r23640: When we support the SeSecurity privilage, this is where

we'll check it.
Jeremy.
(This used to be commit 1b73bf79f4f8a2bc408d52a1ce9df47f33fb3a87)

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index c13e35698bd89da2a2a48a39bcc3f38a2829afbd..2c259713c2cf9812a66778294f014c9b6eb36943 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -702,6 +702,17 @@ int reply_ntcreate_and_X(connection_struct *conn,
                }
        }
 
+#if 0
+       /* We need to support SeSecurityPrivilege for this. */
+       if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY)) && 
+                       !user_has_privileges(current_user.nt_user_token,
+                               &se_security)) {
+               restore_case_semantics(conn, file_attributes);
+               END_PROFILE(SMBntcreateX);
+               return ERROR_NT(NT_STATUS_PRIVILEGE_NOT_HELD);
+       }
+#endif
+
        /*
         * If it's a request for a directory open, deal with it separately.
         */
@@ -1378,6 +1389,16 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o
                }
        }
 
+#if 0
+       /* We need to support SeSecurityPrivilege for this. */
+       if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY)) && 
+                       !user_has_privileges(current_user.nt_user_token,
+                               &se_security)) {
+               restore_case_semantics(conn, file_attributes);
+               return ERROR_NT(NT_STATUS_PRIVILEGE_NOT_HELD);
+       }
+#endif
+
        if (ea_len) {
                pdata = data + sd_len;