#include "includes.h"
#include "../lib/crypto/arcfour.h"
#include "../librpc/gen_ndr/netlogon.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
/* check if this is a "Unix Users" domain user,
* we need to handle it in a special way if that's the case */
- if (sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) {
+ if (dom_sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) {
/* in info3 you can only set rids for the user and the
* primary group, and the domain sid must be that of
* the sam domain.
/* check if this is a "Unix Groups" domain group,
* if so we need special handling */
- if (sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) {
+ if (dom_sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) {
/* in info3 you can only set rids for the user and the
* primary group, and the domain sid must be that of
* the sam domain.
#include "includes.h"
#include "secrets.h"
#include "memcache.h"
-
+#include "../libcli/security/dom_sid.h"
#include "../librpc/gen_ndr/netlogon.h"
/****************************************************************************
return False;
for ( i=0; i<token->num_sids; i++ ) {
- if ( sid_equal( sid, &token->sids[i] ) )
+ if ( dom_sid_equal( sid, &token->sids[i] ) )
return True;
}
#include "includes.h"
#include "groupdb/mapping.h"
#include "dbwrap.h"
+#include "../libcli/security/dom_sid.h"
static struct db_context *db; /* used for driver files */
}
if ((state->domsid != NULL) &&
- (sid_compare_domain(state->domsid, &map.sid) != 0)) {
+ (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) {
DEBUG(11,("enum_group_mapping: group %s is not in domain\n",
sid_string_dbg(&map.sid)));
return 0;
return False;
for (i=0; i<num; i++) {
- if (sid_compare(alias, &sids[i]) == 0) {
+ if (dom_sid_compare(alias, &sids[i]) == 0) {
TALLOC_FREE(sids);
return True;
}
if (!string_to_sid(&alias, alias_string))
continue;
- if (sid_compare(state->alias, &alias) != 0)
+ if (dom_sid_compare(state->alias, &alias) != 0)
continue;
/* Ok, we found the alias we're looking for in the membership
}
for (i=0; i<num; i++) {
- if (sid_compare(&sids[i], alias) == 0) {
+ if (dom_sid_compare(&sids[i], alias) == 0) {
found = True;
break;
}
void sid_copy(struct dom_sid *dst, const struct dom_sid *src);
bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid);
bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid);
-int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2);
-int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2);
-bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2);
bool non_mappable_sid(struct dom_sid *sid);
char *sid_binstring(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
char *sid_binstring_hex(const struct dom_sid *sid);
#include "../librpc/gen_ndr/cli_lsa.h"
#include "rpc_client/cli_lsarpc.h"
#include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *pipe_cli,
for (i=0; i < r->in.total_entries; i++) {
bool already_member = false;
for (k=0; k < current_sids.num_sids; k++) {
- if (sid_equal(&member_sids[i],
+ if (dom_sid_equal(&member_sids[i],
current_sids.sids[k].sid)) {
already_member = true;
break;
for (k=0; k < current_sids.num_sids; k++) {
bool keep_member = false;
for (i=0; i < r->in.total_entries; i++) {
- if (sid_equal(&member_sids[i],
+ if (dom_sid_equal(&member_sids[i],
current_sids.sids[k].sid)) {
keep_member = true;
break;
#include "includes.h"
#include "../librpc/gen_ndr/ndr_security.h"
+#include "../libcli/security/dom_sid.h"
#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
SECINFO_DACL|SECINFO_SACL|\
}
/* The CREATOR sids are special when inherited */
- if (sid_equal(ptrustee, &global_sid_Creator_Owner)) {
+ if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) {
creator = &global_sid_Creator_Owner;
ptrustee = owner_sid;
- } else if (sid_equal(ptrustee, &global_sid_Creator_Group)) {
+ } else if (dom_sid_equal(ptrustee, &global_sid_Creator_Group)) {
creator = &global_sid_Creator_Group;
ptrustee = group_sid;
}
/* function(s) moved from auth/auth_util.c to minimize linker deps */
#include "includes.h"
+#include "../libcli/security/dom_sid.h"
/****************************************************************************
Duplicate a SID token.
size_t i;
for (i = 0; i < token->num_sids; i++) {
- if (sid_equal(&ace->trustee, &token->sids[i]))
+ if (dom_sid_equal(&ace->trustee, &token->sids[i]))
return true;
}
return False;
}
- if (sid_compare_domain(exp_dom_sid, sid)!=0){
+ if (dom_sid_compare_domain(exp_dom_sid, sid)!=0){
*rid=(-1);
return False;
}
return true;
}
-/*****************************************************************
- Compare the auth portion of two sids.
