git.samba.org / ira / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bf4385c)
r4822: fix return code when you ask for a non-privileged SID via one of the privilege...
authorGerald Carter <jerry@samba.org>
Tue, 18 Jan 2005 18:29:28 +0000 (18:29 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 15:53:56 +0000 (10:53 -0500)
source/lib/privileges.c patch | blob | history
source/rpc_server/srv_lsa_nt.c patch | blob | history

diff --git a/source/lib/privileges.c b/source/lib/privileges.c
index b84800a0e10c4e7bfd1bdfe1d9af10adc400e34a..df785f801efe2b341ff0115cdcf921bbf7de6082 100644 (file)
--- a/source/lib/privileges.c
+++ b/source/lib/privileges.c
@@ -739,3 +739,12 @@ BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset )
        return True;
 }
 
+/*******************************************************************
+*******************************************************************/
+
+BOOL is_privileged_sid( DOM_SID *sid )
+{
+       SE_PRIV mask;
+       
+       return get_privileges( sid, &mask );
+}
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index e5154dbb539204858bb00e5a976a7e68df2624c7..13053d9877b67652705f2ff92f69ccd5b68be290 100644 (file)
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -967,6 +967,9 @@ NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CR
           
        if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
                return NT_STATUS_ACCESS_DENIED;
+               
+       if ( is_privileged_sid( &info->sid ) )
+               return NT_STATUS_OBJECT_NAME_COLLISION;
 
        /* associate the user/group SID with the (unique) handle. */
        
Unnamed repository; edit this file 'description' to name the repository.