diff options
| author | Jeremy Allison <jra@samba.org> | 2009-06-15 10:43:27 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2009-06-15 14:23:54 +0200 |
| commit | 1b4f37973cc7cbe0b8e5637bdb8b77b8738c06a7 (patch) | |
| tree | bcd293f20031aff3b88fadf65e8d15cc2c4ebec4 | |
| parent | 7f57608cf78fbdc43404144a5679a524452715e9 (diff) | |
| download | samba-1b4f37973cc7cbe0b8e5637bdb8b77b8738c06a7.tar.gz samba-1b4f37973cc7cbe0b8e5637bdb8b77b8738c06a7.tar.xz samba-1b4f37973cc7cbe0b8e5637bdb8b77b8738c06a7.zip | |
Revert the extra SAMR and LSA checks.
These were added between 3.2.4 and 3.2.5 that have caused users problems.
This fixes among others bug #6089 and #6112.
(cherry picked from commit bd2f3695c117773032e16958a0266d0d1e75defe)
| -rw-r--r-- | source/rpc_server/srv_samr_nt.c | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 05e62fb77a2..c3464a8479d 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -862,13 +862,6 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p, DEBUG(10,("_samr_QuerySecurity: querying security on SID: %s\n", sid_string_dbg(&pol_sid))); - status = access_check_samr_function(acc_granted, - STD_RIGHT_READ_CONTROL_ACCESS, - "_samr_QuerySecurity"); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - /* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */ /* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */ @@ -1488,13 +1481,6 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p, return NT_STATUS_OK; } - status = access_check_samr_function(info->acc_granted, - SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, - "_samr_QueryDisplayInfo"); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - /* * calculate how many entries we will return. * based on @@ -2077,13 +2063,6 @@ NTSTATUS _samr_LookupRids(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(acc_granted, - 0, /* Don't know the acc_bits yet */ - "_samr_LookupRids"); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - if (num_rids > 1000) { DEBUG(0, ("Got asked for %d rids (more than 1000) -- according " "to samba4 idl this is not possible\n", num_rids)); @@ -2634,13 +2613,6 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(info->acc_granted, - SAMR_USER_ACCESS_GET_ATTRIBUTES, - "_samr_QueryUserInfo"); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - domain_sid = info->sid; sid_split_rid(&domain_sid, &rid); @@ -2901,13 +2873,6 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, return NT_STATUS_INVALID_HANDLE; } - status = access_check_samr_function(info->acc_granted, - SAMR_ACCESS_LOOKUP_DOMAIN, - "_samr_QueryDomainInfo" ); - - if ( !NT_STATUS_IS_OK(status) ) - return status; - switch (r->in.level) { case 0x01: @@ -5649,7 +5614,6 @@ NTSTATUS _samr_SetDomainInfo(pipes_struct *p, time_t u_expire, u_min_age; time_t u_logout; time_t u_lock_duration, u_reset_time; - NTSTATUS result; DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__)); @@ -5657,20 +5621,6 @@ NTSTATUS _samr_SetDomainInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; - /* We do have different access bits for info - * levels here, but we're really just looking for - * GENERIC_RIGHTS_DOMAIN_WRITE access. Unfortunately - * this maps to different specific bits. So - * assume if we have SAMR_DOMAIN_ACCESS_SET_INFO_1 - * set we are ok. */ - - result = access_check_samr_function(info->acc_granted, - SAMR_DOMAIN_ACCESS_SET_INFO_1, - "_samr_SetDomainInfo"); - - if (!NT_STATUS_IS_OK(result)) - return result; - DEBUG(5,("_samr_SetDomainInfo: level: %d\n", r->in.level)); switch (r->in.level) { @@ -5728,7 +5678,6 @@ NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p, int i; uint32_t num_account = 0; struct samr_displayentry *entries = NULL; - NTSTATUS status; DEBUG(5,("_samr_GetDisplayEnumerationIndex: %d\n", __LINE__)); @@ -5737,13 +5686,6 @@ NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p, return NT_STATUS_INVALID_HANDLE; } - status = access_check_samr_function(info->acc_granted, - SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, - "_samr_GetDisplayEnumerationIndex"); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - if ((r->in.level < 1) || (r->in.level > 3)) { DEBUG(0,("_samr_GetDisplayEnumerationIndex: " "Unknown info level (%u)\n", |