[Samba] Re: [ANNOUNCE] Samba 3.2.6 Available for Download
Jeremy Allison
jra at samba.org
Wed Dec 10 21:41:12 GMT 2008
On Wed, Dec 10, 2008 at 07:35:44PM +0000, David Markey wrote:
> Possible regressions.
>
>
>
> using usrmgr.exe i cannot make changes or view someones profile even
> with the following privileges:
>
> # net rpc rights grant dmarkey SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege
> SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege
> SeDiskOperatorPrivilege
>
> I get an access denied error.
>
>
> [2008/12/10 19:27:09, 2]
> rpc_server/srv_samr_nt.c:access_check_samr_function(246)
> _samr_QueryUserInfo: ACCESS DENIED (granted: 0x000f05ff; required:
> 0x00000200)
>
> This didnt happen in 3.2.5
>
> Also, the root user is in the "Domain Admins" group but doesnt seem to
> have admin privilages on my windows boxes(Pretty sure root had in 3.2.5)
Ok, this looks liek the following cut-and-paste
error by me. We're testing a user handle permission
set against a domain handle permission bit by mistake.
Damn, I was *sure* I had tested this (but must have
tested as root by mistake).
Can you confirm this fixes the problem (it does here).
Jeremy.
-------------- next part --------------
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index e2cf8cd..c2f7533 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -2709,7 +2709,7 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+ SA_RIGHT_USER_SET_LOC_COM,
"_samr_QueryUserInfo");
if (!NT_STATUS_IS_OK(status)) {
return status;
More information about the samba-technical
mailing list