sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-03 12:58:35 +03:00
Code

Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel

Browse Source
This commit is contained in:
Andrew Bartlett 2009-04-21 15:19:50 +02:00
commit 9b33766fbb
42 changed files with 447 additions and 326 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libcli/samsync/config.mk
View File

@ -4,7 +4,3 @@ PUBLIC_DEPENDENCIES = \
LIBCLI_SAMSYNC_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/samsync/, \
decrypt.o)
PUBLIC_HEADERS += ../libcli/samsync/samsync.h
$(eval $(call proto_header_template,$(libclicommonsrcdir)/samsync/samsync.h,$(LIBCLI_SAMSYNC_OBJ_FILES:.o=.c)))

34
libcli/samsync/samsync.h Normal file
View File

@ -0,0 +1,34 @@
/*
Unix SMB/CIFS implementation.
Extract the user/system database from a remote SamSync server
Copyright (C) Guenther Deschner <gd@samba.org> 2008
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __SAMSYNC_SAMSYNC_H__
#define __SAMSYNC_SAMSYNC_H__
/**
* Fix up the delta, dealing with encryption issues so that the final
* callback need only do the printing or application logic
*/
NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx,
struct netlogon_creds_CredentialState *creds,
enum netr_SamDatabaseID database_id,
struct netr_DELTA_ENUM *delta);
#endif /* __SAMSYNC_SAMSYNC_H__ */

2
libcli/security/config.mk
View File

@ -2,4 +2,4 @@
PRIVATE_DEPENDENCIES = TALLOC
LIBSECURITY_COMMON_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/security/, \
dom_sid.o display_sec.o secace.o secacl.o)
dom_sid.o display_sec.o secace.o secacl.o security_descriptor.o)

0
source4/libcli/security/security_descriptor.c → libcli/security/security_descriptor.c
View File

64
libcli/security/security_descriptor.h Normal file
View File

@ -0,0 +1,64 @@
/*
Unix SMB/CIFS implementation.
Samba utility functions
Copyright (C) 2009 Jelmer Vernooij <jelmer@samba.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __SECURITY_DESCRIPTOR_H__
#define __SECURITY_DESCRIPTOR_H__
#include "librpc/gen_ndr/security.h"
struct security_descriptor *security_descriptor_initialise(TALLOC_CTX *mem_ctx);
struct security_descriptor *security_descriptor_copy(TALLOC_CTX *mem_ctx,
const struct security_descriptor *osd);
NTSTATUS security_descriptor_sacl_add(struct security_descriptor *sd,
const struct security_ace *ace);
NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd,
const struct security_ace *ace);
NTSTATUS security_descriptor_dacl_del(struct security_descriptor *sd,
const struct dom_sid *trustee);
NTSTATUS security_descriptor_sacl_del(struct security_descriptor *sd,
const struct dom_sid *trustee);
bool security_ace_equal(const struct security_ace *ace1,
const struct security_ace *ace2);
bool security_acl_equal(const struct security_acl *acl1,
const struct security_acl *acl2);
bool security_descriptor_equal(const struct security_descriptor *sd1,
const struct security_descriptor *sd2);
bool security_descriptor_mask_equal(const struct security_descriptor *sd1,
const struct security_descriptor *sd2,
uint32_t mask);
struct security_descriptor *security_descriptor_append(struct security_descriptor *sd,
...);
struct security_descriptor *security_descriptor_dacl_create(TALLOC_CTX *mem_ctx,
uint16_t sd_type,
const char *owner_sid,
const char *group_sid,
...);
struct security_descriptor *security_descriptor_sacl_create(TALLOC_CTX *mem_ctx,
uint16_t sd_type,
const char *owner_sid,
const char *group_sid,
...);
struct security_ace *security_ace_create(TALLOC_CTX *mem_ctx,
const char *sid_str,
enum security_ace_type type,
uint32_t access_mask,
uint8_t flags);
#endif /* __SECURITY_DESCRIPTOR_H__ */

4
librpc/gen_ndr/winreg.h
View File

@ -9,6 +9,10 @@
#ifndef _HEADER_winreg
#define _HEADER_winreg
#define REG_KEY_READ ( (STANDARD_RIGHTS_READ_ACCESS|KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY) )
#define REG_KEY_EXECUTE ( REG_KEY_READ )
#define REG_KEY_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|KEY_SET_VALUE|KEY_CREATE_SUB_KEY) )
#define REG_KEY_ALL ( (STANDARD_RIGHTS_REQUIRED_ACCESS|REG_KEY_READ|REG_KEY_WRITE|KEY_CREATE_LINK) )
/* bitmap winreg_AccessMask */
#define KEY_QUERY_VALUE ( 0x00001 )
#define KEY_SET_VALUE ( 0x00002 )

20
librpc/idl/winreg.idl
View File

@ -14,6 +14,10 @@ import "lsa.idl", "security.idl";
{
typedef bitmap security_secinfo security_secinfo;
/*
* Access Bits for registry ACLS
*/
typedef [bitmap32bit] bitmap {
KEY_QUERY_VALUE = 0x00001,
KEY_SET_VALUE = 0x00002,
@ -25,6 +29,22 @@ import "lsa.idl", "security.idl";
KEY_WOW64_32KEY = 0x00200
} winreg_AccessMask;
const int REG_KEY_READ = ( STANDARD_RIGHTS_READ_ACCESS |
KEY_QUERY_VALUE |
KEY_ENUMERATE_SUB_KEYS |
KEY_NOTIFY);
const int REG_KEY_EXECUTE = REG_KEY_READ;
const int REG_KEY_WRITE = ( STANDARD_RIGHTS_WRITE_ACCESS |
KEY_SET_VALUE |
KEY_CREATE_SUB_KEY);
const int REG_KEY_ALL = ( STANDARD_RIGHTS_REQUIRED_ACCESS |
REG_KEY_READ |
REG_KEY_WRITE |
KEY_CREATE_LINK);
typedef [public,v1_enum] enum {
REG_NONE = 0,
REG_SZ = 1,

