diff options
author | Gerald Carter <jerry@samba.org> | 2005-02-14 02:41:34 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:55:39 -0500 |
commit | 467da937c7e1361dca1d4a535db96cdb78e10b13 (patch) | |
tree | 8a108383cf06ee11c62f085735d6ca784b75b441 | |
parent | 9e52e989ab46bf131185c05651dca1799d73f0a3 (diff) | |
download | samba-467da937c7e1361dca1d4a535db96cdb78e10b13.tar.gz samba-467da937c7e1361dca1d4a535db96cdb78e10b13.tar.bz2 samba-467da937c7e1361dca1d4a535db96cdb78e10b13.zip |
r5385: when operating in security = domain, allow domain admins to manage rigths assignments
(This used to be commit fec9cb7daa9b780aab019c0e0d7f2692c168019f)
-rw-r--r-- | source3/auth/auth_util.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5c933e90c9..7a186f65cd 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1515,7 +1515,19 @@ BOOL nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ) { DOM_SID domain_sid; - sid_copy( &domain_sid, get_global_sam_sid() ); + /* if we are a domain member, the get the domain SID, else for + a DC or standalone server, use our own SID */ + + if ( lp_server_role() == ROLE_DOMAIN_MEMBER ) { + if ( !secrets_fetch_domain_sid( lp_workgroup(), &domain_sid ) ) { + DEBUG(1,("nt_token_check_domain_rid: Cannot lookup SID for domain [%s]\n", + lp_workgroup())); + return False; + } + } + else + sid_copy( &domain_sid, get_global_sam_sid() ); + sid_append_rid( &domain_sid, rid ); return nt_token_check_sid( &domain_sid, token );\ |