svn commit: samba r20066 - in branches/SAMBA_4_0/source/libnet: .

metze at samba.org metze at samba.org
Thu Dec 7 15:29:39 GMT 2006


Author: metze
Date: 2006-12-07 15:29:38 +0000 (Thu, 07 Dec 2006)
New Revision: 20066

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20066

Log:
use the same sid "Domain Admins" for the security_descriptor

metze
Modified:
   branches/SAMBA_4_0/source/libnet/libnet_become_dc.c
   branches/SAMBA_4_0/source/libnet/libnet_become_dc.h


Changeset:
Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c
===================================================================
--- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c	2006-12-07 15:27:18 UTC (rev 20065)
+++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c	2006-12-07 15:29:38 UTC (rev 20066)
@@ -62,6 +62,7 @@
 		/* input */
 		const char *dns_name;
 		const char *netbios_name;
+		const struct dom_sid *sid;
 
 		/* constructed */
 		struct GUID guid;
@@ -1050,17 +1051,24 @@
 	{
 		struct drsuapi_DsAttributeValueSecurityDescriptor *vs;
 		struct security_descriptor *v;
-		const char *sid = SID_BUILTIN_ADMINISTRATORS;
+		struct dom_sid *domain_admins_sid;
+		const char *domain_admins_sid_str;
 
 		vs = talloc_array(attrs, struct drsuapi_DsAttributeValueSecurityDescriptor, 1);
 		if (composite_nomem(vs, c)) return;
 
+		domain_admins_sid = dom_sid_add_rid(vs, s->domain.sid, DOMAIN_RID_ADMINS);
+		if (composite_nomem(domain_admins_sid, c)) return;
+
+		domain_admins_sid_str = dom_sid_string(domain_admins_sid, domain_admins_sid);
+		if (composite_nomem(domain_admins_sid_str, c)) return;
+
 		v = security_descriptor_create(vs,
-					       /* owner */
-					       sid,
-					       /* owner group */
-					       sid,
-					       /* */
+					       /* owner: domain admins */
+					       domain_admins_sid_str,
+					       /* owner group: domain admins */
+					       domain_admins_sid_str,
+					       /* authenticated users */
 					       SID_NT_AUTHENTICATED_USERS,
 					       SEC_ACE_TYPE_ACCESS_ALLOWED,
 					       SEC_STD_READ_CONTROL |
@@ -1068,8 +1076,8 @@
 					       SEC_ADS_READ_PROP |
 					       SEC_ADS_LIST_OBJECT,
 					       0,
-					       /* */
-					       sid,
+					       /* domain admins */
+					       domain_admins_sid_str,
 					       SEC_ACE_TYPE_ACCESS_ALLOWED,
 					       SEC_STD_REQUIRED |
 					       SEC_ADS_CREATE_CHILD |
@@ -1081,7 +1089,7 @@
 					       SEC_ADS_LIST_OBJECT |
 					       SEC_ADS_CONTROL_ACCESS,
 					       0,
-					       /* */
+					       /* system */
 					       SID_NT_SYSTEM,
 					       SEC_ACE_TYPE_ACCESS_ALLOWED,
 					       SEC_STD_REQUIRED |
@@ -1095,7 +1103,7 @@
 					       SEC_ADS_LIST_OBJECT |
 					       SEC_ADS_CONTROL_ACCESS,
 					       0,
-					       /* */
+					       /* end */
 					       NULL);
 		if (composite_nomem(v, c)) return;
 
@@ -1529,6 +1537,8 @@
 	if (composite_nomem(s->domain.dns_name, c)) return c;
 	s->domain.netbios_name	= talloc_strdup(s, r->in.domain_netbios_name);
 	if (composite_nomem(s->domain.netbios_name, c)) return c;
+	s->domain.sid		= dom_sid_dup(s, r->in.domain_sid);
+	if (composite_nomem(s->domain.sid, c)) return c;
 
 	/* Source DSA input */
 	s->source_dsa.address	= talloc_strdup(s, r->in.source_dsa_address);

Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.h
===================================================================
--- branches/SAMBA_4_0/source/libnet/libnet_become_dc.h	2006-12-07 15:27:18 UTC (rev 20065)
+++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.h	2006-12-07 15:29:38 UTC (rev 20066)
@@ -22,6 +22,7 @@
 	struct {
 		const char *domain_dns_name;
 		const char *domain_netbios_name;
+		const struct dom_sid *domain_sid;
 		const char *source_dsa_address;
 		const char *dest_dsa_netbios_name;
 	} in;



More information about the samba-cvs mailing list