diff options
| author | Günther Deschner <gd@samba.org> | 2010-05-17 22:04:24 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2010-05-18 00:44:26 +0200 |
| commit | 3b529d50be5613f37cf853714ecf78887df1d01b (patch) | |
| tree | d3253ac410fbc74898d8a6543569670b68d2f511 /source3/rpc_server | |
| parent | 2deff342b949ef7f91134115aa77c4051e2a4c33 (diff) | |
| download | samba-3b529d50be5613f37cf853714ecf78887df1d01b.tar.gz samba-3b529d50be5613f37cf853714ecf78887df1d01b.tar.bz2 samba-3b529d50be5613f37cf853714ecf78887df1d01b.zip | |
s3-rpc_misc: clean out include/rpc_misc.h.
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.
Guenther
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 2 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 10 | ||||
| -rw-r--r-- | source3/rpc_server/srv_spoolss_util.c | 2 | ||||
| -rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 2 | ||||
| -rw-r--r-- | source3/rpc_server/srv_wkssvc_nt.c | 4 |
5 files changed, 10 insertions, 10 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 297af4ea01..afb85baef2 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -335,7 +335,7 @@ static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); /* Add Full Access for Domain Admins */ - sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS); + sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_RID_ADMINS); init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 97ed381824..70c162be9d 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -146,7 +146,7 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd if ( IS_DC ) { sid_compose(&domadmin_sid, get_global_sam_sid(), - DOMAIN_GROUP_RID_ADMINS); + DOMAIN_RID_ADMINS); init_sec_ace(&ace[i++], &domadmin_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); } @@ -267,7 +267,7 @@ void map_max_allowed_access(const NT_USER_TOKEN *nt_token, if ( IS_DC ) { DOM_SID domadmin_sid; sid_compose(&domadmin_sid, get_global_sam_sid(), - DOMAIN_GROUP_RID_ADMINS); + DOMAIN_RID_ADMINS); if (is_sid_in_token(nt_token, &domadmin_sid)) { *pacc_requested |= GENERIC_ALL_ACCESS; return; @@ -2319,13 +2319,13 @@ NTSTATUS _samr_OpenUser(pipes_struct *p, } /* * Cheat - allow GENERIC_RIGHTS_USER_WRITE if pipe user is - * in DOMAIN_GROUP_RID_ADMINS. This is almost certainly not + * in DOMAIN_RID_ADMINS. This is almost certainly not * what Windows does but is a hack for people who haven't * set up privileges on groups in Samba. */ if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) { if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->ptok, - DOMAIN_GROUP_RID_ADMINS)) { + DOMAIN_RID_ADMINS)) { des_access &= ~GENERIC_RIGHTS_USER_WRITE; extra_access = GENERIC_RIGHTS_USER_WRITE; DEBUG(4,("_samr_OpenUser: Allowing " @@ -3811,7 +3811,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, se_priv_copy(&se_rights, &se_priv_none); can_add_account = nt_token_check_domain_rid( p->server_info->ptok, - DOMAIN_GROUP_RID_ADMINS ); + DOMAIN_RID_ADMINS ); } DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n", diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c index 1752329e4c..d9df1a0a5f 100644 --- a/source3/rpc_server/srv_spoolss_util.c +++ b/source3/rpc_server/srv_spoolss_util.c @@ -2297,7 +2297,7 @@ create_default: size_t size; /* Create new sd */ - sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN); + sid_append_rid(&owner_sid, DOMAIN_RID_ADMINISTRATOR); new_secdesc = make_sec_desc(tmp_ctx, secdesc->revision, diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 6d86074a54..ef320d0ec6 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1292,7 +1292,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, if ((p->server_info->utok.uid != sec_initial_uid()) && ( ! nt_token_check_domain_rid(p->server_info->ptok, - DOMAIN_GROUP_RID_ADMINS))) { + DOMAIN_RID_ADMINS))) { goto done; } diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index a8cbfba368..4106bc10bc 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -800,7 +800,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, } if (!user_has_privileges(token, &se_machine_account) && - !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && + !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) && !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) { DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have " "sufficient privileges\n")); @@ -871,7 +871,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, } if (!user_has_privileges(token, &se_machine_account) && - !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && + !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) && !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) { DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have " "sufficient privileges\n")); |