summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-10-22 10:31:06 -0700
committerJeremy Allison <jra@samba.org>2010-10-22 18:15:48 +0000
commita8b95686a7bde3f96f141b6938e24e101567ef54 (patch)
treec5bdfbfc2fb1acb0c211d9941bc0fd321b3a6d9a /source3/rpc_server
parent3e79cd6856e5c76cc39ad2be68b40534a524cecd (diff)
downloadsamba-a8b95686a7bde3f96f141b6938e24e101567ef54.tar.gz
samba-a8b95686a7bde3f96f141b6938e24e101567ef54.tar.bz2
samba-a8b95686a7bde3f96f141b6938e24e101567ef54.zip
Wrap security_token_has_privilege() with a check for lp_enable_privileges(). Needed
to maintain compatibility with smb.conf manpage. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_samr_nt.c10
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c18
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c8
-rw-r--r--source3/rpc_server/srv_winreg_nt.c6
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c4
5 files changed, 23 insertions, 23 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index a04584e7c1..c2bf13e901 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -200,8 +200,8 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t
by privileges (mostly having to do with creating/modifying/deleting
users and groups) */
- if ((needed_priv_1 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_1)) ||
- (needed_priv_2 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_2))) {
+ if ((needed_priv_1 != SEC_PRIV_INVALID && s3_security_token_has_privilege(token, needed_priv_1)) ||
+ (needed_priv_2 != SEC_PRIV_INVALID && s3_security_token_has_privilege(token, needed_priv_2))) {
saved_mask = (des_access & rights_mask);
des_access &= ~saved_mask;
@@ -572,7 +572,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
* Users with SeAddUser get the ability to manipulate groups
* and aliases.
*/
- if (security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS)) {
+ if (s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS)) {
extra_access |= (SAMR_DOMAIN_ACCESS_CREATE_GROUP |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
@@ -3845,13 +3845,13 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
can_add_account = true;
} else if (acb_info & ACB_WSTRUST) {
needed_priv = SEC_PRIV_MACHINE_ACCOUNT;
- can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_MACHINE_ACCOUNT);
+ can_add_account = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_MACHINE_ACCOUNT);
} else if (acb_info & ACB_NORMAL &&
(account[strlen(account)-1] != '$')) {
/* usrmgr.exe (and net rpc trustdom grant) creates a normal user
account for domain trusts and changes the ACB flags later */
needed_priv = SEC_PRIV_ADD_USERS;
- can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS);
+ can_add_account = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS);
} else if (lp_enable_privileges()) {
/* implicit assumption of a BDC or domain trust account here
* (we already check the flags earlier) */
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 62725ee95a..a409a75855 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -379,7 +379,7 @@ static WERROR delete_printer_hook(TALLOC_CTX *ctx, struct security_token *token,
return WERR_NOMEM;
}
if ( token )
- is_print_op = security_token_has_privilege(token, SEC_PRIV_PRINT_OPERATOR);
+ is_print_op = s3_security_token_has_privilege(token, SEC_PRIV_PRINT_OPERATOR);
DEBUG(10,("Running [%s]\n", command));
@@ -1790,7 +1790,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
@@ -2033,7 +2033,7 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p,
and not a printer admin, then fail */
if ( (p->server_info->utok.uid != sec_initial_uid())
- && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR)
+ && !s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR)
&& !token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
@@ -2138,7 +2138,7 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p,
and not a printer admin, then fail */
if ( (p->server_info->utok.uid != sec_initial_uid())
- && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR)
+ && !s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR)
&& !token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
@@ -6023,7 +6023,7 @@ static WERROR add_port_hook(TALLOC_CTX *ctx, struct security_token *token, const
}
if ( token )
- is_print_op = security_token_has_privilege(token, SEC_PRIV_PRINT_OPERATOR);
+ is_print_op = s3_security_token_has_privilege(token, SEC_PRIV_PRINT_OPERATOR);
DEBUG(10,("Running [%s]\n", command));
@@ -6080,7 +6080,7 @@ static bool add_printer_hook(TALLOC_CTX *ctx, struct security_token *token,
}
if ( token )
- is_print_op = security_token_has_privilege(token, SEC_PRIV_PRINT_OPERATOR);
+ is_print_op = s3_security_token_has_privilege(token, SEC_PRIV_PRINT_OPERATOR);
DEBUG(10,("Running [%s]\n", command));
@@ -8406,7 +8406,7 @@ WERROR _spoolss_AddForm(struct pipes_struct *p,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
@@ -8474,7 +8474,7 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p,
}
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
@@ -8538,7 +8538,7 @@ WERROR _spoolss_SetForm(struct pipes_struct *p,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index f59b972861..fe557e9ed8 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1572,7 +1572,7 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p,
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
/* fail out now if you are not root and not a disk op */
@@ -1774,7 +1774,7 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p,
*r->out.parm_error = 0;
}
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
@@ -1967,7 +1967,7 @@ WERROR _srvsvc_NetShareDel(struct pipes_struct *p,
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
@@ -2519,7 +2519,7 @@ WERROR _srvsvc_NetFileClose(struct pipes_struct *p,
DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__));
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) {
return WERR_ACCESS_DENIED;
diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c
index 298f33ab70..44cdfcbb37 100644
--- a/source3/rpc_server/srv_winreg_nt.c
+++ b/source3/rpc_server/srv_winreg_nt.c
@@ -577,7 +577,7 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p,
return WERR_NOMEM;
}
- can_shutdown = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN);
+ can_shutdown = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN);
/* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root
Take the error return from the script and provide it as the Windows return code. */
@@ -614,7 +614,7 @@ WERROR _winreg_AbortSystemShutdown(struct pipes_struct *p,
if (!*abort_shutdown_script)
return WERR_ACCESS_DENIED;
- can_shutdown = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN);
+ can_shutdown = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN);
/********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
@@ -704,7 +704,7 @@ WERROR _winreg_RestoreKey(struct pipes_struct *p,
/* user must posses SeRestorePrivilege for this this proceed */
- if ( !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_RESTORE)) {
+ if ( !s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_RESTORE)) {
return WERR_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index 000b605913..aa30d14fac 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -823,7 +823,7 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
return WERR_INVALID_PARAM;
}
- if (!security_token_has_privilege(token, SEC_PRIV_MACHINE_ACCOUNT) &&
+ if (!s3_security_token_has_privilege(token, SEC_PRIV_MACHINE_ACCOUNT) &&
!nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) &&
!nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have "
@@ -894,7 +894,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p,
return WERR_INVALID_PARAM;
}
- if (!security_token_has_privilege(token, SEC_PRIV_MACHINE_ACCOUNT) &&
+ if (!s3_security_token_has_privilege(token, SEC_PRIV_MACHINE_ACCOUNT) &&
!nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) &&
!nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have "