diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-08-30 13:30:38 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-09-11 18:46:10 +1000 |
commit | 62e5900cd13f6daf77ab65f70245fe21ac5fd053 (patch) | |
tree | 9c598c812b2fbdb2eda0c8e02fee2bf2bfd188e1 /source3/rpc_server/srv_lsa_nt.c | |
parent | a53a42ffb88fd6b758b8cacf492bceeb93da09c1 (diff) | |
download | samba-62e5900cd13f6daf77ab65f70245fe21ac5fd053.tar.gz samba-62e5900cd13f6daf77ab65f70245fe21ac5fd053.tar.bz2 samba-62e5900cd13f6daf77ab65f70245fe21ac5fd053.zip |
s3-privs Rework access_check_object() to take two privileges
This allows the privileges bitmap to be used only when setting
privileges, and uses an the LUID constant for all 'does this user
have this privilege' operations.
The advantage is that we now only need one API to determine if a
token has a privilege, and much less code needs to know what type
is used for the underlying bitmap.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/rpc_server/srv_lsa_nt.c')
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index e8ffb5cee9..684c719e11 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -389,7 +389,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p, } status = access_check_object(psd, p->server_info->ptok, - NULL, 0, des_access, + SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access, &acc_granted, "_lsa_OpenPolicy2" ); if (!NT_STATUS_IS_OK(status)) { return status; @@ -1723,7 +1723,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p, } status = access_check_object(psd, p->server_info->ptok, - NULL, 0, r->in.access_mask, + SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, r->in.access_mask, &acc_granted, "_lsa_CreateAccount"); if (!NT_STATUS_IS_OK(status)) { return status; @@ -1793,7 +1793,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p, } status = access_check_object(psd, p->server_info->ptok, - NULL, 0, des_access, + SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access, &acc_granted, "_lsa_OpenAccount" ); if (!NT_STATUS_IS_OK(status)) { return status; @@ -2189,7 +2189,7 @@ NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p, */ status = access_check_object(psd, p->server_info->ptok, - NULL, 0, + SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW, &acc_granted, "_lsa_AddAccountRights" ); if (!NT_STATUS_IS_OK(status)) { @@ -2259,7 +2259,7 @@ NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p, */ status = access_check_object(psd, p->server_info->ptok, - NULL, 0, + SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS| LSA_ACCOUNT_VIEW|SEC_STD_DELETE, &acc_granted, "_lsa_RemoveAccountRights"); |