From 3b529d50be5613f37cf853714ecf78887df1d01b Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Mon, 17 May 2010 22:04:24 +0200
Subject: s3-rpc_misc: clean out include/rpc_misc.h.

Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
---
 source3/rpc_server/srv_lsa_nt.c       |  2 +-
 source3/rpc_server/srv_samr_nt.c      | 10 +++++-----
 source3/rpc_server/srv_spoolss_util.c |  2 +-
 source3/rpc_server/srv_srvsvc_nt.c    |  2 +-
 source3/rpc_server/srv_wkssvc_nt.c    |  4 ++--
 5 files changed, 10 insertions(+), 10 deletions(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 297af4ea01..afb85baef2 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -335,7 +335,7 @@ static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
 			SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
 
 	/* Add Full Access for Domain Admins */
-	sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS);
+	sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_RID_ADMINS);
 	init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
 			map->generic_all, 0);
 
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 97ed381824..70c162be9d 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -146,7 +146,7 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
 
 	if ( IS_DC ) {
 		sid_compose(&domadmin_sid, get_global_sam_sid(),
-			    DOMAIN_GROUP_RID_ADMINS);
+			    DOMAIN_RID_ADMINS);
 		init_sec_ace(&ace[i++], &domadmin_sid,
 			SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
 	}
@@ -267,7 +267,7 @@ void map_max_allowed_access(const NT_USER_TOKEN *nt_token,
 	if ( IS_DC ) {
 		DOM_SID domadmin_sid;
 		sid_compose(&domadmin_sid, get_global_sam_sid(),
-			    DOMAIN_GROUP_RID_ADMINS);
+			    DOMAIN_RID_ADMINS);
 		if (is_sid_in_token(nt_token, &domadmin_sid)) {
 			*pacc_requested |= GENERIC_ALL_ACCESS;
 			return;
@@ -2319,13 +2319,13 @@ NTSTATUS _samr_OpenUser(pipes_struct *p,
 		}
 		/*
 		 * Cheat - allow GENERIC_RIGHTS_USER_WRITE if pipe user is
-		 * in DOMAIN_GROUP_RID_ADMINS. This is almost certainly not
+		 * in DOMAIN_RID_ADMINS. This is almost certainly not
 		 * what Windows does but is a hack for people who haven't
 		 * set up privileges on groups in Samba.
 		 */
 		if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) {
 			if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->ptok,
-							DOMAIN_GROUP_RID_ADMINS)) {
+							DOMAIN_RID_ADMINS)) {
 				des_access &= ~GENERIC_RIGHTS_USER_WRITE;
 				extra_access = GENERIC_RIGHTS_USER_WRITE;
 				DEBUG(4,("_samr_OpenUser: Allowing "
@@ -3811,7 +3811,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
 		se_priv_copy(&se_rights, &se_priv_none);
 		can_add_account = nt_token_check_domain_rid(
 			p->server_info->ptok,
-			DOMAIN_GROUP_RID_ADMINS );
+			DOMAIN_RID_ADMINS );
 	}
 
 	DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n",
diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c
index 1752329e4c..d9df1a0a5f 100644
--- a/source3/rpc_server/srv_spoolss_util.c
+++ b/source3/rpc_server/srv_spoolss_util.c
@@ -2297,7 +2297,7 @@ create_default:
 			size_t size;
 
 			/* Create new sd */
-			sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
+			sid_append_rid(&owner_sid, DOMAIN_RID_ADMINISTRATOR);
 
 			new_secdesc = make_sec_desc(tmp_ctx,
 						    secdesc->revision,
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 6d86074a54..ef320d0ec6 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1292,7 +1292,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p,
 
 	if ((p->server_info->utok.uid != sec_initial_uid()) &&
 		( ! nt_token_check_domain_rid(p->server_info->ptok,
-					      DOMAIN_GROUP_RID_ADMINS))) {
+					      DOMAIN_RID_ADMINS))) {
 
 		goto done;
 	}
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index a8cbfba368..4106bc10bc 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -800,7 +800,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
 	}
 
 	if (!user_has_privileges(token, &se_machine_account) &&
-	    !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
+	    !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) &&
 	    !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
 		DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have "
 			"sufficient privileges\n"));
@@ -871,7 +871,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
 	}
 
 	if (!user_has_privileges(token, &se_machine_account) &&
-	    !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
+	    !nt_token_check_domain_rid(token, DOMAIN_RID_ADMINS) &&
 	    !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
 		DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have "
 			"sufficient privileges\n"));
-- 
cgit