summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/nsswitch/winbindd_util.c16
-rw-r--r--source3/rpc_server/srv_samr_nt.c13
2 files changed, 23 insertions, 6 deletions
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index d934bc2927..efae956884 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -90,6 +90,14 @@ static BOOL is_internal_domain(const DOM_SID *sid)
return (sid_check_is_domain(sid) || sid_check_is_builtin(sid));
}
+static BOOL is_in_internal_domain(const DOM_SID *sid)
+{
+ if (sid == NULL)
+ return False;
+
+ return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid));
+}
+
/* Add a trusted domain to our list of domains */
static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
@@ -648,12 +656,18 @@ struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid)
* one to contact the external DC's. On member servers the internal
* domains are different: These are part of the local SAM. */
- if (IS_DC || is_internal_domain(sid))
+ DEBUG(10, ("find_lookup_domain_from_sid(%s)\n",
+ sid_string_static(sid)));
+
+ if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) {
+ DEBUG(10, ("calling find_domain_from_sid\n"));
return find_domain_from_sid(sid);
+ }
/* On a member server a query for SID or name can always go to our
* primary DC. */
+ DEBUG(10, ("calling find_our_domain\n"));
return find_our_domain();
}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 13f3a3284b..880e1db388 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2243,6 +2243,8 @@ static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name)
enum SID_NAME_USE type;
BOOL result;
+ DEBUG(10, ("Checking whether [%s] can be created\n", new_name));
+
become_root();
/* Lookup in our local databases (only LOOKUP_NAME_ISOLATED set)
* whether the name already exists */
@@ -2251,6 +2253,7 @@ static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name)
unbecome_root();
if (!result) {
+ DEBUG(10, ("%s does not exist, can create it\n", new_name));
return NT_STATUS_OK;
}
@@ -4308,16 +4311,16 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
- r_u->status = can_create(p->mem_ctx, name);
- if (!NT_STATUS_IS_OK(r_u->status)) {
- return r_u->status;
- }
-
unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1);
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ result = can_create(p->mem_ctx, name);
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
+
/******** BEGIN SeAddUsers BLOCK *********/
if ( can_add_accounts )