summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2010-05-17 22:04:24 +0200
committerGünther Deschner <gd@samba.org>2010-05-18 00:44:26 +0200
commit3b529d50be5613f37cf853714ecf78887df1d01b (patch)
treed3253ac410fbc74898d8a6543569670b68d2f511 /source3/rpc_server
parent2deff342b949ef7f91134115aa77c4051e2a4c33 (diff)
downloadsamba-3b529d50be5613f37cf853714ecf78887df1d01b.tar.gz
samba-3b529d50be5613f37cf853714ecf78887df1d01b.tar.bz2
samba-3b529d50be5613f37cf853714ecf78887df1d01b.zip
s3-rpc_misc: clean out include/rpc_misc.h.
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_lsa_nt.c2
-rw-r--r--source3/rpc_server/srv_samr_nt.c10
-rw-r--r--source3/rpc_server/srv_spoolss_util.c2
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c2
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c4
5 files changed, 10 insertions, 10 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 297af4ea01..afb85baef2 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -335,7 +335,7 @@ static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
/* Add Full Access for Domain Admins */
- sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS);
+ sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_RID_ADMINS);
init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
map->generic_all, 0);
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 97ed381824..70c162be9d 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -146,7 +146,7 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
if ( IS_DC ) {
sid_compose(&domadmin_sid, get_global_sam_sid(),
- DOMAIN_GROUP_RID_ADMINS);
+ DOMAIN_RID_ADMINS);
init_sec_ace(&ace[i++], &domadmin_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
}
@@ -267,7 +267,7 @@ void map_max_allowed_access(const NT_USER_TOKEN *nt_token,
if ( IS_DC ) {
DOM_SID domadmin_sid;
sid_compose(&domadmin_sid, get_global_sam_sid(),
- DOMAIN_GROUP_RID_ADMINS);
+ DOMAIN_RID_ADMINS);
if (is_sid_in_token(nt_token, &domadmin_sid)) {
*pacc_requested |= GENERIC_ALL_ACCESS;
return;
@@ -2319,13 +2319,13 @@ NTSTATUS _samr_OpenUser(pipes_struct *p,
}
/*
* Cheat - allow GENERIC_RIGHTS_USER_WRITE if pipe user is
- * in DOMAIN_GROUP_RID_ADMINS. This is almost certainly not
+ * in DOMAIN_RID_ADMINS. This is almost certainly not
* what Windows does but is a hack for people who haven't
* set up privileges on groups in Samba.
*/
if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) {
if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->ptok,
- DOMAIN_GROUP_RID_ADMINS)) {
+ DOMAIN_RID_ADMINS)) {
des_access &= ~GENERIC_RIGHTS_USER_WRITE;
extra_access = GENERIC_RIGHTS_USER_WRITE;
DEBUG(4,("_samr_OpenUser: Allowing "
@@ -3811,7 +3811,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
se_priv_copy(&se_rights, &se_priv_none);
can_add_account = nt_token_check_domain_rid(
p->server_info->ptok,
- DOMAIN_GROUP_RID_ADMINS );
+ DOMAIN_RID_ADMINS );
}
DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n",
diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c
index 1752329e4c..d9df1a0a5f 100644
--- a/source3/rpc_server/srv_spoolss_util.c
+++ b/source3/rpc_server/srv_spoolss_util.c
@@ -2297,7 +2297,7 @@ create_default:
size_t size;
/* Create new sd */
- sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
+ sid_append_rid(&owner_sid, DOMAIN_RID_ADMINISTRATOR);
new_secdesc = make_sec_desc(tmp_ctx,
secdesc->revision,
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 6d86074a54..ef320d0ec6 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1292,7 +1292,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p,
if ((p->server_info->utok.uid != sec_initial_uid()) &&
( ! nt_token_check_domain_rid(p->server_info->ptok,
- DOMAIN_GROUP_RID_ADMINS))) {
+ DOMAIN_RID_ADMINS))) {
goto done;
}
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index a8cbfba368..4106bc10bc 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -800,7 +800,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
}
if (!user_has_privileges(token, &se_machine_account) &&
- !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
+ !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) &&
!nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have "
"sufficient privileges\n"));
@@ -871,7 +871,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
}
if (!user_has_privileges(token, &se_machine_account) &&
- !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
+ !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) &&
!nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have "
"sufficient privileges\n"));