summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-04-13 22:11:26 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-05-20 17:39:09 +1000
commit5f9024c8a4350792e67e1d8dbe8e45ff5732bd66 (patch)
tree37bd039a17555bfa92231cfe63a352743df9a2d5 /source4/dsdb/samdb
parent564b4c7443b256e002b7ac173d4c5e8870980de3 (diff)
downloadsamba-5f9024c8a4350792e67e1d8dbe8e45ff5732bd66.tar.gz
samba-5f9024c8a4350792e67e1d8dbe8e45ff5732bd66.tar.bz2
samba-5f9024c8a4350792e67e1d8dbe8e45ff5732bd66.zip
s4:auth Move BUILTIN group addition into session.c
The group list in the PAC does not include 'enterprise DCs' and BUILTIN groups, so we should generate it on each server, not in the list we pass around in the PAC or SamLogon reply. Andrew Bartlett
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/samdb.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 51e3f73a7e..9e4156407e 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -147,6 +147,7 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
unsigned int n_groupSIDs,
struct dom_sid **groupSIDs,
bool is_authenticated,
+ bool is_dc,
struct security_token **token)
{
struct security_token *ptoken;
@@ -156,7 +157,7 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
ptoken = security_token_initialise(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(ptoken);
- ptoken->sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 5);
+ ptoken->sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 6);
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
ptoken->user_sid = talloc_reference(ptoken, user_sid);
@@ -178,7 +179,13 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
ptoken->num_sids = 4;
if (is_authenticated) {
- ptoken->sids[4] = dom_sid_parse_talloc(ptoken->sids, SID_NT_AUTHENTICATED_USERS);
+ ptoken->sids[ptoken->num_sids] = dom_sid_parse_talloc(ptoken->sids, SID_NT_AUTHENTICATED_USERS);
+ NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[4]);
+ ptoken->num_sids++;
+ }
+
+ if (is_dc) {
+ ptoken->sids[ptoken->num_sids] = dom_sid_parse_talloc(ptoken->sids, SID_NT_ENTERPRISE_DCS);
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[4]);
ptoken->num_sids++;
}