diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-01-26 06:02:28 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-01-26 06:02:28 +0000 |
| commit | a7b5354078e6dfaf0d6c4abaf8b3211fd2bda42b (patch) | |
| tree | b8e3202b4763dec8e2d10eb6a6538c8ef76a6eeb /source3/printing/nt_printing.c | |
| parent | 3e29c28a0bb8e6c1b4f8acba6f9bfeb6b3b983b7 (diff) | |
| download | samba-a7b5354078e6dfaf0d6c4abaf8b3211fd2bda42b.tar.gz samba-a7b5354078e6dfaf0d6c4abaf8b3211fd2bda42b.tar.bz2 samba-a7b5354078e6dfaf0d6c4abaf8b3211fd2bda42b.zip | |
These changes commited on a 'no less broken' basis.
The previous code attempted to call winbind to find out the domain sid. This
couldn't work for a number of reasons - not the least of which was that both
the client and server ends would reject any name (in this case domain name)
without a \ in it (or lp_winbind_seperator()).
I think this is what was intended to occour. If there is still some need to
contact winbind for this information, I suggest a new call be created for this
- as it the server-side code doesn't allow for this information to be extracted
easily in any case.
Finally, it gets in the way of the default domain code a bit - hence why I was
actually looking at it...
Andrew Bartlett
(This used to be commit 5fe1ea7f11a314a42f867a4f159c1c63c516568f)
Diffstat (limited to 'source3/printing/nt_printing.c')
| -rw-r--r-- | source3/printing/nt_printing.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index ac13d09f74..f36b6bdafc 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -3530,7 +3530,6 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) SEC_DESC *psd = NULL; DOM_SID owner_sid; size_t sd_size; - enum SID_NAME_USE name_type; /* Create an ACE where Everyone is allowed to print */ @@ -3541,7 +3540,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) /* Make the security descriptor owned by the Administrators group on the PDC of the domain. */ - if (winbind_lookup_name(lp_workgroup(), &owner_sid, &name_type)) { + if (secrets_fetch_domain_sid(lp_workgroup(), &owner_sid)) { sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN); } else { /* Backup plan - make printer owned by admins. @@ -3625,18 +3624,17 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, char *printername, SEC_DESC_BUF **secde return True; } - /* If security descriptor is owned by S-1-1-0 and winbindd is up, - this security descriptor has been created when winbindd was + /* If security descriptor is owned by S-1-1-0 and we can now read our + domain sid (from secrets.tdb). The current security descriptor must of been + created under the old code that didn't talk to winbind properly or when winbindd was down. Take ownership of security descriptor. */ if (sid_equal((*secdesc_ctr)->sec->owner_sid, &global_sid_World)) { DOM_SID owner_sid; - enum SID_NAME_USE name_type; /* Change sd owner to workgroup administrator */ - if (winbind_lookup_name(lp_workgroup(), &owner_sid, - &name_type)) { + if (secrets_fetch_domain_sid(lp_workgroup(), &owner_sid)) { SEC_DESC_BUF *new_secdesc_ctr = NULL; SEC_DESC *psd = NULL; size_t size; |