[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5298-gbd2f369

Karolin Seeger kseeger at samba.org
Mon Jun 15 09:09:18 GMT 2009


The branch, v3-3-test has been updated
       via  bd2f3695c117773032e16958a0266d0d1e75defe (commit)
      from  7108ebb87902f3b5d2c43ba95d557278ad8e120f (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit bd2f3695c117773032e16958a0266d0d1e75defe
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Jun 15 10:43:27 2009 +0200

    Revert the extra SAMR and LSA checks.
    
    These were added between 3.2.4 and 3.2.5 that have caused users problems.
    This fixes among others bug #6089 and #6112.

-----------------------------------------------------------------------

Summary of changes:
 source/rpc_server/srv_samr_nt.c |   58 ---------------------------------------
 1 files changed, 0 insertions(+), 58 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 05e62fb..c3464a8 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -862,13 +862,6 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
 	DEBUG(10,("_samr_QuerySecurity: querying security on SID: %s\n",
 		  sid_string_dbg(&pol_sid)));
 
-	status = access_check_samr_function(acc_granted,
-					    STD_RIGHT_READ_CONTROL_ACCESS,
-					    "_samr_QuerySecurity");
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	/* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */
 
 	/* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */
@@ -1488,13 +1481,6 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
 		return NT_STATUS_OK;
 	}
 
-	status = access_check_samr_function(info->acc_granted,
-					    SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
-					    "_samr_QueryDisplayInfo");
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	/*
 	 * calculate how many entries we will return.
 	 * based on
@@ -2077,13 +2063,6 @@ NTSTATUS _samr_LookupRids(pipes_struct *p,
 	if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL))
 		return NT_STATUS_INVALID_HANDLE;
 
-	status = access_check_samr_function(acc_granted,
-					    0, /* Don't know the acc_bits yet */
-					    "_samr_LookupRids");
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	if (num_rids > 1000) {
 		DEBUG(0, ("Got asked for %d rids (more than 1000) -- according "
 			  "to samba4 idl this is not possible\n", num_rids));
@@ -2634,13 +2613,6 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
 	if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	status = access_check_samr_function(info->acc_granted,
-					    SAMR_USER_ACCESS_GET_ATTRIBUTES,
-					    "_samr_QueryUserInfo");
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	domain_sid = info->sid;
 
 	sid_split_rid(&domain_sid, &rid);
@@ -2901,13 +2873,6 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
-	status = access_check_samr_function(info->acc_granted,
-					    SAMR_ACCESS_LOOKUP_DOMAIN,
-					    "_samr_QueryDomainInfo" );
-
-	if ( !NT_STATUS_IS_OK(status) )
-		return status;
-
 	switch (r->in.level) {
 		case 0x01:
 
@@ -5649,7 +5614,6 @@ NTSTATUS _samr_SetDomainInfo(pipes_struct *p,
 	time_t u_expire, u_min_age;
 	time_t u_logout;
 	time_t u_lock_duration, u_reset_time;
-	NTSTATUS result;
 
 	DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__));
 
@@ -5657,20 +5621,6 @@ NTSTATUS _samr_SetDomainInfo(pipes_struct *p,
 	if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	/* We do have different access bits for info
-	 * levels here, but we're really just looking for
-	 * GENERIC_RIGHTS_DOMAIN_WRITE access. Unfortunately
-	 * this maps to different specific bits. So
-	 * assume if we have SAMR_DOMAIN_ACCESS_SET_INFO_1
-	 * set we are ok. */
-
-	result = access_check_samr_function(info->acc_granted,
-					    SAMR_DOMAIN_ACCESS_SET_INFO_1,
-					    "_samr_SetDomainInfo");
-
-	if (!NT_STATUS_IS_OK(result))
-		return result;
-
 	DEBUG(5,("_samr_SetDomainInfo: level: %d\n", r->in.level));
 
 	switch (r->in.level) {
@@ -5728,7 +5678,6 @@ NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p,
 	int i;
 	uint32_t num_account = 0;
 	struct samr_displayentry *entries = NULL;
-	NTSTATUS status;
 
 	DEBUG(5,("_samr_GetDisplayEnumerationIndex: %d\n", __LINE__));
 
@@ -5737,13 +5686,6 @@ NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
-	status = access_check_samr_function(info->acc_granted,
-					    SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
-					    "_samr_GetDisplayEnumerationIndex");
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	if ((r->in.level < 1) || (r->in.level > 3)) {
 		DEBUG(0,("_samr_GetDisplayEnumerationIndex: "
 			"Unknown info level (%u)\n",


-- 
Samba Shared Repository


More information about the samba-cvs mailing list