/*
lookup a SID for 1 name
*/
-static NTSTATUS dcesrv_lsa_lookup_name(struct event_context *ev_ctx,
+static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
struct loadparm_context *lp_ctx,
struct lsa_policy_state *state, TALLOC_CTX *mem_ctx,
- const char *name, const char **authority_name,
- struct dom_sid **sid, enum lsa_SidType *rtype)
+ const char *name, const char **authority_name,
+ struct dom_sid **sid, enum lsa_SidType *rtype,
+ uint32_t *rid)
{
int ret, atype, i;
struct ldb_message **res;
/* Look up table of well known names */
status = lookup_well_known_names(mem_ctx, NULL, username, authority_name, sid, rtype);
if (NT_STATUS_IS_OK(status)) {
+ dom_sid_split_rid(NULL, *sid, NULL, rid);
+ return NT_STATUS_OK;
+ }
+
+ if (username == NULL) {
+ *authority_name = NAME_BUILTIN;
+ *sid = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN);
+ *rtype = SID_NAME_DOMAIN;
+ *rid = 0xFFFFFFFF;
return NT_STATUS_OK;
}
*authority_name = NAME_NT_AUTHORITY;
*sid = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHORITY);
*rtype = SID_NAME_DOMAIN;
+ dom_sid_split_rid(NULL, *sid, NULL, rid);
return NT_STATUS_OK;
}
if (strcasecmp_m(username, NAME_BUILTIN) == 0) {
*authority_name = NAME_BUILTIN;
*sid = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN);
*rtype = SID_NAME_DOMAIN;
+ *rid = 0xFFFFFFFF;
return NT_STATUS_OK;
}
if (strcasecmp_m(username, state->domain_dns) == 0) {
*authority_name = state->domain_name;
*sid = state->domain_sid;
*rtype = SID_NAME_DOMAIN;
+ *rid = 0xFFFFFFFF;
return NT_STATUS_OK;
}
if (strcasecmp_m(username, state->domain_name) == 0) {
*authority_name = state->domain_name;
*sid = state->domain_sid;
*rtype = SID_NAME_DOMAIN;
+ *rid = 0xFFFFFFFF;
return NT_STATUS_OK;
}
if (!name) {
return NT_STATUS_NO_MEMORY;
}
- status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype);
+ status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid);
if (NT_STATUS_IS_OK(status)) {
return status;
}
if (!name) {
return NT_STATUS_NO_MEMORY;
}
- status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype);
+ status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid);
if (NT_STATUS_IS_OK(status)) {
return status;
}
if (!name) {
return NT_STATUS_NO_MEMORY;
}
- status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype);
+ status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid);
if (NT_STATUS_IS_OK(status)) {
return status;
}
*authority_name = NAME_NT_AUTHORITY;
*sid = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHORITY);
*rtype = SID_NAME_DOMAIN;
+ dom_sid_split_rid(NULL, *sid, NULL, rid);
return NT_STATUS_OK;
}
/* Look up table of well known names */
- return lookup_well_known_names(mem_ctx, domain, username, authority_name,
- sid, rtype);
+ status = lookup_well_known_names(mem_ctx, domain, username, authority_name,
+ sid, rtype);
+ if (NT_STATUS_IS_OK(status)) {
+ dom_sid_split_rid(NULL, *sid, NULL, rid);
+ }
+ return status;
} else if (strcasecmp_m(domain, NAME_BUILTIN) == 0) {
*authority_name = NAME_BUILTIN;
domain_dn = state->builtin_dn;
if (!*username) {
*sid = domain_sid;
*rtype = SID_NAME_DOMAIN;
+ *rid = 0xFFFFFFFF;
return NT_STATUS_OK;
}
atype = samdb_result_uint(res[i], "sAMAccountType", 0);
- *rtype = samdb_atype_map(atype);
+ *rtype = ds_atype_map(atype);
if (*rtype == SID_NAME_UNKNOWN) {
return STATUS_SOME_UNMAPPED;
}
atype = samdb_result_uint(res[0], "sAMAccountType", 0);
- *rtype = samdb_atype_map(atype);
+ *rtype = ds_atype_map(atype);
return NT_STATUS_OK;
}
struct lsa_LookupSids2 *r)
{
struct lsa_policy_state *state;
+ struct lsa_RefDomainList *domains = NULL;
int i;
NTSTATUS status = NT_STATUS_OK;
return NT_STATUS_INVALID_PARAMETER;
}
- r->out.domains = NULL;
+ *r->out.domains = NULL;
/* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as
return status;
}
- r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
- if (r->out.domains == NULL) {
+ domains = talloc_zero(r->out.domains, struct lsa_RefDomainList);
+ if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ *r->out.domains = domains;
r->out.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2);