2
source3/Makefile.in
View File

@ -388,7 +388,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
../libcli/security/secacl.o \
libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
lib/file_id.o lib/idmap_cache.o \
../libcli/security/dom_sid.o
../libcli/security/dom_sid.o ../libcli/security/security_descriptor.o
LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o
LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ)

2
source3/client/client.c
View File

@ -1389,7 +1389,7 @@ static bool do_mkdir(const char *name)
return false;
}
if (!cli_mkdir(targetcli, targetname)) {
if (!NT_STATUS_IS_OK(cli_mkdir(targetcli, targetname))) {
d_printf("%s making remote directory %s\n",
cli_errstr(targetcli),name);
return false;

2
source3/client/clitar.c
View File

@ -555,7 +555,7 @@ static bool ensurepath(const char *fname)
safe_strcat(partpath, p, strlen(fname) + 1);
if (!cli_chkpath(cli, partpath)) {
if (!cli_mkdir(cli, partpath)) {
if (!NT_STATUS_IS_OK(cli_mkdir(cli, partpath))) {
SAFE_FREE(partpath);
SAFE_FREE(ffname);
DEBUG(0, ("Error mkdir %s\n", cli_errstr(cli)));

1
source3/include/includes.h
View File

@ -702,6 +702,7 @@ enum flush_reason_enum {
#endif
#include "libcli/security/secace.h"
#include "libcli/security/secacl.h"
#include "libcli/security/security_descriptor.h"
#if defined(HAVE_POSIX_ACLS)
#include "modules/vfs_posixacl.h"

2
source3/include/proto.h
View File

@ -2338,7 +2338,7 @@ bool cli_ntrename(struct cli_state *cli, const char *fname_src, const char *fnam
bool cli_nt_hardlink(struct cli_state *cli, const char *fname_src, const char *fname_dst);
bool cli_unlink_full(struct cli_state *cli, const char *fname, uint16 attrs);
bool cli_unlink(struct cli_state *cli, const char *fname);
bool cli_mkdir(struct cli_state *cli, const char *dname);
NTSTATUS cli_mkdir(struct cli_state *cli, const char *dname);
bool cli_rmdir(struct cli_state *cli, const char *dname);
int cli_nt_delete_on_close(struct cli_state *cli, int fnum, bool flag);
int cli_nt_create_full(struct cli_state *cli, const char *fname,

38
source3/include/rpc_secdes.h
View File

@ -121,9 +121,6 @@ struct standard_mapping {
#define STANDARD_RIGHTS_MASK 0x00FF0000
#define GENERIC_RIGHTS_MASK 0xF0000000
#define SEC_RIGHT_SYSTEM_SECURITY 0x01000000
#define SEC_RIGHT_MAXIMUM_ALLOWED 0x02000000
/* Generic access rights */
#define GENERIC_RIGHT_ALL_ACCESS 0x10000000
@ -194,39 +191,4 @@ struct standard_mapping {
SA_RIGHT_FILE_WRITE_DATA | \
SA_RIGHT_FILE_READ_DATA)
/*
* Access Bits for registry ACLS
*/
/* used by registry ACLs */
#define SEC_RIGHTS_QUERY_VALUE 0x00000001
#define SEC_RIGHTS_SET_VALUE 0x00000002
#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
#define SEC_RIGHTS_NOTIFY 0x00000010
#define SEC_RIGHTS_CREATE_LINK 0x00000020
#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
#define REG_KEY_READ \
( STANDARD_RIGHTS_READ_ACCESS |\
SEC_RIGHTS_QUERY_VALUE |\
SEC_RIGHTS_ENUM_SUBKEYS |\
SEC_RIGHTS_NOTIFY )
#define REG_KEY_EXECUTE REG_KEY_READ
#define REG_KEY_WRITE \
( STANDARD_RIGHTS_WRITE_ACCESS |\
SEC_RIGHTS_SET_VALUE |\
SEC_RIGHTS_CREATE_SUBKEY )
#define REG_KEY_ALL \
( STANDARD_RIGHTS_REQUIRED_ACCESS |\
REG_KEY_READ |\
REG_KEY_WRITE |\
SEC_RIGHTS_CREATE_LINK )
#endif /* _RPC_SECDES_H */

2
source3/lib/smbconf/smbconf_reg.c
View File

@ -567,7 +567,7 @@ static WERROR smbconf_reg_init(struct smbconf_ctx *ctx, const char *path)
}
werr = reg_open_path(ctx, ctx->path,
SEC_RIGHTS_ENUM_SUBKEYS | REG_KEY_WRITE,
KEY_ENUMERATE_SUB_KEYS | REG_KEY_WRITE,
token, &rpd(ctx)->base_key);
if (!W_ERROR_IS_OK(werr)) {
goto done;

10
source3/libnet/libnet_join.c
View File

@ -703,7 +703,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx,
}
status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
@ -888,7 +888,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
&domain_pol,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
&user_pol);
if (!NT_STATUS_IS_OK(status)) {
@ -1167,7 +1167,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
pipe_hnd->desthost,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&sam_pol);
if (!NT_STATUS_IS_OK(status)) {
goto done;
@ -1175,7 +1175,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
&sam_pol,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
r->in.domain_sid,
&domain_pol);
if (!NT_STATUS_IS_OK(status)) {
@ -1213,7 +1213,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
&domain_pol,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
&user_pol);
if (!NT_STATUS_IS_OK(status)) {

