s3-rpc_misc: clean out include/rpc_misc.h.

Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5e39dca60aa49c4116b0e45bd95f8b8f7d4360ab..1f8338160619557f18b19b97c61c368eeea066eb 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -697,7 +697,7 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ser
                return NT_STATUS_NO_MEMORY;
        }
 
-       sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST);
+       sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_RID_GUEST);
 
        become_root();
        ret = pdb_getsampwsid(sampass, &guest_sid);

diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index cf4a54143d1748107cca33c9f98207e0252ddd5a..d60d929482317db98ceee364aaa86fd421c0f680 100644 (file)
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -189,7 +189,7 @@ static NTSTATUS add_builtin_administrators(struct nt_user_token *token,
        } else {
                sid_copy(&domadm, dom_sid);
        }
-       sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS );
+       sid_append_rid( &domadm, DOMAIN_RID_ADMINS );
 
        /* Add Administrators if the user beloongs to Domain Admins */
 
@@ -280,7 +280,7 @@ NTSTATUS create_builtin_users(const DOM_SID *dom_sid)
 
        /* add domain users */
        if ((IS_DC || (lp_server_role() == ROLE_DOMAIN_MEMBER))
-               && sid_compose(&dom_users, dom_sid, DOMAIN_GROUP_RID_USERS))
+               && sid_compose(&dom_users, dom_sid, DOMAIN_RID_USERS))
        {
                status = add_sid_to_builtin(&global_sid_Builtin_Users,
                                            &dom_users);
@@ -309,7 +309,7 @@ NTSTATUS create_builtin_administrators(const DOM_SID *dom_sid)
 
        /* add domain admins */
        if ((IS_DC || (lp_server_role() == ROLE_DOMAIN_MEMBER))
-               && sid_compose(&dom_admins, dom_sid, DOMAIN_GROUP_RID_ADMINS))
+               && sid_compose(&dom_admins, dom_sid, DOMAIN_RID_ADMINS))
        {
                status = add_sid_to_builtin(&global_sid_Builtin_Administrators,
                                            &dom_admins);
@@ -765,7 +765,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 
                sid_copy(&group_sids[0], &user_sid);
                sid_split_rid(&group_sids[0], &dummy);
-               sid_append_rid(&group_sids[0], DOMAIN_GROUP_RID_USERS);
+               sid_append_rid(&group_sids[0], DOMAIN_RID_USERS);
 
                if (!sid_to_gid(&group_sids[0], gid)) {
                        DEBUG(1, ("sid_to_gid(%s) failed\n",

diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 7add05e84c6ddb80dd7f700fd83ef2de6385ea76..da5a866619b20faa9bee463b17443d57c89a2d64 100644 (file)
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -126,7 +126,7 @@ bool get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
 
                sid_peek_rid( &sid, &rid );
 
-               if ( rid == DOMAIN_GROUP_RID_USERS ) {
+               if ( rid == DOMAIN_RID_USERS ) {
                        fstrcpy( map->nt_name, "None" );
                        fstrcpy( map->comment, "Ordinary Users" );
                        sid_copy( &map->sid, &sid );

diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h
index ccf7d6a785301f3cf11dd513b8572205ce22975e..d8814e3bc1c782d3b6c66eaf47cd0762c2a550eb 100644 (file)
--- a/source3/include/rpc_misc.h
+++ b/source3/include/rpc_misc.h
@@ -30,26 +30,6 @@
  * well-known RIDs - Relative IDs
  **********************************************************************/
 
-/* RIDs - Well-known users ... */
-#define DOMAIN_USER_RID_ADMIN          (0x000001F4L)
-#define DOMAIN_USER_RID_GUEST          (0x000001F5L)
-#define DOMAIN_USER_RID_KRBTGT         (0x000001F6L)
-
-/* RIDs - well-known groups ... */
-#define DOMAIN_GROUP_RID_ADMINS        (0x00000200L)
-#define DOMAIN_GROUP_RID_USERS         (0x00000201L)
-#define DOMAIN_GROUP_RID_GUESTS        (0x00000202L)
-#define DOMAIN_GROUP_RID_COMPUTERS     (0x00000203L)
-
-#define DOMAIN_GROUP_RID_CONTROLLERS   (0x00000204L)
-#define DOMAIN_GROUP_RID_CERT_ADMINS   (0x00000205L)
-#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
-#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
-
-/* is the following the right number? I bet it is  --simo
-#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
-*/
-
 /* RIDs - well-known aliases ... */
 #define BUILTIN_ALIAS_RID_ADMINS        (0x00000220L)
 #define BUILTIN_ALIAS_RID_USERS         (0x00000221L)

