[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-3551-g3591c95
Jeremy Allison
jra at samba.org
Wed Apr 15 21:11:28 GMT 2009
The branch, v3-2-test has been updated
via 3591c95beaed3abfa10b1579e377b0103647a177 (commit)
from 6d308951c5b0fec988685f64f040f0770b537efb (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 3591c95beaed3abfa10b1579e377b0103647a177
Author: Jeremy Allison <jra at samba.org>
Date: Wed Apr 15 14:09:32 2009 -0700
Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+
What a difference a name makes... :-). Just because something is missnamed
SA_RIGHT_SAM_OPEN_DOMAIN, when it should actually be SA_RIGHT_SAM_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/include/rpc_secdes.h | 4 ++--
source/rpc_server/srv_samr_nt.c | 13 +++----------
source/utils/net_rpc.c | 2 +-
3 files changed, 6 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h
index 649e806..bf5b85f 100644
--- a/source/include/rpc_secdes.h
+++ b/source/include/rpc_secdes.h
@@ -224,7 +224,7 @@ struct standard_mapping {
#define SA_RIGHT_SAM_INITIALISE_SERVER 0x00000004
#define SA_RIGHT_SAM_CREATE_DOMAIN 0x00000008
#define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010
-#define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020
+#define SA_RIGHT_SAM_LOOKUP_DOMAIN 0x00000020
#define SA_RIGHT_SAM_ALL_ACCESS 0x0000003F
@@ -244,7 +244,7 @@ struct standard_mapping {
#define GENERIC_RIGHTS_SAM_EXECUTE \
(STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_SAM_OPEN_DOMAIN | \
+ SA_RIGHT_SAM_LOOKUP_DOMAIN | \
SA_RIGHT_SAM_CONNECT_SERVER)
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 6e37ea5..f14c53b 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -620,13 +620,6 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_SAM_OPEN_DOMAIN,
- "_samr_OpenDomain" );
-
- if ( !NT_STATUS_IS_OK(status) )
- return status;
-
/*check if access can be granted as requested by client. */
map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
@@ -2957,7 +2950,7 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
}
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_SAM_OPEN_DOMAIN,
+ SA_RIGHT_SAM_LOOKUP_DOMAIN,
"_samr_QueryDomainInfo" );
if ( !NT_STATUS_IS_OK(status) )
@@ -3357,7 +3350,7 @@ NTSTATUS _samr_Connect(pipes_struct *p,
map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
se_map_generic( &des_access, &sam_generic_mapping );
- info->acc_granted = des_access & (SA_RIGHT_SAM_ENUM_DOMAINS|SA_RIGHT_SAM_OPEN_DOMAIN);
+ info->acc_granted = des_access & (SA_RIGHT_SAM_ENUM_DOMAINS|SA_RIGHT_SAM_LOOKUP_DOMAIN);
/* get a (unique) handle. open a policy on it. */
if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
@@ -3544,7 +3537,7 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p,
Reverted that change so we will work with RAS servers again */
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_SAM_OPEN_DOMAIN,
+ SA_RIGHT_SAM_LOOKUP_DOMAIN,
"_samr_LookupDomain");
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index 0476394..1eaa1c6 100644
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -6280,7 +6280,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
/* SamrConnect2 */
nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
pipe_hnd->cli->desthost,
- SA_RIGHT_SAM_OPEN_DOMAIN,
+ SA_RIGHT_SAM_LOOKUP_DOMAIN,
&connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
--
Samba Shared Repository
More information about the samba-cvs
mailing list