From 3b529d50be5613f37cf853714ecf78887df1d01b Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Mon, 17 May 2010 22:04:24 +0200 Subject: [PATCH] s3-rpc_misc: clean out include/rpc_misc.h. Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther --- source3/auth/auth_util.c | 2 +- source3/auth/token_util.c | 8 ++++---- source3/groupdb/mapping.c | 2 +- source3/include/rpc_misc.h | 20 -------------------- source3/passdb/passdb.c | 10 +++++----- source3/passdb/pdb_get_set.c | 4 ++-- source3/passdb/pdb_interface.c | 6 +++--- source3/passdb/pdb_ldap.c | 2 +- source3/passdb/pdb_smbpasswd.c | 4 ++-- source3/printing/nt_printing.c | 10 +++++----- source3/rpc_server/srv_lsa_nt.c | 2 +- source3/rpc_server/srv_samr_nt.c | 10 +++++----- source3/rpc_server/srv_spoolss_util.c | 2 +- source3/rpc_server/srv_srvsvc_nt.c | 2 +- source3/rpc_server/srv_wkssvc_nt.c | 4 ++-- source3/utils/net_groupmap.c | 4 ++-- source3/utils/net_sam.c | 10 +++++----- source3/winbindd/winbindd_ads.c | 2 +- source3/winbindd/winbindd_pam.c | 2 +- source3/winbindd/winbindd_passdb.c | 2 +- source3/winbindd/winbindd_rpc.c | 2 +- 21 files changed, 45 insertions(+), 65 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5e39dca60aa..1f833816061 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -697,7 +697,7 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ser return NT_STATUS_NO_MEMORY; } - sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST); + sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_RID_GUEST); become_root(); ret = pdb_getsampwsid(sampass, &guest_sid); diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index cf4a54143d1..d60d9294823 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -189,7 +189,7 @@ static NTSTATUS add_builtin_administrators(struct nt_user_token *token, } else { sid_copy(&domadm, dom_sid); } - sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS ); + sid_append_rid( &domadm, DOMAIN_RID_ADMINS ); /* Add Administrators if the user beloongs to Domain Admins */ @@ -280,7 +280,7 @@ NTSTATUS create_builtin_users(const DOM_SID *dom_sid) /* add domain users */ if ((IS_DC || (lp_server_role() == ROLE_DOMAIN_MEMBER)) - && sid_compose(&dom_users, dom_sid, DOMAIN_GROUP_RID_USERS)) + && sid_compose(&dom_users, dom_sid, DOMAIN_RID_USERS)) { status = add_sid_to_builtin(&global_sid_Builtin_Users, &dom_users); @@ -309,7 +309,7 @@ NTSTATUS create_builtin_administrators(const DOM_SID *dom_sid) /* add domain admins */ if ((IS_DC || (lp_server_role() == ROLE_DOMAIN_MEMBER)) - && sid_compose(&dom_admins, dom_sid, DOMAIN_GROUP_RID_ADMINS)) + && sid_compose(&dom_admins, dom_sid, DOMAIN_RID_ADMINS)) { status = add_sid_to_builtin(&global_sid_Builtin_Administrators, &dom_admins); @@ -765,7 +765,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, sid_copy(&group_sids[0], &user_sid); sid_split_rid(&group_sids[0], &dummy); - sid_append_rid(&group_sids[0], DOMAIN_GROUP_RID_USERS); + sid_append_rid(&group_sids[0], DOMAIN_RID_USERS); if (!sid_to_gid(&group_sids[0], gid)) { DEBUG(1, ("sid_to_gid(%s) failed\n", diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 7add05e84c6..da5a866619b 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -126,7 +126,7 @@ bool get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) sid_peek_rid( &sid, &rid ); - if ( rid == DOMAIN_GROUP_RID_USERS ) { + if ( rid == DOMAIN_RID_USERS ) { fstrcpy( map->nt_name, "None" ); fstrcpy( map->comment, "Ordinary Users" ); sid_copy( &map->sid, &sid ); diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h index ccf7d6a7853..d8814e3bc1c 100644 --- a/source3/include/rpc_misc.h +++ b/source3/include/rpc_misc.h @@ -30,26 +30,6 @@ * well-known RIDs - Relative IDs **********************************************************************/ -/* RIDs - Well-known users ... */ -#define DOMAIN_USER_RID_ADMIN (0x000001F4L) -#define DOMAIN_USER_RID_GUEST (0x000001F5L) -#define DOMAIN_USER_RID_KRBTGT (0x000001F6L) - -/* RIDs - well-known groups ... */ -#define DOMAIN_GROUP_RID_ADMINS (0x00000200L) -#define DOMAIN_GROUP_RID_USERS (0x00000201L) -#define DOMAIN_GROUP_RID_GUESTS (0x00000202L) -#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) - -#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) -#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) -#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) -#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L) - -/* is the following the right number? I bet it is --simo -#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L) -*/ - /* RIDs - well-known aliases ... */ #define BUILTIN_ALIAS_RID_ADMINS (0x00000220L) #define BUILTIN_ALIAS_RID_USERS (0x00000221L) diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 0adefd5c6de..9514e052546 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -193,7 +193,7 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p /* Special case for the guest account which must have a RID of 501 */ if ( strequal( pwd->pw_name, guest_account ) ) { - if ( !pdb_set_user_sid_from_rid(user, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) { + if ( !pdb_set_user_sid_from_rid(user, DOMAIN_RID_GUEST, PDB_DEFAULT)) { return NT_STATUS_NO_SUCH_USER; } return NT_STATUS_OK; @@ -565,10 +565,10 @@ bool algorithmic_pdb_rid_is_user(uint32 rid) { if ( rid_is_well_known(rid) ) { /* - * The only well known user RIDs are DOMAIN_USER_RID_ADMIN - * and DOMAIN_USER_RID_GUEST. + * The only well known user RIDs are DOMAIN_RID_ADMINISTRATOR + * and DOMAIN_RID_GUEST. */ - if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) + if(rid == DOMAIN_RID_ADMINISTRATOR || rid == DOMAIN_RID_GUEST) return True; } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) { return True; @@ -592,7 +592,7 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid, the group already exists. */ if ( strequal( name, "None" ) ) { - *rid = DOMAIN_GROUP_RID_USERS; + *rid = DOMAIN_RID_USERS; *type = SID_NAME_DOM_GRP; return True; diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 4725e8e2f1b..1416e287ac7 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -274,7 +274,7 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass) /* Just set it to the 'Domain Users' RID of 513 which will always resolve to a name */ - sid_compose(gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); + sid_compose(gsid, get_global_sam_sid(), DOMAIN_RID_USERS); sampass->group_sid = gsid; @@ -584,7 +584,7 @@ bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_valu /* if we cannot resolve the SID to gid, then just ignore it and store DOMAIN_USERS as the primary groupSID */ - sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); + sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS); if (sid_equal(&dug_sid, g_sid)) { sid_copy(sampass->group_sid, &dug_sid); diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 130909e7fec..abc023081ea 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -281,7 +281,7 @@ bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) ) return False; - if ( rid == DOMAIN_USER_RID_GUEST ) { + if ( rid == DOMAIN_RID_GUEST ) { DEBUG(6,("pdb_getsampwsid: Building guest account\n")); return guest_user_info( sam_acct ); } @@ -702,7 +702,7 @@ NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx, sid_peek_rid( sid, &rid ); - if ( rid == DOMAIN_GROUP_RID_USERS ) { + if ( rid == DOMAIN_RID_USERS ) { *p_num_members = 0; *pp_member_rids = NULL; @@ -1536,7 +1536,7 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, return False; } - if ( rid == DOMAIN_GROUP_RID_USERS ) { + if ( rid == DOMAIN_RID_USERS ) { *name = talloc_strdup(mem_ctx, "None" ); *psid_name_use = SID_NAME_DOM_GRP; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index a66ae9791ac..e3bd72a629c 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -5402,7 +5402,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods, DEBUG(3,("ldapsam_create_user: Creating new posix user\n")); /* retrieve the Domain Users group gid */ - if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS) || + if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_RID_USERS) || !sid_to_gid(&group_sid, &gid)) { DEBUG (0, ("ldapsam_create_user: Unable to get the Domain Users gid: bailing out!