diff options
| author | Jeremy Allison <jra@samba.org> | 2009-04-15 15:40:00 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2009-04-15 15:40:00 -0700 |
| commit | d9804ae3cc2c435f9983ca47f6f1b6b96e5c03ca (patch) | |
| tree | 618057dc77d62fec5fff32263dd90a5011cad793 /source3/rpc_server | |
| parent | e6aa3f2d09bd004341dde28b15ef769a09401f26 (diff) | |
| download | samba-d9804ae3cc2c435f9983ca47f6f1b6b96e5c03ca.tar.gz samba-d9804ae3cc2c435f9983ca47f6f1b6b96e5c03ca.tar.bz2 samba-d9804ae3cc2c435f9983ca47f6f1b6b96e5c03ca.zip | |
Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+
What a difference a name makes... :-). Just because something is missnamed
SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 7881ca62ea..b153bef1c2 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -609,13 +609,6 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p, if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) ) return NT_STATUS_INVALID_HANDLE; - status = access_check_samr_function(info->acc_granted, - SAMR_ACCESS_OPEN_DOMAIN, - "_samr_OpenDomain" ); - - if ( !NT_STATUS_IS_OK(status) ) - return status; - /*check if access can be granted as requested by client. */ map_max_allowed_access(p->server_info->ptok, &des_access); @@ -2812,7 +2805,7 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, } status = access_check_samr_function(info->acc_granted, - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, "_samr_QueryDomainInfo" ); if ( !NT_STATUS_IS_OK(status) ) @@ -3217,7 +3210,7 @@ NTSTATUS _samr_Connect(pipes_struct *p, map_max_allowed_access(p->server_info->ptok, &des_access); se_map_generic( &des_access, &sam_generic_mapping ); - info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN); + info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_LOOKUP_DOMAIN); /* get a (unique) handle. open a policy on it. */ if (!create_policy_hnd(p, r->out.connect_handle, info)) @@ -3372,7 +3365,7 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p, Reverted that change so we will work with RAS servers again */ status = access_check_samr_function(info->acc_granted, - SAMR_ACCESS_OPEN_DOMAIN, + SAMR_ACCESS_LOOKUP_DOMAIN, "_samr_LookupDomain"); if (!NT_STATUS_IS_OK(status)) { return status; |