 256 is shorter than a pstring we don't need to check
                 * length here - if this ever changes....
                 */
-               p = strncpyn(nt_name, linebuf, sizeof(nt_name), ':');
+               p = strncpyn(unix_name, linebuf, sizeof(unix_name), ':');
 
                /* Go past ':' */
                p++;
@@ -124,7 +124,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 
                p = Atoic( p, &uidval, ":");
 
-               pw_buf.nt_name = nt_name;
+               pw_buf.unix_name = unix_name;
                pw_buf.unix_uid = uidval;
 
                /*
@@ -139,7 +139,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
                if (*p == '*' || *p == 'X')
                {
                        /* Password deliberately invalid - end here. */
-                       DEBUG(10, ("getsmbfilepwent: entry invalidated for nt user %s\n", nt_name));
+                       DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name));
                        pw_buf.smb_nt_passwd = NULL;
                        pw_buf.smb_passwd = NULL;
                        pw_buf.acct_ctrl |= ACB_DISABLED;
@@ -194,8 +194,8 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
                        p += 33;
                }
 
-               DEBUG(5,("getsmbfilepwent: returning passwd entry for nt user %s, unix uid %d\n",
-                         nt_name, uidval));
+               DEBUG(5,("getsmbfilepwent: returning passwd entry for unix user %s, unix uid %d\n",
+                         unix_name, uidval));
 
                if (*p == '[')
                {
@@ -226,7 +226,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
                         * password file as 'normal accounts'. If this changes
                         * we will have to fix this code. JRA.
                         */
-                       if (pw_buf.nt_name[strlen(pw_buf.nt_name) - 1] == '$')  
+                       if (pw_buf.unix_name[strlen(pw_buf.unix_name) - 1] == '$')      
                        {
                                pw_buf.acct_ctrl &= ~ACB_NORMAL;
                                pw_buf.acct_ctrl |= ACB_WSTRUST;
@@ -272,8 +272,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
    */
 
   while ((pwd = getsmbfilepwent(fp)) != NULL) {
-    if (strequal(newpwd->nt_name, pwd->nt_name)) {
-      DEBUG(0, ("add_smbfilepwd_entry: entry with nt name %s already exists\n", pwd->nt_name));
+    if (strequal(newpwd->unix_name, pwd->unix_name)) {
+      DEBUG(0, ("add_smbfilepwd_entry: entry with unix name %s already exists\n", pwd->unix_name));
       endsmbfilepwent(fp);
       return False;
     }
@@ -290,21 +290,21 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
 
   if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
     DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
+Error was %s\n", newpwd->unix_name, pfile, strerror(errno)));
     endsmbfilepwent(fp);
     return False;
   }
 
-  new_entry_length = strlen(newpwd->nt_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
+  new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
 
   if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
     DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
+Error was %s\n", newpwd->unix_name, pfile, strerror(errno)));
     endsmbfilepwent(fp);
     return False;
   }
 
-  slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->nt_name, (unsigned)newpwd->unix_uid);
+  slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->unix_name, (unsigned)newpwd->unix_uid);
   p = &new_entry[strlen(new_entry)];
 
   if(newpwd->smb_passwd != NULL) {
@@ -349,13 +349,13 @@ Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
 
   if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) {
     DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
-Error was %s\n", wr_len, newpwd->nt_name, pfile, strerror(errno)));
+Error was %s\n", wr_len, newpwd->unix_name, pfile, strerror(errno)));
 
     /* Remove the entry we just wrote. */
     if(sys_ftruncate(fd, offpos) == -1) {
       DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
 Error was %s. Password file may be corrupt ! Please examine by hand !\n", 
-             newpwd->nt_name, strerror(errno)));
+             newpwd->unix_name, strerror(errno)));
     }
 
     endsmbfilepwent(fp);
@@ -380,7 +380,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
 static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 {
   /* Static buffers we will return. */
-  static pstring  nt_name;
+  static pstring  unix_name;
 
   char            linebuf[256];
   char            readbuf[1024];
@@ -498,9 +498,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
      * As 256 is shorter than a pstring we don't need to check
      * length here - if this ever changes....
      */
-    strncpy(nt_name, linebuf, PTR_DIFF(p, linebuf));
-    nt_name[PTR_DIFF(p, linebuf)] = '\0';
-    if (strequal(nt_name, pwd->nt_name)) {
+    strncpy(unix_name, linebuf, PTR_DIFF(p, linebuf));
+    unix_name[PTR_DIFF(p, linebuf)] = '\0';
+    if (strequal(unix_name, pwd->unix_name)) {
       found_entry = True;
       break;
     }
@@ -545,7 +545,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 
   if (!override && (*p == '*' || *p == 'X')) {
     /* Password deliberately invalid - end here. */
-    DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for nt user %s\n", nt_name));
+    DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for unix user %s\n", unix_name));
     file_unlock(lockfd, &pw_file_lock_depth);
     fclose(fp);
     return False;
index 26c6d6ff1302317d7c24e9a3ee7cfc59af818cb2..38f9cdf2e49278b93c16775dae917d75170fccbd 100644 (file)
@@ -107,6 +107,7 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
        
        if (als_rids == NULL && grp_rids == NULL)
        {
+               /* they didn't want to know the members. */
                return pwdb_sam_to_smb(pw_buf);
        }
 
