We don't resolve our own "Domain Local" groups since bug #7843 has been
fixed. So we need to add the add resource groups to the sid list too.
Before bug #7843 the "Domain Local" groups were added with a
lookupuseraliases call, but this isn't done anymore for our domain
so we need to resolve resource groups here.
When to use Resource Groups:
http://technet.microsoft.com/en-us/library/
cc753670%28v=WS.10%29.aspx
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104
const struct netr_SamInfo3 *info3,
struct dom_sid **user_sids,
uint32_t *num_user_sids,
- bool include_user_group_rid,
- bool skip_ressource_groups);
+ bool include_user_group_rid);
/* The following definitions come from lib/util_sock.c */
const struct netr_SamInfo3 *info3,
struct dom_sid **user_sids,
uint32_t *num_user_sids,
- bool include_user_group_rid,
- bool skip_ressource_groups)
+ bool include_user_group_rid)
{
NTSTATUS status;
struct dom_sid sid;
*/
for (i = 0; i < info3->sidcount; i++) {
-
- if (skip_ressource_groups &&
- (info3->sids[i].attributes & SE_GROUP_RESOURCE)) {
- continue;
- }
-
status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
&sid_array, &num_sids);
if (!NT_STATUS_IS_OK(status)) {
status = sid_array_from_info3(talloc_tos(), info3,
&token->sids,
&token->num_sids,
- true, false);
+ true);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
return NT_STATUS_UNSUCCESSFUL;
}
- /* Skip Domain local groups outside our domain.
- We'll get these from the getsidaliases() RPC call. */
+ /*
+ * Before bug #7843 the "Domain Local" groups were added with a
+ * lookupuseraliases call, but this isn't done anymore for our domain
+ * so we need to resolve resource groups here.
+ *
+ * When to use Resource Groups:
+ * http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
+ */
status = sid_array_from_info3(mem_ctx, info3,
user_sids,
&num_groups,
- false, true);
+ false);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(info3);