[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-5211-g8a985bc
Jeremy Allison
jra at samba.org
Wed Apr 15 21:33:20 GMT 2009
The branch, v3-3-test has been updated
via 8a985bcfe4aee7e602601fe78a94757dce645fcc (commit)
from 64c0c6cfc6d44a9bb8ea13e56ed6c3d1eee3861e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 8a985bcfe4aee7e602601fe78a94757dce645fcc
Author: Jeremy Allison <jra at samba.org>
Date: Wed Apr 15 14:31:43 2009 -0700
Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+
What a difference a name makes... :-). Just because something is missnamed
SA_RIGHT_SAM_OPEN_DOMAIN, when it should actually be SA_RIGHT_SAM_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/lib/netapi/group.c | 18 +++++++++---------
source/lib/netapi/localgroup.c | 25 ++++++++++++-------------
source/lib/netapi/user.c | 30 +++++++++++++++---------------
source/libnet/libnet_join.c | 2 +-
source/librpc/gen_ndr/ndr_samr.c | 2 +-
source/librpc/gen_ndr/samr.h | 4 ++--
source/librpc/idl/samr.idl | 4 ++--
source/librpc/idl/security.idl | 6 +++---
source/rpc_server/srv_samr_nt.c | 13 +++----------
source/utils/net_rpc.c | 2 +-
source/utils/net_rpc_join.c | 2 +-
11 files changed, 50 insertions(+), 58 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/netapi/group.c b/source/lib/netapi/group.c
index b3bb14e..6dcf2e1 100644
--- a/source/lib/netapi/group.c
+++ b/source/lib/netapi/group.c
@@ -81,7 +81,7 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_CREATE_GROUP |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -258,7 +258,7 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -429,7 +429,7 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -670,7 +670,7 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -792,7 +792,7 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -919,7 +919,7 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -1203,7 +1203,7 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
@@ -1340,7 +1340,7 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -1498,7 +1498,7 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
diff --git a/source/lib/netapi/localgroup.c b/source/lib/netapi/localgroup.c
index 25a3427..d571045 100644
--- a/source/lib/netapi/localgroup.c
+++ b/source/lib/netapi/localgroup.c
@@ -159,7 +159,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -184,7 +184,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -285,7 +285,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -310,7 +310,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -463,7 +463,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -488,7 +488,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -640,7 +640,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -667,7 +667,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -788,7 +788,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
@@ -800,7 +800,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
@@ -1101,7 +1101,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -1131,7 +1131,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -1355,4 +1355,3 @@ WERROR NetLocalGroupSetMembers_l(struct libnetapi_ctx *ctx,
{
LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupSetMembers);
}
-
diff --git a/source/lib/netapi/user.c b/source/lib/netapi/user.c
index 2c78f6f..bddd161 100644
--- a/source/lib/netapi/user.c
+++ b/source/lib/netapi/user.c
@@ -391,7 +391,7 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
SAMR_DOMAIN_ACCESS_CREATE_USER |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
@@ -519,7 +519,7 @@ WERROR NetUserDel_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -1231,7 +1231,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
&connect_handle,
@@ -1242,7 +1242,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
@@ -1536,7 +1536,7 @@ WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
@@ -1668,7 +1668,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -1679,7 +1679,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
&connect_handle,
@@ -1826,7 +1826,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -1838,7 +1838,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
&connect_handle,
@@ -2252,7 +2252,7 @@ WERROR NetUserModalsGet_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
access_mask,
&connect_handle,
&domain_handle,
@@ -2736,7 +2736,7 @@ WERROR NetUserModalsSet_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
access_mask,
&connect_handle,
&domain_handle,
@@ -2875,7 +2875,7 @@ WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -3032,7 +3032,7 @@ WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -3320,7 +3320,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
&connect_handle,
@@ -3332,7 +3332,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
&connect_handle,
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index 1bea16e..1016e9c 100644
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -785,7 +785,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
pipe_hnd->desthost,
SAMR_ACCESS_ENUM_DOMAINS
- | SAMR_ACCESS_OPEN_DOMAIN,
+ | SAMR_ACCESS_LOOKUP_DOMAIN,
&sam_pol);
if (!NT_STATUS_IS_OK(status)) {
goto done;
diff --git a/source/librpc/gen_ndr/ndr_samr.c b/source/librpc/gen_ndr/ndr_samr.c
index 71fdf45..c82078f 100644
--- a/source/librpc/gen_ndr/ndr_samr.c
+++ b/source/librpc/gen_ndr/ndr_samr.c
@@ -69,7 +69,7 @@ _PUBLIC_ void ndr_print_samr_ConnectAccessMask(struct ndr_print *ndr, const char
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_INITIALIZE_SERVER", SAMR_ACCESS_INITIALIZE_SERVER, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_CREATE_DOMAIN", SAMR_ACCESS_CREATE_DOMAIN, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_ENUM_DOMAINS", SAMR_ACCESS_ENUM_DOMAINS, r);
- ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_OPEN_DOMAIN", SAMR_ACCESS_OPEN_DOMAIN, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_LOOKUP_DOMAIN", SAMR_ACCESS_LOOKUP_DOMAIN, r);
ndr->depth--;
}
diff --git a/source/librpc/gen_ndr/samr.h b/source/librpc/gen_ndr/samr.h
index b925a0b..3423a08 100644
--- a/source/librpc/gen_ndr/samr.h
+++ b/source/librpc/gen_ndr/samr.h
@@ -12,7 +12,7 @@
#define GENERIC_RIGHTS_SAM_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_ACCESS_ALL_ACCESS) )
#define GENERIC_RIGHTS_SAM_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ACCESS_ENUM_DOMAINS) )
#define GENERIC_RIGHTS_SAM_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ACCESS_CREATE_DOMAIN|SAMR_ACCESS_INITIALIZE_SERVER|SAMR_ACCESS_SHUTDOWN_SERVER) )
-#define GENERIC_RIGHTS_SAM_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ACCESS_OPEN_DOMAIN|SAMR_ACCESS_CONNECT_TO_SERVER) )
+#define GENERIC_RIGHTS_SAM_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ACCESS_LOOKUP_DOMAIN|SAMR_ACCESS_CONNECT_TO_SERVER) )
#define SAMR_USER_ACCESS_ALL_ACCESS ( 0x000007FF )
#define GENERIC_RIGHTS_USER_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_USER_ACCESS_ALL_ACCESS) )
#define GENERIC_RIGHTS_USER_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP|SAMR_USER_ACCESS_GET_GROUPS|SAMR_USER_ACCESS_GET_ATTRIBUTES|SAMR_USER_ACCESS_GET_LOGONINFO|SAMR_USER_ACCESS_GET_LOCALE) )
@@ -65,7 +65,7 @@
#define SAMR_ACCESS_INITIALIZE_SERVER ( 0x00000004 )
#define SAMR_ACCESS_CREATE_DOMAIN ( 0x00000008 )
#define SAMR_ACCESS_ENUM_DOMAINS ( 0x00000010 )
-#define SAMR_ACCESS_OPEN_DOMAIN ( 0x00000020 )
+#define SAMR_ACCESS_LOOKUP_DOMAIN ( 0x00000020 )
/* bitmap samr_UserAccessMask */
#define SAMR_USER_ACCESS_GET_NAME_ETC ( 0x00000001 )
diff --git a/source/librpc/idl/samr.idl b/source/librpc/idl/samr.idl
index ef7c6f4..9e933a5 100644
--- a/source/librpc/idl/samr.idl
+++ b/source/librpc/idl/samr.idl
@@ -48,7 +48,7 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
- SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
+ SAMR_ACCESS_LOOKUP_DOMAIN = 0x00000020
} samr_ConnectAccessMask;
const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
@@ -69,7 +69,7 @@ import "misc.idl", "lsa.idl", "security.idl";
const int GENERIC_RIGHTS_SAM_EXECUTE =
(STANDARD_RIGHTS_EXECUTE_ACCESS |
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_CONNECT_TO_SERVER);
/* User Object specific access rights */
diff --git a/source/librpc/idl/security.idl b/source/librpc/idl/security.idl
index 0adc157..66c4b9a 100644
--- a/source/librpc/idl/security.idl
+++ b/source/librpc/idl/security.idl
@@ -135,9 +135,9 @@ interface security
/* combinations of standard masks. */
const int STANDARD_RIGHTS_ALL_ACCESS = SEC_STD_ALL; /* 0x001f0000 */
- const int STANDARD_RIGHTS_MODIFY_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */
- const int STANDARD_RIGHTS_EXECUTE_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */
- const int STANDARD_RIGHTS_READ_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */
+ const int STANDARD_RIGHTS_MODIFY_ACCESS = SEC_STD_READ_CONTROL; /* 0x00020000 */
+ const int STANDARD_RIGHTS_EXECUTE_ACCESS = SEC_STD_READ_CONTROL; /* 0x00020000 */
+ const int STANDARD_RIGHTS_READ_ACCESS = SEC_STD_READ_CONTROL; /* 0x00020000 */
const int STANDARD_RIGHTS_WRITE_ACCESS =
(SEC_STD_WRITE_OWNER |
SEC_STD_WRITE_DAC |
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index a946d2e..ec62662 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -620,13 +620,6 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(info->acc_granted,
- SAMR_ACCESS_OPEN_DOMAIN,
- "_samr_OpenDomain" );
-
- if ( !NT_STATUS_IS_OK(status) )
- return status;
-
/*check if access can be granted as requested by client. */
map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
@@ -2897,7 +2890,7 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
}
status = access_check_samr_function(info->acc_granted,
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
"_samr_QueryDomainInfo" );
if ( !NT_STATUS_IS_OK(status) )
@@ -3322,7 +3315,7 @@ NTSTATUS _samr_Connect(pipes_struct *p,
map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
se_map_generic( &des_access, &sam_generic_mapping );
- info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN);
+ info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_LOOKUP_DOMAIN);
/* get a (unique) handle. open a policy on it. */
if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
@@ -3458,7 +3451,7 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p,
Reverted that change so we will work with RAS servers again */
status = access_check_samr_function(info->acc_granted,
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
"_samr_LookupDomain");
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index 2679d04..98605d1 100644
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -6127,7 +6127,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
/* SamrConnect2 */
nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
pipe_hnd->desthost,
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
&connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c
index 20f4750..e663cc8 100644
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@ -244,7 +244,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx,
pipe_hnd->desthost,
SAMR_ACCESS_ENUM_DOMAINS
- | SAMR_ACCESS_OPEN_DOMAIN,
+ | SAMR_ACCESS_LOOKUP_DOMAIN,
&sam_pol),
"could not connect to SAM database");
--
Samba Shared Repository
More information about the samba-cvs
mailing list