svn commit: samba r5056 - in branches/SAMBA_3_0/source: include
rpc_server
jerry at samba.org
jerry at samba.org
Fri Jan 28 16:55:10 GMT 2005
Author: jerry
Date: 2005-01-28 16:55:09 +0000 (Fri, 28 Jan 2005)
New Revision: 5056
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5056
Log:
* correct STANDARD_RIGHTS_WRITE_ACCESS bitmask define
* make sure to apply the rights_mask and not just the saved
bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
Admins) as suggested by Volker.
Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts. Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
Modified:
branches/SAMBA_3_0/source/include/rpc_lsa.h
branches/SAMBA_3_0/source/include/rpc_secdes.h
branches/SAMBA_3_0/source/include/smb.h
branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h
===================================================================
--- branches/SAMBA_3_0/source/include/rpc_lsa.h 2005-01-28 14:42:30 UTC (rev 5055)
+++ branches/SAMBA_3_0/source/include/rpc_lsa.h 2005-01-28 16:55:09 UTC (rev 5056)
@@ -207,7 +207,7 @@
POLICY_VIEW_AUDIT_INFORMATION |\
POLICY_GET_PRIVATE_INFORMATION)
-#define POLICY_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS |\
+#define POLICY_WRITE ( STD_RIGHT_READ_CONTROL_ACCESS |\
POLICY_TRUST_ADMIN |\
POLICY_CREATE_ACCOUNT |\
POLICY_CREATE_SECRET |\
Modified: branches/SAMBA_3_0/source/include/rpc_secdes.h
===================================================================
--- branches/SAMBA_3_0/source/include/rpc_secdes.h 2005-01-28 14:42:30 UTC (rev 5055)
+++ branches/SAMBA_3_0/source/include/rpc_secdes.h 2005-01-28 16:55:09 UTC (rev 5056)
@@ -251,7 +251,10 @@
#define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
#define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
#define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_WRITE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
+#define STANDARD_RIGHTS_WRITE_ACCESS \
+ (STD_RIGHT_WRITE_OWNER_ACCESS | \
+ STD_RIGHT_WRITE_DAC_ACCESS | \
+ STD_RIGHT_DELETE_ACCESS) /* 0x000d0000 */
#define STANDARD_RIGHTS_REQUIRED_ACCESS \
(STD_RIGHT_DELETE_ACCESS | \
STD_RIGHT_READ_CONTROL_ACCESS | \
Modified: branches/SAMBA_3_0/source/include/smb.h
===================================================================
--- branches/SAMBA_3_0/source/include/smb.h 2005-01-28 14:42:30 UTC (rev 5055)
+++ branches/SAMBA_3_0/source/include/smb.h 2005-01-28 16:55:09 UTC (rev 5056)
@@ -1069,7 +1069,7 @@
#define FILE_GENERIC_READ (STANDARD_RIGHTS_READ_ACCESS|FILE_READ_DATA|FILE_READ_ATTRIBUTES|\
FILE_READ_EA|SYNCHRONIZE_ACCESS)
-#define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\
+#define FILE_GENERIC_WRITE (STD_RIGHT_READ_CONTROL_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\
FILE_WRITE_EA|FILE_APPEND_DATA|SYNCHRONIZE_ACCESS)
#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|\
Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2005-01-28 14:42:30 UTC (rev 5055)
+++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2005-01-28 16:55:09 UTC (rev 5056)
@@ -1134,16 +1134,21 @@
struct lsa_info *info = NULL;
SE_PRIV mask;
PRIVILEGE_SET *set = NULL;
+ struct current_user user;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- /* check to see if the pipe_user is a Domain Admin since
+ /* check to see if the pipe_user is root or a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
- if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+
+ get_current_user( &user, p );
+ if ( user.uid != sec_initial_uid()
+ && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ {
return NT_STATUS_ACCESS_DENIED;
+ }
set = &q_u->set;
@@ -1170,16 +1175,21 @@
struct lsa_info *info = NULL;
SE_PRIV mask;
PRIVILEGE_SET *set = NULL;
+ struct current_user user;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- /* check to see if the pipe_user is a Domain Admin since
+ /* check to see if the pipe_user is root or a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
- if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+
+ get_current_user( &user, p );
+ if ( user.uid != sec_initial_uid()
+ && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ {
return NT_STATUS_ACCESS_DENIED;
+ }
set = &q_u->set;
Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-01-28 14:42:30 UTC (rev 5055)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-01-28 16:55:09 UTC (rev 5056)
@@ -270,8 +270,8 @@
saved_mask = (des_access & rights_mask);
des_access &= ~saved_mask;
- DEBUG(4,("access_check_samr_object: user rights saved access mask [0x%x]\n",
- saved_mask));
+ DEBUG(4,("access_check_samr_object: user rights access mask [0x%x]\n",
+ rights_mask));
}
@@ -296,9 +296,9 @@
done:
/* add in any bits saved during the privilege check (only
- matters is syayus is ok) */
+ matters is status is ok) */
- *acc_granted |= saved_mask;
+ *acc_granted |= rights_mask;
DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
More information about the samba-cvs
mailing list