Changeset 738 for branches/samba-3.5.x/source3/lib/util_sid.c

Timestamp:

Nov 12, 2012, 7:10:02 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server 3.5: update branche to 3.5.18

File:

• branches/samba-3.5.x/source3/lib/util_sid.c (modified) (2 diffs)

branches/samba-3.5.x/source3/lib/util_sid.c

@@ -685 +685 @@
                               DOM_SID **user_sids,
                               size_t *num_user_sids,
-                              bool include_user_group_rid,
-                              bool skip_ressource_groups)
+                              bool include_user_group_rid)
 {
         NTSTATUS status;
@@ -739 +738 @@
         }
 
-        /* Copy 'other' sids.  We need to do sid filtering here to
-           prevent possible elevation of privileges.  See:
-
-           http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
-         */
+        /* SID filtering should only be handled by the domain controller on a
+           trust by trust basis, and is counter-indicated for forests. Since
+           native AD return all Domain Local groups as other SIDs, then this
+           must not filter them when parsing INFO3 responses such that the
+           list is identical to the tokenGroups LDAP query.
+         */
 
         for (i = 0; i < info3->sidcount; i++) {
-
-                if (skip_ressource_groups &&
-                    (info3->sids[i].attributes & SE_GROUP_RESOURCE)) {
-                        continue;
-                }
-
                 status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
                                       &sid_array, &num_sids);