From: Björn Baumbach <bb@sernet.de>
Date: Tue, 25 Sep 2018 11:11:09 +0000 (+0200)
Subject: s4-auth: allow to create unix token from system session info
X-Git-Tag: tdb-1.3.17~1336
X-Git-Url: http://git.samba.org/samba.git/?p=sfrench%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=f3b7ba1746a33d058901dd8274953e6c5379e2b1;ds=sidebyside

s4-auth: allow to create unix token from system session info

Without this patch security_token_to_unix_token() fails with
NT_STATUS_ACCESS_DENIED, because the system session does only
have one SID.
For a typical token are at least two or more SIDs expected.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
---

diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index 492149b359b..ef3805b6e40 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -38,6 +38,21 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
 	uint32_t s, g;
 	NTSTATUS status;
 	struct id_map *ids;
+	bool match;
+
+	match = security_token_is_system(token);
+	if (match) {
+		/*
+		 * SYSTEM user uid and gid is 0
+		 */
+
+		*sec = talloc_zero(mem_ctx, struct security_unix_token);
+		if (*sec == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		return NT_STATUS_OK;
+	}
 
 	/* we can't do unix security without a user and group */
 	if (token->num_sids < 2) {