@@ -131,6 +132,17 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
                 * find the unix name for each user's group.
                 * assume the unix group is an nt name (alias? group? user?)
                 * (user or not our own domain will be an error).
+                *
+                * oh, oh, can anyone spot what's missing heeere?
+                * you guessed it: built-in aliases.  those are in
+                * Domain S-1-5-20, and NT Domain Users can only
+                * have lists of RIDs as groups.
+                *
+                * doesn't stop you making NT Domain Users a member
+                * of a BUILTIN Alias (e.g "Administrators" or "Power Users")
+                * it's just that there's no way to tell that from this
+                * API call: wrong domain, sorry.
+                *
                 */
 
                DOM_NAME_MAP gmep;
index e8f1cac19b899384733be077a23fd55f023e385d..087ee5dadee671dc49b580b785eb51e2c5b08d0d 100644 (file)
@@ -306,10 +306,11 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli,
 
                                if (dom_idx != 0xffffffff)
                                {
-                                       fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer));
-                                       fstrcpy(name    , unistr2(t_names.uni_name[i].buffer));
+                                       fstrcpy(dom_name, unistr2_to_str(&ref.ref_dom[dom_idx].uni_dom_name));
+                                       fstrcpy(name    , unistr2_to_str(&t_names.uni_name[i]));
                                        
-                                       slprintf(full_name, sizeof(full_name), "%s\\%s",
+                                       memset(full_name, 0, sizeof(full_name));
+                                       slprintf(full_name, sizeof(full_name)-1, "%s\\%s",
                                                 dom_name, name);
 
                                        (*names)[i] = strdup(full_name);
index abbe4ccd936970d3669fdb991c165b684640a2bf..62c8f8a0cd80c181e00c5c25566a8c737c28affb 100644 (file)
@@ -32,9 +32,7 @@ extern DOM_SID global_sam_sid;
 extern fstring global_sam_name;
 extern DOM_SID global_member_sid;
 extern fstring global_myworkgroup;
-extern DOM_SID global_sid_S_1_1;
-extern DOM_SID global_sid_S_1_3;
-extern DOM_SID global_sid_S_1_5;
+extern DOM_SID global_sid_S_1_5_20;
 
 /***************************************************************************
 lsa_reply_open_policy2
@@ -264,7 +262,8 @@ static void make_lsa_trans_names(DOM_R_REF *ref,
                else if (sid_split_rid         (&find_sid, &rid) &&
                         map_domain_sid_to_name(&find_sid, dom_name))
                {
-                       if (sid_equal(&find_sid, &global_sam_sid))
+                       if (sid_equal(&find_sid, &global_sam_sid) ||
+                           sid_equal(&find_sid, &global_sid_S_1_5_20))
                        {
                                status = lookup_sid(&tmp_sid, name, &sid_name_use);
                        }
index fb613c3c51e2ce71373bc8cccd72611215008ce0..d0f139645cac7a4284218c0a5f5b8e82257383ea 100644 (file)
@@ -732,6 +732,7 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
 {
        uint32 status = 0;
 
+       LOCAL_GRP *mem_grp = NULL;
        uint32 *rid = NULL;
        int num_rids = 0;
        struct sam_passwd *sam_pass;
@@ -781,21 +782,32 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
 
        if (status == 0x0)
        {
+               DEBUG(10,("sid is %s\n", dom_sid_str));
+
                if (sid_equal(&dom_sid, &global_sid_S_1_5_20))
                {
                        DEBUG(10,("lookup on S-1-5-20\n"));
+
+                       become_root(True);
+                       getuserbuiltinntnam(sam_pass->nt_name, &mem_grp, &num_rids);
+                       unbecome_root(True);
                }
                else if (sid_equal(&dom_sid, &usr_sid))
                {
-                       LOCAL_GRP *mem_grp = NULL;
-                       num_rids = 0;
-
                        DEBUG(10,("lookup on Domain SID\n"));
 
                        become_root(True);
                        getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids);
                        unbecome_root(True);
+               }
+               else
+               {
+                       status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+               }
+       }
 
