From: Gerald Carter Date: Mon, 14 Feb 2005 02:41:34 +0000 (+0000) Subject: r5385: when operating in security = domain, allow domain admins to manage rigths... X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~5261 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fec9cb7daa9b780aab019c0e0d7f2692c168019f;p=thirdparty%2Fsamba.git r5385: when operating in security = domain, allow domain admins to manage rigths assignments --- diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 5c933e90c9f..7a186f65cdd 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -1515,7 +1515,19 @@ BOOL nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ) { DOM_SID domain_sid; - sid_copy( &domain_sid, get_global_sam_sid() ); + /* if we are a domain member, the get the domain SID, else for + a DC or standalone server, use our own SID */ + + if ( lp_server_role() == ROLE_DOMAIN_MEMBER ) { + if ( !secrets_fetch_domain_sid( lp_workgroup(), &domain_sid ) ) { + DEBUG(1,("nt_token_check_domain_rid: Cannot lookup SID for domain [%s]\n", + lp_workgroup())); + return False; + } + } + else + sid_copy( &domain_sid, get_global_sam_sid() ); + sid_append_rid( &domain_sid, rid ); return nt_token_check_sid( &domain_sid, token );\