From 446f8a163cfdcfb2c4bb2b8b8adc720bf96c05a5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 21 Dec 2010 14:08:34 +1100 Subject: s4-auth Ensure that we always copy across domain groups Even if we can't calculate the local groups (because we don't have a local SAM to do it with) we still need to include the domain groups in the session_info token. Andrew Bartlett Autobuild-User: Andrew Bartlett Autobuild-Date: Tue Dec 21 05:56:22 CET 2010 on sn-devel-104 --- source4/auth/session.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source4/auth') diff --git a/source4/auth/session.c b/source4/auth/session.c index 1028aa8320..c9643788fe 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -80,24 +80,24 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, system_sid = dom_sid_parse_talloc(tmp_ctx, SID_NT_SYSTEM); NT_STATUS_HAVE_NO_MEMORY_AND_FREE(system_sid, tmp_ctx); + groupSIDs = talloc_array(tmp_ctx, struct dom_sid *, server_info->n_domain_groups); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(groupSIDs, tmp_ctx); + if (!groupSIDs) { + talloc_free(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + + num_groupSIDs = server_info->n_domain_groups; + + for (i=0; i < server_info->n_domain_groups; i++) { + groupSIDs[i] = server_info->domain_groups[i]; + } + if (dom_sid_equal(anonymous_sid, server_info->account_sid)) { /* Don't expand nested groups of system, anonymous etc*/ } else if (dom_sid_equal(system_sid, server_info->account_sid)) { /* Don't expand nested groups of system, anonymous etc*/ } else if (sam_ctx) { - groupSIDs = talloc_array(tmp_ctx, struct dom_sid *, server_info->n_domain_groups); - NT_STATUS_HAVE_NO_MEMORY_AND_FREE(groupSIDs, tmp_ctx); - if (!groupSIDs) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - - num_groupSIDs = server_info->n_domain_groups; - - for (i=0; i < server_info->n_domain_groups; i++) { - groupSIDs[i] = server_info->domain_groups[i]; - } - filter = talloc_asprintf(tmp_ctx, "(&(objectClass=group)(groupType:1.2.840.113556.1.4.803:=%u))", GROUP_TYPE_BUILTIN_LOCAL_GROUP); -- cgit