diff options
| author | Gerald Carter <jerry@samba.org> | 2006-06-22 19:47:44 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:18:55 -0500 |
| commit | 600b0ae2e97967ebc19639312f03561e4004a7ee (patch) | |
| tree | 4963488a8d962cb1060f23b5ba19cf64ccaf7a5a | |
| parent | f17bdaf10a723dca72eaabc40d292ab3b03d10a2 (diff) | |
| download | samba-600b0ae2e97967ebc19639312f03561e4004a7ee.tar.gz samba-600b0ae2e97967ebc19639312f03561e4004a7ee.tar.bz2 samba-600b0ae2e97967ebc19639312f03561e4004a7ee.zip | |
r16471: Bug reported by Vitaly Protsko <villy@sft.ru> in 3.0.23rc1.
Add missing automatic add of the Administrators SID in the absence
of winbindd and precense of Domain Admins SID in the user's token.
(This used to be commit ce7846d6f19f63ca99179b75e6f2195cc593795f)
| -rw-r--r-- | source3/auth/auth_util.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 9427c7681e..0401e02b7d 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -688,6 +688,31 @@ static NTSTATUS log_nt_token(TALLOC_CTX *tmp_ctx, NT_USER_TOKEN *token) static NTSTATUS add_builtin_administrators( TALLOC_CTX *ctx, struct nt_user_token *token ) { + DOM_SID domadm; + + /* nothing to do if we aren't in a domain */ + + if ( !(IS_DC || lp_server_role()==ROLE_DOMAIN_MEMBER) ) { + return NT_STATUS_OK; + } + + /* Find the Domain Admins SID */ + + if ( IS_DC ) { + sid_copy( &domadm, get_global_sam_sid() ); + } else { + if ( !secrets_fetch_domain_sid( lp_workgroup(), &domadm ) ) + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS ); + + /* Add Administrators if the user beloongs to Domain Admins */ + + if ( nt_token_check_sid( &domadm, token ) ) { + add_sid_to_array(token, &global_sid_Builtin_Administrators, + &token->user_sids, &token->num_sids); + } + return NT_STATUS_OK; } |