s3-wkssvcs: fix check for BUILTIN\Administrators membership in wkssvc_Netr{Join,Unjoi...
authorGünther Deschner <gd@samba.org>
Thu, 6 Aug 2009 18:59:32 +0000 (20:59 +0200)
committerGünther Deschner <gd@samba.org>
Fri, 7 Aug 2009 07:59:14 +0000 (09:59 +0200)
Guenther

source3/rpc_server/srv_wkssvc_nt.c

index acc1fb3b03c957470f2281571a1e47560d6f75e7..ab09e8632f50a7f699257ce345bd6e7f98338189 100644 (file)
@@ -306,7 +306,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
 
        if (!user_has_privileges(token, &se_machine_account) &&
            !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
 
        if (!user_has_privileges(token, &se_machine_account) &&
            !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
-           !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
+           !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
                DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have "
                        "sufficient privileges\n"));
                return WERR_ACCESS_DENIED;
                DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have "
                        "sufficient privileges\n"));
                return WERR_ACCESS_DENIED;
@@ -377,7 +377,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
 
        if (!user_has_privileges(token, &se_machine_account) &&
            !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
 
        if (!user_has_privileges(token, &se_machine_account) &&
            !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
-           !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
+           !nt_token_check_sid(&global_sid_Builtin_Administrators, token)) {
                DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have "
                        "sufficient privileges\n"));
                return WERR_ACCESS_DENIED;
                DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have "
                        "sufficient privileges\n"));
                return WERR_ACCESS_DENIED;