\n")); return NT_STATUS_INVALID_PRIMARY_GROUP; diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index a327da4cacc..17c7f333d23 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1195,7 +1195,7 @@ static bool build_smb_pass (struct smb_passwd *smb_pw, const struct samu *sampas rid = pdb_get_user_rid(sampass); /* If the user specified a RID, make sure its able to be both stored and retreived */ - if (rid == DOMAIN_USER_RID_GUEST) { + if (rid == DOMAIN_RID_GUEST) { struct passwd *passwd = getpwnam_alloc(NULL, lp_guestaccount()); if (!passwd) { DEBUG(0, ("Could not find guest account via getpwnam()! (%s)\n", lp_guestaccount())); @@ -1332,7 +1332,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam return NT_STATUS_UNSUCCESSFUL; /* More special case 'guest account' hacks... */ - if (rid == DOMAIN_USER_RID_GUEST) { + if (rid == DOMAIN_RID_GUEST) { const char *guest_account = lp_guestaccount(); if (!(guest_account && *guest_account)) { DEBUG(1, ("Guest account not specfied!\n")); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index a8bc5773705..76f112f818c 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -2653,7 +2653,7 @@ WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx, DOM_SID domadmins_sid; sid_compose(&domadmins_sid, get_global_sam_sid(), - DOMAIN_GROUP_RID_ADMINS); + DOMAIN_RID_ADMINS); sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &domadmins_sid, @@ -2663,7 +2663,7 @@ WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx, sa, SEC_ACE_FLAG_CONTAINER_INHERIT); } else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) { - sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN); + sid_append_rid(&adm_sid, DOMAIN_RID_ADMINISTRATOR); sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &adm_sid, @@ -5606,7 +5606,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) DOM_SID domadmins_sid; sid_compose(&domadmins_sid, get_global_sam_sid(), - DOMAIN_GROUP_RID_ADMINS); + DOMAIN_RID_ADMINS); sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &domadmins_sid, @@ -5616,7 +5616,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) sa, SEC_ACE_FLAG_CONTAINER_INHERIT); } else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) { - sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN); + sid_append_rid(&adm_sid, DOMAIN_RID_ADMINISTRATOR); sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &adm_sid, @@ -5725,7 +5725,7 @@ bool nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s /* Create new sd */ - sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN); + sid_append_rid(&owner_sid, DOMAIN_RID_ADMINISTRATOR); psd = make_sec_desc(ctx, (*secdesc_ctr)->sd->revision, (*secdesc_ctr)->sd->type, &owner_sid, diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 297af4ea011..afb85baef2a 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -335,7 +335,7 @@ static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); /* Add Full Access for Domain Admins */ - sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS); + sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_RID_ADMINS); init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 97ed381824f..70c162be9db 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -146,7 +146,7 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd if ( IS_DC ) { sid_compose(&domadmin_sid, get_global_sam_sid(), - DOMAIN_GROUP_RID_ADMINS); + DOMAIN_RID_ADMINS); init_sec_ace(&ace[i++], &domadmin_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); } @@ -267,7 +267,7 @@ void map_max_allowed_access(const NT_USER_TOKEN *nt_token, if ( IS_DC ) { DOM_SID domadmin_sid; sid_compose(&domadmin_sid, get_global_sam_sid(), - DOMAIN_GROUP_RID_ADMINS); + DOMAIN_RID_ADMINS); if (is_sid_in_token(nt_token, &domadmin_sid)) { *pacc_requested |= GENERIC_ALL_ACCESS; return; @@ -2319,13 +2319,13 @@ NTSTATUS _samr_OpenUser(pipes_struct *p, } /* * Cheat - allow GENERIC_RIGHTS_USER_WRITE if pipe user is - * in DOMAIN_GROUP_RID_ADMINS. This is almost certainly not + * in DOMAIN_RID_ADMINS. This is almost certainly not * what Windows does but is a hack for people who haven't * set up privileges on groups in Samba. */ if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) { if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->ptok, - DOMAIN_GROUP_RID_ADMINS)) { + DOMAIN_RID_ADMINS)) { des_access &= ~GENERIC_RIGHTS_USER_WRITE; extra_access = GENERIC_RIGHTS_USER_WRITE; DEBUG(4,("_samr_OpenUser: Allowing " @@ -3811,7 +3811,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, se_priv_copy(&se_rights, &se_priv_none); can_add_account = nt_token_check_domain_rid( p->server_info->ptok, - DOMAIN_GROUP_RID_ADMINS ); + DOMAIN_RID_ADMINS ); } DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n", diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c index 1752329e4c2..d9df1a0a5f3 100644 --- a/source3/rpc_server/srv_spoolss_util.c +++ b/source3/rpc_server/srv_spoolss_util.c @@ -2297,7 +2297,7 @@ create_default: size_t size; /* Create new sd */ - sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN); + sid_append_rid(&owner_sid, DOMAIN_RID_ADMINISTRATOR); new_secdesc = make_sec_desc(tmp_ctx, secdesc->revision, diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 6d86074a54b..ef320d0ec6b 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1292,7 +1292,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, if ((p->server_info->utok.uid != sec_initial_uid()) && ( ! nt_token_check_domain_rid(p->server_info->ptok, - DOMAIN_GROUP_RID_ADMINS))) { + DOMAIN_RID_ADMINS))) { goto done; } diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index a8cbfba368a..4106bc10bc5 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -800,7 +800,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, } if (!user_has_privileges(token, &se_machine_account) && - !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && + !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) && !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) { DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have " "sufficient privileges\n")); @@ -871,7 +871,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, } if (!user_has_privileges(token, &se_machine_account) && - !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && + !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) && !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) { DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have " "sufficient privileges\n")); diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c index b39a52ed027..9b46808b8b4 100644 --- a/source3/utils/net_groupmap.c +++ b/source3/utils/net_groupmap.c @@ -200,10 +200,10 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv) for ( i=0; ipw_name, lp_ldap_user_suffix ()); uidstr = talloc_asprintf(tc, "%u", (unsigned int)pwd->pw_uid); @@ -1959,7 +1959,7 @@ doma_done: goto failed; } - sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS); + sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_GUESTS); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index f647a3ffaf1..50abcc30c3a 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -506,7 +506,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, /* Assume "Domain Users" for the primary group */ - sid_compose(&info->group_sid, &domain->sid, DOMAIN_GROUP_RID_USERS ); + sid_compose(&info->group_sid, &domain->sid, DOMAIN_RID_USERS ); /* Try to fill in what the nss_info backend can do */ diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 95543397694..34f1fbc3416 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1039,7 +1039,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, DEBUG(10,("winbindd_dual_pam_auth_cached: failed to get password properties.\n")); } - if ((my_info3->base.rid != DOMAIN_USER_RID_ADMIN) || + if ((my_info3->base.rid != DOMAIN_RID_ADMINISTRATOR) || (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)) { my_info3->base.acct_flags |= ACB_AUTOLOCK; } diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index 34b5990a3f9..023f68f1b3e 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -467,7 +467,7 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain, something like that. */ sid_compose(&(*info)[i].group_sid, &domain->sid, - DOMAIN_GROUP_RID_USERS); + DOMAIN_RID_USERS); } TALLOC_FREE(ps); diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 87494db2bba..793cc430f04 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -124,7 +124,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, something like that. */ sid_compose(&dst->group_sid, &domain->sid, - DOMAIN_GROUP_RID_USERS); + DOMAIN_RID_USERS); } } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); -- 2.34.1