110
source3/libsmb/clifile.c
View File

@ -596,6 +596,7 @@ bool cli_unlink(struct cli_state *cli, const char *fname)
return cli_unlink_full(cli, fname, aSYSTEM | aHIDDEN);
}
#if 0
/****************************************************************************
Create a directory.
****************************************************************************/
@ -631,6 +632,115 @@ bool cli_mkdir(struct cli_state *cli, const char *dname)
return True;
}
#endif
/****************************************************************************
Create a directory.
****************************************************************************/
static void cli_mkdir_done(struct tevent_req *subreq);
struct cli_mkdir_state {
int dummy;
};
struct tevent_req *cli_mkdir_send(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct cli_state *cli,
const char *dname)
{
struct tevent_req *req = NULL, *subreq = NULL;
struct cli_mkdir_state *state = NULL;
uint8_t additional_flags = 0;
uint8_t *bytes = NULL;
req = tevent_req_create(mem_ctx, &state, struct cli_mkdir_state);
if (req == NULL) {
return NULL;
}
bytes = talloc_array(state, uint8_t, 1);
if (!bytes) {
return NULL;
}
bytes[0] = 4;
bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), dname,
strlen(dname)+1, NULL);
if (tevent_req_nomem(bytes, req)) {
return tevent_req_post(req, ev);
}
subreq = cli_smb_send(state, ev, cli, SMBmkdir, additional_flags,
0, NULL, talloc_get_size(bytes), bytes);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
tevent_req_set_callback(subreq, cli_mkdir_done, req);
return req;
}
static void cli_mkdir_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
NTSTATUS status;
status = cli_smb_recv(subreq, 0, NULL, NULL, NULL, NULL);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
return;
}
tevent_req_done(req);
}
NTSTATUS cli_mkdir_recv(struct tevent_req *req)
{
return tevent_req_simple_recv_ntstatus(req);
}
NTSTATUS cli_mkdir(struct cli_state *cli, const char *dname)
{
TALLOC_CTX *frame = talloc_stackframe();
struct event_context *ev;
struct tevent_req *req;
NTSTATUS status = NT_STATUS_OK;
if (cli_has_async_calls(cli)) {
/*
* Can't use sync call while an async call is in flight
*/
status = NT_STATUS_INVALID_PARAMETER;
goto fail;
}
ev = event_context_init(frame);
if (ev == NULL) {
status = NT_STATUS_NO_MEMORY;
goto fail;
}
req = cli_mkdir_send(frame, ev, cli, dname);
if (req == NULL) {
status = NT_STATUS_NO_MEMORY;
goto fail;
}
if (!tevent_req_poll(req, ev)) {
status = map_nt_error_from_unix(errno);
goto fail;
}
status = cli_mkdir_recv(req);
fail:
TALLOC_FREE(frame);
if (!NT_STATUS_IS_OK(status)) {
cli_set_error(cli, status);
}
return status;
}
/****************************************************************************
Remove a directory.

3
source3/libsmb/libsmb_dir.c
View File

@ -1177,8 +1177,7 @@ SMBC_mkdir_ctx(SMBCCTX *context,
}
/*d_printf(">>>mkdir: resolved path as %s\n", targetpath);*/
if (!cli_mkdir(targetcli, targetpath)) {
if (!NT_STATUS_IS_OK(cli_mkdir(targetcli, targetpath))) {
errno = SMBC_errno(context, targetcli);
TALLOC_FREE(frame);
return -1;

2
source3/libsmb/libsmb_server.c
View File

@ -740,7 +740,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
/*
* Some systems don't support
* SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000
* SEC_FLAG_MAXIMUM_ALLOWED, but NT sends 0x2000000
* so we might as well do it too.
*/

28
source3/registry/reg_api.c
View File

@ -272,7 +272,7 @@ WERROR reg_openkey(TALLOC_CTX *mem_ctx, struct registry_key *parent,
err = regkey_open_onelevel(mem_ctx, direct_parent,
name_component, parent->token,
SEC_RIGHTS_ENUM_SUBKEYS, &tmp);
KEY_ENUMERATE_SUB_KEYS, &tmp);
SAFE_FREE(name_component);
if (!W_ERROR_IS_OK(err)) {
@ -301,7 +301,7 @@ WERROR reg_enumkey(TALLOC_CTX *mem_ctx, struct registry_key *key,
{
WERROR err;
if (!(key->key->access_granted & SEC_RIGHTS_ENUM_SUBKEYS)) {
if (!(key->key->access_granted & KEY_ENUMERATE_SUB_KEYS)) {
return WERR_ACCESS_DENIED;
}
@ -332,7 +332,7 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
struct registry_value *val;
WERROR err;
if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@ -370,7 +370,7 @@ WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
WERROR err;
uint32 i;
if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@ -399,7 +399,7 @@ WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys,
WERROR err;
struct security_descriptor *secdesc;
if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@ -483,7 +483,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
*end = '\0';
err = reg_createkey(mem_ctx, key, path,
SEC_RIGHTS_ENUM_SUBKEYS, &tmp, &action);
KEY_ENUMERATE_SUB_KEYS, &tmp, &action);
if (!W_ERROR_IS_OK(err)) {
goto done;
}
@ -521,7 +521,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
* with ENUM_SUBKEY access.
*/
err = reg_openkey(mem_ctx, key, "", SEC_RIGHTS_CREATE_SUBKEY,
err = reg_openkey(mem_ctx, key, "", KEY_CREATE_SUB_KEY,
&create_parent);
if (!W_ERROR_IS_OK(err)) {
goto done;
@ -582,7 +582,7 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path)
*end = '\0';
err = reg_openkey(mem_ctx, parent, name,
SEC_RIGHTS_CREATE_SUBKEY, &tmp_key);
KEY_CREATE_SUB_KEY, &tmp_key);
W_ERROR_NOT_OK_GOTO_DONE(err);
parent = tmp_key;
@ -608,7 +608,7 @@ WERROR reg_setvalue(struct registry_key *key, const char *name,
DATA_BLOB value_data;
int res;
if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@ -655,7 +655,7 @@ WERROR reg_deletevalue(struct registry_key *key, const char *name)
{
WERROR err;
if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@ -982,7 +982,7 @@ WERROR reg_deleteallvalues(struct registry_key *key)
WERROR err;
int i;
if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@ -1038,7 +1038,7 @@ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path,
*p = '\0';
err = reg_openhive(mem_ctx, path, SEC_RIGHTS_ENUM_SUBKEYS, token,
err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token,
&hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
@ -1209,7 +1209,7 @@ WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path,
err = reg_openhive(mem_ctx, path,
(strchr(p+1, '\\') != NULL) ?
SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
token, &hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
@ -1249,7 +1249,7 @@ WERROR reg_delete_path(const struct nt_user_token *token,
err = reg_openhive(NULL, path,
(strchr(p+1, '\\') != NULL) ?
SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
token, &hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);

