diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-04-13 22:11:26 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-05-20 17:39:09 +1000 |
| commit | 5f9024c8a4350792e67e1d8dbe8e45ff5732bd66 (patch) | |
| tree | 37bd039a17555bfa92231cfe63a352743df9a2d5 /source4/dsdb | |
| parent | 564b4c7443b256e002b7ac173d4c5e8870980de3 (diff) | |
| download | samba-5f9024c8a4350792e67e1d8dbe8e45ff5732bd66.tar.gz samba-5f9024c8a4350792e67e1d8dbe8e45ff5732bd66.tar.xz samba-5f9024c8a4350792e67e1d8dbe8e45ff5732bd66.zip | |
s4:auth Move BUILTIN group addition into session.c
The group list in the PAC does not include 'enterprise DCs' and
BUILTIN groups, so we should generate it on each server, not in the
list we pass around in the PAC or SamLogon reply.
Andrew Bartlett
Diffstat (limited to 'source4/dsdb')
| -rw-r--r-- | source4/dsdb/samdb/samdb.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 51e3f73a7e9..9e4156407e0 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -147,6 +147,7 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, unsigned int n_groupSIDs, struct dom_sid **groupSIDs, bool is_authenticated, + bool is_dc, struct security_token **token) { struct security_token *ptoken; @@ -156,7 +157,7 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, ptoken = security_token_initialise(mem_ctx); NT_STATUS_HAVE_NO_MEMORY(ptoken); - ptoken->sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 5); + ptoken->sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 6); NT_STATUS_HAVE_NO_MEMORY(ptoken->sids); ptoken->user_sid = talloc_reference(ptoken, user_sid); @@ -178,7 +179,13 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, ptoken->num_sids = 4; if (is_authenticated) { - ptoken->sids[4] = dom_sid_parse_talloc(ptoken->sids, SID_NT_AUTHENTICATED_USERS); + ptoken->sids[ptoken->num_sids] = dom_sid_parse_talloc(ptoken->sids, SID_NT_AUTHENTICATED_USERS); + NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[4]); + ptoken->num_sids++; + } + + if (is_dc) { + ptoken->sids[ptoken->num_sids] = dom_sid_parse_talloc(ptoken->sids, SID_NT_ENTERPRISE_DCS); NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[4]); ptoken->num_sids++; } |