summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-08-17 14:11:24 +1000
committerAndrew Tridgell <tridge@samba.org>2010-08-17 21:21:50 +1000
commit84bedf4028a5c841f08c079bfd20b9111fe52777 (patch)
tree0fc33b0c1e8a54ea585fe5ccc5626691cc1caa31 /source4
parent4e9daa0f032547787a1a1957a6f4f4002aa50371 (diff)
downloadsamba-84bedf4028a5c841f08c079bfd20b9111fe52777.tar.gz
samba-84bedf4028a5c841f08c079bfd20b9111fe52777.tar.bz2
samba-84bedf4028a5c841f08c079bfd20b9111fe52777.zip
s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLER
check more than the user_sid, and also check for the right rid value Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r--source4/libcli/security/security_token.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c
index f105ed391f..7cfb566b91 100644
--- a/source4/libcli/security/security_token.c
+++ b/source4/libcli/security/security_token.c
@@ -166,14 +166,14 @@ enum security_user_level security_session_user_level(struct auth_session_info *s
return SECURITY_ADMINISTRATOR;
}
- if (domain_sid &&
- dom_sid_in_domain(domain_sid, session_info->security_token->user_sid)) {
- uint32_t rid;
- NTSTATUS status = dom_sid_split_rid(NULL, session_info->security_token->user_sid,
- NULL, &rid);
- if (NT_STATUS_IS_OK(status) && rid == DOMAIN_RID_ENTERPRISE_READONLY_DCS) {
+ if (domain_sid) {
+ struct dom_sid *rodc_dcs;
+ rodc_dcs = dom_sid_add_rid(session_info, domain_sid, DOMAIN_RID_READONLY_DCS);
+ if (security_token_has_sid(session_info->security_token, rodc_dcs)) {
+ talloc_free(rodc_dcs);
return SECURITY_RO_DOMAIN_CONTROLLER;
}
+ talloc_free(rodc_dcs);
}
if (security_token_has_enterprise_dcs(session_info->security_token)) {