271
source3/rpc_server/srv_samr_nt.c
View File

@ -84,17 +84,6 @@ typedef struct disp_info {
* handler. */
} DISP_INFO;
/* We keep a static list of these by SID as modern clients close down
all resources between each request in a complete enumeration. */
struct samr_info {
/* for use by the \PIPE\samr policy */
DOM_SID sid;
uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */
uint32 acc_granted;
DISP_INFO *disp_info;
};
static const struct generic_mapping sam_generic_mapping = {
GENERIC_RIGHTS_SAM_READ,
GENERIC_RIGHTS_SAM_WRITE,
@ -240,36 +229,6 @@ done:
return status;
}
/*******************************************************************
Checks if access to a function can be granted
********************************************************************/
static NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug)
{
DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n",
debug, acc_granted, acc_required));
/* check the security descriptor first */
if ( (acc_granted&acc_required) == acc_required )
return NT_STATUS_OK;
/* give root a free pass */
if (geteuid() == sec_initial_uid()) {
DEBUG(4,("%s: ACCESS should be DENIED (granted: %#010x; required: %#010x)\n",
debug, acc_granted, acc_required));
DEBUGADD(4,("but overwritten by euid == 0\n"));
return NT_STATUS_OK;
}
DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: %#010x)\n",
debug, acc_granted, acc_required));
return NT_STATUS_ACCESS_DENIED;
}
/*******************************************************************
Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set.
@ -386,37 +345,6 @@ static DISP_INFO *get_samr_dispinfo_by_sid(const struct dom_sid *psid)
return NULL;
}
/*******************************************************************
Create a samr_info struct.
********************************************************************/
static int samr_info_destructor(struct samr_info *info);
static struct samr_info *get_samr_info_by_sid(TALLOC_CTX *mem_ctx,
DOM_SID *psid)
{
struct samr_info *info;
info = talloc_zero(mem_ctx, struct samr_info);
if (info == NULL) {
return NULL;
}
talloc_set_destructor(info, samr_info_destructor);
DEBUG(10, ("get_samr_info_by_sid: created new info for sid %s\n",
sid_string_dbg(psid)));
if (psid) {
sid_copy( &info->sid, psid);
} else {
DEBUG(10,("get_samr_info_by_sid: created new info for NULL sid.\n"));
}
info->disp_info = get_samr_dispinfo_by_sid(psid);
return info;
}
/*******************************************************************
Function to free the per SID data.
********************************************************************/
@ -440,17 +368,6 @@ static void free_samr_cache(DISP_INFO *disp_info)
unbecome_root();
}
static int samr_info_destructor(struct samr_info *info)
{
/* Only free the dispinfo cache if no one bothered to set up
a timeout. */
if (info->disp_info && info->disp_info->cache_timeout_event == NULL) {
free_samr_cache(info->disp_info);
}
return 0;
}
/*******************************************************************
Idle event handler. Throw away the disp info cache.
********************************************************************/
@ -723,31 +640,6 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
return NT_STATUS_OK;
}
/*******************************************************************
********************************************************************/
static bool get_lsa_policy_samr_sid( pipes_struct *p, struct policy_handle *pol,
DOM_SID *sid, uint32 *acc_granted,
DISP_INFO **ppdisp_info)
{
struct samr_info *info = NULL;
/* find the policy handle. open a policy on it. */
if (!find_policy_by_hnd(p, pol, (void **)(void *)&info))
return False;
if (!info)
return False;
*sid = info->sid;
*acc_granted = info->acc_granted;
if (ppdisp_info) {
*ppdisp_info = info->disp_info;
}
return True;
}
/*******************************************************************
_samr_SetSecurity
********************************************************************/
@ -755,15 +647,19 @@ static bool get_lsa_policy_samr_sid( pipes_struct *p, struct policy_handle *pol,
NTSTATUS _samr_SetSecurity(pipes_struct *p,
struct samr_SetSecurity *r)
{
DOM_SID pol_sid;
uint32 acc_granted, i;
struct samr_user_info *uinfo;
uint32 i;
SEC_ACL *dacl;
bool ret;
struct samu *sampass=NULL;
NTSTATUS status;
if (!get_lsa_policy_samr_sid(p, r->in.handle, &pol_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
uinfo = policy_handle_find(p, r->in.handle,
SAMR_USER_ACCESS_SET_ATTRIBUTES, NULL,
struct samr_user_info, &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (!(sampass = samu_new( p->mem_ctx))) {
DEBUG(0,("No memory!\n"));
@ -772,18 +668,19 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
/* get the user record */
become_root();
ret = pdb_getsampwsid(sampass, &pol_sid);
ret = pdb_getsampwsid(sampass, &uinfo->sid);
unbecome_root();
if (!ret) {
DEBUG(4, ("User %s not found\n", sid_string_dbg(&pol_sid)));
DEBUG(4, ("User %s not found\n",
sid_string_dbg(&uinfo->sid)));
TALLOC_FREE(sampass);
return NT_STATUS_INVALID_HANDLE;
}
dacl = r->in.sdbuf->sd->dacl;
for (i=0; i < dacl->num_aces; i++) {
if (sid_equal(&pol_sid, &dacl->aces[i].trustee)) {
if (sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) {
ret = pdb_set_pass_can_change(sampass,
(dacl->aces[i].access_mask &
