Ignore:
Timestamp:
May 26, 2009, 9:44:50 AM (17 years ago)
Author:
Herwig Bauernfeind
Message:

Update 3.2 branch to 3.2.6

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/samba-3.2.x/source/rpc_server/srv_lsa_nt.c

    r138 r228  
    435435
    436436        if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) {
    437                 if (geteuid() != 0) {
     437                if () {
    438438                        return status;
    439439                }
     
    15311531           account_pol.tdb was already opened as root, this is all we have */
    15321532
    1533         if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
     1533        if ( p->pipe_user.ut.uid != sec_initial_uid()
     1534                && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
    15341535                return NT_STATUS_ACCESS_DENIED;
    15351536
     
    16171618                return NT_STATUS_INVALID_HANDLE;
    16181619
     1620
     1621
     1622
    16191623        if ( !get_privileges_for_sids( &mask, &info->sid, 1 ) )
    16201624                return NT_STATUS_OBJECT_NAME_NOT_FOUND;
     
    16771681                return NT_STATUS_INVALID_HANDLE;
    16781682
     1683
     1684
     1685
    16791686        if (!lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, NULL))
    16801687                return NT_STATUS_ACCESS_DENIED;
     
    17111718           account_pol.tdb was already opened as root, this is all we have */
    17121719
    1713         if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
     1720        if ( p->pipe_user.ut.uid != sec_initial_uid()
     1721                && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
    17141722                return NT_STATUS_ACCESS_DENIED;
    17151723
     
    18201828        if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
    18211829                return NT_STATUS_ACCESS_DENIED;
    1822 
    18231830
    18241831        switch (r->in.sec_info) {
     
    20792086                return NT_STATUS_INVALID_HANDLE;
    20802087
     2088
     2089
     2090
    20812091        /* according to an NT4 PDC, you can add privileges to SIDs even without
    20822092           call_lsa_create_account() first.  And you can use any arbitrary SID. */
     
    21202130        if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
    21212131                return NT_STATUS_INVALID_HANDLE;
     2132
     2133
     2134
    21222135
    21232136        name = r->in.name->string;
Note: See TracChangeset for help on using the changeset viewer.