return (sid_check_is_domain(sid) || sid_check_is_builtin(sid));
}
+static BOOL is_in_internal_domain(const DOM_SID *sid)
+{
+ if (sid == NULL)
+ return False;
+
+ return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid));
+}
+
/* Add a trusted domain to our list of domains */
static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
* one to contact the external DC's. On member servers the internal
* domains are different: These are part of the local SAM. */
- if (IS_DC || is_internal_domain(sid))
+ DEBUG(10, ("find_lookup_domain_from_sid(%s)\n",
+ sid_string_static(sid)));
+
+ if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) {
+ DEBUG(10, ("calling find_domain_from_sid\n"));
return find_domain_from_sid(sid);
+ }
/* On a member server a query for SID or name can always go to our
* primary DC. */
+ DEBUG(10, ("calling find_our_domain\n"));
return find_our_domain();
}
enum SID_NAME_USE type;
BOOL result;
+ DEBUG(10, ("Checking whether [%s] can be created\n", new_name));
+
become_root();
/* Lookup in our local databases (only LOOKUP_NAME_ISOLATED set)
* whether the name already exists */
unbecome_root();
if (!result) {
+ DEBUG(10, ("%s does not exist, can create it\n", new_name));
return NT_STATUS_OK;
}
if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
- r_u->status = can_create(p->mem_ctx, name);
- if (!NT_STATUS_IS_OK(r_u->status)) {
- return r_u->status;
- }
-
unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1);
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ result = can_create(p->mem_ctx, name);
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
+
/******** BEGIN SeAddUsers BLOCK *********/
if ( can_add_accounts )