SAMR_USER_ACCESS_CHANGE_PASSWORD) ?
@ -797,14 +694,9 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
status = access_check_samr_function(acc_granted,
SAMR_USER_ACCESS_SET_ATTRIBUTES,
"_samr_SetSecurity");
if (NT_STATUS_IS_OK(status)) {
become_root();
status = pdb_update_sam_account(sampass);
unbecome_root();
}
become_root();
status = pdb_update_sam_account(sampass);
unbecome_root();
TALLOC_FREE(sampass);
@ -852,60 +744,99 @@ static bool check_change_pw_access(TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
NTSTATUS _samr_QuerySecurity(pipes_struct *p,
struct samr_QuerySecurity *r)
{
struct samr_connect_info *cinfo;
struct samr_domain_info *dinfo;
struct samr_user_info *uinfo;
struct samr_group_info *ginfo;
struct samr_alias_info *ainfo;
NTSTATUS status;
DOM_SID pol_sid;
SEC_DESC * psd = NULL;
uint32 acc_granted;
size_t sd_size;
/* Get the SID. */
if (!get_lsa_policy_samr_sid(p, r->in.handle, &pol_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
DEBUG(10,("_samr_QuerySecurity: querying security on SID: %s\n",
sid_string_dbg(&pol_sid)));
status = access_check_samr_function(acc_granted,
STD_RIGHT_READ_CONTROL_ACCESS,
"_samr_QuerySecurity");
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */
/* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */
if (pol_sid.sid_rev_num == 0) {
cinfo = policy_handle_find(p, r->in.handle,
STD_RIGHT_READ_CONTROL_ACCESS, NULL,
struct samr_connect_info, &status);
if (NT_STATUS_IS_OK(status)) {
DEBUG(5,("_samr_QuerySecurity: querying security on SAM\n"));
status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
} else if (sid_equal(&pol_sid,get_global_sam_sid())) {
/* check if it is our domain SID */
DEBUG(5,("_samr_QuerySecurity: querying security on Domain "
"with SID: %s\n", sid_string_dbg(&pol_sid)));
status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
} else if (sid_equal(&pol_sid,&global_sid_Builtin)) {
/* check if it is the Builtin Domain */
/* TODO: Builtin probably needs a different SD with restricted write access*/
DEBUG(5,("_samr_QuerySecurity: querying security on Builtin "
"Domain with SID: %s\n", sid_string_dbg(&pol_sid)));
status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
} else if (sid_check_is_in_our_domain(&pol_sid) ||
sid_check_is_in_builtin(&pol_sid)) {
/* TODO: different SDs have to be generated for aliases groups and users.
Currently all three get a default user SD */
DEBUG(10,("_samr_QuerySecurity: querying security on Object "
"with SID: %s\n", sid_string_dbg(&pol_sid)));
if (check_change_pw_access(p->mem_ctx, &pol_sid)) {
status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
&pol_sid, SAMR_USR_RIGHTS_WRITE_PW);
} else {
status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_nopwchange_generic_mapping,
&pol_sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
}
} else {
return NT_STATUS_OBJECT_TYPE_MISMATCH;
status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size,
&sam_generic_mapping, NULL, 0);
goto done;
}
dinfo = policy_handle_find(p, r->in.handle,
STD_RIGHT_READ_CONTROL_ACCESS, NULL,
struct samr_domain_info, &status);
if (NT_STATUS_IS_OK(status)) {
DEBUG(5,("_samr_QuerySecurity: querying security on Domain "
"with SID: %s\n", sid_string_dbg(&dinfo->sid)));
/*
* TODO: Builtin probably needs a different SD with restricted
* write access
*/
status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size,
&dom_generic_mapping, NULL, 0);
goto done;
}
uinfo = policy_handle_find(p, r->in.handle,
STD_RIGHT_READ_CONTROL_ACCESS, NULL,
struct samr_user_info, &status);
if (NT_STATUS_IS_OK(status)) {
DEBUG(10,("_samr_QuerySecurity: querying security on user "
"Object with SID: %s\n",
sid_string_dbg(&uinfo->sid)));
if (check_change_pw_access(p->mem_ctx, &uinfo->sid)) {
status = make_samr_object_sd(
p->mem_ctx, &psd, &sd_size,
&usr_generic_mapping,
&uinfo->sid, SAMR_USR_RIGHTS_WRITE_PW);
} else {
status = make_samr_object_sd(
p->mem_ctx, &psd, &sd_size,
&usr_nopwchange_generic_mapping,
&uinfo->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
}
goto done;
}
ginfo = policy_handle_find(p, r->in.handle,
STD_RIGHT_READ_CONTROL_ACCESS, NULL,
struct samr_group_info, &status);
if (NT_STATUS_IS_OK(status)) {
/*
* TODO: different SDs have to be generated for aliases groups
* and users. Currently all three get a default user SD
*/
DEBUG(10,("_samr_QuerySecurity: querying security on group "
"Object with SID: %s\n",
sid_string_dbg(&ginfo->sid)));
status = make_samr_object_sd(
p->mem_ctx, &psd, &sd_size,
&usr_nopwchange_generic_mapping,
&ginfo->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
goto done;
}
ainfo = policy_handle_find(p, r->in.handle,
STD_RIGHT_READ_CONTROL_ACCESS, NULL,
struct samr_alias_info, &status);
if (NT_STATUS_IS_OK(status)) {
/*
* TODO: different SDs have to be generated for aliases groups
* and users. Currently all three get a default user SD
*/
DEBUG(10,("_samr_QuerySecurity: querying security on alias "
"Object with SID: %s\n",
sid_string_dbg(&ainfo->sid)));
status = make_samr_object_sd(
p->mem_ctx, &psd, &sd_size,
&usr_nopwchange_generic_mapping,
&ainfo->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
goto done;
}
return NT_STATUS_OBJECT_TYPE_MISMATCH;
done:
if ((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
return NT_STATUS_NO_MEMORY;

