mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
1c3a8fa20c
Heretofore we have treated the primary group SID specially, storing it in a fixed position as the second element of the user_info_dc->sids array, and filtering out other copies in the PAC_LOGON_INFO base structure. This filtering has made it difficult to distinguish between the case where the primary group is a universal or global group, located in the base RIDs, and the case where it is a domain-local group, missing from the base RIDs; especially since the attributes of a domain-local primary group are lost by being stored in the PAC. Domain-local primary groups are normally disallowed by Windows, but are allowed by Samba, and so it is reasonable to support them with at least some measure of consistency. The second element of user_info_dc->sids is still reserved for the primary group's SID, but we no longer filter out any other copies in the array. The first two elements are no more than the SIDs of the user and the primary group respectively; and the remaining SIDs are as if taken without modification from arrays of SIDs in the PAC. user_info_dc->sids should therefore become a more faithful representation of the SIDs in the PAC. After adding resource SIDs to it with dsdb_expand_resource_groups(), we should have a result that more closely and in more cases matches that of Windows. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> |
||
---|---|---|
.. | ||
credentials | ||
gensec | ||
kerberos | ||
ntlmssp | ||
auth_log.c | ||
auth_sam_reply.c | ||
auth_sam_reply.h | ||
auth_util.c | ||
auth_util.h | ||
common_auth.h | ||
wbc_auth_util.c | ||
wscript_build |