diff options
author | Jeremy Allison <jra@samba.org> | 2010-10-22 15:58:40 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-10-22 23:41:36 +0000 |
commit | 272feb7bd133344e88864ffc75d251451ddd681c (patch) | |
tree | afde6cf4f229d0e2611af14be1210d9b33b2a31a /source3/rpc_server/srv_samr_nt.c | |
parent | d46ca0eb801f2664cedb17c50a9a94e58ebdb0b6 (diff) | |
download | samba-272feb7bd133344e88864ffc75d251451ddd681c.tar.gz samba-272feb7bd133344e88864ffc75d251451ddd681c.tar.bz2 samba-272feb7bd133344e88864ffc75d251451ddd681c.zip |
Revert "Wrap security_token_has_privilege() with a check for lp_enable_privileges(). Needed"
Not needed - privileges code prevents "enable privileges = no" from adding privileges
anyway.
This reverts commit a8b95686a7bde3f96f141b6938e24e101567ef54.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
Diffstat (limited to 'source3/rpc_server/srv_samr_nt.c')
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index c2bf13e901..a04584e7c1 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -200,8 +200,8 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t by privileges (mostly having to do with creating/modifying/deleting users and groups) */ - if ((needed_priv_1 != SEC_PRIV_INVALID && s3_security_token_has_privilege(token, needed_priv_1)) || - (needed_priv_2 != SEC_PRIV_INVALID && s3_security_token_has_privilege(token, needed_priv_2))) { + if ((needed_priv_1 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_1)) || + (needed_priv_2 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_2))) { saved_mask = (des_access & rights_mask); des_access &= ~saved_mask; @@ -572,7 +572,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, * Users with SeAddUser get the ability to manipulate groups * and aliases. */ - if (s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS)) { + if (security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS)) { extra_access |= (SAMR_DOMAIN_ACCESS_CREATE_GROUP | SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | @@ -3845,13 +3845,13 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, can_add_account = true; } else if (acb_info & ACB_WSTRUST) { needed_priv = SEC_PRIV_MACHINE_ACCOUNT; - can_add_account = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_MACHINE_ACCOUNT); + can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_MACHINE_ACCOUNT); } else if (acb_info & ACB_NORMAL && (account[strlen(account)-1] != '$')) { /* usrmgr.exe (and net rpc trustdom grant) creates a normal user account for domain trusts and changes the ACB flags later */ needed_priv = SEC_PRIV_ADD_USERS; - can_add_account = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS); + can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS); } else if (lp_enable_privileges()) { /* implicit assumption of a BDC or domain trust account here * (we already check the flags earlier) */ |