48
source3/rpcclient/cmd_lsarpc.c
View File

@ -42,7 +42,7 @@ static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
goto done;
@ -167,7 +167,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
switch (info_class) {
case 12:
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@ -180,7 +180,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
break;
default:
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@ -220,7 +220,7 @@ static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@ -268,7 +268,7 @@ static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@ -320,7 +320,7 @@ static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@ -460,7 +460,7 @@ static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
pref_max_length=atoi(argv[2]);
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@ -512,7 +512,7 @@ static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@ -565,7 +565,7 @@ static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
pref_max_length=atoi(argv[2]);
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@ -618,7 +618,7 @@ static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@ -666,7 +666,7 @@ static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@ -728,7 +728,7 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@ -777,7 +777,7 @@ static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@ -830,7 +830,7 @@ static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@ -880,7 +880,7 @@ static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
@ -922,7 +922,7 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (argc == 2)
@ -995,7 +995,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DOM_SID dom_sid;
uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
union lsa_TrustedDomainInfo *info = NULL;
enum lsa_TrustDomInfoEnum info_class = 1;
uint8_t nt_hash[16];
@ -1043,7 +1043,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
{
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
union lsa_TrustedDomainInfo *info = NULL;
enum lsa_TrustDomInfoEnum info_class = 1;
struct lsa_String trusted_domain;
@ -1091,7 +1091,7 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
{
struct policy_handle pol, trustdom_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
union lsa_TrustedDomainInfo *info = NULL;
DOM_SID dom_sid;
enum lsa_TrustDomInfoEnum info_class = 1;
@ -1160,7 +1160,7 @@ static NTSTATUS cmd_lsa_get_username(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy(cli, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@ -1210,7 +1210,7 @@ static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result)) {
@ -1220,7 +1220,7 @@ static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli,
result = rpccli_lsa_OpenAccount(cli, mem_ctx,
&dom_pol,
&sid,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&user_pol);
if (!NT_STATUS_IS_OK(result)) {
@ -1294,7 +1294,7 @@ static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result)) {
@ -1304,7 +1304,7 @@ static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
result = rpccli_lsa_OpenAccount(cli, mem_ctx,
&dom_pol,
&sid,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&user_pol);
if (!NT_STATUS_IS_OK(result)) {

4
source3/rpcclient/cmd_samr.c
View File

@ -2860,7 +2860,7 @@ static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli,
}
status = rpccli_try_samr_connects(cli, mem_ctx,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&connect_handle);
if (!NT_STATUS_IS_OK(status)) {
@ -2869,7 +2869,7 @@ static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli,
status = rpccli_samr_OpenDomain(cli, mem_ctx,
&connect_handle,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&domain_sid,
&domain_handle);

2
source3/rpcclient/cmd_test.c
View File

@ -45,7 +45,7 @@ static NTSTATUS cmd_testme(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
}
status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False,
SEC_RIGHTS_QUERY_VALUE, &pol);
KEY_QUERY_VALUE, &pol);
if (!NT_STATUS_IS_OK(status))
goto done;

2
source3/rpcclient/rpcclient.c
View File

@ -156,7 +156,7 @@ static void fetch_machine_sid(struct cli_state *cli)
}
result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
goto error;

8
source3/smbd/open.c
View File

@ -2400,9 +2400,9 @@ static NTSTATUS open_directory(connection_struct *conn,
}
/* We need to support SeSecurityPrivilege for this. */
if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
DEBUG(10, ("open_directory: open on %s "
"failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n",
"failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
fname));
return NT_STATUS_PRIVILEGE_NOT_HELD;
}
@ -2946,7 +2946,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
#if 0
/* We need to support SeSecurityPrivilege for this. */
if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
!user_has_privileges(current_user.nt_user_token,
&se_security)) {
status = NT_STATUS_PRIVILEGE_NOT_HELD;
@ -2954,7 +2954,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
}
#else
/* We need to support SeSecurityPrivilege for this. */
if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
status = NT_STATUS_PRIVILEGE_NOT_HELD;
goto fail;
}

2
source3/torture/mangle_test.c
View File

@ -180,7 +180,7 @@ bool torture_mangle(int dummy)
cli_unlink(cli, "\\mangle_test\\*");
cli_rmdir(cli, "\\mangle_test");
if (!cli_mkdir(cli, "\\mangle_test")) {
if (!NT_STATUS_IS_OK(cli_mkdir(cli, "\\mangle_test"))) {
printf("ERROR: Failed to make directory\n");
return False;
}

10
source3/torture/torture.c
View File

@ -2625,7 +2625,7 @@ static bool run_trans2test(int dummy)
/* check if the server updates the directory modification time
when creating a new file */
if (!cli_mkdir(cli, dname)) {
if (!NT_STATUS_IS_OK(cli_mkdir(cli, dname))) {
printf("ERROR: mkdir failed (%s)\n", cli_errstr(cli));
correct = False;
}
@ -4584,12 +4584,12 @@ bool torture_chkpath_test(int dummy)
cli_unlink(cli, "\\chkpath.dir\\*");
cli_rmdir(cli, "\\chkpath.dir");
if (!cli_mkdir(cli, "\\chkpath.dir")) {
if (!NT_STATUS_IS_OK(cli_mkdir(cli, "\\chkpath.dir"))) {
printf("mkdir1 failed : %s\n", cli_errstr(cli));
return False;
}
if (!cli_mkdir(cli, "\\chkpath.dir\\dir2")) {
if (!NT_STATUS_IS_OK(cli_mkdir(cli, "\\chkpath.dir\\dir2"))) {
printf("mkdir2 failed : %s\n", cli_errstr(cli));
return False;
}
@ -4801,7 +4801,7 @@ static bool run_dirtest1(int dummy)
for (i=0;i<1000;i++) {
fstring fname;
slprintf(fname, sizeof(fname), "\\LISTDIR\\d%d", i);
if (!cli_mkdir(cli, fname)) {
if (!NT_STATUS_IS_OK(cli_mkdir(cli, fname))) {
fprintf(stderr,"Failed to open %s\n", fname);
return False;
}
@ -5279,7 +5279,7 @@ static bool run_uid_regression_test(int dummy)
cli->vuid = old_vuid;
/* Try an operation. */
if (!cli_mkdir(cli, "\\uid_reg_test")) {
if (!NT_STATUS_IS_OK(cli_mkdir(cli, "\\uid_reg_test"))) {
/* We expect bad uid. */
if (!check_error(__LINE__, cli, ERRSRV, ERRbaduid,
NT_STATUS_NO_SUCH_USER)) {

