s3: Use sid_check_is_domain instead of a direct sid_equal
authorVolker Lendecke <vl@samba.org>
Sun, 10 Jan 2010 16:58:12 +0000 (17:58 +0100)
committerVolker Lendecke <vl@samba.org>
Sun, 10 Jan 2010 19:56:16 +0000 (20:56 +0100)
source3/rpc_server/srv_samr_nt.c

index 9f6afa1c98bbbd300647928ff51fcd46cf014402..3626cbdf2a04c2e90afc5c7705f91a7ecc939d62 100644 (file)
@@ -5837,8 +5837,9 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p,
                return status;
        }
 
                return status;
        }
 
-       if (!sid_equal(&dinfo->sid, get_global_sam_sid()))
+       if (!sid_check_is_domain(&dinfo->sid)) {
                return NT_STATUS_ACCESS_DENIED;
                return NT_STATUS_ACCESS_DENIED;
+       }
 
        name = r->in.name->string;
        if (name == NULL) {
 
        name = r->in.name->string;
        if (name == NULL) {
@@ -5898,8 +5899,9 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p,
                return result;
        }
 
                return result;
        }
 
-       if (!sid_equal(&dinfo->sid, get_global_sam_sid()))
+       if (!sid_check_is_domain(&dinfo->sid)) {
                return NT_STATUS_ACCESS_DENIED;
                return NT_STATUS_ACCESS_DENIED;
+       }
 
        name = r->in.alias_name->string;
 
 
        name = r->in.alias_name->string;
 
@@ -6277,8 +6279,9 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p,
 
        /* this should not be hard-coded like this */
 
 
        /* this should not be hard-coded like this */
 
-       if (!sid_equal(&dinfo->sid, get_global_sam_sid()))
+       if (!sid_check_is_domain(&dinfo->sid)) {
                return NT_STATUS_ACCESS_DENIED;
                return NT_STATUS_ACCESS_DENIED;
+       }
 
        sid_compose(&info_sid, &dinfo->sid, r->in.rid);
 
 
        sid_compose(&info_sid, &dinfo->sid, r->in.rid);