summaryrefslogtreecommitdiffstats
path: root/source/rpc_server/srv_samr_nt.c
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2009-04-15 14:31:43 -0700
committerKarolin Seeger <kseeger@samba.org>2009-04-17 10:06:28 +0200
commit8bb93e555842c51a3722c46bcc8401f3944b1b3d (patch)
treef5ed3882c7c8336b4a88ddf217fd08cb4f1b2f44 /source/rpc_server/srv_samr_nt.c
parentaec3cf3e0e4b4d6c30c88cd46d8114c8750c448b (diff)
downloadsamba-8bb93e555842c51a3722c46bcc8401f3944b1b3d.tar.gz
samba-8bb93e555842c51a3722c46bcc8401f3944b1b3d.tar.xz
samba-8bb93e555842c51a3722c46bcc8401f3944b1b3d.zip
Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+
What a difference a name makes... :-). Just because something is missnamed SA_RIGHT_SAM_OPEN_DOMAIN, when it should actually be SA_RIGHT_SAM_LOOKUP_DOMAIN, don't automatically use it for a security check in _samr_OpenDomain(). Jeremy. (cherry picked from commit 8a985bcfe4aee7e602601fe78a94757dce645fcc)
Diffstat (limited to 'source/rpc_server/srv_samr_nt.c')
-rw-r--r--source/rpc_server/srv_samr_nt.c13
1 files changed, 3 insertions, 10 deletions
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index a946d2ed6d1..ec62662de22 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -620,13 +620,6 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(info->acc_granted,
- SAMR_ACCESS_OPEN_DOMAIN,
- "_samr_OpenDomain" );
-
- if ( !NT_STATUS_IS_OK(status) )
- return status;
-
/*check if access can be granted as requested by client. */
map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
@@ -2897,7 +2890,7 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
}
status = access_check_samr_function(info->acc_granted,
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
"_samr_QueryDomainInfo" );
if ( !NT_STATUS_IS_OK(status) )
@@ -3322,7 +3315,7 @@ NTSTATUS _samr_Connect(pipes_struct *p,
map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
se_map_generic( &des_access, &sam_generic_mapping );
- info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN);
+ info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_LOOKUP_DOMAIN);
/* get a (unique) handle. open a policy on it. */
if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
@@ -3458,7 +3451,7 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p,
Reverted that change so we will work with RAS servers again */
status = access_check_samr_function(info->acc_granted,
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
"_samr_LookupDomain");
if (!NT_STATUS_IS_OK(status)) {
return status;
generated by cgit (git 2.34.1) at 2025-07-05 11:39:29 +0000