summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-05-01 20:05:16 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:56:45 -0500
commita7145e26c99c43a39b24bbf16587b2ea1cd1ef9c (patch)
tree69912f7db5351b044943b5dcbcdd78b30a105e70
parent8bcfb51f912bc09f5afb185a984b3485be469839 (diff)
downloadsamba-a7145e26c99c43a39b24bbf16587b2ea1cd1ef9c.tar.gz
samba-a7145e26c99c43a39b24bbf16587b2ea1cd1ef9c.tar.bz2
samba-a7145e26c99c43a39b24bbf16587b2ea1cd1ef9c.zip
r6566: fix a couple of local group bugs.
* ensure that we set full access on the handle returned from _samr_create_dom_alias() so that future set_alias commands succeed * fix bug when looking for internal domains in winbindd (caused winbindd_getgrgid() for local groups to fail). (This used to be commit 4615c96ccb8906af4eb1fbe6d0cbf6bb3bcc3fcf)
-rw-r--r--source3/nsswitch/winbindd_util.c7
-rw-r--r--source3/rpc_server/srv_samr_nt.c15
2 files changed, 14 insertions, 8 deletions
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index efd84bbf73..d6aef04b4b 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -91,7 +91,12 @@ static BOOL is_internal_domain(const DOM_SID *sid)
if (sid == NULL)
return False;
- return (sid_check_is_domain(sid) || sid_check_is_builtin(sid));
+ if ( sid_compare_domain( sid, get_global_sam_sid() ) == 0 )
+ return True;
+ if ( sid_compare_domain( sid, &global_sid_Builtin ) == 0 )
+ return True;
+
+ return False;
}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 89cb49c05c..040d4e7dea 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -730,9 +730,6 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
struct samr_displayentry *aliases;
struct pdb_search **search = NULL;
uint32 num_aliases = 0;
- NTSTATUS status;
-
- r_u->status = NT_STATUS_OK;
/* find the policy handle. open a policy on it. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
@@ -752,14 +749,16 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
if (sid_check_is_builtin(&info->sid))
search = &info->disp_info.builtins;
- if (search == NULL) return NT_STATUS_INVALID_HANDLE;
+ if (search == NULL)
+ return NT_STATUS_INVALID_HANDLE;
become_root();
if (*search == NULL)
*search = pdb_search_aliases(&info->sid);
unbecome_root();
- if (*search == NULL) return NT_STATUS_ACCESS_DENIED;
+ if (*search == NULL)
+ return NT_STATUS_ACCESS_DENIED;
become_root();
num_aliases = pdb_search_entries(*search, q_u->start_idx,
@@ -769,8 +768,6 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name,
num_aliases, aliases);
- if (!NT_STATUS_IS_OK(status)) return status;
-
init_samr_r_enum_dom_aliases(r_u, q_u->start_idx + num_aliases,
num_aliases);
@@ -3850,6 +3847,10 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
return NT_STATUS_NO_MEMORY;
+ /* they created it; let the user do what he wants with it */
+
+ info->acc_granted = GENERIC_RIGHTS_ALIAS_ALL_ACCESS;
+
/* get a (unique) handle. open a policy on it. */
if (!create_policy_hnd(p, &r_u->alias_pol, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;