if (r->out.names == NULL) {
/* set up the authority table */
status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype,
authority_name, sid,
- r->out.domains, &sid_index);
+ domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
(*r->out.count)++;
}
-
+
if (*r->out.count == 0) {
return NT_STATUS_NONE_MAPPED;
}
r2.in.names = r->in.names;
r2.in.level = r->in.level;
r2.in.count = r->in.count;
- r2.in.unknown1 = r->in.unknown1;
- r2.in.unknown2 = r->in.unknown2;
+ r2.in.lookup_options = r->in.lookup_options;
+ r2.in.client_revision = r->in.client_revision;
r2.out.count = r->out.count;
r2.out.names = r->out.names;
+ r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
r2.in.names = NULL;
r2.in.level = r->in.level;
r2.in.count = r->in.count;
- r2.in.unknown1 = 0;
- r2.in.unknown2 = 0;
+ r2.in.lookup_options = 0;
+ r2.in.client_revision = 0;
r2.out.count = r->out.count;
r2.out.names = NULL;
+ r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
/* we deliberately don't check for error from the above,
struct dcesrv_handle *policy_handle;
int i;
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ struct lsa_RefDomainList *domains;
DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
policy_state = policy_handle->data;
- r->out.domains = NULL;
+ *r->out.domains = NULL;
- r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
- if (r->out.domains == NULL) {
+ domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
+ if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ *r->out.domains = domains;
r->out.sids = talloc_zero(mem_ctx, struct lsa_TransSidArray3);
if (r->out.sids == NULL) {
const char *name = r->in.names[i].string;
const char *authority_name;
struct dom_sid *sid;
- uint32_t sid_index;
+ uint32_t sid_index, rid;
enum lsa_SidType rtype;
NTSTATUS status2;
r->out.sids->sids[i].sid_index = 0xFFFFFFFF;
r->out.sids->sids[i].flags = 0;
- status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, &authority_name, &sid, &rtype);
+ status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name,
+ &authority_name, &sid, &rtype, &rid);
if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
continue;
}
status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name,
- sid, r->out.domains, &sid_index);
+ sid, domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
struct dcesrv_handle *h;
int i;
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ struct lsa_RefDomainList *domains;
- r->out.domains = NULL;
+ *r->out.domains = NULL;
DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
state = h->data;
- r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
- if (r->out.domains == NULL) {
+ domains = talloc_zero(mem_ctx, struct lsa_RefDomainList);
+ if (domains == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ *r->out.domains = domains;
r->out.sids = talloc_zero(mem_ctx, struct lsa_TransSidArray2);
if (r->out.sids == NULL) {
const char *name = r->in.names[i].string;
const char *authority_name;
struct dom_sid *sid;
- uint32_t rtype, sid_index;
+ uint32_t rtype, sid_index, rid=0;
NTSTATUS status2;
r->out.sids->count++;
r->out.sids->sids[i].unknown = 0;
status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, state, mem_ctx, name,
- &authority_name, &sid, &rtype);
+ &authority_name, &sid, &rtype, &rid);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name,
- sid, r->out.domains, &sid_index);
+ sid, domains, &sid_index);
if (!NT_STATUS_IS_OK(status2)) {
continue;
}
r->out.sids->sids[i].sid_type = rtype;
- r->out.sids->sids[i].rid = sid->sub_auths[sid->num_auths-1];
+ r->out.sids->sids[i].rid = rid;
r->out.sids->sids[i].sid_index = sid_index;
r->out.sids->sids[i].unknown = 0;
r2.in.lookup_options = 0;
r2.in.client_revision = 0;
r2.out.count = r->out.count;
+ r2.out.domains = r->out.domains;
status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2);
if (r2.out.sids == NULL) {
return status;
}
- r->out.domains = r2.out.domains;
r->out.sids = talloc(mem_ctx, struct lsa_TransSidArray);
if (r->out.sids == NULL) {
return NT_STATUS_NO_MEMORY;