static NTSTATUS add_builtin_administrators( TALLOC_CTX *ctx, struct nt_user_token *token )
{
+ DOM_SID domadm;
+
+ /* nothing to do if we aren't in a domain */
+
+ if ( !(IS_DC || lp_server_role()==ROLE_DOMAIN_MEMBER) ) {
+ return NT_STATUS_OK;
+ }
+
+ /* Find the Domain Admins SID */
+
+ if ( IS_DC ) {
+ sid_copy( &domadm, get_global_sam_sid() );
+ } else {
+ if ( !secrets_fetch_domain_sid( lp_workgroup(), &domadm ) )
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ }
+ sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS );
+
+ /* Add Administrators if the user beloongs to Domain Admins */
+
+ if ( nt_token_check_sid( &domadm, token ) ) {
+ add_sid_to_array(token, &global_sid_Builtin_Administrators,
+ &token->user_sids, &token->num_sids);
+ }
+
return NT_STATUS_OK;
}
}
else {
status = add_builtin_administrators( tmp_ctx, result );
- if ( !NT_STATUS_IS_OK(status) ) {
- result = NULL;
- goto done;
+ if ( !NT_STATUS_IS_OK(status) ) {
+ /* just log a complaint but do not fail */
+ DEBUG(3,("create_local_nt_token: failed to check for local Administrators"
+ " membership (%s)\n", nt_errstr(status)));
}
}
}
/* This is a passdb user, so ask passdb */
struct samu *sam_acct = NULL;
+ const DOM_SID *gr_sid = NULL;
if ( !(sam_acct = samu_new( tmp_ctx )) ) {
+ result = NT_STATUS_NO_MEMORY;
goto done;
}
goto done;
}
- sid_copy(&primary_group_sid, pdb_get_group_sid(sam_acct));
+ gr_sid = pdb_get_group_sid(sam_acct);
+ if (!gr_sid) {
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ sid_copy(&primary_group_sid, gr_sid);
if (!sid_to_gid(&primary_group_sid, gid)) {
DEBUG(1, ("sid_to_gid(%s) failed\n",
}
result = make_server_info(NULL);
-
- if (!NT_STATUS_IS_OK(status)) {
+ if (result == NULL) {
TALLOC_FREE(sampass);
- return status;
+ return NT_STATUS_NO_MEMORY;
}
result->sam_account = sampass;
Make (and fill) a user_info struct for a guest login.
This *must* succeed for smbd to start. If there is no mapping entry for
the guest gid, then create one.
-**********************
-*****************************************************/
+***************************************************************************/
static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_info)
{
dst->uid = src->uid;
dst->gid = src->gid;
dst->n_groups = src->n_groups;
- if (src->n_groups != 0)
+ if (src->n_groups != 0) {
dst->groups = talloc_memdup(dst, src->groups,
sizeof(gid_t)*dst->n_groups);
- else
+ } else {
dst->groups = NULL;
-
- dst->ptok = dup_nt_token(dst, src->ptok);
+ }
+
+ if (src->ptok) {
+ dst->ptok = dup_nt_token(dst, src->ptok);
+ if (!dst->ptok) {
+ TALLOC_FREE(dst);
+ return NULL;
+ }
+ }
dst->user_session_key = data_blob_talloc( dst, src->user_session_key.data,
- src->user_session_key.length);
-
+ src->user_session_key.length);
+
dst->lm_session_key = data_blob_talloc(dst, src->lm_session_key.data,
- src->lm_session_key.length);
-
- if ( (dst->sam_account = samu_new( NULL )) != NULL )
- pdb_copy_sam_account(dst->sam_account, src->sam_account);
+ src->lm_session_key.length);
+
+ dst->sam_account = samu_new(NULL);
+ if (!dst->sam_account) {
+ TALLOC_FREE(dst);
+ return NULL;
+ }
+
+ if (!pdb_copy_sam_account(dst->sam_account, src->sam_account)) {
+ TALLOC_FREE(dst);
+ return NULL;
+ }
dst->pam_handle = NULL;
dst->unix_name = talloc_strdup(dst, src->unix_name);
+ if (!dst->unix_name) {
+ TALLOC_FREE(dst);
+ return NULL;
+ }
return dst;
}