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 0adefd5c6de478fbe31cedd93ac32a7a6db6a456..9514e052546f396dfc6227a01d149ff9c85c9f2a 100644 (file)
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -193,7 +193,7 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
        /* Special case for the guest account which must have a RID of 501 */
 
        if ( strequal( pwd->pw_name, guest_account ) ) {
-               if ( !pdb_set_user_sid_from_rid(user, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
+               if ( !pdb_set_user_sid_from_rid(user, DOMAIN_RID_GUEST, PDB_DEFAULT)) {
                        return NT_STATUS_NO_SUCH_USER;
                }
                return NT_STATUS_OK;
@@ -565,10 +565,10 @@ bool algorithmic_pdb_rid_is_user(uint32 rid)
 {
        if ( rid_is_well_known(rid) ) {
                /*
-                * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
-                * and DOMAIN_USER_RID_GUEST.
+                * The only well known user RIDs are DOMAIN_RID_ADMINISTRATOR
+                * and DOMAIN_RID_GUEST.
                 */
-               if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
+               if(rid == DOMAIN_RID_ADMINISTRATOR || rid == DOMAIN_RID_GUEST)
                        return True;
        } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
                return True;
@@ -592,7 +592,7 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
           the group already exists. */
 
        if ( strequal( name, "None" ) ) {
-               *rid = DOMAIN_GROUP_RID_USERS;
+               *rid = DOMAIN_RID_USERS;
                *type = SID_NAME_DOM_GRP;
 
                return True;

diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 4725e8e2f1b387341c1f6ed0ad5d270308bb3de7..1416e287ac7d43a08458fcfca278b497b340193f 100644 (file)
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -274,7 +274,7 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass)
        /* Just set it to the 'Domain Users' RID of 513 which will
           always resolve to a name */
 
-       sid_compose(gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
+       sid_compose(gsid, get_global_sam_sid(), DOMAIN_RID_USERS);
 
        sampass->group_sid = gsid;
 
@@ -584,7 +584,7 @@ bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_valu
        /* if we cannot resolve the SID to gid, then just ignore it and 
           store DOMAIN_USERS as the primary groupSID */
 
-       sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
+       sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS);
 
        if (sid_equal(&dug_sid, g_sid)) {
                sid_copy(sampass->group_sid, &dug_sid);

diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 130909e7fec39c8fc099e8cb678f605c41186dcc..abc023081ea7f77986cb4257226aab51c92b9f79 100644 (file)
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -281,7 +281,7 @@ bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid)
        if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) )
                return False;
 
-       if ( rid == DOMAIN_USER_RID_GUEST ) {
+       if ( rid == DOMAIN_RID_GUEST ) {
                DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
                return guest_user_info( sam_acct );
        }
@@ -702,7 +702,7 @@ NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
 
                sid_peek_rid( sid, &rid );
 
-               if ( rid == DOMAIN_GROUP_RID_USERS ) {
+               if ( rid == DOMAIN_RID_USERS ) {
                        *p_num_members = 0;
                        *pp_member_rids = NULL;
 
@@ -1536,7 +1536,7 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
                return False;
        }
 
-       if ( rid == DOMAIN_GROUP_RID_USERS ) {
+       if ( rid == DOMAIN_RID_USERS ) {
                *name = talloc_strdup(mem_ctx, "None" );
                *psid_name_use = SID_NAME_DOM_GRP;
 

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index a66ae9791ac6abafe0864a8b52af5a1cdaa0aea1..e3bd72a629caaf3c1922cbc14671085e056b1f84 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -5402,7 +5402,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
                DEBUG(3,("ldapsam_create_user: Creating new posix user\n"));
 