2
source3/torture/utable.c
View File

@ -132,7 +132,7 @@ bool torture_casetable(int dummy)
cli_unlink(cli, "\\utable\\*");
cli_rmdir(cli, "\\utable");
if (!cli_mkdir(cli, "\\utable")) {
if (!NT_STATUS_IS_OK(cli_mkdir(cli, "\\utable"))) {
printf("Failed to create utable directory!\n");
return False;
}

6
source3/utils/net_registry.c
View File

@ -411,11 +411,11 @@ static int net_registry_getsd(struct net_context *c, int argc,
struct security_descriptor *secdesc = NULL;
TALLOC_CTX *ctx = talloc_stackframe();
uint32_t access_mask = REG_KEY_READ |
SEC_RIGHT_MAXIMUM_ALLOWED |
SEC_RIGHT_SYSTEM_SECURITY;
SEC_FLAG_MAXIMUM_ALLOWED |
SEC_FLAG_SYSTEM_SECURITY;
/*
* net_rpc_regsitry uses SEC_RIGHT_SYSTEM_SECURITY, but access
* net_rpc_regsitry uses SEC_FLAG_SYSTEM_SECURITY, but access
* is denied with these perms right now...
*/
access_mask = REG_KEY_READ;

14
source3/utils/net_rpc.c
View File

@ -68,7 +68,7 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
}
result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "open_policy failed: %s\n",
@ -1668,7 +1668,7 @@ static NTSTATUS get_sid_from_name(struct cli_state *cli,
}
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false,
SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@ -2485,7 +2485,7 @@ static NTSTATUS rpc_list_alias_members(struct net_context *c,
}
result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Couldn't open LSA policy handle\n");
@ -3850,7 +3850,7 @@ static NTSTATUS rpc_aliaslist_dump(struct net_context *c,
struct policy_handle lsa_pol;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&lsa_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@ -5596,7 +5596,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
return -1;
}
nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE,
nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@ -5854,7 +5854,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc,
return -1;
};
nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@ -6011,7 +6011,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
return -1;
};
nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",

8
source3/utils/net_rpc_audit.c
View File

@ -88,7 +88,7 @@ static NTSTATUS rpc_audit_get_internal(struct net_context *c,
}
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@ -170,7 +170,7 @@ static NTSTATUS rpc_audit_set_internal(struct net_context *c,
}
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@ -229,7 +229,7 @@ static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
union lsa_PolicyInformation *info = NULL;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@ -314,7 +314,7 @@ static NTSTATUS rpc_audit_list_internal(struct net_context *c,
int i;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {

4
source3/utils/net_rpc_join.c
View File

@ -211,7 +211,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
CHECK_RPC_ERR(rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&lsa_pol),
"error opening lsa policy handle");
@ -326,7 +326,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
CHECK_RPC_ERR_DEBUG(
rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
&domain_pol,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
&user_pol),
("could not re-open existing user %s: %s\n",

4
source3/utils/net_rpc_printer.c
View File

@ -406,7 +406,7 @@ NTSTATUS net_copy_file(struct net_context *c,
DEBUGADD(3,("creating dir %s on the destination server\n",
dst_name));
if (!cli_mkdir(cli_share_dst, dst_name)) {
if (!NT_STATUS_IS_OK(cli_mkdir(cli_share_dst, dst_name))) {
DEBUG(0,("cannot create directory %s: %s\n",
dst_name, cli_errstr(cli_share_dst)));
nt_status = NT_STATUS_NO_SUCH_FILE;
@ -555,7 +555,7 @@ static NTSTATUS check_arch_dir(struct cli_state *cli_share, const char *short_ar
DEBUG(10,("creating print-driver dir for architecture: %s\n",
short_archi));
if (!cli_mkdir(cli_share, dir)) {
if (!NT_STATUS_IS_OK(cli_mkdir(cli_share, dir))) {
DEBUG(1,("cannot create directory %s: %s\n",
dir, cli_errstr(cli_share)));
nt_status = NT_STATUS_NO_SUCH_FILE;

14
source3/utils/net_rpc_registry.c
View File

@ -383,7 +383,7 @@ static NTSTATUS rpc_registry_setvalue_internal(struct net_context *c,
struct registry_value value;
status = registry_openkey(mem_ctx, pipe_hnd, argv[0],
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&hive_hnd, &key_hnd);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "registry_openkey failed: %s\n",
@ -455,7 +455,7 @@ static NTSTATUS rpc_registry_deletevalue_internal(struct net_context *c,
ZERO_STRUCT(valuename);
status = registry_openkey(mem_ctx, pipe_hnd, argv[0],
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&hive_hnd, &key_hnd);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "registry_openkey failed: %s\n",
@ -516,7 +516,7 @@ static NTSTATUS rpc_registry_getvalue_internal(struct net_context *c,
ZERO_STRUCT(valuename);
status = registry_openkey(tmp_ctx, pipe_hnd, argv[0],
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&hive_hnd, &key_hnd);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "registry_openkey failed: %s\n",
@ -657,7 +657,7 @@ static NTSTATUS rpc_registry_createkey_internal(struct net_context *c,
}
status = rpccli_winreg_Connect(pipe_hnd, mem_ctx, hive,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&hive_hnd);
if (!(NT_STATUS_IS_OK(status))) {
return status;
@ -727,7 +727,7 @@ static NTSTATUS rpc_registry_deletekey_internal(struct net_context *c,
}
status = rpccli_winreg_Connect(pipe_hnd, mem_ctx, hive,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&hive_hnd);
if (!(NT_STATUS_IS_OK(status))) {
return status;
@ -1147,8 +1147,8 @@ static NTSTATUS rpc_registry_getsd_internal(struct net_context *c,
DATA_BLOB blob;
struct security_descriptor sec_desc;
uint32_t access_mask = REG_KEY_READ |
SEC_RIGHT_MAXIMUM_ALLOWED |
SEC_RIGHT_SYSTEM_SECURITY;
SEC_FLAG_MAXIMUM_ALLOWED |
SEC_FLAG_SYSTEM_SECURITY;
if (argc <1 || argc > 2 || c->display_usage) {
d_printf("Usage: net rpc registry getsd <path> <secinfo>\n");

