From b4aaa2ae25c0282287943a43bd0939683dfb2582 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 18 Jan 2005 18:29:28 +0000 Subject: r4822: fix return code when you ask for a non-privileged SID via one of the privileges RPC calls (This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3) --- source3/lib/privileges.c | 9 +++++++++ source3/rpc_server/srv_lsa_nt.c | 3 +++ 2 files changed, 12 insertions(+) (limited to 'source3') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index b84800a0e1..df785f801e 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -739,3 +739,12 @@ BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) return True; } +/******************************************************************* +*******************************************************************/ + +BOOL is_privileged_sid( DOM_SID *sid ) +{ + SE_PRIV mask; + + return get_privileges( sid, &mask ); +} diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index e5154dbb53..13053d9877 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -967,6 +967,9 @@ NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CR if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) return NT_STATUS_ACCESS_DENIED; + + if ( is_privileged_sid( &info->sid ) ) + return NT_STATUS_OBJECT_NAME_COLLISION; /* associate the user/group SID with the (unique) handle. */ -- cgit