diff options
author | Jeremy Allison <jra@samba.org> | 2006-02-02 20:44:50 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:06:21 -0500 |
commit | d14af63e6ab600eb3ac705f2f425c860e927553a (patch) | |
tree | 9be5b1da9836c61c7b1bf2df72df7014944b8599 /source3/rpc_server/srv_lsa_nt.c | |
parent | 206cbff8b72a2ccc41e52b45097976f4511bfdec (diff) | |
download | samba-d14af63e6ab600eb3ac705f2f425c860e927553a.tar.gz samba-d14af63e6ab600eb3ac705f2f425c860e927553a.tar.bz2 samba-d14af63e6ab600eb3ac705f2f425c860e927553a.zip |
r13293: Rather a big patch I'm afraid, but this should fix bug #3347
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
Diffstat (limited to 'source3/rpc_server/srv_lsa_nt.c')
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 6cd673550e..f48f3e863a 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1198,7 +1198,7 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u account_pol.tdb was already opened as root, this is all we have */ get_current_user( &user, p ); - if ( user.uid != sec_initial_uid() + if ( user.ut.uid != sec_initial_uid() && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; @@ -1239,7 +1239,7 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP account_pol.tdb was already opened as root, this is all we have */ get_current_user( &user, p ); - if ( user.uid != sec_initial_uid() + if ( user.ut.uid != sec_initial_uid() && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; @@ -1401,7 +1401,7 @@ NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R account_pol.tdb was already opened as root, this is all we have */ get_current_user( &user, p ); - if ( user.uid != sec_initial_uid() + if ( user.ut.uid != sec_initial_uid() && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; @@ -1459,7 +1459,7 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, account_pol.tdb was already opened as root, this is all we have */ get_current_user( &user, p ); - if ( user.uid != sec_initial_uid() + if ( user.ut.uid != sec_initial_uid() && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; @@ -1573,4 +1573,3 @@ NTSTATUS _lsa_lookup_priv_value(pipes_struct *p, LSA_Q_LOOKUP_PRIV_VALUE *q_u, L return NT_STATUS_OK; } - |