summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-01-18 18:29:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:53:56 -0500
commitb4aaa2ae25c0282287943a43bd0939683dfb2582 (patch)
treef0de9e90504be61da9982aa7e3a7e95873fb62e2
parentcf8571531924d723ccf0bbc9747c35d962b5cfa7 (diff)
downloadsamba-b4aaa2ae25c0282287943a43bd0939683dfb2582.tar.gz
samba-b4aaa2ae25c0282287943a43bd0939683dfb2582.tar.bz2
samba-b4aaa2ae25c0282287943a43bd0939683dfb2582.zip
r4822: fix return code when you ask for a non-privileged SID via one of the privileges RPC calls
(This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
-rw-r--r--source3/lib/privileges.c9
-rw-r--r--source3/rpc_server/srv_lsa_nt.c3
2 files changed, 12 insertions, 0 deletions
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index b84800a0e1..df785f801e 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -739,3 +739,12 @@ BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset )
return True;
}
+/*******************************************************************
+*******************************************************************/
+
+BOOL is_privileged_sid( DOM_SID *sid )
+{
+ SE_PRIV mask;
+
+ return get_privileges( sid, &mask );
+}
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index e5154dbb53..13053d9877 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -967,6 +967,9 @@ NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CR
if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
return NT_STATUS_ACCESS_DENIED;
+
+ if ( is_privileged_sid( &info->sid ) )
+ return NT_STATUS_OBJECT_NAME_COLLISION;
/* associate the user/group SID with the (unique) handle. */