From 8bb93e555842c51a3722c46bcc8401f3944b1b3d Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 15 Apr 2009 14:31:43 -0700
Subject: Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba
 3.2.6+ What a difference a name makes... :-). Just because something is
 missnamed SA_RIGHT_SAM_OPEN_DOMAIN, when it should actually be
 SA_RIGHT_SAM_LOOKUP_DOMAIN, don't automatically use it for a security check
 in _samr_OpenDomain(). Jeremy. (cherry picked from commit
 8a985bcfe4aee7e602601fe78a94757dce645fcc)

---
 source/lib/netapi/localgroup.c | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

(limited to 'source/lib/netapi/localgroup.c')

diff --git a/source/lib/netapi/localgroup.c b/source/lib/netapi/localgroup.c
index 25a3427bc17..d571045e6c0 100644
--- a/source/lib/netapi/localgroup.c
+++ b/source/lib/netapi/localgroup.c
@@ -159,7 +159,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
 	}
 
 	werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
-						  SAMR_ACCESS_OPEN_DOMAIN |
+						  SAMR_ACCESS_LOOKUP_DOMAIN |
 						  SAMR_ACCESS_ENUM_DOMAINS,
 						  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 						  &connect_handle,
@@ -184,7 +184,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
 
 	werr = libnetapi_samr_open_domain(ctx, pipe_cli,
 					  SAMR_ACCESS_ENUM_DOMAINS |
-					  SAMR_ACCESS_OPEN_DOMAIN,
+					  SAMR_ACCESS_LOOKUP_DOMAIN,
 					  SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
 					  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 					  &connect_handle,
@@ -285,7 +285,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
 	}
 
 	werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
-						  SAMR_ACCESS_OPEN_DOMAIN |
+						  SAMR_ACCESS_LOOKUP_DOMAIN |
 						  SAMR_ACCESS_ENUM_DOMAINS,
 						  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 						  &connect_handle,
@@ -310,7 +310,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
 
 	werr = libnetapi_samr_open_domain(ctx, pipe_cli,
 					  SAMR_ACCESS_ENUM_DOMAINS |
-					  SAMR_ACCESS_OPEN_DOMAIN,
+					  SAMR_ACCESS_LOOKUP_DOMAIN,
 					  SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
 					  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 					  &connect_handle,
@@ -463,7 +463,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
 	}
 
 	werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
-						  SAMR_ACCESS_OPEN_DOMAIN |
+						  SAMR_ACCESS_LOOKUP_DOMAIN |
 						  SAMR_ACCESS_ENUM_DOMAINS,
 						  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 						  &connect_handle,
@@ -488,7 +488,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
 
 	werr = libnetapi_samr_open_domain(ctx, pipe_cli,
 					  SAMR_ACCESS_ENUM_DOMAINS |
-					  SAMR_ACCESS_OPEN_DOMAIN,
+					  SAMR_ACCESS_LOOKUP_DOMAIN,
 					  SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
 					  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 					  &connect_handle,
@@ -640,7 +640,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
 	}
 
 	werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
-						  SAMR_ACCESS_OPEN_DOMAIN |
+						  SAMR_ACCESS_LOOKUP_DOMAIN |
 						  SAMR_ACCESS_ENUM_DOMAINS,
 						  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 						  &connect_handle,
@@ -667,7 +667,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
 
 	werr = libnetapi_samr_open_domain(ctx, pipe_cli,
 					  SAMR_ACCESS_ENUM_DOMAINS |
-					  SAMR_ACCESS_OPEN_DOMAIN,
+					  SAMR_ACCESS_LOOKUP_DOMAIN,
 					  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 					  &connect_handle,
 					  &domain_handle,
@@ -788,7 +788,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
 	}
 
 	werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
-						  SAMR_ACCESS_OPEN_DOMAIN |
+						  SAMR_ACCESS_LOOKUP_DOMAIN |
 						  SAMR_ACCESS_ENUM_DOMAINS,
 						  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
 						  SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
@@ -800,7 +800,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
 	}
 
 	werr = libnetapi_samr_open_domain(ctx, pipe_cli,
-					  SAMR_ACCESS_OPEN_DOMAIN |
+					  SAMR_ACCESS_LOOKUP_DOMAIN |
 					  SAMR_ACCESS_ENUM_DOMAINS,
 					  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
 					  SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
@@ -1101,7 +1101,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
 	}
 
 	werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
-						  SAMR_ACCESS_OPEN_DOMAIN |
+						  SAMR_ACCESS_LOOKUP_DOMAIN |
 						  SAMR_ACCESS_ENUM_DOMAINS,
 						  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 						  &connect_handle,
@@ -1131,7 +1131,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
 
 	werr = libnetapi_samr_open_domain(ctx, pipe_cli,
 					  SAMR_ACCESS_ENUM_DOMAINS |
-					  SAMR_ACCESS_OPEN_DOMAIN,
+					  SAMR_ACCESS_LOOKUP_DOMAIN,
 					  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
 					  &connect_handle,
 					  &domain_handle,
@@ -1355,4 +1355,3 @@ WERROR NetLocalGroupSetMembers_l(struct libnetapi_ctx *ctx,
 {
 	LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupSetMembers);
 }
-
-- 
cgit