From 23dc2e4244a99f1e955d54c22516a7a8c108d989 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 14 Aug 2010 20:33:36 +1000
Subject: s4:auth Change {anonymous,system}_session to use common session_info
 generation

This also changes the primary group for anonymous to be the anonymous
SID, and adds code to detect and ignore this when constructing the token.

Andrew Bartlett
---
 source4/dsdb/samdb/samdb.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'source4/dsdb/samdb')

diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 2d64cc1b85..0a2d5c3c7c 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -168,8 +168,10 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
 	NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
 
 	ptoken->sids[PRIMARY_USER_SID_INDEX] = talloc_reference(ptoken, user_sid);
-	ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid);
-	ptoken->num_sids++;
+	if (!dom_sid_equal(user_sid, group_sid)) {
+		ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid);
+		ptoken->num_sids++;
+	}
 
 	/*
 	 * Finally add the "standard" SIDs.
-- 
cgit