-*****************************************************************/
-
-static int sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
- int i;
-
- if (sid1 == sid2)
- return 0;
- if (!sid1)
- return -1;
- if (!sid2)
- return 1;
-
- if (sid1->sid_rev_num != sid2->sid_rev_num)
- return sid1->sid_rev_num - sid2->sid_rev_num;
-
- for (i = 0; i < 6; i++)
- if (sid1->id_auth[i] != sid2->id_auth[i])
- return sid1->id_auth[i] - sid2->id_auth[i];
-
- return 0;
-}
-
-/*****************************************************************
- Compare two sids.
-*****************************************************************/
-
-int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
- int i;
-
- if (sid1 == sid2)
- return 0;
- if (!sid1)
- return -1;
- if (!sid2)
- return 1;
-
- /* Compare most likely different rids, first: i.e start at end */
- if (sid1->num_auths != sid2->num_auths)
- return sid1->num_auths - sid2->num_auths;
-
- for (i = sid1->num_auths-1; i >= 0; --i)
- if (sid1->sub_auths[i] != sid2->sub_auths[i])
- return sid1->sub_auths[i] - sid2->sub_auths[i];
-
- return sid_compare_auth(sid1, sid2);
-}
-
-/*****************************************************************
- See if 2 SIDs are in the same domain
- this just compares the leading sub-auths
-*****************************************************************/
-
-int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
- int n, i;
-
- n = MIN(sid1->num_auths, sid2->num_auths);
-
- for (i = n-1; i >= 0; --i)
- if (sid1->sub_auths[i] != sid2->sub_auths[i])
- return sid1->sub_auths[i] - sid2->sub_auths[i];
-
- return sid_compare_auth(sid1, sid2);
-}
-
-/*****************************************************************
- Compare two sids.
-*****************************************************************/
-
-bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2)
-{
- return sid_compare(sid1, sid2) == 0;
-}
-
/*****************************************************************
Returns true if SID is internal (and non-mappable).
*****************************************************************/
sid_copy(&dom, sid);
sid_split_rid(&dom, &rid);
- if (sid_equal(&dom, &global_sid_Builtin))
+ if (dom_sid_equal(&dom, &global_sid_Builtin))
return True;
- if (sid_equal(&dom, &global_sid_NT_Authority))
+ if (dom_sid_equal(&dom, &global_sid_NT_Authority))
return True;
return False;
size_t i;
for (i=0; i<(*num_sids); i++) {
- if (sid_compare(sid, &(*sids)[i]) == 0)
+ if (dom_sid_compare(sid, &(*sids)[i]) == 0)
return NT_STATUS_OK;
}
/* if we find the SID, then decrement the count
and break out of the loop */
- if ( sid_equal(sid, &sid_list[i]) ) {
+ if ( dom_sid_equal(sid, &sid_list[i]) ) {
*num -= 1;
break;
}
bool is_null_sid(const struct dom_sid *sid)
{
static const struct dom_sid null_sid = {0};
- return sid_equal(sid, &null_sid);
+ return dom_sid_equal(sid, &null_sid);
}
bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid)
int i;
for (i=0; i<token->num_sids; i++) {
- if (sid_compare(sid, &token->sids[i]) == 0)
+ if (dom_sid_compare(sid, &token->sids[i]) == 0)
return true;
}
return false;
#include "includes.h"
#include "libnet/libnet_samsync.h"
+#include "../libcli/security/dom_sid.h"
/* Convert a struct samu_DELTA to a struct samu. */
#define STRING_CHANGED (old_string && !new_string) ||\
map.gid = grp->gr_gid;
map.sid = alias_sid;
- if (sid_equal(dom_sid, &global_sid_Builtin))
+ if (dom_sid_equal(dom_sid, &global_sid_Builtin))
map.sid_name_use = SID_NAME_WKN_GRP;
else
map.sid_name_use = SID_NAME_ALIAS;
#include "libsmb_internal.h"
#include "../librpc/gen_ndr/ndr_lsa.h"
#include "rpc_client/cli_lsarpc.h"
+#include "../libcli/security/dom_sid.h"
/*
return ace2->type - ace1->type;
}
- if (sid_compare(&ace1->trustee, &ace2->trustee)) {
- return sid_compare(&ace1->trustee, &ace2->trustee);
