[PATCH] BUILTIN\Administors

Gerald (Jerry) Carter jerry at samba.org
Wed Mar 15 00:03:03 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerald (Jerry) Carter wrote:
> Volker,
> 
> This is a rough patch that implements the following changes:
> 
> * modifies create_local_nt_token() to create a BUILTIN\Administrators
>   group IFF
>   - sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
> * Add a SID domain to the group mapping enumeration passdb call
>   to fix the checks for local and builtin groups.  The SID can be
>   NULL if you want the old semantics for internal maintenance.
>   I only updated the tdb group mapping code.
> 
> Still todo.
> 
> * Fix fallback Administrators membership for root and domain Admins
>   if nested groups = no or winbindd is not running

Round #2.  This one still has the todo item but does

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

I'm probably going to go ahead and check this in.  We can
continue to discuss it.  But with this code I can basically
manage users and groups on a standalone and member server.

There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume.  I worked around this
presently with a manual group mapping but I do not think
this is a good solution.  So I'll probably add some similar
as I did for Administrators.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEF1m3IR7qMdg1EfYRAgkuAJ4lPiqeOShrC2frSa0J5tHzuHoUKgCdGkdG
x7L8r1ziIIsE8kb+Twi3bvw=
=zihI
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: administrators_v2.patch
Type: text/x-patch
Size: 24747 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060314/fd1d9e21/administrators_v2.bin

More information about the samba-technical mailing list