                /* retrieve the Domain Users group gid */
-               if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS) ||
+               if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_RID_USERS) ||
                    !sid_to_gid(&group_sid, &gid)) {
                        DEBUG (0, ("ldapsam_create_user: Unable to get the Domain Users gid: bailing out!\n"));
                        return NT_STATUS_INVALID_PRIMARY_GROUP;

diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index a327da4cacc5eab59e5f684dca7f2ccaab78043d..17c7f333d230b72c6d4f7bb3e3af3314c6f812be 100644 (file)
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1195,7 +1195,7 @@ static bool build_smb_pass (struct smb_passwd *smb_pw, const struct samu *sampas
                rid = pdb_get_user_rid(sampass);
 
                /* If the user specified a RID, make sure its able to be both stored and retreived */
-               if (rid == DOMAIN_USER_RID_GUEST) {
+               if (rid == DOMAIN_RID_GUEST) {
                        struct passwd *passwd = getpwnam_alloc(NULL, lp_guestaccount());
                        if (!passwd) {
                                DEBUG(0, ("Could not find guest account via getpwnam()! (%s)\n", lp_guestaccount()));
@@ -1332,7 +1332,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam
                return NT_STATUS_UNSUCCESSFUL;
 
        /* More special case 'guest account' hacks... */
-       if (rid == DOMAIN_USER_RID_GUEST) {
+       if (rid == DOMAIN_RID_GUEST) {
                const char *guest_account = lp_guestaccount();
                if (!(guest_account && *guest_account)) {
                        DEBUG(1, ("Guest account not specfied!\n"));

diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index a8bc577370544e8ba42f9cb8bc381026f3893736..76f112f818ccaaf2eb6a1dc19f6e2e74f6609fca 100644 (file)
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -2653,7 +2653,7 @@ WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx,
                DOM_SID domadmins_sid;
 
                sid_compose(&domadmins_sid, get_global_sam_sid(),
-                           DOMAIN_GROUP_RID_ADMINS);
+                           DOMAIN_RID_ADMINS);
 
                sa = PRINTER_ACE_FULL_CONTROL;
                init_sec_ace(&ace[i++], &domadmins_sid,
@@ -2663,7 +2663,7 @@ WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx,
                        sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
        }
        else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) {
-               sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN);
+               sid_append_rid(&adm_sid, DOMAIN_RID_ADMINISTRATOR);
 
                sa = PRINTER_ACE_FULL_CONTROL;
                init_sec_ace(&ace[i++], &adm_sid,
@@ -5606,7 +5606,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
                DOM_SID domadmins_sid;
 
                sid_compose(&domadmins_sid, get_global_sam_sid(),
-                           DOMAIN_GROUP_RID_ADMINS);
+                           DOMAIN_RID_ADMINS);
 
                sa = PRINTER_ACE_FULL_CONTROL;
                init_sec_ace(&ace[i++], &domadmins_sid,
@@ -5616,7 +5616,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
                        sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
        }
        else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) {
-               sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN);
+               sid_append_rid(&adm_sid, DOMAIN_RID_ADMINISTRATOR);
 
                sa = PRINTER_ACE_FULL_CONTROL;
                init_sec_ace(&ace[i++], &adm_sid,
@@ -5725,7 +5725,7 @@ bool nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s
 
                        /* Create new sd */
 
-                       sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
+                       sid_append_rid(&owner_sid, DOMAIN_RID_ADMINISTRATOR);
 
                        psd = make_sec_desc(ctx, (*secdesc_ctr)->sd->revision, (*secdesc_ctr)->sd->type,
                                            &owner_sid,

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 297af4ea011dcb4a01f09ad20a2ece6f2cb2c861..afb85baef2aacb6808e2987f1dae93213d899c27 100644 (file)
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -335,7 +335,7 @@ static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
                        SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
 
        /* Add Full Access for Domain Admins */
-       sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS);
+       sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_RID_ADMINS);
        init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
                        map->generic_all, 0);
 

