sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00
Code

s3:net rpc registry: make getsd succeed when key sd only gives access to SD not key contents

Browse Source 
You don't need the REG_KEY_READ permissions to access the SD of a key.
And for instance, the key HKLM\security ususally has no specific bits
set for builtin\administrators, but the READ_CONTROL_ACCESS.
I.e. builtin\administrators can get the sd but not enumerate the key.
This commit is contained in:
Michael Adam 2010-06-21 12:32:57 +02:00
parent e78f2b2e1e
commit b784c20df8
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
source3/utils/net_rpc_registry.c
View File

@ -1208,8 +1208,7 @@ static NTSTATUS rpc_registry_getsd_internal(struct net_context *c,
uint32_t sec_info; uint32_t sec_info;
DATA_BLOB blob; DATA_BLOB blob;
struct security_descriptor sec_desc; struct security_descriptor sec_desc;
uint32_t access_mask = REG_KEY_READ | uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED |
SEC_FLAG_MAXIMUM_ALLOWED |
SEC_FLAG_SYSTEM_SECURITY; SEC_FLAG_SYSTEM_SECURITY;
if (argc <1 || argc > 2 || c->display_usage) { if (argc <1 || argc > 2 || c->display_usage) {