diff options
-rw-r--r-- | libcli/security/dom_sid.h | 1 | ||||
-rw-r--r-- | libcli/security/security_token.c | 10 | ||||
-rw-r--r-- | source4/rpc_server/srvsvc/dcesrv_srvsvc.c | 2 |
3 files changed, 7 insertions, 6 deletions
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h index 8c60f761e4..3d1161fdc7 100644 --- a/libcli/security/dom_sid.h +++ b/libcli/security/dom_sid.h @@ -30,6 +30,7 @@ extern const struct dom_sid global_sid_World_Domain; extern const struct dom_sid global_sid_World; extern const struct dom_sid global_sid_Creator_Owner_Domain; extern const struct dom_sid global_sid_NT_Authority; +extern const struct dom_sid global_sid_Enterprise_DCs; extern const struct dom_sid global_sid_System; extern const struct dom_sid global_sid_NULL; extern const struct dom_sid global_sid_Authenticated_Users; diff --git a/libcli/security/security_token.c b/libcli/security/security_token.c index 03dc528b93..40f13820ee 100644 --- a/libcli/security/security_token.c +++ b/libcli/security/security_token.c @@ -95,12 +95,12 @@ bool security_token_is_sid_string(const struct security_token *token, const char bool security_token_is_system(const struct security_token *token) { - return security_token_is_sid_string(token, SID_NT_SYSTEM); + return security_token_is_sid(token, &global_sid_System); } bool security_token_is_anonymous(const struct security_token *token) { - return security_token_is_sid_string(token, SID_NT_ANONYMOUS); + return security_token_is_sid(token, &global_sid_Anonymous); } bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid) @@ -128,15 +128,15 @@ bool security_token_has_sid_string(const struct security_token *token, const cha bool security_token_has_builtin_administrators(const struct security_token *token) { - return security_token_has_sid_string(token, SID_BUILTIN_ADMINISTRATORS); + return security_token_has_sid(token, &global_sid_Builtin_Administrators); } bool security_token_has_nt_authenticated_users(const struct security_token *token) { - return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS); + return security_token_has_sid(token, &global_sid_Authenticated_Users); } bool security_token_has_enterprise_dcs(const struct security_token *token) { - return security_token_has_sid_string(token, SID_NT_ENTERPRISE_DCS); + return security_token_has_sid(token, &global_sid_Enterprise_DCs); } diff --git a/source4/rpc_server/srvsvc/dcesrv_srvsvc.c b/source4/rpc_server/srvsvc/dcesrv_srvsvc.c index cf3651780d..41d89a9f56 100644 --- a/source4/rpc_server/srvsvc/dcesrv_srvsvc.c +++ b/source4/rpc_server/srvsvc/dcesrv_srvsvc.c @@ -33,7 +33,7 @@ #define SRVSVC_CHECK_ADMIN_ACCESS do { \ struct security_token *t = dce_call->conn->auth_state.session_info->security_token; \ if (!security_token_has_builtin_administrators(t) && \ - !security_token_has_sid_string(t, SID_BUILTIN_SERVER_OPERATORS)) { \ + !security_token_has_sid(t, &global_sid_Builtin_Server_Operators)) { \ return WERR_ACCESS_DENIED; \ } \ } while (0) |