[SCM] Samba Shared Repository - branch master updated

Michael Adam obnox at samba.org
Mon Jun 21 04:40:01 MDT 2010


The branch, master has been updated
       via  b784c20... s3:net rpc registry: make getsd succeed when key sd only gives access to SD not key contents
      from  e78f2b2... s3:fix an outdated comment.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b784c20df8fcafc3a5c66f847b1af58b77eeb42b
Author: Michael Adam <obnox at samba.org>
Date:   Mon Jun 21 12:32:57 2010 +0200

    s3:net rpc registry: make getsd succeed when key sd only gives access to SD not key contents
    
    You don't need the REG_KEY_READ permissions to access the SD of a key.
    And for instance, the key HKLM\security ususally has no specific bits
    set for builtin\administrators, but the READ_CONTROL_ACCESS.
    I.e. builtin\administrators can get the sd but not enumerate the key.

-----------------------------------------------------------------------

Summary of changes:
 source3/utils/net_rpc_registry.c |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c
index 59971af..fb1e14f 100644
--- a/source3/utils/net_rpc_registry.c
+++ b/source3/utils/net_rpc_registry.c
@@ -1208,8 +1208,7 @@ static NTSTATUS rpc_registry_getsd_internal(struct net_context *c,
 	uint32_t sec_info;
 	DATA_BLOB blob;
 	struct security_descriptor sec_desc;
-	uint32_t access_mask = REG_KEY_READ |
-			       SEC_FLAG_MAXIMUM_ALLOWED |
+	uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED |
 			       SEC_FLAG_SYSTEM_SECURITY;
 
 	if (argc <1 || argc > 2 || c->display_usage) {


-- 
Samba Shared Repository


More information about the samba-cvs mailing list