diff options
author | Tim Prouty <tim.prouty@isilon.com> | 2008-07-23 20:33:15 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-07-30 14:06:00 -0700 |
commit | fb41bb762f1d9b1623c4fe6179bebbe4de2e2440 (patch) | |
tree | 22eb1c995c46b125b2eb4bd90b5dd900104f184f | |
parent | f738f9f7c9803933d60a166f4101f5097baab719 (diff) | |
download | samba-fb41bb762f1d9b1623c4fe6179bebbe4de2e2440.tar.gz samba-fb41bb762f1d9b1623c4fe6179bebbe4de2e2440.tar.bz2 samba-fb41bb762f1d9b1623c4fe6179bebbe4de2e2440.zip |
Refactored the code that adds Domain Users to BUILTIN\Users to use the new helper functions.
- Modified create_builtin_users to take in the domain sid to reduce the number
of times it needs to be looked up.
- Changed create_builtin_users to call the new helper functions.
- Changed create_local_nt_token to call the new version of create_builtin_users
and handle the new error that can be returned.
(This used to be commit 8d75d40b9f6d22bae7430211f8a1fe99051b756c)
-rw-r--r-- | source3/auth/token_util.c | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 214930f8f7..e41df5d9ae 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -262,12 +262,12 @@ static NTSTATUS add_sid_to_builtin(const DOM_SID *builtin_sid, /******************************************************************* *******************************************************************/ -static NTSTATUS create_builtin_users( void ) +static NTSTATUS create_builtin_users(const DOM_SID *dom_sid) { NTSTATUS status; DOM_SID dom_users; - status = pdb_create_builtin_alias( BUILTIN_ALIAS_RID_USERS ); + status = create_builtin(BUILTIN_ALIAS_RID_USERS); if ( !NT_STATUS_IS_OK(status) ) { DEBUG(5,("create_builtin_users: Failed to create Users\n")); return status; @@ -275,10 +275,10 @@ static NTSTATUS create_builtin_users( void ) /* add domain users */ if ((IS_DC || (lp_server_role() == ROLE_DOMAIN_MEMBER)) - && secrets_fetch_domain_sid(lp_workgroup(), &dom_users)) + && sid_compose(&dom_users, dom_sid, DOMAIN_GROUP_RID_USERS)) { - sid_append_rid(&dom_users, DOMAIN_GROUP_RID_USERS ); - status = pdb_add_aliasmem( &global_sid_Builtin_Users, &dom_users); + status = add_sid_to_builtin(&global_sid_Builtin_Users, + &dom_users); if ( !NT_STATUS_IS_OK(status) ) { DEBUG(4,("create_builtin_administrators: Failed to add Domain Users to" " Users\n")); @@ -356,6 +356,7 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx, int i; NTSTATUS status; gid_t gid; + DOM_SID dom_sid; DEBUG(10, ("Create local NT token for %s\n", sid_string_dbg(user_sid))); @@ -460,19 +461,23 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx, be resolved then assume that the add_aliasmem( S-1-5-32 ) handled it. */ - if ( !sid_to_gid( &global_sid_Builtin_Users, &gid ) ) { - /* We can only create a mapping if winbind is running - and the nested group functionality has been enabled */ + if (!sid_to_gid(&global_sid_Builtin_Users, &gid)) { - if ( lp_winbind_nested_groups() && winbind_ping() ) { - become_root(); - status = create_builtin_users( ); - if ( !NT_STATUS_IS_OK(status) ) { - DEBUG(2,("WARNING: Failed to create BUILTIN\\Users group! " - "Can Winbind allocate gids?\n")); - /* don't fail, just log the message */ - } - unbecome_root(); + become_root(); + if (!secrets_fetch_domain_sid(lp_workgroup(), &dom_sid)) { + status = NT_STATUS_OK; + DEBUG(3, ("Failed to fetch domain sid for %s\n", + lp_workgroup())); + } else { + status = create_builtin_users(&dom_sid); + } + unbecome_root(); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE) && + !NT_STATUS_IS_OK(status)) + { + DEBUG(2, ("WARNING: Failed to create BUILTIN\\Users group! " + "Can Winbind allocate gids?\n")); } } |