+       if (status == 0x0 && num_rids > 0)
+       {
                        rid = malloc(num_rids * sizeof(uint32));
                        if (mem_grp != NULL && rid != NULL)
                        {
@@ -805,11 +817,6 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
                                        rid[i] = mem_grp[i].rid;
                                }
                                free(mem_grp);
-                       }
-               }
-               else
-               {
-                       status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
                }
        }
 
index 7a65fc5c37a240f37dd6d4bd7a099aaf60429684..4d77f67b54b813a6ef635684b4d227ef91f48e4d 100644 (file)
@@ -181,8 +181,10 @@ void cmd_sam_enum_users(struct client_info *info)
        fstring domain;
        fstring sid;
        DOM_SID sid1;
+       DOM_SID sid_1_5_20;
        int user_idx;
        BOOL res = True;
+       BOOL res1 = True;
        BOOL request_user_info  = False;
        BOOL request_group_info = False;
        BOOL request_alias_info = False;
@@ -218,6 +220,10 @@ void cmd_sam_enum_users(struct client_info *info)
                        request_group_info |= strequal(tmp, "-g");
                        request_alias_info |= strequal(tmp, "-a");
                }
+               else
+               {
+                       break;
+               }
        }
 
 #ifdef DEBUG_TESTING
@@ -242,6 +248,8 @@ void cmd_sam_enum_users(struct client_info *info)
        }
 #endif
 
+       string_to_sid(&sid_1_5_20, "S-1-5-32");
+
        fprintf(out_hnd, "SAM Enumerate Users\n");
        fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
                          info->myhostname, srv_name, domain, sid);
@@ -264,6 +272,11 @@ void cmd_sam_enum_users(struct client_info *info)
                    &info->dom.samr_pol_connect, admin_rid, &sid1,
                    &info->dom.samr_pol_open_domain) : False;
 
+       /* connect to the S-1-5-20 domain */
+       res1 = res ? do_samr_open_domain(smb_cli, 
+                   &info->dom.samr_pol_connect, admin_rid, &sid_1_5_20,
+                   &info->dom.samr_pol_open_builtindom) : False;
+
        /* read some users */
        res = res ? do_samr_enum_dom_users(smb_cli, 
                                &info->dom.samr_pol_open_domain,
@@ -275,12 +288,8 @@ void cmd_sam_enum_users(struct client_info *info)
                fprintf(out_hnd, "No users\n");
        }
 
-       if (request_user_info || request_group_info || request_alias_info)
-       {
                /* query all the users */
-               user_idx = 0;
-
-               while (res && user_idx < info->dom.num_sam_entries)
+       for (user_idx = 0; res && user_idx < info->dom.num_sam_entries; user_idx++)
                {
                        uint32 user_rid = info->dom.sam[user_idx].user_rid;
                        SAM_USER_INFO_21 usr;
@@ -332,16 +341,26 @@ void cmd_sam_enum_users(struct client_info *info)
                                                        &info->dom.samr_pol_open_domain,
                                                        &als_sid, &num_aliases, rid))
                                {
-                                       display_alias_rid_info(out_hnd, ACTION_HEADER   , &als_sid, num_aliases, rid);
-                                       display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &als_sid, num_aliases, rid);
-                                       display_alias_rid_info(out_hnd, ACTION_FOOTER   , &als_sid, num_aliases, rid);
-                               }
+                               display_alias_rid_info(out_hnd, ACTION_HEADER   , &sid1, num_aliases, rid);
+                               display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &sid1, num_aliases, rid);
+                               display_alias_rid_info(out_hnd, ACTION_FOOTER   , &sid1, num_aliases, rid);
                        }
 
-                       user_idx++;
+                       /* send user alias query */
+                       if (res1 && do_samr_query_useraliases(smb_cli,
+                                               &info->dom.samr_pol_open_builtindom,
+                                               &als_sid, &num_aliases, rid))
+                       {
+                               display_alias_rid_info(out_hnd, ACTION_HEADER   , &sid_1_5_20, num_aliases, rid);
+                               display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &sid_1_5_20, num_aliases, rid);
+                               display_alias_rid_info(out_hnd, ACTION_FOOTER   , &sid_1_5_20, num_aliases, rid);
+                       }
                }
        }
 
+       res1 = res1 ? do_samr_close(smb_cli,
+                   &info->dom.samr_pol_open_builtindom) : False;
+
        res = res ? do_samr_close(smb_cli,
                    &info->dom.samr_pol_open_domain) : False;
 
index 3a32e1871f2ed6dfb899d0662012352190084832..7a16d8abf38601bdb57f7c334918631dd8f47b35 100644 (file)
@@ -676,6 +676,11 @@ static void usage(char *pname)
                exit(1);
        }
 
+       if(!initialise_builtin_db())
+       {
+               exit(1);
+       }
+
        if (!get_member_domain_sid())
        {
                DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n",