summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-10-03 06:40:40 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:59:34 -0500
commit6b481af7f2860157dd0fa12e2cc6dbbc7c22a20e (patch)
treefd3b5e90ede6325a02adfa91df65d014d72eb091
parent1429ed54f14055a1a9399452cb6cfc94f9451cf5 (diff)
downloadsamba-6b481af7f2860157dd0fa12e2cc6dbbc7c22a20e.tar.gz
samba-6b481af7f2860157dd0fa12e2cc6dbbc7c22a20e.tar.bz2
samba-6b481af7f2860157dd0fa12e2cc6dbbc7c22a20e.zip
r2793: fixed the handling of primaryGroupID in auth_sam. There were two bugs,
the first was it didn't pass primaryGroupID as an attributed it wanted, the second was it didn't cope with primaryGroupID not being present. (This used to be commit 8373bfcdeca13dcdce3081af420d8bb7d842ad18)
-rw-r--r--source4/auth/auth_sam.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 6ddddafee3..4e797acd36 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -222,6 +222,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
"accountExpires",
"badPwdCount",
"logonCount",
+ "primaryGroupID",
NULL,
};
@@ -333,6 +334,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
struct dom_sid *primary_group_sid;
const char *sidstr;
int i;
+ uint_t rid;
group_ret = samdb_search(sam_ctx,
mem_ctx, NULL, &group_msgs, group_attrs,
@@ -357,8 +359,16 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
sidstr = ldb_msg_find_string(msgs[0], "objectSid", NULL);
user_sid = dom_sid_parse_talloc(*server_info, sidstr);
primary_group_sid = dom_sid_parse_talloc(*server_info, sidstr);
- primary_group_sid->sub_auths[primary_group_sid->num_auths-1]
- = samdb_result_uint(msgs[0], "primaryGroupID", 0);
+ rid = samdb_result_uint(msgs[0], "primaryGroupID", ~0);
+ if (rid == ~0) {
+ if (group_ret > 0) {
+ primary_group_sid = groupSIDs[0];
+ } else {
+ primary_group_sid = NULL;
+ }
+ } else {
+ primary_group_sid->sub_auths[primary_group_sid->num_auths-1] = rid;
+ }
(*server_info)->user_sid = user_sid;
(*server_info)->primary_group_sid = primary_group_sid;