return NT_STATUS_NO_MEMORY;
}
- sid_copy(&guest_sid, get_global_sam_sid());
- sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST);
+ sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST);
become_root();
ret = pdb_getsampwsid(sampass, &guest_sid);
matches.
*/
- sid_copy(&user_sid, info3->base.domain_sid);
- if (!sid_append_rid(&user_sid, info3->base.rid)) {
+ if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) {
return NT_STATUS_INVALID_PARAMETER;
}
- sid_copy(&group_sid, info3->base.domain_sid);
- if (!sid_append_rid(&group_sid, info3->base.primary_gid)) {
+ if (!sid_compose(&group_sid, info3->base.domain_sid,
+ info3->base.primary_gid)) {
return NT_STATUS_INVALID_PARAMETER;
}
DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
name, (unsigned int)gid, (unsigned int)new_rid));
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, new_rid);
+ sid_compose(&sid, get_global_sam_sid(), new_rid);
map.gid = gid;
sid_copy(&map.sid, &sid);
goto done;
}
- sid_copy(&user_sid, get_global_sam_sid());
- sid_append_rid(&user_sid, r->rid);
+ sid_compose(&user_sid, get_global_sam_sid(), r->rid);
DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n",
sid_to_fstring(sid_string, &user_sid), account));
fstrcpy(comment, r->description.string);
/* add the group to the mapping table */
- sid_copy(&group_sid, get_global_sam_sid());
- sid_append_rid(&group_sid, rid);
+ sid_compose(&group_sid, get_global_sam_sid(), rid);
sid_to_fstring(sid_string, &group_sid);
if (pdb_getgrsid(&map, group_sid)) {
return NT_STATUS_OK;
}
- sid_copy(&group_sid, get_global_sam_sid());
- sid_append_rid(&group_sid, rid);
+ sid_compose(&group_sid, get_global_sam_sid(), rid);
if (!get_domain_group_from_sid(group_sid, &map)) {
DEBUG(0, ("Could not find global group %d\n", rid));
return NT_STATUS_NO_MEMORY;
}
- sid_copy(&member_sid, get_global_sam_sid());
- sid_append_rid(&member_sid, r->rids[i]);
+ sid_compose(&member_sid, get_global_sam_sid(), r->rids[i]);
if (!pdb_getsampwsid(member, &member_sid)) {
DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n",
fstrcpy(comment, r->description.string);
/* Find out whether the group is already mapped */
- sid_copy(&alias_sid, dom_sid);
- sid_append_rid(&alias_sid, rid);
+ sid_compose(&alias_sid, dom_sid, rid);
sid_to_fstring(sid_string, &alias_sid);
if (pdb_getgrsid(&map, alias_sid)) {
NETSAMLOGON_TDB));
return;
}
- sid_copy(&user_sid, info3->base.domain_sid);
- sid_append_rid(&user_sid, info3->base.rid);
+ sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid);
/* Prepare key as DOMAIN-SID/USER-RID string */
slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, &user_sid));
return false;
}
- sid_copy(&user_sid, info3->base.domain_sid);
- sid_append_rid(&user_sid, info3->base.rid);
+ sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid);
/* Prepare key as DOMAIN-SID/USER-RID string */
slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, &user_sid));
/* It's our own domain, lookup the name in passdb */
if (lookup_global_sam_name(name, flags, &rid, &type)) {
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, get_global_sam_sid(), rid);
goto ok;
}
TALLOC_FREE(tmp_ctx);
/* Explicit request for a name in BUILTIN */
if (lookup_builtin_name(name, &rid)) {
- sid_copy(&sid, &global_sid_Builtin);
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, &global_sid_Builtin, rid);
type = SID_NAME_ALIAS;
goto ok;
}
lookup_builtin_name(name, &rid))
{
domain = talloc_strdup(tmp_ctx, builtin_domain_name());
- sid_copy(&sid, &global_sid_Builtin);
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, &global_sid_Builtin, rid);
type = SID_NAME_ALIAS;
goto ok;
}
lookup_global_sam_name(name, flags, &rid, &type))
{
domain = talloc_strdup(tmp_ctx, get_global_sam_name());
