git.samba.org / ddiss / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 9b3cf96)
s3-auth: Fix system info3 return to be just SID_NT_SYSTEM
authorAndrew Bartlett <abartlet@samba.org>
Wed, 13 Jun 2012 23:35:10 +0000 (09:35 +1000)
committerAndrew Bartlett <abartlet@samba.org>
Fri, 15 Jun 2012 07:18:33 +0000 (09:18 +0200)
The SID for the SYSTEM token should be a fixed value, and not the
administrator.  Note however that it will be replaced by the SID of
sec_initial_uid() by the create_local_token() code.  Fixing this
requires fixes the other parts of the code that cannot cope with a
token of just SID_NT_SYSTEM.

Andrew Bartlett

source3/auth/auth_util.c patch | blob | history

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 061879f1d6373579e276bc9290b6466cf499bac4..eb5961de1543d5cee3ef1336314551bf6e6c16fd 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -775,7 +775,8 @@ static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
                                 struct passwd *pwd,
                                 struct netr_SamInfo3 *info3)
 {
-       struct dom_sid domain_sid;
+       NTSTATUS status;
+       struct dom_sid *system_sid;
        const char *tmp;
 
        /* Set account name */
@@ -792,19 +793,24 @@ static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
        }
        init_lsa_StringLarge(&info3->base.logon_domain, tmp);
 
-       /* Domain sid */
-       sid_copy(&domain_sid, get_global_sam_sid());
 
-       info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid);
-       if (info3->base.domain_sid == NULL) {
+       /* The SID set here will be overwirtten anyway, but try and make it SID_NT_SYSTEM anyway */
+       /* Domain sid is NT_AUTHORITY */
+       
+       system_sid = dom_sid_parse_talloc(mem_ctx, SID_NT_SYSTEM);
+       if (system_sid == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
-
-       /* Admin rid */
-       info3->base.rid = DOMAIN_RID_ADMINISTRATOR;
-
-       /* Primary gid */
-       info3->base.primary_gid = DOMAIN_RID_ADMINS;
+       
+       status = dom_sid_split_rid(mem_ctx, system_sid, &info3->base.domain_sid, 
+                                  &info3->base.rid);
+       TALLOC_FREE(system_sid);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+       
+       /* Primary gid is the same */
+       info3->base.primary_gid = info3->base.rid;
 
        return NT_STATUS_OK;
 }
ddiss' public Samba repository