Windows: Improve SMB detection of Local System account

[openafs.git] / src / WINNT / afsd / smb.c

diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c
index 5f6f657..79b7885 100644 (file)
--- a/src/WINNT/afsd/smb.c
+++ b/src/WINNT/afsd/smb.c
@@ -1241,12 +1241,15 @@ afs_int32 smb_userIsLocalSystem(smb_user_t *uidp)
     DWORD gle;
     afs_int32 isSystem = 0;
 
+    if (uidp->unp->flags & SMB_USERNAMEFLAG_SID) {
+        isSystem = !cm_ClientStrCmp(NTSID_LOCAL_SYSTEM, uidp->unp->name);
+        return isSystem;
+    }
+
     /*
-     * The input name is probably not a SID for the user which is how
-     * the user is now being identified as a result of the SMB
-     * extended authentication.  See if we can obtain the SID for the
-     * specified name.  If we can, use that instead of the name
-     * provided.
+     * The input name is not a SID for the user.  See if we can
+     * obtain the SID for the specified name.  If we can, use
+     * that instead of the name provided for the comparison.
      */
 
     LookupAccountNameW( NULL /* System Name to begin Search */,
@@ -3236,12 +3239,16 @@ void smb_MapNTError(long code, unsigned long *NTStatusp)
 #ifdef COMMENT
         NTStatus = 0xC000022DL; /* Retry */
 #else
-        NTStatus = 0xC00000B5L; /* I/O Timeout */
+        NTStatus = 0xC0020018L; /* RPC_NT_SERVER_TOO_BUSY */
 #endif
-    } 
+    }
     else if (code == CM_ERROR_ALLOFFLINE || code == CM_ERROR_ALLDOWN) {
+#ifdef COMMENT
         NTStatus = 0xC000003AL; /* Path not found */
-    } 
+#else
+        NTStatus = 0xC0020017L; /* RPC_NT_SERVER_UNAVAILABLE */
+#endif
+    }
     else if (code >= ERROR_TABLE_BASE_RXK && code < ERROR_TABLE_BASE_RXK + 256) {
        NTStatus = 0xC0000322L; /* No Kerberos key */
     }