diff options
| author | Gerald Carter <jerry@samba.org> | 2006-06-22 19:47:44 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:18:55 -0500 |
| commit | 600b0ae2e97967ebc19639312f03561e4004a7ee (patch) | |
| tree | 4963488a8d962cb1060f23b5ba19cf64ccaf7a5a /source3/auth | |
| parent | f17bdaf10a723dca72eaabc40d292ab3b03d10a2 (diff) | |
| download | samba-600b0ae2e97967ebc19639312f03561e4004a7ee.tar.gz samba-600b0ae2e97967ebc19639312f03561e4004a7ee.tar.bz2 samba-600b0ae2e97967ebc19639312f03561e4004a7ee.zip | |
r16471: Bug reported by Vitaly Protsko <villy@sft.ru> in 3.0.23rc1.
Add missing automatic add of the Administrators SID in the absence
of winbindd and precense of Domain Admins SID in the user's token.
(This used to be commit ce7846d6f19f63ca99179b75e6f2195cc593795f)
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_util.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 9427c7681e..0401e02b7d 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -688,6 +688,31 @@ static NTSTATUS log_nt_token(TALLOC_CTX *tmp_ctx, NT_USER_TOKEN *token) static NTSTATUS add_builtin_administrators( TALLOC_CTX *ctx, struct nt_user_token *token ) { + DOM_SID domadm; + + /* nothing to do if we aren't in a domain */ + + if ( !(IS_DC || lp_server_role()==ROLE_DOMAIN_MEMBER) ) { + return NT_STATUS_OK; + } + + /* Find the Domain Admins SID */ + + if ( IS_DC ) { + sid_copy( &domadm, get_global_sam_sid() ); + } else { + if ( !secrets_fetch_domain_sid( lp_workgroup(), &domadm ) ) + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS ); + + /* Add Administrators if the user beloongs to Domain Admins */ + + if ( nt_token_check_sid( &domadm, token ) ) { + add_sid_to_array(token, &global_sid_Builtin_Administrators, + &token->user_sids, &token->num_sids); + } + return NT_STATUS_OK; } |