From 8bb93e555842c51a3722c46bcc8401f3944b1b3d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 15 Apr 2009 14:31:43 -0700 Subject: Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+ What a difference a name makes... :-). Just because something is missnamed SA_RIGHT_SAM_OPEN_DOMAIN, when it should actually be SA_RIGHT_SAM_LOOKUP_DOMAIN, don't automatically use it for a security check in _samr_OpenDomain(). Jeremy. (cherry picked from commit 8a985bcfe4aee7e602601fe78a94757dce645fcc) --- source/lib/netapi/user.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'source/lib/netapi/user.c') diff --git a/source/lib/netapi/user.c b/source/lib/netapi/user.c index 2c78f6f8ada..bddd16127f8 100644 --- a/source/lib/netapi/user.c +++ b/source/lib/netapi/user.c @@ -391,7 +391,7 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 | SAMR_DOMAIN_ACCESS_CREATE_USER | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, @@ -519,7 +519,7 @@ WERROR NetUserDel_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, &connect_handle, &domain_handle, @@ -1231,7 +1231,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS, &connect_handle, @@ -1242,7 +1242,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 | SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, @@ -1536,7 +1536,7 @@ WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 | SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, @@ -1668,7 +1668,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, &connect_handle, &domain_handle, @@ -1679,7 +1679,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS, &connect_handle, @@ -1826,7 +1826,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, &connect_handle, @@ -1838,7 +1838,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS, &connect_handle, @@ -2252,7 +2252,7 @@ WERROR NetUserModalsGet_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, access_mask, &connect_handle, &domain_handle, @@ -2736,7 +2736,7 @@ WERROR NetUserModalsSet_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, access_mask, &connect_handle, &domain_handle, @@ -2875,7 +2875,7 @@ WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, &connect_handle, &domain_handle, @@ -3032,7 +3032,7 @@ WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, &connect_handle, &domain_handle, @@ -3320,7 +3320,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS, &connect_handle, @@ -3332,7 +3332,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx, werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli, SAMR_ACCESS_ENUM_DOMAINS | - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS, &connect_handle, -- cgit