svn commit: samba r20066 - in branches/SAMBA_4_0/source/libnet: .
metze at samba.org
metze at samba.org
Thu Dec 7 15:29:39 GMT 2006
Author: metze
Date: 2006-12-07 15:29:38 +0000 (Thu, 07 Dec 2006)
New Revision: 20066
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20066
Log:
use the same sid "Domain Admins" for the security_descriptor
metze
Modified:
branches/SAMBA_4_0/source/libnet/libnet_become_dc.c
branches/SAMBA_4_0/source/libnet/libnet_become_dc.h
Changeset:
Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c
===================================================================
--- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-07 15:27:18 UTC (rev 20065)
+++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-07 15:29:38 UTC (rev 20066)
@@ -62,6 +62,7 @@
/* input */
const char *dns_name;
const char *netbios_name;
+ const struct dom_sid *sid;
/* constructed */
struct GUID guid;
@@ -1050,17 +1051,24 @@
{
struct drsuapi_DsAttributeValueSecurityDescriptor *vs;
struct security_descriptor *v;
- const char *sid = SID_BUILTIN_ADMINISTRATORS;
+ struct dom_sid *domain_admins_sid;
+ const char *domain_admins_sid_str;
vs = talloc_array(attrs, struct drsuapi_DsAttributeValueSecurityDescriptor, 1);
if (composite_nomem(vs, c)) return;
+ domain_admins_sid = dom_sid_add_rid(vs, s->domain.sid, DOMAIN_RID_ADMINS);
+ if (composite_nomem(domain_admins_sid, c)) return;
+
+ domain_admins_sid_str = dom_sid_string(domain_admins_sid, domain_admins_sid);
+ if (composite_nomem(domain_admins_sid_str, c)) return;
+
v = security_descriptor_create(vs,
- /* owner */
- sid,
- /* owner group */
- sid,
- /* */
+ /* owner: domain admins */
+ domain_admins_sid_str,
+ /* owner group: domain admins */
+ domain_admins_sid_str,
+ /* authenticated users */
SID_NT_AUTHENTICATED_USERS,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_STD_READ_CONTROL |
@@ -1068,8 +1076,8 @@
SEC_ADS_READ_PROP |
SEC_ADS_LIST_OBJECT,
0,
- /* */
- sid,
+ /* domain admins */
+ domain_admins_sid_str,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_STD_REQUIRED |
SEC_ADS_CREATE_CHILD |
@@ -1081,7 +1089,7 @@
SEC_ADS_LIST_OBJECT |
SEC_ADS_CONTROL_ACCESS,
0,
- /* */
+ /* system */
SID_NT_SYSTEM,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_STD_REQUIRED |
@@ -1095,7 +1103,7 @@
SEC_ADS_LIST_OBJECT |
SEC_ADS_CONTROL_ACCESS,
0,
- /* */
+ /* end */
NULL);
if (composite_nomem(v, c)) return;
@@ -1529,6 +1537,8 @@
if (composite_nomem(s->domain.dns_name, c)) return c;
s->domain.netbios_name = talloc_strdup(s, r->in.domain_netbios_name);
if (composite_nomem(s->domain.netbios_name, c)) return c;
+ s->domain.sid = dom_sid_dup(s, r->in.domain_sid);
+ if (composite_nomem(s->domain.sid, c)) return c;
/* Source DSA input */
s->source_dsa.address = talloc_strdup(s, r->in.source_dsa_address);
Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.h
===================================================================
--- branches/SAMBA_4_0/source/libnet/libnet_become_dc.h 2006-12-07 15:27:18 UTC (rev 20065)
+++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.h 2006-12-07 15:29:38 UTC (rev 20066)
@@ -22,6 +22,7 @@
struct {
const char *domain_dns_name;
const char *domain_netbios_name;
+ const struct dom_sid *domain_sid;
const char *source_dsa_address;
const char *dest_dsa_netbios_name;
} in;
More information about the samba-cvs
mailing list