+ if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
+ return dom_sid_compare(&ace1->trustee, &ace2->trustee);
}
if (ace1->flags != ace2->flags) {
bool found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->aces[i].trustee,
+ if (dom_sid_equal(&sd->dacl->aces[i].trustee,
&old->dacl->aces[j].trustee)) {
if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
err = EEXIST;
static bool same_principal(struct afs_ace *x, struct afs_ace *y)
{
return ( (x->positive == y->positive) &&
- (sid_compare(&x->sid, &y->sid) == 0) );
+ (dom_sid_compare(&x->sid, &y->sid) == 0) );
}
static void merge_afs_acls(struct afs_acl *dir_acl,
{
struct dom_sid domain_sid;
- if (sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
+ if (dom_sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
return True;
- if (sid_compare(sid, &global_sid_World) == 0)
+ if (dom_sid_compare(sid, &global_sid_World) == 0)
return True;
- if (sid_compare(sid, &global_sid_Authenticated_Users) == 0)
+ if (dom_sid_compare(sid, &global_sid_Authenticated_Users) == 0)
return True;
- if (sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
+ if (dom_sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
return True;
string_to_sid(&domain_sid, "S-1-5-21");
continue;
}
- if (sid_compare(&ace->trustee,
+ if (dom_sid_compare(&ace->trustee,
&global_sid_Builtin_Administrators) == 0) {
name = "system:administrators";
- } else if (sid_compare(&ace->trustee,
+ } else if (dom_sid_compare(&ace->trustee,
&global_sid_World) == 0) {
name = "system:anyuser";
- } else if (sid_compare(&ace->trustee,
+ } else if (dom_sid_compare(&ace->trustee,
&global_sid_Authenticated_Users) == 0) {
name = "system:authuser";
- } else if (sid_compare(&ace->trustee,
+ } else if (dom_sid_compare(&ace->trustee,
&global_sid_Builtin_Backup_Operators)
== 0) {
#include "secrets.h"
#include "memcache.h"
#include "idmap_cache.h"
+#include "../libcli/security/dom_sid.h"
/*****************************************************************
Dissect a user-provided name into domain, name, sid and type.
}
for (i=0; i<num_domains; i++) {
- if (sid_equal(sid, &domains[i]->sid)) {
+ if (dom_sid_equal(sid, &domains[i]->sid)) {
*name = talloc_strdup(mem_ctx,
domains[i]->name);
return true;
if (!dom_infos[j].valid) {
break;
}
- if (sid_equal(&sid, &dom_infos[j].sid)) {
+ if (dom_sid_equal(&sid, &dom_infos[j].sid)) {
break;
}
}
/* We need a sid within our domain */
sid_copy(&domain_sid, group_sid);
sid_split_rid(&domain_sid, &rid);
- if (sid_equal(&domain_sid, get_global_sam_sid())) {
+ if (dom_sid_equal(&domain_sid, get_global_sam_sid())) {
/*
* As shortcut for the expensive lookup_sid call
* compare the domain sid part
#include "includes.h"
#include "secrets.h"
#include "dbwrap.h"
+#include "../libcli/security/dom_sid.h"
/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
equal to the domain SID when we are a DC, otherwise its our
return sam_sid;
}
- if (!sid_equal(&domain_sid, sam_sid)) {
+ if (!dom_sid_equal(&domain_sid, sam_sid)) {
/* Domain name sid doesn't match global sam sid. Re-store domain sid as 'local' sid. */
bool sid_check_is_domain(const struct dom_sid *sid)
{
- return sid_equal(sid, get_global_sam_sid());
+ return dom_sid_equal(sid, get_global_sam_sid());
}
/*****************************************************************
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS);
- if (sid_equal(&dug_sid, g_sid)) {
+ if (dom_sid_equal(&dug_sid, g_sid)) {
sid_copy(sampass->group_sid, &dug_sid);
} else if (sid_to_gid( g_sid, &gid ) ) {
sid_copy(sampass->group_sid, g_sid);
#include "../librpc/gen_ndr/samr.h"
#include "memcache.h"
#include "nsswitch/winbind_client.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
}
for (i=0; i<num_groups; i++) {
- if (sid_equal(group_sid, &sids[i])) {
+ if (dom_sid_equal(group_sid, &sids[i])) {
return True;
