diff options
| author | Nadezhda Ivanova <nadezhda.ivanova@postpath.com> | 2010-01-13 12:02:31 +0200 |
|---|---|---|
| committer | Nadezhda Ivanova <nadezhda.ivanova@postpath.com> | 2010-01-13 12:02:31 +0200 |
| commit | 9b3871ed293f76e770e572cd6b59f59670f1f6f8 (patch) | |
| tree | 2b79286e3a6f7af9e26466393a0b26075a238be8 /source3/rpc_server/srv_samr_nt.c | |
| parent | 309473f938d18b9993c2c4f120eeff7b4641985a (diff) | |
| parent | ca847952054f5bbde1d40ad4260589b6fcc9721d (diff) | |
| download | samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.tar.gz samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.tar.bz2 samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.zip | |
Merge branch 'master' of git://git.samba.org/samba
Diffstat (limited to 'source3/rpc_server/srv_samr_nt.c')
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 6b40385744..3626cbdf2a 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -145,8 +145,8 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd /* Add Full Access for Domain Admins if we are a DC */ if ( IS_DC ) { - sid_copy( &domadmin_sid, get_global_sam_sid() ); - sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS ); + sid_compose(&domadmin_sid, get_global_sam_sid(), + DOMAIN_GROUP_RID_ADMINS); init_sec_ace(&ace[i++], &domadmin_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); } @@ -266,8 +266,8 @@ void map_max_allowed_access(const NT_USER_TOKEN *nt_token, /* Full access for DOMAIN\Domain Admins. */ if ( IS_DC ) { DOM_SID domadmin_sid; - sid_copy( &domadmin_sid, get_global_sam_sid() ); - sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS ); + sid_compose(&domadmin_sid, get_global_sam_sid(), + DOMAIN_GROUP_RID_ADMINS); if (is_sid_in_token(nt_token, &domadmin_sid)) { *pacc_requested |= GENERIC_ALL_ACCESS; return; @@ -5837,8 +5837,9 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p, return status; } - if (!sid_equal(&dinfo->sid, get_global_sam_sid())) + if (!sid_check_is_domain(&dinfo->sid)) { return NT_STATUS_ACCESS_DENIED; + } name = r->in.name->string; if (name == NULL) { @@ -5898,8 +5899,9 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p, return result; } - if (!sid_equal(&dinfo->sid, get_global_sam_sid())) + if (!sid_check_is_domain(&dinfo->sid)) { return NT_STATUS_ACCESS_DENIED; + } name = r->in.alias_name->string; @@ -6277,8 +6279,9 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p, /* this should not be hard-coded like this */ - if (!sid_equal(&dinfo->sid, get_global_sam_sid())) + if (!sid_check_is_domain(&dinfo->sid)) { return NT_STATUS_ACCESS_DENIED; + } sid_compose(&info_sid, &dinfo->sid, r->in.rid); |