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, get_global_sam_sid(), rid);
goto ok;
}
if (sid_check_is_wellknown_domain(domain_sid, NULL)) {
for (i=0; i<num_rids; i++) {
DOM_SID sid;
- sid_copy(&sid, domain_sid);
- sid_append_rid(&sid, rids[i]);
+ sid_compose(&sid, domain_sid, rids[i]);
if (lookup_wellknown_sid(mem_ctx, &sid,
domain_name, &(*names)[i])) {
if ((*names)[i] == NULL) {
return NT_STATUS_ACCESS_DENIED;
}
- sid_copy( &user_sid, get_global_sam_sid() );
- sid_append_rid( &user_sid, user_rid );
+ sid_compose(&user_sid, get_global_sam_sid(), user_rid);
if ( !pdb_set_user_sid(user, &user_sid, PDB_SET) ) {
DEBUG(3, ("pdb_set_user_sid failed\n"));
return False;
}
- sid_copy(&u_sid, global_sam_sid);
-
- if (!sid_append_rid(&u_sid, rid))
+ if (!sid_compose(&u_sid, global_sam_sid, rid)) {
return False;
+ }
if (!pdb_set_user_sid(sampass, &u_sid, flag))
return False;
return False;
}
- sid_copy(&g_sid, global_sam_sid);
-
- if (!sid_append_rid(&g_sid, grid))
+ if (!sid_compose(&g_sid, global_sam_sid, grid)) {
return False;
+ }
if (!pdb_set_group_sid(sampass, &g_sid, flag))
return False;
/* Just set it to the 'Domain Users' RID of 512 which will
always resolve to a name */
- sid_copy( gsid, get_global_sam_sid() );
- sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );
+ sid_compose(gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
sampass->group_sid = gsid;
if ( sid_to_gid( g_sid, &gid ) ) {
sid_copy(sampass->group_sid, g_sid);
} else {
- sid_copy( sampass->group_sid, get_global_sam_sid() );
- sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS );
+ sid_compose(sampass->group_sid, get_global_sam_sid(),
+ DOMAIN_GROUP_RID_USERS);
}
DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
(unsigned int)rid));
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, get_global_sam_sid(), rid);
/* see if the passdb can help us with the name of the user */
bool uid_to_unix_users_sid(uid_t uid, DOM_SID *sid)
{
- sid_copy(sid, &global_sid_Unix_Users);
- return sid_append_rid(sid, (uint32_t)uid);
+ return sid_compose(sid, &global_sid_Unix_Users, uid);
}
bool gid_to_unix_groups_sid(gid_t gid, DOM_SID *sid)
{
- sid_copy(sid, &global_sid_Unix_Groups);
- return sid_append_rid(sid, (uint32_t)gid);
+ return sid_compose(sid, &global_sid_Unix_Groups, gid);
}
const char *unix_users_domain_name(void)
bool lookup_unix_user_name(const char *name, DOM_SID *sid)
{
struct passwd *pwd;
+ bool ret;
pwd = getpwnam_alloc(talloc_autofree_context(), name);
if (pwd == NULL) {
return False;
}
- sid_copy(sid, &global_sid_Unix_Users);
- sid_append_rid(sid, (uint32_t)pwd->pw_uid); /* For 64-bit uid's we have enough
- * space ... */
+ /*
+ * For 64-bit uid's we have enough space in the whole SID,
+ * should they become necessary
+ */
+ ret = sid_compose(sid, &global_sid_Unix_Users, pwd->pw_uid);
TALLOC_FREE(pwd);
- return True;
+ return ret;
}
bool sid_check_is_unix_groups(const DOM_SID *sid)
return False;
}
- sid_copy(sid, &global_sid_Unix_Groups);
- sid_append_rid(sid, (uint32_t)grp->gr_gid); /* For 64-bit uid's we have enough
- * space ... */
- return True;
+ /*
+ * For 64-bit gid's we have enough space in the whole SID,
+ * should they become necessary
+ */
+ return sid_compose(sid, &global_sid_Unix_Groups, grp->gr_gid);
}
for (j=0; users[j].name != NULL; j++) {
if ( strequal(users[j].name, name) ) {
- sid_copy(sid, special_domains[i].sid);
- sid_append_rid(sid, users[j].rid);
+ sid_compose(sid, special_domains[i].sid,
+ users[j].rid);
*domain = talloc_strdup(
mem_ctx, special_domains[i].name);
return True;
if ( IS_DC ) {
DOM_SID domadmins_sid;
- sid_copy(&domadmins_sid, get_global_sam_sid());
- sid_append_rid(&domadmins_sid, DOMAIN_GROUP_RID_ADMINS);
+ sid_compose(&domadmins_sid, get_global_sam_sid(),
+ DOMAIN_GROUP_RID_ADMINS);
sa = PRINTER_ACE_FULL_CONTROL;
