Changed again how the privilege list is handled in the group mapping code.

This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It
makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP
struct as some privilege showing in USRMGR.EXE are not real privs but a
bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT
3.1 box to verify, but I'm too lazy (yes I still have my CDs).

Added 3 more LSA calls: SetSystemAccount, AddPrivileges and
RemovePrivileges, we can manage all this privilege from UserManager.

Time to change the NT_USER_TOKEN struct and add checks in all the rpc
functions. Fun, fun, fun.

        J.F.
(This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)

1 files changed, 2 insertions, 0 deletions

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 873e569f680..b07dec7c0d8 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -551,6 +551,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 
 		/* check if it's a mapped group */
 		if (get_group_map_from_sid(local_sid, &map)) {
+			free_privilege(&map.priv_set);
 			if (map.gid!=-1) {
 				DEBUG(5,("local_local_rid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
 				fstrcpy(name, map.nt_name);
@@ -636,6 +637,7 @@ BOOL local_lookup_name(const char *c_domain, const char *c_user, DOM_SID *psid,
 		
 		/* check if it's a mapped group */
 		if (get_group_map_from_ntname(user, &map)) {
+			free_privilege(&map.priv_set);
 			if (map.gid!=-1) {
 				/* yes it's a mapped group to a valid unix group */
 				sid_copy(&local_sid, &map.sid);