10
source3/utils/net_rpc_rights.c
View File

@ -34,7 +34,7 @@ static NTSTATUS sid_to_name(struct rpc_pipe_client *pipe_hnd,
char **domains = NULL, **names = NULL;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
SEC_FLAG_MAXIMUM_ALLOWED, &pol);
if ( !NT_STATUS_IS_OK(result) )
return result;
@ -70,7 +70,7 @@ static NTSTATUS name_to_sid(struct rpc_pipe_client *pipe_hnd,
}
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
SEC_FLAG_MAXIMUM_ALLOWED, &pol);
if ( !NT_STATUS_IS_OK(result) )
return result;
@ -328,7 +328,7 @@ static NTSTATUS rpc_rights_list_internal(struct net_context *c,
uint16 lang_id_desc;
result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
SEC_FLAG_MAXIMUM_ALLOWED, &pol);
if ( !NT_STATUS_IS_OK(result) )
return result;
@ -456,7 +456,7 @@ static NTSTATUS rpc_rights_grant_internal(struct net_context *c,
goto done;
result = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
@ -522,7 +522,7 @@ static NTSTATUS rpc_rights_revoke_internal(struct net_context *c,
return result;
result = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))

2
source3/utils/net_util.c
View File

@ -45,7 +45,7 @@ NTSTATUS net_rpc_lookup_name(struct net_context *c,
}
result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "open_policy failed: %s\n",

2
source3/utils/netlookup.c
View File

@ -131,7 +131,7 @@ static struct con_struct *create_cs(struct net_context *c,
}
nt_status = rpccli_lsa_open_policy(cs->lsapipe, ctx, true,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&cs->pol);
if (!NT_STATUS_IS_OK(nt_status)) {

2
source3/utils/smbcquotas.c
View File

@ -62,7 +62,7 @@ static bool cli_open_policy_hnd(void)
if (!got_policy_hnd) {
/* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
/* Some systems don't support SEC_FLAG_MAXIMUM_ALLOWED,
but NT sends 0x2000000 so we might as well do it too. */
if (!NT_STATUS_IS_OK(rpccli_lsa_open_policy(global_pipe_hnd, talloc_tos(), True,

18
source3/winbindd/winbindd_cm.c
View File

@ -1852,7 +1852,7 @@ no_dssetup:
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
SEC_FLAG_MAXIMUM_ALLOWED, &pol);
if (NT_STATUS_IS_OK(result)) {
/* This particular query is exactly what Win2k clients use
@ -1894,7 +1894,7 @@ no_dssetup:
domain->active_directory = False;
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@ -2068,7 +2068,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
conn->samr_pipe->desthost,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&conn->sam_connect_handle);
if (NT_STATUS_IS_OK(result)) {
goto open_domain;
@ -2103,7 +2103,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
conn->samr_pipe->desthost,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&conn->sam_connect_handle);
if (NT_STATUS_IS_OK(result)) {
goto open_domain;
@ -2125,7 +2125,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
conn->samr_pipe->desthost,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&conn->sam_connect_handle);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("cm_connect_sam: rpccli_samr_Connect2 failed "
@ -2138,7 +2138,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = rpccli_samr_OpenDomain(conn->samr_pipe,
mem_ctx,
&conn->sam_connect_handle,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&domain->sid,
&conn->sam_domain_handle);
@ -2203,7 +2203,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
domain->name, conn->cli->domain, conn->cli->user_name ));
result = rpccli_lsa_open_policy(conn->lsa_pipe, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&conn->lsa_policy);
if (NT_STATUS_IS_OK(result)) {
goto done;
@ -2239,7 +2239,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
"schannel.\n", domain->name ));
result = rpccli_lsa_open_policy(conn->lsa_pipe, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&conn->lsa_policy);
if (NT_STATUS_IS_OK(result)) {
goto done;
@ -2261,7 +2261,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
}
result = rpccli_lsa_open_policy(conn->lsa_pipe, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
&conn->lsa_policy);
done:
if (!NT_STATUS_IS_OK(result)) {

6
source3/winbindd/winbindd_rpc.c
View File

@ -525,7 +525,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
/* Get user handle */
result = rpccli_samr_OpenUser(cli, mem_ctx,
&dom_pol,
SEC_RIGHTS_MAXIMUM_ALLOWED,
SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
&user_pol);
@ -565,7 +565,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct policy_handle dom_pol, user_pol;
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
uint32 des_access = SEC_FLAG_MAXIMUM_ALLOWED;
struct samr_RidWithAttributeArray *rid_array = NULL;
unsigned int i;
uint32 user_rid;
@ -746,7 +746,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 i, total_names = 0;
struct policy_handle dom_pol, group_pol;
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
uint32 des_access = SEC_FLAG_MAXIMUM_ALLOWED;
uint32 *rid_mem = NULL;
uint32 group_rid;
unsigned int j, r;

3
source4/libcli/security/config.mk
View File

@ -2,7 +2,6 @@
PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY_COMMON
LIBSECURITY_OBJ_FILES = $(addprefix $(libclisrcdir)/security/, \
security_token.o security_descriptor.o \
access_check.o privilege.o sddl.o) \
security_token.o access_check.o privilege.o sddl.o) \
$(eval $(call proto_header_template,$(libclisrcdir)/security/proto.h,$(LIBSECURITY_OBJ_FILES:.o=.c)))

1
source4/libcli/security/security.h
View File

@ -33,3 +33,4 @@ struct auth_session_info;
#include "libcli/security/secace.h"
#include "libcli/security/secacl.h"
#include "libcli/security/proto.h"
#include "libcli/security/security_descriptor.h"