summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-01-14 10:41:47 +1100
committerAndrew Tridgell <tridge@samba.org>2011-01-14 16:39:33 +1100
commit31d644c7f9a8ac5c142aa08e2338e6b7fa23a54e (patch)
treecfc8daa7009411c6b9834cb02899a8978859fdd2
parentf33ce4101e81626c5a2d3d145923642997dda746 (diff)
downloadsamba-31d644c7f9a8ac5c142aa08e2338e6b7fa23a54e.tar.gz
samba-31d644c7f9a8ac5c142aa08e2338e6b7fa23a54e.tar.bz2
samba-31d644c7f9a8ac5c142aa08e2338e6b7fa23a54e.zip
s4-dsdb: fixed filtering of tokengroups
builtin groups are shown in user tokenGroups searches Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/operational.c8
1 files changed, 3 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 8604a27b9f..a1b5a2e94b 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -186,11 +186,9 @@ static int construct_token_groups(struct ldb_module *module,
return ldb_oom(ldb);
}
- /* Filter out builtin groups from this token. We will search
- * for builtin groups later, and not include them in the
- * tokenGroups (and therefore the PAC or SamLogon validation
- * info) */
- filter = talloc_asprintf(tmp_ctx, "(&(objectClass=group)(!(groupType:1.2.840.113556.1.4.803:=%u))(groupType:1.2.840.113556.1.4.803:=%u))", GROUP_TYPE_BUILTIN_LOCAL_GROUP, GROUP_TYPE_SECURITY_ENABLED);
+ /* only return security groups */
+ filter = talloc_asprintf(tmp_ctx, "(&(objectClass=group)(groupType:1.2.840.113556.1.4.803:=%u))",
+ GROUP_TYPE_SECURITY_ENABLED);
if (!filter) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);