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 97ed381824f5b1dbe2f9af64baa8f5bc788fb44d..70c162be9dbd4d17f37181d5afa10de6cf747b02 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -146,7 +146,7 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
 
        if ( IS_DC ) {
                sid_compose(&domadmin_sid, get_global_sam_sid(),
-                           DOMAIN_GROUP_RID_ADMINS);
+                           DOMAIN_RID_ADMINS);
                init_sec_ace(&ace[i++], &domadmin_sid,
                        SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
        }
@@ -267,7 +267,7 @@ void map_max_allowed_access(const NT_USER_TOKEN *nt_token,
        if ( IS_DC ) {
                DOM_SID domadmin_sid;
                sid_compose(&domadmin_sid, get_global_sam_sid(),
-                           DOMAIN_GROUP_RID_ADMINS);
+                           DOMAIN_RID_ADMINS);
                if (is_sid_in_token(nt_token, &domadmin_sid)) {
                        *pacc_requested |= GENERIC_ALL_ACCESS;
                        return;
@@ -2319,13 +2319,13 @@ NTSTATUS _samr_OpenUser(pipes_struct *p,
                }
                /*
                 * Cheat - allow GENERIC_RIGHTS_USER_WRITE if pipe user is
-                * in DOMAIN_GROUP_RID_ADMINS. This is almost certainly not
+                * in DOMAIN_RID_ADMINS. This is almost certainly not
                 * what Windows does but is a hack for people who haven't
                 * set up privileges on groups in Samba.
                 */
                if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) {
                        if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->ptok,
-                                                       DOMAIN_GROUP_RID_ADMINS)) {
+                                                       DOMAIN_RID_ADMINS)) {
                                des_access &= ~GENERIC_RIGHTS_USER_WRITE;
                                extra_access = GENERIC_RIGHTS_USER_WRITE;
                                DEBUG(4,("_samr_OpenUser: Allowing "
@@ -3811,7 +3811,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
                se_priv_copy(&se_rights, &se_priv_none);
                can_add_account = nt_token_check_domain_rid(
                        p->server_info->ptok,
-                       DOMAIN_GROUP_RID_ADMINS );
+                       DOMAIN_RID_ADMINS );
        }
 
        DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n",

diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c
index 1752329e4c26e68a9a38e03fd70e57f3d075084c..d9df1a0a5f34a3bf1c00844fe39cb82159e93021 100644 (file)
--- a/source3/rpc_server/srv_spoolss_util.c
+++ b/source3/rpc_server/srv_spoolss_util.c
@@ -2297,7 +2297,7 @@ create_default:
                        size_t size;
 
                        /* Create new sd */
-                       sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
+                       sid_append_rid(&owner_sid, DOMAIN_RID_ADMINISTRATOR);
 
                        new_secdesc = make_sec_desc(tmp_ctx,
                                                    secdesc->revision,

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 6d86074a54bac136156ce8c5a8d0c5e5e4994dfd..ef320d0ec6bc30254b2d9d5084b439e364c61ffd 100644 (file)
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1292,7 +1292,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p,
 
        if ((p->server_info->utok.uid != sec_initial_uid()) &&
                ( ! nt_token_check_domain_rid(p->server_info->ptok,
-                                             DOMAIN_GROUP_RID_ADMINS))) {
+                                             DOMAIN_RID_ADMINS))) {
 
                goto done;
        }

diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index a8cbfba368a68402645d8a1d1cab8bd12471d36a..4106bc10bc5b3fce45d518b8bdde95243afe77f2 100644 (file)
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -800,7 +800,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
        }
 
        if (!user_has_privileges(token, &se_machine_account) &&
-           !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
+           !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) &&
            !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
                DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have "
                        "sufficient privileges\n"));
@@ -871,7 +871,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
        }
 
        if (!user_has_privileges(token, &se_machine_account) &&
-           !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
+           !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) &&
            !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
                DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have "
                        "sufficient privileges\n"));

diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c
index b39a52ed0279cdc80433145b43e5f8aed47ce149..9b46808b8b4c84fe9af770094623228e45779685 100644 (file)
--- a/source3/utils/net_groupmap.c
+++ b/source3/utils/net_groupmap.c
@@ -200,10 +200,10 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
        for ( i=0; i<argc; i++ ) {
                if ( !StrnCaseCmp(argv[i], "rid", strlen("rid")) ) {
                        rid = get_int_param(argv[i]);
-                       if ( rid < DOMAIN_GROUP_RID_ADMINS ) {
+                       if ( rid < DOMAIN_RID_ADMINS ) {
                                d_fprintf(stderr,
                                          _("RID must be greater than %d\n"),
-                                         (uint32)DOMAIN_GROUP_RID_ADMINS-1);
+                                         (uint32)DOMAIN_RID_ADMINS-1);
                                return -1;
                        }
                }

diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 5c3f4e5b96b11ad839d6a9628a2cd5d2522fa48a..9b842aedd3482a1a15fe3df278ceddc68d9f762f 100644 (file)
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -1639,7 +1639,7 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
 
        d_printf(_("Checking for Domain Users group.\n"));
 
-       sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
+       sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_USERS);
 
        if (!pdb_getgrsid(&gmap, gsid)) {
                LDAPMod **mods = NULL;
@@ -1696,7 +1696,7 @@ domu_done:
 
        d_printf(_("Checking for Domain Admins group.\n"));
 
-       sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS);
+       sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_ADMINS);
 
        if (!pdb_getgrsid(&gmap, gsid)) {
                LDAPMod **mods = NULL;
@@ -1803,7 +1803,7 @@ doma_done:
                        goto failed;
                }
 
-               sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_ADMIN);
+               sid_compose(&sid, get_global_sam_sid(), DOMAIN_RID_ADMINISTRATOR);
 
                smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
                smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
@@ -1880,7 +1880,7 @@ doma_done:
                        }
                }
 
-               sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST);
+               sid_compose(&sid, get_global_sam_sid(), DOMAIN_RID_GUEST);
 
                dn = talloc_asprintf(tc, "uid=%s,%s", pwd->pw_name, lp_ldap_user_suffix ());
                uidstr = talloc_asprintf(tc, "%u", (unsigned int)pwd->pw_uid);
@@ -1959,7 +1959,7 @@ doma_done:
                        goto failed;
                }
 
-               sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS);
+               sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_GUESTS);
 
                smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
                smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index f647a3ffaf19d8db53ad8ec227aaab41e31b36f5..50abcc30c3ae56bb1fd3acd50076d160529076cb 100644 (file)
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -506,7 +506,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
 
                /* Assume "Domain Users" for the primary group */
 
-               sid_compose(&info->group_sid, &domain->sid, DOMAIN_GROUP_RID_USERS );
+               sid_compose(&info->group_sid, &domain->sid, DOMAIN_RID_USERS );
 
                /* Try to fill in what the nss_info backend can do */
 

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 9554339769490e5c481b86059c0375334a25b3fd..34f1fbc341641d7032fb2d8ef905f6953d2ef352 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1039,7 +1039,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
                        DEBUG(10,("winbindd_dual_pam_auth_cached: failed to get password properties.\n"));
                }
 
-               if ((my_info3->base.rid != DOMAIN_USER_RID_ADMIN) ||
+               if ((my_info3->base.rid != DOMAIN_RID_ADMINISTRATOR) ||
                    (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)) {
                        my_info3->base.acct_flags |= ACB_AUTOLOCK;
                }

diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index 34b5990a3f938baf2d9e40f6563bc90130427d81..023f68f1b3eafd2cd7c09feb2b2e2bd634f821a3 100644 (file)
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -467,7 +467,7 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
                   something like that. */
 
                sid_compose(&(*info)[i].group_sid, &domain->sid,
-                               DOMAIN_GROUP_RID_USERS);
+                               DOMAIN_RID_USERS);
        }
 
        TALLOC_FREE(ps);

diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 87494db2bbaa0cec2247e81c2e5007da87553dc7..793cc430f046d066ec2ff06cee73df8289dbba53 100644 (file)
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -124,7 +124,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
                           something like that. */
 
                        sid_compose(&dst->group_sid, &domain->sid,
-                                   DOMAIN_GROUP_RID_USERS);
+                                   DOMAIN_RID_USERS);
                }
 
        } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));