}
}
#include "../libcli/auth/libcli_auth.h"
#include "secrets.h"
#include "idmap_cache.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid);
primary_gsid = pdb_get_group_sid(sampass);
- if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) {
+ if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) {
store_gid_sid_cache(primary_gsid,
sampass->unix_pw->pw_gid);
idmap_cache_set_sid2gid(primary_gsid,
return False;
}
- if (sid_compare_domain(&sid, domain_sid) != 0) {
+ if (dom_sid_compare_domain(&sid, domain_sid) != 0) {
DEBUG(10, ("SID %s is not in expected domain %s\n",
str, sid_string_dbg(domain_sid)));
return False;
}
}
- if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
+ if (dom_sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
DEBUG(3, ("primary group of [%s] not found\n",
pdb_get_username(user)));
goto done;
}
found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,
&secrets_domain_sid);
- if (!found_sid || !sid_equal(&secrets_domain_sid,
+ if (!found_sid || !dom_sid_equal(&secrets_domain_sid,
&ldap_domain_sid)) {
DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain "
"%s based on pdb_ldap results %s -> %s\n",
#include "includes.h"
#include "../librpc/gen_ndr/samr.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
return nt_status;
/* build_sam_account might change the SID on us, if the name was for the guest account */
- if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) {
+ if (NT_STATUS_IS_OK(nt_status) && !dom_sid_equal(pdb_get_user_sid(sam_acct), sid)) {
DEBUG(1, ("looking for user with sid %s instead returned %s "
"for account %s!?!\n", sid_string_dbg(sid),
sid_string_dbg(pdb_get_user_sid(sam_acct)),
*/
#include "includes.h"
+#include "../libcli/security/dom_sid.h"
struct rid_name_map {
uint32 rid;
bool sid_check_is_builtin(const struct dom_sid *sid)
{
- return sid_equal(sid, &global_sid_Builtin);
+ return dom_sid_equal(sid, &global_sid_Builtin);
}
/*****************************************************************
*/
#include "includes.h"
+#include "../libcli/security/dom_sid.h"
bool sid_check_is_unix_users(const struct dom_sid *sid)
{
- return sid_equal(sid, &global_sid_Unix_Users);
+ return dom_sid_equal(sid, &global_sid_Unix_Users);
}
bool sid_check_is_in_unix_users(const struct dom_sid *sid)
bool sid_check_is_unix_groups(const struct dom_sid *sid)
{
- return sid_equal(sid, &global_sid_Unix_Groups);
+ return dom_sid_equal(sid, &global_sid_Unix_Groups);
}
bool sid_check_is_in_unix_groups(const struct dom_sid *sid)
*/
#include "includes.h"
+#include "../libcli/security/dom_sid.h"
struct rid_name_map {
uint32 rid;
int i;
for (i=0; special_domains[i].sid != NULL; i++) {
- if (sid_equal(sid, special_domains[i].sid)) {
+ if (dom_sid_equal(sid, special_domains[i].sid)) {
if (name != NULL) {
*name = special_domains[i].name;
}
}
for (i=0; special_domains[i].sid != NULL; i++) {
- if (sid_equal(&dom_sid, special_domains[i].sid)) {
+ if (dom_sid_equal(&dom_sid, special_domains[i].sid)) {
*domain = talloc_strdup(mem_ctx,
special_domains[i].name);
users = special_domains[i].known_users;
#include "secrets.h"
#include "../librpc/gen_ndr/netlogon.h"
#include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
if (dom_name != NULL) {
for (num = 0; num < ref->count; num++) {
- if (sid_equal(dom_sid, ref->domains[num].sid)) {
+ if (dom_sid_equal(dom_sid, ref->domains[num].sid)) {
return num;
}
}
#include "../lib/crypto/arcfour.h"
#include "secrets.h"
#include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
dacl = r->in.sdbuf->sd->dacl;
for (i=0; i < dacl->num_aces; i++) {
- if (sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) {
+ if (dom_sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) {
ret = pdb_set_pass_can_change(sampass,
(dacl->aces[i].access_mask &
SAMR_USER_ACCESS_CHANGE_PASSWORD) ?
