1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source4/auth
Andrew Bartlett 8f078cdf24 dsdb: Ensure "authenticated users" is processed for group memberships
This change moves the addition of "Authenticated Users" from the very end of the
token processing to the start.  The reason is that we need to see if
"Authenticated Users" is a member of other builtin groups, just as we
would for any other SID.  This picks up the "Pre-Windows 2000 Compatible Access"
group, which is in turn often used in ACLs on LDAP objects.

Without this change, the eventual token does not contain S-1-5-32-554
and users other than "Administrator" are unable to read uidNumber
(in particular).

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
..
gensec s4-auth: Make sure we use the correct credential state. 2012-07-17 13:26:37 +02:00
kerberos auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds() 2012-08-30 01:26:12 +02:00
ntlm build: rename security → samba-security 2012-08-10 14:22:20 +02:00
auth.h auth: Remove .get_challenge (only used for security=server) 2012-07-03 08:13:01 +10:00
pyauth.c s4-auth: Make sure ldb context is initialized even if not passed by Python code 2012-04-14 00:20:59 +02:00
pyauth.h pytalloc: Use consistent prefix for functions, add ABI file. 2011-08-10 15:36:21 +02:00
sam.c s4-sam: don't look in GC NCs for user accounts 2011-10-04 15:08:57 +11:00
samba_server_gensec.c gensec: move event context from gensec_*_init() to gensec_update() 2011-10-18 13:13:33 +11:00
session.c dsdb: Ensure "authenticated users" is processed for group memberships 2013-01-21 16:12:45 +01:00
session.h Fix public header not to include private (not installed) ones. 2011-03-14 17:01:20 +01:00
system_session.c s4: fix wrong index usage PRIMARY_USER_SID_INDEX when it should have been PRIMARY_GROUP_SID_INDEX 2011-06-19 23:21:08 +02:00
unix_token.c auth: Use only security_token_is_system to determine that a user is SYSTEM 2012-06-19 10:38:13 +02:00
wscript_build build: rename security → samba-security 2012-08-10 14:22:20 +02:00
wscript_configure s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00