s4-auth: allow to create unix token from system session info
authorBjörn Baumbach <bb@sernet.de>
Tue, 25 Sep 2018 11:11:09 +0000 (13:11 +0200)
committerBjörn Baumbach <bb@sernet.de>
Thu, 11 Oct 2018 08:28:18 +0000 (10:28 +0200)
Without this patch security_token_to_unix_token() fails with
NT_STATUS_ACCESS_DENIED, because the system session does only
have one SID.
For a typical token are at least two or more SIDs expected.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
source4/auth/unix_token.c

index 492149b359b56eb103748a7764e3958637d977b8..ef3805b6e40896b9f9600d038bcf1ce87b33506b 100644 (file)
@@ -38,6 +38,21 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
        uint32_t s, g;
        NTSTATUS status;
        struct id_map *ids;
+       bool match;
+
+       match = security_token_is_system(token);
+       if (match) {
+               /*
+                * SYSTEM user uid and gid is 0
+                */
+
+               *sec = talloc_zero(mem_ctx, struct security_unix_token);
+               if (*sec == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+
+               return NT_STATUS_OK;
+       }
 
        /* we can't do unix security without a user and group */
        if (token->num_sids < 2) {