diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 16 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 13 |
2 files changed, 23 insertions, 6 deletions
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index d934bc2927..efae956884 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -90,6 +90,14 @@ static BOOL is_internal_domain(const DOM_SID *sid) return (sid_check_is_domain(sid) || sid_check_is_builtin(sid)); } +static BOOL is_in_internal_domain(const DOM_SID *sid) +{ + if (sid == NULL) + return False; + + return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid)); +} + /* Add a trusted domain to our list of domains */ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, @@ -648,12 +656,18 @@ struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid) * one to contact the external DC's. On member servers the internal * domains are different: These are part of the local SAM. */ - if (IS_DC || is_internal_domain(sid)) + DEBUG(10, ("find_lookup_domain_from_sid(%s)\n", + sid_string_static(sid))); + + if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) { + DEBUG(10, ("calling find_domain_from_sid\n")); return find_domain_from_sid(sid); + } /* On a member server a query for SID or name can always go to our * primary DC. */ + DEBUG(10, ("calling find_our_domain\n")); return find_our_domain(); } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 13f3a3284b..880e1db388 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2243,6 +2243,8 @@ static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name) enum SID_NAME_USE type; BOOL result; + DEBUG(10, ("Checking whether [%s] can be created\n", new_name)); + become_root(); /* Lookup in our local databases (only LOOKUP_NAME_ISOLATED set) * whether the name already exists */ @@ -2251,6 +2253,7 @@ static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name) unbecome_root(); if (!result) { + DEBUG(10, ("%s does not exist, can create it\n", new_name)); return NT_STATUS_OK; } @@ -4308,16 +4311,16 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_ACCESS_DENIED; - r_u->status = can_create(p->mem_ctx, name); - if (!NT_STATUS_IS_OK(r_u->status)) { - return r_u->status; - } - unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1); se_priv_copy( &se_rights, &se_add_users ); can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + result = can_create(p->mem_ctx, name); + if (!NT_STATUS_IS_OK(result)) { + return result; + } + /******** BEGIN SeAddUsers BLOCK *********/ if ( can_add_accounts ) |