init_sec_ace(&ace[i++], &domadmins_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
/* Add Full Access for Domain Admins */
- sid_copy(&adm_sid, get_global_sam_sid());
- sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
+ sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS);
init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
map->generic_all, 0);
/* Add Full Access for Domain Admins if we are a DC */
if ( IS_DC ) {
- sid_copy( &domadmin_sid, get_global_sam_sid() );
- sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
+ sid_compose(&domadmin_sid, get_global_sam_sid(),
+ DOMAIN_GROUP_RID_ADMINS);
init_sec_ace(&ace[i++], &domadmin_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
}
/* Full access for DOMAIN\Domain Admins. */
if ( IS_DC ) {
DOM_SID domadmin_sid;
- sid_copy( &domadmin_sid, get_global_sam_sid() );
- sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
+ sid_compose(&domadmin_sid, get_global_sam_sid(),
+ DOMAIN_GROUP_RID_ADMINS);
if (is_sid_in_token(nt_token, &domadmin_sid)) {
*pacc_requested |= GENERIC_ALL_ACCESS;
return;
/* append the rid to our own domain/machine SID if we don't have a full SID */
if ( !string_sid[0] ) {
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, get_global_sam_sid(), rid);
sid_to_fstring(string_sid, &sid);
}
}
}
- sid_copy(&map.sid, get_global_sam_sid());
- sid_append_rid(&map.sid, c->opt_rid);
+ sid_compose(&map.sid, get_global_sam_sid(), c->opt_rid);
map.sid_name_use = SID_NAME_DOM_GRP;
fstrcpy(map.nt_name, ntgroup);
for (i = 0; i < num_alias_rids; i++) {
DOM_SID alias;
- sid_copy(&alias, domain_sid);
- sid_append_rid(&alias, alias_rids[i]);
+ sid_compose(&alias, domain_sid, alias_rids[i]);
printf("%s\n", sid_string_tos(&alias));
}
sid_array.sids[j].sid);
}
- sid_copy(&alias.sid, domain_sid);
- sid_append_rid(&alias.sid, groups->entries[i].idx);
+ sid_compose(&alias.sid, domain_sid,
+ groups->entries[i].idx);
push_alias(mem_ctx, &alias);
}
}
/* append the rid to the domain sid */
- sid_copy(&trust_acct_sid, domain_sid);
- if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
+ if (!sid_compose(&trust_acct_sid, domain_sid, user_rids.ids[0])) {
goto done;
}
"a complete SID or RID!\n");
return -1;
}
- sid_copy(sid, get_global_sam_sid());
- sid_append_rid(sid, rid);
+ sid_compose(sid, get_global_sam_sid(), rid);
}
return 0;
if (!hashed_domains[h_domain].sid)
continue;
- sid_copy(ids[i]->sid, hashed_domains[h_domain].sid);
- sid_append_rid(ids[i]->sid, h_rid);
+ sid_compose(ids[i]->sid, hashed_domains[h_domain].sid, h_rid);
ids[i]->status = ID_MAPPED;
}
rid = atoi(p);
- sid_copy(&sid, &domain->sid);
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, &domain->sid, rid);
sid_to_fstring(keystr, &sid);
key2 = string_term_tdb_data(keystr);
goto done;
}
- sid_copy(&primary_group, &domain->sid);
- sid_append_rid(&primary_group, primary_group_rid);
+ sid_compose(&primary_group, &domain->sid, primary_group_rid);
count = ads_pull_sids(ads, mem_ctx, msg, "tokenGroups", &sids);
return;
}
- sid_copy(&sid, info3->base.domain_sid);
- sid_append_rid(&sid, info3->base.rid);
+ sid_compose(&sid, info3->base.domain_sid, info3->base.rid);
/* Clear U/SID cache entry */
fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid));
DOM_SID user_sid;
fstring sidstr;
- sid_copy(&user_sid, info3->base.domain_sid);
- sid_append_rid(&user_sid, info3->base.rid);
+ sid_compose(&user_sid, info3->base.domain_sid,
+ info3->base.rid);
sid_to_fstring(sidstr, &user_sid);
afsname = talloc_string_sub(mem_ctx, afsname,
"%s", sidstr);
return NT_STATUS_NO_MEMORY;
for (i=0;i<(*num_groups);i++) {
- sid_copy(&((*user_grpsids)[i]), &domain->sid);
- sid_append_rid(&((*user_grpsids)[i]),
- rid_array->rids[i].rid);
+ sid_compose(&((*user_grpsids)[i]), &domain->sid,
+ rid_array->rids[i].rid);
}
return NT_STATUS_OK;