diff options
| author | Tim Prouty <tim.prouty@isilon.com> | 2008-07-23 20:24:39 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2008-07-30 14:03:13 -0700 |
| commit | f738f9f7c9803933d60a166f4101f5097baab719 (patch) | |
| tree | 1e48aaf0fbddafd0c9430257bd4cc086b47f5f08 /source3/auth/token_util.c | |
| parent | 84bc4ff5469b17ab2714f3fad40ba521bc7b9865 (diff) | |
| download | samba-f738f9f7c9803933d60a166f4101f5097baab719.tar.gz samba-f738f9f7c9803933d60a166f4101f5097baab719.tar.bz2 samba-f738f9f7c9803933d60a166f4101f5097baab719.zip | |
Helper functions to enable domain groups to be added to builtin groups at domain join time
Added two new helper functions which wrap the raw pdb alias functions so they
can be more conveniently called while adding domain groups to builtin groups.
(This used to be commit 668ef314559df40f1b8aa0991539adcd8d35ffe3)
Diffstat (limited to 'source3/auth/token_util.c')
| -rw-r--r-- | source3/auth/token_util.c | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index cd67c2a213..214930f8f7 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -200,6 +200,65 @@ static NTSTATUS add_builtin_administrators( struct nt_user_token *token ) return NT_STATUS_OK; } +/** + * Create the requested BUILTIN if it doesn't already exist. This requires + * winbindd to be running. + * + * @param[in] rid BUILTIN rid to create + * @return Normal NTSTATUS return. + */ +static NTSTATUS create_builtin(uint32 rid) +{ + NTSTATUS status = NT_STATUS_OK; + DOM_SID sid; + gid_t gid; + + if (!sid_compose(&sid, &global_sid_Builtin, rid)) { + return NT_STATUS_NO_SUCH_ALIAS; + } + + if (!sid_to_gid(&sid, &gid)) { + if (!lp_winbind_nested_groups() || !winbind_ping()) { + return NT_STATUS_PROTOCOL_UNREACHABLE; + } + status = pdb_create_builtin_alias(rid); + } + return status; +} + +/** + * Add sid as a member of builtin_sid. + * + * @param[in] builtin_sid An existing builtin group. + * @param[in] dom_sid sid to add as a member of builtin_sid. + * @return Normal NTSTATUS return + */ +static NTSTATUS add_sid_to_builtin(const DOM_SID *builtin_sid, + const DOM_SID *dom_sid) +{ + NTSTATUS status = NT_STATUS_OK; + + if (!dom_sid || !builtin_sid) { + return NT_STATUS_INVALID_PARAMETER; + } + + status = pdb_add_aliasmem(builtin_sid, dom_sid); + + if (NT_STATUS_EQUAL(status, NT_STATUS_MEMBER_IN_ALIAS)) { + DEBUG(5, ("add_sid_to_builtin %s is already a member of %s\n", + sid_string_dbg(dom_sid), + sid_string_dbg(builtin_sid))); + return NT_STATUS_OK; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("add_sid_to_builtin %s could not be added to %s: " + "%s\n", sid_string_dbg(dom_sid), + sid_string_dbg(builtin_sid), nt_errstr(status))); + } + return status; +} + /******************************************************************* *******************************************************************/ |