#include "../librpc/gen_ndr/ndr_security.h"
#include "secrets.h"
#include "rpc_server/rpc_ncacn_np.h"
+#include "../libcli/security/dom_sid.h"
#define TOP_LEVEL_PRINT_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print"
#define TOP_LEVEL_PRINT_PRINTERS_KEY TOP_LEVEL_PRINT_KEY "\\Printers"
/* If security descriptor is owned by S-1-1-0 and winbindd is up,
this security descriptor has been created when winbindd was
down. Take ownership of security descriptor. */
- if (sid_equal(secdesc->owner_sid, &global_sid_World)) {
+ if (dom_sid_equal(secdesc->owner_sid, &global_sid_World)) {
struct dom_sid owner_sid;
/* Change sd owner to workgroup administrator */
*/
#include "includes.h"
+#include "../libcli/security/dom_sid.h"
extern const struct generic_mapping file_generic_mapping;
* ensure the POSIX ACL types are the same. */
if (!dir_acl) {
- can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+ can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace->attr == curr_ace_outer->attr));
} else {
- can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+ can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace->type == curr_ace_outer->type) &&
(curr_ace->attr == curr_ace_outer->attr));
}
* we've put on the ACL, we know the deny must be the first one.
*/
- if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+ if (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
if( DEBUGLVL( 10 )) {
/* "Everyone" always matches every uid. */
- if (sid_equal(&group_ace->trustee, &global_sid_World))
+ if (dom_sid_equal(&group_ace->trustee, &global_sid_World))
return True;
/*
for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
if (!got_user_obj && current_ace->owner_type == UID_ACE &&
- sid_equal(¤t_ace->trustee, pfile_owner_sid)) {
+ dom_sid_equal(¤t_ace->trustee, pfile_owner_sid)) {
current_ace->type = SMB_ACL_USER_OBJ;
got_user_obj = True;
}
if (!got_group_obj && current_ace->owner_type == GID_ACE &&
- sid_equal(¤t_ace->trustee, pfile_grp_sid)) {
+ dom_sid_equal(¤t_ace->trustee, pfile_grp_sid)) {
current_ace->type = SMB_ACL_GROUP_OBJ;
got_group_obj = True;
}
*/
if (ace->type == SMB_ACL_USER_OBJ &&
- !(sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {
+ !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {
canon_ace *dup_ace = dup_canon_ace(ace);
if (dup_ace == NULL) {
}
if (ace->type == SMB_ACL_GROUP_OBJ &&
- !(sid_equal(&ace->trustee, &global_sid_Creator_Group))) {
+ !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Group))) {
canon_ace *dup_ace = dup_canon_ace(ace);
if (dup_ace == NULL) {
if (psa1->access_mask != psa2->access_mask)
continue;
- if (!sid_equal(&psa1->trustee, &psa2->trustee))
+ if (!dom_sid_equal(&psa1->trustee, &psa2->trustee))
continue;
/*
* Note what kind of a POSIX ACL this should map to.
*/
- if( sid_equal(¤t_ace->trustee, &global_sid_World)) {
+ if( dom_sid_equal(¤t_ace->trustee, &global_sid_World)) {
current_ace->owner_type = WORLD_ACE;
current_ace->unix_ug.world = -1;
current_ace->type = SMB_ACL_OTHER;
- } else if (sid_equal(¤t_ace->trustee, &global_sid_Creator_Owner)) {
+ } else if (dom_sid_equal(¤t_ace->trustee, &global_sid_Creator_Owner)) {
current_ace->owner_type = UID_ACE;
current_ace->unix_ug.uid = pst->st_ex_uid;
current_ace->type = SMB_ACL_USER_OBJ;
psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
- } else if (sid_equal(¤t_ace->trustee, &global_sid_Creator_Group)) {
+ } else if (dom_sid_equal(¤t_ace->trustee, &global_sid_Creator_Group)) {
current_ace->owner_type = GID_ACE;
current_ace->unix_ug.gid = pst->st_ex_gid;
current_ace->type = SMB_ACL_GROUP_OBJ;
continue;
}
- if (!sid_equal(&curr_ace->trustee, &global_sid_World))
+ if (!dom_sid_equal(&curr_ace->trustee, &global_sid_World))
continue;
/* JRATEST - assert. */
if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
