summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/lib/privileges.c9
-rw-r--r--source3/rpc_server/srv_lsa_nt.c3
2 files changed, 12 insertions, 0 deletions
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index b84800a0e1..df785f801e 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -739,3 +739,12 @@ BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset )
return True;
}
+/*******************************************************************
+*******************************************************************/
+
+BOOL is_privileged_sid( DOM_SID *sid )
+{
+ SE_PRIV mask;
+
+ return get_privileges( sid, &mask );
+}
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index e5154dbb53..13053d9877 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -967,6 +967,9 @@ NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CR
if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
return NT_STATUS_ACCESS_DENIED;
+
+ if ( is_privileged_sid( &info->sid ) )
+ return NT_STATUS_OBJECT_NAME_COLLISION;
/* associate the user/group SID with the (unique) handle. */
generated by cgit (git 2.34.1) at 2024-08-17 15:07:41 +0000