{
NTSTATUS status;
size_t i;
+ struct dom_sid tmp_sid;
/*
* If winbind is not around, we can not make much use of the SIDs the
&server_info->utok.ngroups);
}
+ /*
+ * Add the "Unix Group" SID for each gid to catch mapped groups
+ * and their Unix equivalent. This is to solve the backwards
+ * compatibility problem of 'valid users = +ntadmin' where
+ * ntadmin has been paired with "Domain Admins" in the group
+ * mapping table. Otherwise smb.conf would need to be changed
+ * to 'valid user = "Domain Admins"'. --jerry
+ *
+ * For consistency we also add the "Unix User" SID,
+ * so that the complete unix token is represented within
+ * the nt token.
+ */
+
+ if (!uid_to_unix_users_sid(server_info->utok.uid, &tmp_sid)) {
+ DEBUG(1,("create_local_token: Failed to create SID "
+ "for uid %d!\n", server_info->utok.uid));
+ }
+ add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+ &server_info->ptok->user_sids,
+ &server_info->ptok->num_sids);
+
+ for ( i=0; i<server_info->utok.ngroups; i++ ) {
+ if (!gid_to_unix_groups_sid( server_info->utok.groups[i], &tmp_sid ) ) {
+ DEBUG(1,("create_local_token: Failed to create SID "
+ "for gid %d!\n", server_info->utok.groups[i]));
+ continue;
+ }
+ add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+ &server_info->ptok->user_sids,
+ &server_info->ptok->num_sids);
+ }
+
debug_nt_user_token(DBGC_AUTH, 10, server_info->ptok);
+ debug_unix_user_token(DBGC_AUTH, 10,
+ server_info->utok.uid,
+ server_info->utok.gid,
+ server_info->utok.ngroups,
+ server_info->utok.groups);
status = log_nt_token(server_info->ptok);
return status;
git.samba.org / samba.git / commitdiff