Make Admins be admin users
Ken Cross
kcross at nssolutions.com
Wed Feb 19 13:17:25 GMT 2003
Related to the "Allow chown of directories" patch, I added a hack where
members of Admins, Domain Admins, or Enterprise Admins automatically
become admin users. (This really saved a lot of headaches for admins.)
Note that this sets conn->admin_user, but does *not* set uid to 0 or
force_user -- those caused subtle problems.
This applies to SAMBA_3_0.
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
Index: uid.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/uid.c,v
retrieving revision 1.85.2.8
diff -p -u -r1.85.2.8 uid.c
--- uid.c 12 Feb 2003 23:51:08 -0000 1.85.2.8
+++ uid.c 19 Feb 2003 13:10:26 -0000
@@ -201,7 +201,36 @@ BOOL change_to_user(connection_struct *c
DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
-
+
+ /*
+ * KJC Start Block
+ *
+ * Include any user that is a member of Admins, Domain Admins,
+ * or Enterprise Admins as an admin user.
+ */
+ if( !conn->admin_user && current_user.nt_user_token)
+ {
+ int i;
+ uint32 rid;
+ NT_USER_TOKEN *ptok = current_user.nt_user_token;
+
+ for( i=1; i < ptok->num_sids; i++ )
+ {
+ sid_peek_rid( &ptok->user_sids[i], &rid );
+
+ if( rid == BUILTIN_ALIAS_RID_ADMINS ||
+ rid == DOMAIN_GROUP_RID_ADMINS ||
+ rid == DOMAIN_GROUP_RID_ENTERPRISE_ADMINS )
+ {
+ DEBUG(2,("%s has been granted privileges as an
admin user\n", conn->user));
+ conn->admin_user = True;
+ break;
+ }
+ }
+ }
+
+ /* KJC End Block */
+
return(True);
}
More information about the samba-technical
mailing list