summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-05-18 21:05:08 +0200
committerGünther Deschner <gd@samba.org>2009-05-18 23:08:13 +0200
commit6ab0c83570b2e60e0cd3bd5f5bfb1923fd359994 (patch)
treeb99ea363050ce400254f81de358c615222bb813d
parent4724fef8979c3f0e66cb8e41936af270901093b4 (diff)
downloadsamba-6ab0c83570b2e60e0cd3bd5f5bfb1923fd359994.tar.gz
samba-6ab0c83570b2e60e0cd3bd5f5bfb1923fd359994.tar.bz2
samba-6ab0c83570b2e60e0cd3bd5f5bfb1923fd359994.zip
s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount().
Inspired by lsa server from Samba 4. Just removing a user in SAMR does not remove a user in LSA. If you use usermanager from windows, the "User Rights" management gui gets unaccessable as soon as you delete a user that had privileges granted. With this fix, that no longer existing user would properly appear as an unknown account in the GUI (as it does while using usermanager with windows domains). This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther
-rw-r--r--source3/rpc_server/srv_lsa_nt.c26
1 files changed, 23 insertions, 3 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 7cddb5cb85..dd0bfe1492 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1717,7 +1717,10 @@ NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p,
NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p,
struct lsa_GetSystemAccessAccount *r)
{
- struct lsa_info *info=NULL;
+ NTSTATUS status;
+ struct lsa_info *info = NULL;
+ struct lsa_EnumPrivsAccount e;
+ struct lsa_PrivilegeSet *privset;
/* find the connection policy handle. */
@@ -1727,8 +1730,25 @@ NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p,
if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
- if (!lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, NULL))
- return NT_STATUS_ACCESS_DENIED;
+ privset = talloc_zero(p->mem_ctx, struct lsa_PrivilegeSet);
+ if (!privset) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ e.in.handle = r->in.handle;
+ e.out.privs = &privset;
+
+ status = _lsa_EnumPrivsAccount(p, &e);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("_lsa_GetSystemAccessAccount: "
+ "failed to call _lsa_EnumPrivsAccount(): %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ /* Samba4 would iterate over the privset to merge the policy mode bits,
+ * not sure samba3 can do the same here, so just return what we did in
+ * the past - gd */
/*
0x01 -> Log on locally