diff options
author | Michael Adam <obnox@samba.org> | 2014-05-03 02:59:37 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2014-05-19 16:41:41 +0200 |
commit | e5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f (patch) | |
tree | aa3714aa21919558b0dd2ed5908f488f725b2a6d /source3/auth | |
parent | 93093fa08da355c6b154078cb219e9f9e781f2fe (diff) | |
download | samba-e5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f.tar.gz samba-e5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f.tar.xz samba-e5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f.zip |
smbd: fix creation of BUILTIN\{Administrators,Users} when "tdbsam:map builtin = false"
In this case, passdb/group mapping is not responsible for the id mapping
of the builtins, so the check whether the SID maps to a unix ID is not
valid for checking whether the builtin has been created as a proper group.
So this patch changes the check to whether we find the builtin in the group
mapping database.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon May 19 16:41:41 CEST 2014 on sn-devel-104
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/token_util.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 82eaaff301..8b0174fc44 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -487,8 +487,8 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result, bool is_guest) { struct dom_sid dom_sid; - gid_t gid; NTSTATUS status; + struct acct_info *info; /* Add any local groups. */ @@ -527,11 +527,18 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result, } } + info = talloc_zero(talloc_tos(), struct acct_info); + if (info == NULL) { + DEBUG(0, ("talloc failed!\n")); + return NT_STATUS_NO_MEMORY; + } + /* Deal with the BUILTIN\Administrators group. If the SID can be resolved then assume that the add_aliasmem( S-1-5-32 ) handled it. */ - if (!sid_to_gid(&global_sid_Builtin_Administrators, &gid)) { + status = pdb_get_aliasinfo(&global_sid_Builtin_Administrators, info); + if (!NT_STATUS_IS_OK(status)) { become_root(); if (!secrets_fetch_domain_sid(lp_workgroup(), &dom_sid)) { @@ -562,7 +569,8 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result, be resolved then assume that the add_aliasmem( S-1-5-32 ) handled it. */ - if (!sid_to_gid(&global_sid_Builtin_Users, &gid)) { + status = pdb_get_aliasinfo(&global_sid_Builtin_Users, info); + if (!NT_STATUS_IS_OK(status)) { become_root(); if (!secrets_fetch_domain_sid(lp_workgroup(), &dom_sid)) { @@ -582,6 +590,8 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result, } } + TALLOC_FREE(info); + /* Deal with local groups */ if (lp_winbind_nested_groups()) { |