diff options
author | Gerald Carter <jerry@samba.org> | 2005-01-18 18:29:28 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:56 -0500 |
commit | b4aaa2ae25c0282287943a43bd0939683dfb2582 (patch) | |
tree | f0de9e90504be61da9982aa7e3a7e95873fb62e2 | |
parent | cf8571531924d723ccf0bbc9747c35d962b5cfa7 (diff) | |
download | samba-b4aaa2ae25c0282287943a43bd0939683dfb2582.tar.gz samba-b4aaa2ae25c0282287943a43bd0939683dfb2582.tar.bz2 samba-b4aaa2ae25c0282287943a43bd0939683dfb2582.zip |
r4822: fix return code when you ask for a non-privileged SID via one of the privileges RPC calls
(This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
-rw-r--r-- | source3/lib/privileges.c | 9 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 3 |
2 files changed, 12 insertions, 0 deletions
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index b84800a0e1..df785f801e 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -739,3 +739,12 @@ BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) return True; } +/******************************************************************* +*******************************************************************/ + +BOOL is_privileged_sid( DOM_SID *sid ) +{ + SE_PRIV mask; + + return get_privileges( sid, &mask ); +} diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index e5154dbb53..13053d9877 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -967,6 +967,9 @@ NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CR if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) return NT_STATUS_ACCESS_DENIED; + + if ( is_privileged_sid( &info->sid ) ) + return NT_STATUS_OBJECT_NAME_COLLISION; /* associate the user/group SID with the (unique) handle. */ |