From f738f9f7c9803933d60a166f4101f5097baab719 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Wed, 23 Jul 2008 20:24:39 -0700 Subject: Helper functions to enable domain groups to be added to builtin groups at domain join time Added two new helper functions which wrap the raw pdb alias functions so they can be more conveniently called while adding domain groups to builtin groups. (This used to be commit 668ef314559df40f1b8aa0991539adcd8d35ffe3) --- source3/auth/token_util.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) (limited to 'source3') diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index cd67c2a213..214930f8f7 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -200,6 +200,65 @@ static NTSTATUS add_builtin_administrators( struct nt_user_token *token ) return NT_STATUS_OK; } +/** + * Create the requested BUILTIN if it doesn't already exist. This requires + * winbindd to be running. + * + * @param[in] rid BUILTIN rid to create + * @return Normal NTSTATUS return. + */ +static NTSTATUS create_builtin(uint32 rid) +{ + NTSTATUS status = NT_STATUS_OK; + DOM_SID sid; + gid_t gid; + + if (!sid_compose(&sid, &global_sid_Builtin, rid)) { + return NT_STATUS_NO_SUCH_ALIAS; + } + + if (!sid_to_gid(&sid, &gid)) { + if (!lp_winbind_nested_groups() || !winbind_ping()) { + return NT_STATUS_PROTOCOL_UNREACHABLE; + } + status = pdb_create_builtin_alias(rid); + } + return status; +} + +/** + * Add sid as a member of builtin_sid. + * + * @param[in] builtin_sid An existing builtin group. + * @param[in] dom_sid sid to add as a member of builtin_sid. + * @return Normal NTSTATUS return + */ +static NTSTATUS add_sid_to_builtin(const DOM_SID *builtin_sid, + const DOM_SID *dom_sid) +{ + NTSTATUS status = NT_STATUS_OK; + + if (!dom_sid || !builtin_sid) { + return NT_STATUS_INVALID_PARAMETER; + } + + status = pdb_add_aliasmem(builtin_sid, dom_sid); + + if (NT_STATUS_EQUAL(status, NT_STATUS_MEMBER_IN_ALIAS)) { + DEBUG(5, ("add_sid_to_builtin %s is already a member of %s\n", + sid_string_dbg(dom_sid), + sid_string_dbg(builtin_sid))); + return NT_STATUS_OK; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("add_sid_to_builtin %s could not be added to %s: " + "%s\n", sid_string_dbg(dom_sid), + sid_string_dbg(builtin_sid), nt_errstr(status))); + } + return status; +} + /******************************************************************* *******************************************************************/ -- cgit