s4:dsdb/descriptor: give SYSTEM the correct default owner (group) sid

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index 12186f2da20be622736eeb59b6bcab4daff70e66..fd08d49cdf31c47a9d8958a2fc584f993d62ce38 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -87,6 +87,8 @@ static struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx,
                        dag_sid = dom_sid_dup(mem_ctx, ea_sid);
                } else if (security_token_has_sid(token, da_sid)) {
                        dag_sid = dom_sid_dup(mem_ctx, da_sid);
+               } else if (security_token_is_system(token)) {
+                       dag_sid = dom_sid_dup(mem_ctx, sa_sid);
                } else {
                        dag_sid = NULL;
                }
@@ -95,6 +97,8 @@ static struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx,
                        dag_sid = dom_sid_dup(mem_ctx, ea_sid);
                } else if (security_token_has_sid(token, da_sid)) {
                        dag_sid = dom_sid_dup(mem_ctx, da_sid);
+               } else if (security_token_is_system(token)) {
+                       dag_sid = dom_sid_dup(mem_ctx, ea_sid);
                } else {
                        dag_sid = NULL;
                }
@@ -103,6 +107,8 @@ static struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx,
                        dag_sid = dom_sid_dup(mem_ctx, da_sid);
                } else if (security_token_has_sid(token, ea_sid)) {
                                dag_sid = dom_sid_dup(mem_ctx, ea_sid);
+               } else if (security_token_is_system(token)) {
+                       dag_sid = dom_sid_dup(mem_ctx, da_sid);
                } else {
                        dag_sid = NULL;
                }