summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-06-14 09:35:10 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-06-15 09:18:33 +0200
commit5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a (patch)
treeacf57750c3225acd69db576d1acda64789bb27c3
parent9b3cf96fb042429eaf79ede426e406ea1fa32079 (diff)
downloadsamba-5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a.tar.gz
samba-5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a.tar.bz2
samba-5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a.zip
s3-auth: Fix system info3 return to be just SID_NT_SYSTEM
The SID for the SYSTEM token should be a fixed value, and not the administrator. Note however that it will be replaced by the SID of sec_initial_uid() by the create_local_token() code. Fixing this requires fixes the other parts of the code that cannot cope with a token of just SID_NT_SYSTEM. Andrew Bartlett
-rw-r--r--source3/auth/auth_util.c28
1 files changed, 17 insertions, 11 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 061879f1d6..eb5961de15 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -775,7 +775,8 @@ static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
struct passwd *pwd,
struct netr_SamInfo3 *info3)
{
- struct dom_sid domain_sid;
+ NTSTATUS status;
+ struct dom_sid *system_sid;
const char *tmp;
/* Set account name */
@@ -792,19 +793,24 @@ static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
}
init_lsa_StringLarge(&info3->base.logon_domain, tmp);
- /* Domain sid */
- sid_copy(&domain_sid, get_global_sam_sid());
- info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid);
- if (info3->base.domain_sid == NULL) {
+ /* The SID set here will be overwirtten anyway, but try and make it SID_NT_SYSTEM anyway */
+ /* Domain sid is NT_AUTHORITY */
+
+ system_sid = dom_sid_parse_talloc(mem_ctx, SID_NT_SYSTEM);
+ if (system_sid == NULL) {
return NT_STATUS_NO_MEMORY;
}
-
- /* Admin rid */
- info3->base.rid = DOMAIN_RID_ADMINISTRATOR;
-
- /* Primary gid */
- info3->base.primary_gid = DOMAIN_RID_ADMINS;
+
+ status = dom_sid_split_rid(mem_ctx, system_sid, &info3->base.domain_sid,
+ &info3->base.rid);
+ TALLOC_FREE(system_sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* Primary gid is the same */
+ info3->base.primary_gid = info3->base.rid;
return NT_STATUS_OK;
}