diff options
author | Günther Deschner <gd@samba.org> | 2009-05-15 03:10:02 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-05-15 15:38:13 +0200 |
commit | 7dcf5d4bcf9ad1e6eca1662d7475bf25aa882911 (patch) | |
tree | 772f00076d9d0b0f453a89582a48fe4120517166 | |
parent | 59192bf03f3781fe6a21be66a7374ea72cac71f4 (diff) | |
download | samba-7dcf5d4bcf9ad1e6eca1662d7475bf25aa882911.tar.gz samba-7dcf5d4bcf9ad1e6eca1662d7475bf25aa882911.tar.bz2 samba-7dcf5d4bcf9ad1e6eca1662d7475bf25aa882911.zip |
s3-samr: Fix samr access checks in _samr_QueryUserInfo().
Guenther
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 74 |
1 files changed, 71 insertions, 3 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 52864fcaa0..5f1177d339 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2796,7 +2796,8 @@ static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, struct samr_UserInfo21 *r, struct samu *pw, - DOM_SID *domain_sid) + DOM_SID *domain_sid, + uint32_t acc_granted) { NTSTATUS status; const DOM_SID *sid_user, *sid_group; @@ -2916,9 +2917,76 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, uint32 rid; bool ret = false; struct samu *pwd = NULL; + uint32_t acc_required, acc_granted; + + switch (r->in.level) { + case 1: /* UserGeneralInformation */ + /* USER_READ_GENERAL */ + acc_required = SAMR_USER_ACCESS_GET_NAME_ETC; + break; + case 2: /* UserPreferencesInformation */ + /* USER_READ_PREFERENCES | USER_READ_GENERAL */ + acc_required = SAMR_USER_ACCESS_GET_LOCALE | + SAMR_USER_ACCESS_GET_NAME_ETC; + break; + case 3: /* UserLogonInformation */ + /* USER_READ_GENERAL | USER_READ_PREFERENCES | USER_READ_LOGON | USER_READ_ACCOUNT */ + acc_required = SAMR_USER_ACCESS_GET_NAME_ETC | + SAMR_USER_ACCESS_GET_LOCALE | + SAMR_USER_ACCESS_GET_LOGONINFO | + SAMR_USER_ACCESS_GET_ATTRIBUTES; + break; + case 4: /* UserLogonHoursInformation */ + /* USER_READ_LOGON */ + acc_required = SAMR_USER_ACCESS_GET_LOGONINFO; + break; + case 5: /* UserAccountInformation */ + /* USER_READ_GENERAL | USER_READ_PREFERENCES | USER_READ_LOGON | USER_READ_ACCOUNT */ + acc_required = SAMR_USER_ACCESS_GET_NAME_ETC | + SAMR_USER_ACCESS_GET_LOCALE | + SAMR_USER_ACCESS_GET_LOGONINFO | + SAMR_USER_ACCESS_GET_ATTRIBUTES; + break; + case 6: /* UserNameInformation */ + case 7: /* UserAccountNameInformation */ + case 8: /* UserFullNameInformation */ + case 9: /* UserPrimaryGroupInformation */ + case 13: /* UserAdminCommentInformation */ + /* USER_READ_GENERAL */ + acc_required = SAMR_USER_ACCESS_GET_NAME_ETC; + break; + case 10: /* UserHomeInformation */ + case 11: /* UserScriptInformation */ + case 12: /* UserProfileInformation */ + case 14: /* UserWorkStationsInformation */ + /* USER_READ_LOGON */ + acc_required = SAMR_USER_ACCESS_GET_LOGONINFO; + break; + case 16: /* UserControlInformation */ + case 17: /* UserExpiresInformation */ + case 20: /* UserParametersInformation */ + /* USER_READ_ACCOUNT */ + acc_required = SAMR_USER_ACCESS_GET_ATTRIBUTES; + break; + case 21: /* UserAllInformation */ + /* FIXME! - gd */ + acc_required = SAMR_USER_ACCESS_GET_ATTRIBUTES; + break; + case 18: /* UserInternal1Information */ + /* FIXME! - gd */ + acc_required = SAMR_USER_ACCESS_GET_ATTRIBUTES; + break; + case 23: /* UserInternal4Information */ + case 24: /* UserInternal4InformationNew */ + case 25: /* UserInternal4InformationNew */ + case 26: /* UserInternal5InformationNew */ + default: + return NT_STATUS_INVALID_INFO_CLASS; + break; + } uinfo = policy_handle_find(p, r->in.user_handle, - SAMR_USER_ACCESS_GET_ATTRIBUTES, NULL, + acc_required, &acc_granted, struct samr_user_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; @@ -3017,7 +3085,7 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, status = get_user_info_20(p->mem_ctx, &user_info->info20, pwd); break; case 21: - status = get_user_info_21(p->mem_ctx, &user_info->info21, pwd, &domain_sid); + status = get_user_info_21(p->mem_ctx, &user_info->info21, pwd, &domain_sid, acc_granted); break; default: status = NT_STATUS_INVALID_INFO_CLASS; |