[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1679-g6ab0c83

Mon May 18 21:09:09 GMT 2009

The branch, master has been updated
       via  6ab0c83570b2e60e0cd3bd5f5bfb1923fd359994 (commit)
      from  4724fef8979c3f0e66cb8e41936af270901093b4 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6ab0c83570b2e60e0cd3bd5f5bfb1923fd359994
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Mon May 18 21:05:08 2009 +0200

    s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount().
    
    Inspired by lsa server from Samba 4.
    
    Just removing a user in SAMR does not remove a user in LSA. If you use
    usermanager from windows, the "User Rights" management gui gets unaccessable as
    soon as you delete a user that had privileges granted. With this fix, that
    no longer existing user would properly appear as an unknown account in the GUI
    (as it does while using usermanager with windows domains).
    
    This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_lsa_nt.c |   26 +++++++++++++++++++++++---
 1 files changed, 23 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 7cddb5c..dd0bfe1 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1717,7 +1717,10 @@ NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p,
 NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p,
 				     struct lsa_GetSystemAccessAccount *r)
 {
-	struct lsa_info *info=NULL;
+	NTSTATUS status;
+	struct lsa_info *info = NULL;
+	struct lsa_EnumPrivsAccount e;
+	struct lsa_PrivilegeSet *privset;
 
 	/* find the connection policy handle. */
 
@@ -1727,8 +1730,25 @@ NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p,
 	if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
-	if (!lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, NULL))
-		return NT_STATUS_ACCESS_DENIED;
+	privset = talloc_zero(p->mem_ctx, struct lsa_PrivilegeSet);
+	if (!privset) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	e.in.handle = r->in.handle;
+	e.out.privs = &privset;
+
+	status = _lsa_EnumPrivsAccount(p, &e);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10,("_lsa_GetSystemAccessAccount: "
+			"failed to call _lsa_EnumPrivsAccount(): %s\n",
+			nt_errstr(status)));
+		return status;
+	}
+
+	/* Samba4 would iterate over the privset to merge the policy mode bits,
+	 * not sure samba3 can do the same here, so just return what we did in
+	 * the past - gd */
 
 	/*
 	  0x01 -> Log on locally


-- 
Samba Shared Repository
