svn commit: samba r5385 - in branches/SAMBA_3_0/source/auth: .
jerry at samba.org
jerry at samba.org
Mon Feb 14 02:41:35 GMT 2005
Author: jerry
Date: 2005-02-14 02:41:34 +0000 (Mon, 14 Feb 2005)
New Revision: 5385
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5385
Log:
when operating in security = domain, allow domain admins to manage rigths assignments
Modified:
branches/SAMBA_3_0/source/auth/auth_util.c
Changeset:
Modified: branches/SAMBA_3_0/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0/source/auth/auth_util.c 2005-02-14 01:58:41 UTC (rev 5384)
+++ branches/SAMBA_3_0/source/auth/auth_util.c 2005-02-14 02:41:34 UTC (rev 5385)
@@ -1515,7 +1515,19 @@
{
DOM_SID domain_sid;
- sid_copy( &domain_sid, get_global_sam_sid() );
+ /* if we are a domain member, the get the domain SID, else for
+ a DC or standalone server, use our own SID */
+
+ if ( lp_server_role() == ROLE_DOMAIN_MEMBER ) {
+ if ( !secrets_fetch_domain_sid( lp_workgroup(), &domain_sid ) ) {
+ DEBUG(1,("nt_token_check_domain_rid: Cannot lookup SID for domain [%s]\n",
+ lp_workgroup()));
+ return False;
+ }
+ }
+ else
+ sid_copy( &domain_sid, get_global_sam_sid() );
+
sid_append_rid( &domain_sid, rid );
return nt_token_check_sid( &domain_sid, token );\
More information about the samba-cvs
mailing list