diff options
| author | Jeremy Allison <jra@samba.org> | 2010-10-22 10:31:06 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2010-10-22 18:15:48 +0000 |
| commit | a8b95686a7bde3f96f141b6938e24e101567ef54 (patch) | |
| tree | c5bdfbfc2fb1acb0c211d9941bc0fd321b3a6d9a /source3/rpc_server/srv_samr_nt.c | |
| parent | 3e79cd6856e5c76cc39ad2be68b40534a524cecd (diff) | |
| download | samba-a8b95686a7bde3f96f141b6938e24e101567ef54.tar.gz samba-a8b95686a7bde3f96f141b6938e24e101567ef54.tar.xz samba-a8b95686a7bde3f96f141b6938e24e101567ef54.zip | |
Wrap security_token_has_privilege() with a check for lp_enable_privileges(). Needed
to maintain compatibility with smb.conf manpage.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
Diffstat (limited to 'source3/rpc_server/srv_samr_nt.c')
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index a04584e7c15..c2bf13e901c 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -200,8 +200,8 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t by privileges (mostly having to do with creating/modifying/deleting users and groups) */ - if ((needed_priv_1 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_1)) || - (needed_priv_2 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_2))) { + if ((needed_priv_1 != SEC_PRIV_INVALID && s3_security_token_has_privilege(token, needed_priv_1)) || + (needed_priv_2 != SEC_PRIV_INVALID && s3_security_token_has_privilege(token, needed_priv_2))) { saved_mask = (des_access & rights_mask); des_access &= ~saved_mask; @@ -572,7 +572,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, * Users with SeAddUser get the ability to manipulate groups * and aliases. */ - if (security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS)) { + if (s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS)) { extra_access |= (SAMR_DOMAIN_ACCESS_CREATE_GROUP | SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | @@ -3845,13 +3845,13 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, can_add_account = true; } else if (acb_info & ACB_WSTRUST) { needed_priv = SEC_PRIV_MACHINE_ACCOUNT; - can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_MACHINE_ACCOUNT); + can_add_account = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_MACHINE_ACCOUNT); } else if (acb_info & ACB_NORMAL && (account[strlen(account)-1] != '$')) { /* usrmgr.exe (and net rpc trustdom grant) creates a normal user account for domain trusts and changes the ACB flags later */ needed_priv = SEC_PRIV_ADD_USERS; - can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS); + can_add_account = s3_security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS); } else if (lp_enable_privileges()) { /* implicit assumption of a BDC or domain trust account here * (we already check the flags earlier) */ |