(nt_ace_list[i].size == nt_ace_list[j].size) &&
(nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
- sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
+ dom_sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
(i_inh == j_inh) &&
(i_flags_ni == 0) &&
(j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT|
/* first search for a duplicate */
for (i = 0; i < *num_aces; i++) {
- if (sid_equal(&nt_ace_list[i].trustee, sid) &&
+ if (dom_sid_equal(&nt_ace_list[i].trustee, sid) &&
(nt_ace_list[i].flags == flags)) break;
}
if (lp_profile_acls(SNUM(conn))) {
for (i = 0; i < num_aces; i++) {
- if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
+ if (dom_sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
add_or_replace_ace(nt_ace_list, &num_aces,
&orig_owner_sid,
nt_ace_list[i].type,
* same SID. This is order N^2. Ouch :-(. JRA. */
unsigned int k;
for (k = 0; k < psd->dacl->num_aces; k++) {
- if (sid_equal(&psd->dacl->aces[k].trustee,
+ if (dom_sid_equal(&psd->dacl->aces[k].trustee,
&se->trustee)) {
break;
}
printf("could not parse S-1-5-32-545\n");
return false;
}
- if (!sid_equal(&sid, &global_sid_Builtin_Users)) {
+ if (!dom_sid_equal(&sid, &global_sid_Builtin_Users)) {
printf("mis-parsed S-1-5-32-545 as %s\n",
sid_string_tos(&sid));
return false;
#include "secrets.h"
#include "lib/netapi/netapi.h"
#include "rpc_client/init_lsa.h"
+#include "../libcli/security/dom_sid.h"
static int net_mode_share;
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
int i;
for (i=0; i<alias->num_members; i++) {
- if (sid_compare(sid, &alias->members[i]) == 0)
+ if (dom_sid_compare(sid, &alias->members[i]) == 0)
return true;
}
#include "../librpc/gen_ndr/ndr_drsuapi.h"
#include "libnet/libnet_samsync.h"
#include "libnet/libnet_dssync.h"
+#include "../libcli/security/dom_sid.h"
static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx,
int argc,
NTSTATUS result;
struct samsync_context *ctx = NULL;
- if (!sid_equal(domain_sid, get_global_sam_sid())) {
+ if (!dom_sid_equal(domain_sid, get_global_sam_sid())) {
d_printf(_("Cannot import users from %s at this time, "
"as the current domain:\n\t%s: %s\nconflicts "
"with the remote domain\n\t%s: %s\n"
#include "popt_common.h"
#include "registry/reg_objects.h"
#include "regfio.h"
+#include "../libcli/security/dom_sid.h"
/* GLOBAL VARIABLES */
bool update = False;
verbose_output(" Owner SID: %s\n", sid_string_tos(sd->owner_sid));
- if ( sid_equal( sd->owner_sid, s1 ) ) {
+ if ( dom_sid_equal( sd->owner_sid, s1 ) ) {
sid_copy( sd->owner_sid, s2 );
update = True;
verbose_output(" New Owner SID: %s\n",
}
verbose_output(" Group SID: %s\n", sid_string_tos(sd->group_sid));
- if ( sid_equal( sd->group_sid, s1 ) ) {
+ if ( dom_sid_equal( sd->group_sid, s1 ) ) {
sid_copy( sd->group_sid, s2 );
update = True;
verbose_output(" New Group SID: %s\n",
for ( i=0; i<theacl->num_aces; i++ ) {
verbose_output(" Trustee SID: %s\n",
sid_string_tos(&theacl->aces[i].trustee));
- if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) {
+ if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
sid_copy( &theacl->aces[i].trustee, s2 );
update = True;
verbose_output(" New Trustee SID: %s\n",
for ( i=0; i<theacl->num_aces; i++ ) {
verbose_output(" Trustee SID: %s\n",
sid_string_tos(&theacl->aces[i].trustee));
- if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) {
+ if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
sid_copy( &theacl->aces[i].trustee, s2 );
update = True;
verbose_output(" New Trustee SID: %s\n",
#include "includes.h"
#include "popt_common.h"
+#include "../libcli/security/dom_sid.h"
static TALLOC_CTX *ctx;
if (ace1->type != ace2->type)
return ace2->type - ace1->type;
- if (sid_compare(&ace1->trustee, &ace2->trustee))
- return sid_compare(&ace1->trustee, &ace2->trustee);
