mirror of
https://github.com/samba-team/samba.git
synced 2025-03-27 22:50:26 +03:00
Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+
What a difference a name makes... :-). Just because something is missnamed SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN, don't automatically use it for a security check in _samr_OpenDomain(). Jeremy.
This commit is contained in:
Jeremy Allison
parent
e6aa3f2d09
commit
d9804ae3cc
@ -77,7 +77,7 @@ static int smb_lock_pthread(void *plock, enum smb_thread_lock_type lock_type, co
|
||||
} \
|
||||
} \
|
||||
\
|
||||
static pthread_mutex_t create_tls_mutex = PTHREAD_MUTEX_INITIALIZER; \
|
||||
static pthread_mutex_t smb_create_tls_mutex = PTHREAD_MUTEX_INITIALIZER; \
|
||||
\
|
||||
static int smb_create_tls_once_pthread(const char *keyname, void **ppkey, const char *location) \
|
||||
{ \
|
||||
|
||||
@ -122,7 +122,7 @@ _PUBLIC_ void ndr_print_samr_ConnectAccessMask(struct ndr_print *ndr, const char
|
||||
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_INITIALIZE_SERVER", SAMR_ACCESS_INITIALIZE_SERVER, r);
|
||||
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_CREATE_DOMAIN", SAMR_ACCESS_CREATE_DOMAIN, r);
|
||||
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_ENUM_DOMAINS", SAMR_ACCESS_ENUM_DOMAINS, r);
|
||||
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_OPEN_DOMAIN", SAMR_ACCESS_OPEN_DOMAIN, r);
|
||||
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_LOOKUP_DOMAIN", SAMR_ACCESS_LOOKUP_DOMAIN, r);
|
||||
ndr->depth--;
|
||||
}
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
#define GENERIC_RIGHTS_SAM_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_ACCESS_ALL_ACCESS) )
|
||||
#define GENERIC_RIGHTS_SAM_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ACCESS_ENUM_DOMAINS) )
|
||||
#define GENERIC_RIGHTS_SAM_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ACCESS_CREATE_DOMAIN|SAMR_ACCESS_INITIALIZE_SERVER|SAMR_ACCESS_SHUTDOWN_SERVER) )
|
||||
#define GENERIC_RIGHTS_SAM_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ACCESS_OPEN_DOMAIN|SAMR_ACCESS_CONNECT_TO_SERVER) )
|
||||
#define GENERIC_RIGHTS_SAM_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ACCESS_LOOKUP_DOMAIN|SAMR_ACCESS_CONNECT_TO_SERVER) )
|
||||
#define SAMR_USER_ACCESS_ALL_ACCESS ( 0x000007FF )
|
||||
#define GENERIC_RIGHTS_USER_ALL_ACCESS ( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_USER_ACCESS_ALL_ACCESS) )
|
||||
#define GENERIC_RIGHTS_USER_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP|SAMR_USER_ACCESS_GET_GROUPS|SAMR_USER_ACCESS_GET_ATTRIBUTES|SAMR_USER_ACCESS_GET_LOGONINFO|SAMR_USER_ACCESS_GET_LOCALE) )
|
||||
@ -97,7 +97,7 @@ enum samr_RejectReason
|
||||
#define SAMR_ACCESS_INITIALIZE_SERVER ( 0x00000004 )
|
||||
#define SAMR_ACCESS_CREATE_DOMAIN ( 0x00000008 )
|
||||
#define SAMR_ACCESS_ENUM_DOMAINS ( 0x00000010 )
|
||||
#define SAMR_ACCESS_OPEN_DOMAIN ( 0x00000020 )
|
||||
#define SAMR_ACCESS_LOOKUP_DOMAIN ( 0x00000020 )
|
||||
|
||||
/* bitmap samr_UserAccessMask */
|
||||
#define SAMR_USER_ACCESS_GET_NAME_ETC ( 0x00000001 )
|
||||
|
||||
@ -64,7 +64,7 @@ import "misc.idl", "lsa.idl", "security.idl";
|
||||
SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
|
||||
SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
|
||||
SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
|
||||
SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN = 0x00000020
|
||||
} samr_ConnectAccessMask;
|
||||
|
||||
const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
|
||||
@ -85,7 +85,7 @@ import "misc.idl", "lsa.idl", "security.idl";
|
||||
|
||||
const int GENERIC_RIGHTS_SAM_EXECUTE =
|
||||
(STANDARD_RIGHTS_EXECUTE_ACCESS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN |
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN |
|
||||
SAMR_ACCESS_CONNECT_TO_SERVER);
|
||||
|
||||
/* User Object specific access rights */
|
||||
|
||||
@ -79,7 +79,7 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_CREATE_GROUP |
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
@ -250,7 +250,7 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -415,7 +415,7 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -650,7 +650,7 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -766,7 +766,7 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -887,7 +887,7 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -1165,7 +1165,7 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
