From 3ea64e0ad86c35e5f0018ac60571e7a31a968543 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 10 Jan 2010 17:39:27 +0100 Subject: s3: Replace most calls to sid_append_rid() by sid_compose() --- source3/rpc_server/srv_samr_nt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/rpc_server/srv_samr_nt.c') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 6b40385744..9f6afa1c98 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -145,8 +145,8 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd /* Add Full Access for Domain Admins if we are a DC */ if ( IS_DC ) { - sid_copy( &domadmin_sid, get_global_sam_sid() ); - sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS ); + sid_compose(&domadmin_sid, get_global_sam_sid(), + DOMAIN_GROUP_RID_ADMINS); init_sec_ace(&ace[i++], &domadmin_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); } @@ -266,8 +266,8 @@ void map_max_allowed_access(const NT_USER_TOKEN *nt_token, /* Full access for DOMAIN\Domain Admins. */ if ( IS_DC ) { DOM_SID domadmin_sid; - sid_copy( &domadmin_sid, get_global_sam_sid() ); - sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS ); + sid_compose(&domadmin_sid, get_global_sam_sid(), + DOMAIN_GROUP_RID_ADMINS); if (is_sid_in_token(nt_token, &domadmin_sid)) { *pacc_requested |= GENERIC_ALL_ACCESS; return; -- cgit From 86a73e6eba35973b0de63e3e048da99c7472582a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 10 Jan 2010 17:58:12 +0100 Subject: s3: Use sid_check_is_domain instead of a direct sid_equal --- source3/rpc_server/srv_samr_nt.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3/rpc_server/srv_samr_nt.c') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 9f6afa1c98..3626cbdf2a 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -5837,8 +5837,9 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p, return status; } - if (!sid_equal(&dinfo->sid, get_global_sam_sid())) + if (!sid_check_is_domain(&dinfo->sid)) { return NT_STATUS_ACCESS_DENIED; + } name = r->in.name->string; if (name == NULL) { @@ -5898,8 +5899,9 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p, return result; } - if (!sid_equal(&dinfo->sid, get_global_sam_sid())) + if (!sid_check_is_domain(&dinfo->sid)) { return NT_STATUS_ACCESS_DENIED; + } name = r->in.alias_name->string; @@ -6277,8 +6279,9 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p, /* this should not be hard-coded like this */ - if (!sid_equal(&dinfo->sid, get_global_sam_sid())) + if (!sid_check_is_domain(&dinfo->sid)) { return NT_STATUS_ACCESS_DENIED; + } sid_compose(&info_sid, &dinfo->sid, r->in.rid); -- cgit