From a7145e26c99c43a39b24bbf16587b2ea1cd1ef9c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 1 May 2005 20:05:16 +0000 Subject: r6566: fix a couple of local group bugs. * ensure that we set full access on the handle returned from _samr_create_dom_alias() so that future set_alias commands succeed * fix bug when looking for internal domains in winbindd (caused winbindd_getgrgid() for local groups to fail). (This used to be commit 4615c96ccb8906af4eb1fbe6d0cbf6bb3bcc3fcf) --- source3/nsswitch/winbindd_util.c | 7 ++++++- source3/rpc_server/srv_samr_nt.c | 15 ++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index efd84bbf73..d6aef04b4b 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -91,7 +91,12 @@ static BOOL is_internal_domain(const DOM_SID *sid) if (sid == NULL) return False; - return (sid_check_is_domain(sid) || sid_check_is_builtin(sid)); + if ( sid_compare_domain( sid, get_global_sam_sid() ) == 0 ) + return True; + if ( sid_compare_domain( sid, &global_sid_Builtin ) == 0 ) + return True; + + return False; } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 89cb49c05c..040d4e7dea 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -730,9 +730,6 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S struct samr_displayentry *aliases; struct pdb_search **search = NULL; uint32 num_aliases = 0; - NTSTATUS status; - - r_u->status = NT_STATUS_OK; /* find the policy handle. open a policy on it. */ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) @@ -752,14 +749,16 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S if (sid_check_is_builtin(&info->sid)) search = &info->disp_info.builtins; - if (search == NULL) return NT_STATUS_INVALID_HANDLE; + if (search == NULL) + return NT_STATUS_INVALID_HANDLE; become_root(); if (*search == NULL) *search = pdb_search_aliases(&info->sid); unbecome_root(); - if (*search == NULL) return NT_STATUS_ACCESS_DENIED; + if (*search == NULL) + return NT_STATUS_ACCESS_DENIED; become_root(); num_aliases = pdb_search_entries(*search, q_u->start_idx, @@ -769,8 +768,6 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_aliases, aliases); - if (!NT_STATUS_IS_OK(status)) return status; - init_samr_r_enum_dom_aliases(r_u, q_u->start_idx + num_aliases, num_aliases); @@ -3850,6 +3847,10 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S if ((info = get_samr_info_by_sid(&info_sid)) == NULL) return NT_STATUS_NO_MEMORY; + /* they created it; let the user do what he wants with it */ + + info->acc_granted = GENERIC_RIGHTS_ALIAS_ALL_ACCESS; + /* get a (unique) handle. open a policy on it. */ if (!create_policy_hnd(p, &r_u->alias_pol, free_samr_info, (void *)info)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; -- cgit