diff options
-rw-r--r-- | source3/auth/token_util.c | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 214930f8f7..e41df5d9ae 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -262,12 +262,12 @@ static NTSTATUS add_sid_to_builtin(const DOM_SID *builtin_sid, /******************************************************************* *******************************************************************/ -static NTSTATUS create_builtin_users( void ) +static NTSTATUS create_builtin_users(const DOM_SID *dom_sid) { NTSTATUS status; DOM_SID dom_users; - status = pdb_create_builtin_alias( BUILTIN_ALIAS_RID_USERS ); + status = create_builtin(BUILTIN_ALIAS_RID_USERS); if ( !NT_STATUS_IS_OK(status) ) { DEBUG(5,("create_builtin_users: Failed to create Users\n")); return status; @@ -275,10 +275,10 @@ static NTSTATUS create_builtin_users( void ) /* add domain users */ if ((IS_DC || (lp_server_role() == ROLE_DOMAIN_MEMBER)) - && secrets_fetch_domain_sid(lp_workgroup(), &dom_users)) + && sid_compose(&dom_users, dom_sid, DOMAIN_GROUP_RID_USERS)) { - sid_append_rid(&dom_users, DOMAIN_GROUP_RID_USERS ); - status = pdb_add_aliasmem( &global_sid_Builtin_Users, &dom_users); + status = add_sid_to_builtin(&global_sid_Builtin_Users, + &dom_users); if ( !NT_STATUS_IS_OK(status) ) { DEBUG(4,("create_builtin_administrators: Failed to add Domain Users to" " Users\n")); @@ -356,6 +356,7 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx, int i; NTSTATUS status; gid_t gid; + DOM_SID dom_sid; DEBUG(10, ("Create local NT token for %s\n", sid_string_dbg(user_sid))); @@ -460,19 +461,23 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx, be resolved then assume that the add_aliasmem( S-1-5-32 ) handled it. */ - if ( !sid_to_gid( &global_sid_Builtin_Users, &gid ) ) { - /* We can only create a mapping if winbind is running - and the nested group functionality has been enabled */ + if (!sid_to_gid(&global_sid_Builtin_Users, &gid)) { - if ( lp_winbind_nested_groups() && winbind_ping() ) { - become_root(); - status = create_builtin_users( ); - if ( !NT_STATUS_IS_OK(status) ) { - DEBUG(2,("WARNING: Failed to create BUILTIN\\Users group! " - "Can Winbind allocate gids?\n")); - /* don't fail, just log the message */ - } - unbecome_root(); + become_root(); + if (!secrets_fetch_domain_sid(lp_workgroup(), &dom_sid)) { + status = NT_STATUS_OK; + DEBUG(3, ("Failed to fetch domain sid for %s\n", + lp_workgroup())); + } else { + status = create_builtin_users(&dom_sid); + } + unbecome_root(); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE) && + !NT_STATUS_IS_OK(status)) + { + DEBUG(2, ("WARNING: Failed to create BUILTIN\\Users group! " + "Can Winbind allocate gids?\n")); } } |