+ if (dom_sid_compare(&ace1->trustee, &ace2->trustee))
+ return dom_sid_compare(&ace1->trustee, &ace2->trustee);
if (ace1->flags != ace2->flags)
return ace1->flags - ace2->flags;
bool found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->aces[i].trustee,
+ if (dom_sid_equal(&sd->dacl->aces[i].trustee,
&old->dacl->aces[j].trustee)) {
old->dacl->aces[j] = sd->dacl->aces[i];
found = True;
#include "popt_common.h"
#include "../librpc/gen_ndr/ndr_lsa.h"
#include "rpc_client/cli_lsarpc.h"
+#include "../libcli/security/dom_sid.h"
extern bool AllowDebugChange;
if (ace1->type != ace2->type)
return ace2->type - ace1->type;
- if (sid_compare(&ace1->trustee, &ace2->trustee))
- return sid_compare(&ace1->trustee, &ace2->trustee);
+ if (dom_sid_compare(&ace1->trustee, &ace2->trustee))
+ return dom_sid_compare(&ace1->trustee, &ace2->trustee);
if (ace1->flags != ace2->flags)
return ace1->flags - ace2->flags;
bool found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->aces[i].trustee,
+ if (dom_sid_equal(&sd->dacl->aces[i].trustee,
&old->dacl->aces[j].trustee)) {
old->dacl->aces[j] = sd->dacl->aces[i];
found = True;
#include "nss_info.h"
#include "secrets.h"
#include "idmap.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
int i;
for (i = 0; maps[i] && i<IDMAP_AD_MAX_IDS; i++) {
- if (sid_equal(maps[i]->sid, sid)) {
+ if (dom_sid_equal(maps[i]->sid, sid)) {
return maps[i];
}
}
#include "secrets.h"
#include "idmap.h"
#include "idmap_rw.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
if (maps[i] == NULL) { /* end of the run */
return NULL;
}
- if (sid_equal(maps[i]->sid, sid)) {
+ if (dom_sid_equal(maps[i]->sid, sid)) {
return maps[i];
}
}
#include "includes.h"
#include "winbindd.h"
#include "librpc/gen_ndr/cli_wbint.h"
+#include "../libcli/security/dom_sid.h"
struct wb_getgrsid_state {
struct tevent_context *ev;
if (lp_winbind_trusted_domains_only()) {
struct winbindd_domain *our_domain = find_our_domain();
- if (sid_compare_domain(group_sid, &our_domain->sid) == 0) {
+ if (dom_sid_compare_domain(group_sid, &our_domain->sid) == 0) {
DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
"getgrsid() for %s\n", sid_string_tos(group_sid)));
tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
#include "../librpc/gen_ndr/ndr_wbint.h"
#include "ads.h"
#include "nss_info.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
}
if (strequal(domain->name, get_global_sam_name()) &&
- sid_equal(&domain->sid, get_global_sam_sid())) {
+ dom_sid_equal(&domain->sid, get_global_sam_sid())) {
domain->backend = &sam_passdb_methods;
domain->initialized = True;
}
static bool is_my_own_sam_domain(struct winbindd_domain *domain)
{
if (strequal(domain->name, get_global_sam_name()) &&
- sid_equal(&domain->sid, get_global_sam_sid())) {
+ dom_sid_equal(&domain->sid, get_global_sam_sid())) {
return true;
}
static bool is_builtin_domain(struct winbindd_domain *domain)
{
if (strequal(domain->name, "BUILTIN") &&
- sid_equal(&domain->sid, &global_sid_Builtin)) {
+ dom_sid_equal(&domain->sid, &global_sid_Builtin)) {
return true;
}
#include "includes.h"
#include "winbindd.h"
#include "secrets.h"
+#include "../libcli/security/dom_sid.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
continue;
}
- if (sid_equal(sid, &domain->sid)) {
+ if (dom_sid_equal(sid, &domain->sid)) {
break;
}
}
* We found a match. Possibly update the SID
*/
if ((sid != NULL)
- && sid_equal(&domain->sid, &global_sid_NULL)) {
+ && dom_sid_equal(&domain->sid, &global_sid_NULL)) {
sid_copy( &domain->sid, sid );
}
return domain;
/* Search through list */
for (domain = domain_list(); domain != NULL; domain = domain->next) {
- if (sid_compare_domain(sid, &domain->sid) == 0)
+ if (dom_sid_compare_domain(sid, &domain->sid) == 0)
return domain;
}