r5385: when operating in security = domain, allow domain admins to manage rigths...

author Gerald Carter <jerry@samba.org>

Mon, 14 Feb 2005 02:41:34 +0000 (02:41 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 15:55:39 +0000 (10:55 -0500)
author Gerald Carter <jerry@samba.org>
Mon, 14 Feb 2005 02:41:34 +0000 (02:41 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 15:55:39 +0000 (10:55 -0500)
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c

index 5c933e90c9f33947250f2acb6e327c1c55e0765a..7a186f65cdd0f25559f8e43e7ef7209387d47d42 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -1515,7 +1515,19 @@ BOOL nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid )
  {
         DOM_SID domain_sid;
  
-       sid_copy( &domain_sid, get_global_sam_sid() );
+       /* if we are a domain member, the get the domain SID, else for 
+          a DC or standalone server, use our own SID */
+
+       if ( lp_server_role() == ROLE_DOMAIN_MEMBER ) {
+               if ( !secrets_fetch_domain_sid( lp_workgroup(), &domain_sid ) ) {
+                       DEBUG(1,("nt_token_check_domain_rid: Cannot lookup SID for domain [%s]\n",
+                               lp_workgroup()));
+                       return False;
+               }
+       } 
+       else
+               sid_copy( &domain_sid, get_global_sam_sid() );
+
         sid_append_rid( &domain_sid, rid );
         
         return nt_token_check_sid( &domain_sid, token );\
author	Gerald Carter <jerry@samba.org>
	Mon, 14 Feb 2005 02:41:34 +0000 (02:41 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 15:55:39 +0000 (10:55 -0500)