summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2006-06-22 19:47:44 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:18:55 -0500
commit600b0ae2e97967ebc19639312f03561e4004a7ee (patch)
tree4963488a8d962cb1060f23b5ba19cf64ccaf7a5a /source3
parentf17bdaf10a723dca72eaabc40d292ab3b03d10a2 (diff)
downloadsamba-600b0ae2e97967ebc19639312f03561e4004a7ee.tar.gz
samba-600b0ae2e97967ebc19639312f03561e4004a7ee.tar.bz2
samba-600b0ae2e97967ebc19639312f03561e4004a7ee.zip
r16471: Bug reported by Vitaly Protsko <villy@sft.ru> in 3.0.23rc1.
Add missing automatic add of the Administrators SID in the absence of winbindd and precense of Domain Admins SID in the user's token. (This used to be commit ce7846d6f19f63ca99179b75e6f2195cc593795f)
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_util.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 9427c7681e..0401e02b7d 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -688,6 +688,31 @@ static NTSTATUS log_nt_token(TALLOC_CTX *tmp_ctx, NT_USER_TOKEN *token)
static NTSTATUS add_builtin_administrators( TALLOC_CTX *ctx, struct nt_user_token *token )
{
+ DOM_SID domadm;
+
+ /* nothing to do if we aren't in a domain */
+
+ if ( !(IS_DC || lp_server_role()==ROLE_DOMAIN_MEMBER) ) {
+ return NT_STATUS_OK;
+ }
+
+ /* Find the Domain Admins SID */
+
+ if ( IS_DC ) {
+ sid_copy( &domadm, get_global_sam_sid() );
+ } else {
+ if ( !secrets_fetch_domain_sid( lp_workgroup(), &domadm ) )
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ }
+ sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS );
+
+ /* Add Administrators if the user beloongs to Domain Admins */
+
+ if ( nt_token_check_sid( &domadm, token ) ) {
+ add_sid_to_array(token, &global_sid_Builtin_Administrators,
+ &token->user_sids, &token->num_sids);
+ }
+
return NT_STATUS_OK;
}