diff options
| author | Michael Adam <obnox@samba.org> | 2010-06-21 12:32:57 +0200 |
|---|---|---|
| committer | Michael Adam <obnox@samba.org> | 2010-06-21 12:38:25 +0200 |
| commit | b784c20df8fcafc3a5c66f847b1af58b77eeb42b (patch) | |
| tree | 80cf857a06b6de8ba7c7551c228ca94da738d1a4 | |
| parent | e78f2b2e1eebed6950c5c99954d57bfb59c48a11 (diff) | |
| download | samba-b784c20df8fcafc3a5c66f847b1af58b77eeb42b.tar.gz samba-b784c20df8fcafc3a5c66f847b1af58b77eeb42b.tar.bz2 samba-b784c20df8fcafc3a5c66f847b1af58b77eeb42b.zip | |
s3:net rpc registry: make getsd succeed when key sd only gives access to SD not key contents
You don't need the REG_KEY_READ permissions to access the SD of a key.
And for instance, the key HKLM\security ususally has no specific bits
set for builtin\administrators, but the READ_CONTROL_ACCESS.
I.e. builtin\administrators can get the sd but not enumerate the key.
| -rw-r--r-- | source3/utils/net_rpc_registry.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c index 59971af3a3..fb1e14f0d5 100644 --- a/source3/utils/net_rpc_registry.c +++ b/source3/utils/net_rpc_registry.c @@ -1208,8 +1208,7 @@ static NTSTATUS rpc_registry_getsd_internal(struct net_context *c, uint32_t sec_info; DATA_BLOB blob; struct security_descriptor sec_desc; - uint32_t access_mask = REG_KEY_READ | - SEC_FLAG_MAXIMUM_ALLOWED | + uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED | SEC_FLAG_SYSTEM_SECURITY; if (argc <1 || argc > 2 || c->display_usage) { |