diff options
| -rw-r--r-- | source3/auth/token_util.c | 4 | ||||
| -rw-r--r-- | source3/include/proto.h | 2 | ||||
| -rw-r--r-- | source3/libnet/libnet_join.c | 33 |
3 files changed, 37 insertions, 2 deletions
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 281741298a..e5b9e1b531 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -262,7 +262,7 @@ static NTSTATUS add_sid_to_builtin(const DOM_SID *builtin_sid, /******************************************************************* *******************************************************************/ -static NTSTATUS create_builtin_users(const DOM_SID *dom_sid) +NTSTATUS create_builtin_users(const DOM_SID *dom_sid) { NTSTATUS status; DOM_SID dom_users; @@ -292,7 +292,7 @@ static NTSTATUS create_builtin_users(const DOM_SID *dom_sid) /******************************************************************* *******************************************************************/ -static NTSTATUS create_builtin_administrators(const DOM_SID *dom_sid) +NTSTATUS create_builtin_administrators(const DOM_SID *dom_sid) { NTSTATUS status; DOM_SID dom_admins, root_sid; diff --git a/source3/include/proto.h b/source3/include/proto.h index 7e70f3ced3..01b7a354e2 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -171,6 +171,8 @@ bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ); NT_USER_TOKEN *get_root_nt_token( void ); NTSTATUS add_aliases(const DOM_SID *domain_sid, struct nt_user_token *token); +NTSTATUS create_builtin_users(const DOM_SID *sid); +NTSTATUS create_builtin_administrators(const DOM_SID *sid); struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx, const DOM_SID *user_sid, bool is_guest, diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 814eebafd0..59dec1a6c3 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1447,6 +1447,37 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static void libnet_join_add_dom_rids_to_builtins(struct dom_sid *domain_sid) +{ + NTSTATUS status; + + /* Try adding dom admins to builtin\admins. Only log failures. */ + status = create_builtin_administrators(domain_sid); + if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) { + DEBUG(10,("Unable to auto-add domain administrators to " + "BUILTIN\\Administrators during join because " + "winbindd must be running.")); + } else if (!NT_STATUS_IS_OK(status)) { + DEBUG(5, ("Failed to auto-add domain administrators to " + "BUILTIN\\Administrators during join: %s\n", + nt_errstr(status))); + } + + /* Try adding dom users to builtin\users. Only log failures. */ + status = create_builtin_users(domain_sid); + if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) { + DEBUG(10,("Unable to auto-add domain users to BUILTIN\\users " + "during join because winbindd must be running.")); + } else if (!NT_STATUS_IS_OK(status)) { + DEBUG(5, ("Failed to auto-add domain administrators to " + "BUILTIN\\Administrators during join: %s\n", + nt_errstr(status))); + } +} + +/**************************************************************** +****************************************************************/ + static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -1465,6 +1496,8 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, saf_store(r->in.domain_name, r->in.dc_name); } + libnet_join_add_dom_rids_to_builtins(r->out.domain_sid); + return WERR_OK; } |