|
||||
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
@ -1296,7 +1296,7 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -1448,7 +1448,7 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
|
||||
@ -157,7 +157,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
|
||||
}
|
||||
|
||||
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_OPEN_DOMAIN |
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN |
|
||||
SAMR_ACCESS_ENUM_DOMAINS,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
@ -182,7 +182,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
@ -277,7 +277,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
|
||||
}
|
||||
|
||||
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_OPEN_DOMAIN |
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN |
|
||||
SAMR_ACCESS_ENUM_DOMAINS,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
@ -302,7 +302,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
@ -449,7 +449,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
|
||||
}
|
||||
|
||||
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_OPEN_DOMAIN |
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN |
|
||||
SAMR_ACCESS_ENUM_DOMAINS,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
@ -474,7 +474,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
@ -620,7 +620,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
|
||||
}
|
||||
|
||||
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_OPEN_DOMAIN |
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN |
|
||||
SAMR_ACCESS_ENUM_DOMAINS,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
@ -647,7 +647,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -762,7 +762,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
|
||||
}
|
||||
|
||||
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_OPEN_DOMAIN |
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN |
|
||||
SAMR_ACCESS_ENUM_DOMAINS,
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
|
||||
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
|
||||
@ -774,7 +774,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
|
||||
}
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_OPEN_DOMAIN |
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN |
|
||||
SAMR_ACCESS_ENUM_DOMAINS,
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
|
||||
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
|
||||
@ -1068,7 +1068,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
|
||||
}
|
||||
|
||||
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_OPEN_DOMAIN |
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN |
|
||||
SAMR_ACCESS_ENUM_DOMAINS,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
@ -1098,7 +1098,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -1318,4 +1318,3 @@ WERROR NetLocalGroupSetMembers_l(struct libnetapi_ctx *ctx,
|
||||
{
|
||||
LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupSetMembers);
|
||||
}
|
||||
|
||||
|
||||
@ -395,7 +395,7 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
|
||||
SAMR_DOMAIN_ACCESS_CREATE_USER |
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
@ -517,7 +517,7 @@ WERROR NetUserDel_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -1223,7 +1223,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
|
||||
&connect_handle,
|
||||
@ -1234,7 +1234,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
|
||||
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
@ -1522,7 +1522,7 @@ WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
|
||||
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
@ -1648,7 +1648,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -1659,7 +1659,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
|
||||
&connect_handle,
|
||||
@ -1800,7 +1800,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
@ -1812,7 +1812,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
|
||||
&connect_handle,
|
||||
@ -2220,7 +2220,7 @@ WERROR NetUserModalsGet_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
access_mask,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -2698,7 +2698,7 @@ WERROR NetUserModalsSet_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
access_mask,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -2831,7 +2831,7 @@ WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -2982,7 +2982,7 @@ WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
