diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-06-14 09:35:10 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-06-15 09:18:33 +0200 |
commit | 5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a (patch) | |
tree | acf57750c3225acd69db576d1acda64789bb27c3 | |
parent | 9b3cf96fb042429eaf79ede426e406ea1fa32079 (diff) | |
download | samba-5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a.tar.gz samba-5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a.tar.bz2 samba-5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a.zip |
s3-auth: Fix system info3 return to be just SID_NT_SYSTEM
The SID for the SYSTEM token should be a fixed value, and not the
administrator. Note however that it will be replaced by the SID of
sec_initial_uid() by the create_local_token() code. Fixing this
requires fixes the other parts of the code that cannot cope with a
token of just SID_NT_SYSTEM.
Andrew Bartlett
-rw-r--r-- | source3/auth/auth_util.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 061879f1d6..eb5961de15 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -775,7 +775,8 @@ static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx, struct passwd *pwd, struct netr_SamInfo3 *info3) { - struct dom_sid domain_sid; + NTSTATUS status; + struct dom_sid *system_sid; const char *tmp; /* Set account name */ @@ -792,19 +793,24 @@ static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx, } init_lsa_StringLarge(&info3->base.logon_domain, tmp); - /* Domain sid */ - sid_copy(&domain_sid, get_global_sam_sid()); - info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid); - if (info3->base.domain_sid == NULL) { + /* The SID set here will be overwirtten anyway, but try and make it SID_NT_SYSTEM anyway */ + /* Domain sid is NT_AUTHORITY */ + + system_sid = dom_sid_parse_talloc(mem_ctx, SID_NT_SYSTEM); + if (system_sid == NULL) { return NT_STATUS_NO_MEMORY; } - - /* Admin rid */ - info3->base.rid = DOMAIN_RID_ADMINISTRATOR; - - /* Primary gid */ - info3->base.primary_gid = DOMAIN_RID_ADMINS; + + status = dom_sid_split_rid(mem_ctx, system_sid, &info3->base.domain_sid, + &info3->base.rid); + TALLOC_FREE(system_sid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* Primary gid is the same */ + info3->base.primary_gid = info3->base.rid; return NT_STATUS_OK; } |