s3: Use sid_check_is_domain instead of a direct sid_equal

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 9f6afa1c98bbbd300647928ff51fcd46cf014402..3626cbdf2a04c2e90afc5c7705f91a7ecc939d62 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -5837,8 +5837,9 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p,
                return status;
        }
 
                return status;
        }
 

-       if (!sid_equal(&dinfo->sid, get_global_sam_sid()))
+       if (!sid_check_is_domain(&dinfo->sid)) {

                return NT_STATUS_ACCESS_DENIED;
                return NT_STATUS_ACCESS_DENIED;

+       }

 
        name = r->in.name->string;
        if (name == NULL) {
 
        name = r->in.name->string;
        if (name == NULL) {


@@ -5898,8 +5899,9 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p,
                return result;
        }
 
                return result;
        }
 

-       if (!sid_equal(&dinfo->sid, get_global_sam_sid()))
+       if (!sid_check_is_domain(&dinfo->sid)) {

                return NT_STATUS_ACCESS_DENIED;
                return NT_STATUS_ACCESS_DENIED;

+       }

 
        name = r->in.alias_name->string;
 
 
        name = r->in.alias_name->string;
 


@@ -6277,8 +6279,9 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p,
 
        /* this should not be hard-coded like this */
 
 
        /* this should not be hard-coded like this */
 

-       if (!sid_equal(&dinfo->sid, get_global_sam_sid()))
+       if (!sid_check_is_domain(&dinfo->sid)) {

                return NT_STATUS_ACCESS_DENIED;
                return NT_STATUS_ACCESS_DENIED;

+       }

 
        sid_compose(&info_sid, &dinfo->sid, r->in.rid);
 
 
        sid_compose(&info_sid, &dinfo->sid, r->in.rid);