summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth.h1
-rw-r--r--source4/auth/sam.c16
-rw-r--r--source4/auth/session.c18
3 files changed, 16 insertions, 19 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index ce583c871c..2f0af027bc 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -46,7 +46,6 @@ struct loadparm_context;
#define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */
#define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */
-#define AUTH_SESSION_INFO_ENTERPRISE_DC 0x04 /* Add the user to the 'enterprise DC' group */
struct auth_serversupplied_info
{
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 6bf1d5f9e3..bdbf6906a3 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -558,6 +558,22 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx,
server_info);
}
+ if (server_info->acct_flags & ACB_SVRTRUST) {
+ /* the SID_NT_ENTERPRISE_DCS SID gets added into the
+ PAC */
+ server_info->domain_groups = talloc_realloc(server_info,
+ server_info->domain_groups,
+ struct dom_sid *,
+ server_info->n_domain_groups+1);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->domain_groups, server_info);
+ server_info->domain_groups[server_info->n_domain_groups] =
+ dom_sid_parse_talloc(server_info->domain_groups,
+ SID_NT_ENTERPRISE_DCS);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->domain_groups[server_info->n_domain_groups],
+ server_info);
+ server_info->n_domain_groups++;
+ }
+
server_info->authenticated = true;
talloc_free(tmp_ctx);
diff --git a/source4/auth/session.c b/source4/auth/session.c
index bd1be8eebb..68d03aeeec 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -91,24 +91,6 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
} else if (dom_sid_equal(system_sid, server_info->account_sid)) {
/* Don't expand nested groups of system, anonymous etc*/
} else if (auth_context) {
- if (server_info->acct_flags & ACB_SVRTRUST) {
- dom_sid = samdb_domain_sid(auth_context->sam_ctx);
- if (dom_sid) {
- if (dom_sid_in_domain(dom_sid, server_info->account_sid)) {
- session_info_flags |= AUTH_SESSION_INFO_ENTERPRISE_DC;
- } else {
- DEBUG(2, ("DC %s is not in our domain. "
- "It will not have Enterprise Domain Controllers membership on this server",
- server_info->account_name));
- }
- } else {
- DEBUG(2, ("Could not obtain local domain SID, "
- "so can not determine if DC %s is a DC of this domain. "
- "It will not have Enterprise Domain Controllers membership",
- server_info->account_name));
- }
- }
-
groupSIDs = talloc_array(tmp_ctx, struct dom_sid *, server_info->n_domain_groups);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(groupSIDs, tmp_ctx);
if (!groupSIDs) {