|
||||
&connect_handle,
|
||||
&domain_handle,
|
||||
@ -3264,7 +3264,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
|
||||
&connect_handle,
|
||||
@ -3276,7 +3276,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
|
||||
|
||||
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
|
||||
SAMR_ACCESS_ENUM_DOMAINS |
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
|
||||
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
|
||||
&connect_handle,
|
||||
|
||||
@ -785,7 +785,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
|
||||
status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
|
||||
pipe_hnd->desthost,
|
||||
SAMR_ACCESS_ENUM_DOMAINS
|
||||
| SAMR_ACCESS_OPEN_DOMAIN,
|
||||
| SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
&sam_pol);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto done;
|
||||
|
||||
@ -609,13 +609,6 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
|
||||
if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
|
||||
return NT_STATUS_INVALID_HANDLE;
|
||||
|
||||
status = access_check_samr_function(info->acc_granted,
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
"_samr_OpenDomain" );
|
||||
|
||||
if ( !NT_STATUS_IS_OK(status) )
|
||||
return status;
|
||||
|
||||
/*check if access can be granted as requested by client. */
|
||||
map_max_allowed_access(p->server_info->ptok, &des_access);
|
||||
|
||||
@ -2812,7 +2805,7 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
|
||||
}
|
||||
|
||||
status = access_check_samr_function(info->acc_granted,
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
"_samr_QueryDomainInfo" );
|
||||
|
||||
if ( !NT_STATUS_IS_OK(status) )
|
||||
@ -3217,7 +3210,7 @@ NTSTATUS _samr_Connect(pipes_struct *p,
|
||||
map_max_allowed_access(p->server_info->ptok, &des_access);
|
||||
|
||||
se_map_generic( &des_access, &sam_generic_mapping );
|
||||
info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN);
|
||||
info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_LOOKUP_DOMAIN);
|
||||
|
||||
/* get a (unique) handle. open a policy on it. */
|
||||
if (!create_policy_hnd(p, r->out.connect_handle, info))
|
||||
@ -3372,7 +3365,7 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p,
|
||||
Reverted that change so we will work with RAS servers again */
|
||||
|
||||
status = access_check_samr_function(info->acc_granted,
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
"_samr_LookupDomain");
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
|
||||
@ -2073,7 +2073,7 @@ static bool api_RNetGroupEnum(connection_struct *conn,uint16 vuid,
|
||||
}
|
||||
|
||||
status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(),
|
||||
SAMR_ACCESS_OPEN_DOMAIN, &samr_handle);
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN, &samr_handle);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n",
|
||||
nt_errstr(status)));
|
||||
@ -2254,7 +2254,7 @@ static bool api_NetUserGetGroups(connection_struct *conn,uint16 vuid,
|
||||
}
|
||||
|
||||
status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(),
|
||||
SAMR_ACCESS_OPEN_DOMAIN, &samr_handle);
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN, &samr_handle);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n",
|
||||
nt_errstr(status)));
|
||||
@ -2409,7 +2409,7 @@ static bool api_RNetUserEnum(connection_struct *conn, uint16 vuid,
|
||||
}
|
||||
|
||||
status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(),
|
||||
SAMR_ACCESS_OPEN_DOMAIN, &samr_handle);
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN, &samr_handle);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n",
|
||||
nt_errstr(status)));
|
||||
|
||||
@ -6102,7 +6102,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
|
||||
/* SamrConnect2 */
|
||||
nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
|
||||
pipe_hnd->desthost,
|
||||
SAMR_ACCESS_OPEN_DOMAIN,
|
||||
SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
&connect_hnd);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
|
||||
|
||||
@ -244,7 +244,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
|
||||
CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx,
|
||||
pipe_hnd->desthost,
|
||||
SAMR_ACCESS_ENUM_DOMAINS
|
||||
| SAMR_ACCESS_OPEN_DOMAIN,
|
||||
| SAMR_ACCESS_LOOKUP_DOMAIN,
|
||||
&sam_pol),
|
||||
"could not connect to SAM database");
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user