diff options
| author | Gerald Carter <jerry@samba.org> | 2006-03-15 03:46:20 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2006-03-15 03:46:20 +0000 |
| commit | bc3ab08315023a104c080c03f5bc41ef0a5a8285 (patch) | |
| tree | 7e77c0bd410524be0534a2b576919cfb6a498b8c /source/auth | |
| parent | 84adbe738d07ff25b4705706d95216084a4c0497 (diff) | |
| download | samba-bc3ab08315023a104c080c03f5bc41ef0a5a8285.tar.gz samba-bc3ab08315023a104c080c03f5bc41ef0a5a8285.tar.xz samba-bc3ab08315023a104c080c03f5bc41ef0a5a8285.zip | |
r14421: This does two things
* Automatically creates the BUILTIN\Users group similar to
how BUILTIN\Administrators is done. This code does need to
be cleaned up considerably. I'll continue to work on this.
* The important fix is for getusergroups() when dealing with a
local user and nested groups. Now I can run the following
successfully:
$ su - jerry -c groups
users BUILTIN\users
Diffstat (limited to 'source/auth')
| -rw-r--r-- | source/auth/auth_util.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 5b889452844..776b2fb3d7c 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -688,6 +688,36 @@ static NTSTATUS add_builtin_administrators( TALLOC_CTX *ctx, struct nt_user_toke /******************************************************************* *******************************************************************/ +static NTSTATUS create_builtin_users( void ) +{ + NTSTATUS status; + DOM_SID dom_users; + + status = pdb_create_builtin_alias( BUILTIN_ALIAS_RID_USERS ); + if ( !NT_STATUS_IS_OK(status) ) { + DEBUG(0,("create_builtin_users: Failed to create Users\n")); + return status; + } + + /* add domain users */ + if ((IS_DC || (lp_server_role() == ROLE_DOMAIN_MEMBER)) + && secrets_fetch_domain_sid(lp_workgroup(), &dom_users)) + { + sid_append_rid(&dom_users, DOMAIN_GROUP_RID_USERS ); + status = pdb_add_aliasmem( &global_sid_Builtin_Users, &dom_users); + if ( !NT_STATUS_IS_OK(status) ) { + DEBUG(0,("create_builtin_administrators: Failed to add Domain Users to" + " Users\n")); + return status; + } + } + + return NT_STATUS_OK; +} + +/******************************************************************* +*******************************************************************/ + static NTSTATUS create_builtin_administrators( void ) { NTSTATUS status; @@ -822,6 +852,25 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx, } } + /* Deal with the BUILTIN\Users group. If the SID can + be resolved then assume that the add_aliasmem( S-1-5-32 ) + handled it. */ + + if ( !sid_to_gid( &global_sid_Builtin_Users, &gid ) ) { + /* We can only create a mapping if winbind is running + and the nested group functionality has been enabled */ + + if ( lp_winbind_nested_groups() ) { + become_root(); + status = create_builtin_users( ); + if ( !NT_STATUS_IS_OK(status) ) { + DEBUG(0,("create_local_nt_token: Failed to create BUILTIN\\Administrators group!\n")); + /* don't fail, just log the message */ + } + unbecome_root(); + } + } + /* Deal with local groups */ if (lp_winbind_nested_groups()) { |