The branch, v3-4-test has been updated
via 1994a8a5db5c3abd6292b81aa975e7b8fe8311d0 (commit)
from 148fa23d95af164babd9135fc40d528ec147e372 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit 1994a8a5db5c3abd6292b81aa975e7b8fe8311d0
Author: Jeremy Allison <j...@samba.org>
Date: Wed Apr 15 15:40:00 2009 -0700
Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+
What a difference a name makes... :-). Just because something is missnamed
SAMR_ACCESS_OPEN_DOMAIN, when it should actually be
SAMR_ACCESS_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
librpc/gen_ndr/ndr_samr.c | 2 +-
librpc/gen_ndr/samr.h | 4 ++--
librpc/idl/samr.idl | 4 ++--
source3/lib/netapi/group.c | 18 +++++++++---------
source3/lib/netapi/localgroup.c | 25 ++++++++++++-------------
source3/lib/netapi/user.c | 30 +++++++++++++++---------------
source3/libnet/libnet_join.c | 2 +-
source3/rpc_server/srv_samr_nt.c | 13 +++----------
source3/smbd/lanman.c | 6 +++---
source3/utils/net_rpc.c | 2 +-
source3/utils/net_rpc_join.c | 2 +-
11 files changed, 50 insertions(+), 58 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/gen_ndr/ndr_samr.c b/librpc/gen_ndr/ndr_samr.c
index 33c70ce..d2d345a 100644
--- a/librpc/gen_ndr/ndr_samr.c
+++ b/librpc/gen_ndr/ndr_samr.c
@@ -122,7 +122,7 @@ _PUBLIC_ void ndr_print_samr_ConnectAccessMask(struct
ndr_print *ndr, const char
ndr_print_bitmap_flag(ndr, sizeof(uint32_t),
"SAMR_ACCESS_INITIALIZE_SERVER", SAMR_ACCESS_INITIALIZE_SERVER, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t),
"SAMR_ACCESS_CREATE_DOMAIN", SAMR_ACCESS_CREATE_DOMAIN, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t),
"SAMR_ACCESS_ENUM_DOMAINS", SAMR_ACCESS_ENUM_DOMAINS, r);
- ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_OPEN_DOMAIN",
SAMR_ACCESS_OPEN_DOMAIN, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t),
"SAMR_ACCESS_LOOKUP_DOMAIN", SAMR_ACCESS_LOOKUP_DOMAIN, r);
ndr->depth--;
}
diff --git a/librpc/gen_ndr/samr.h b/librpc/gen_ndr/samr.h
index 0447564..16c6605 100644
--- a/librpc/gen_ndr/samr.h
+++ b/librpc/gen_ndr/samr.h
@@ -14,7 +14,7 @@
#define GENERIC_RIGHTS_SAM_ALL_ACCESS (
(STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_ACCESS_ALL_ACCESS) )
#define GENERIC_RIGHTS_SAM_READ (
(STANDARD_RIGHTS_READ_ACCESS|SAMR_ACCESS_ENUM_DOMAINS) )
#define GENERIC_RIGHTS_SAM_WRITE (
(STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ACCESS_CREATE_DOMAIN|SAMR_ACCESS_INITIALIZE_SERVER|SAMR_ACCESS_SHUTDOWN_SERVER)
)
-#define GENERIC_RIGHTS_SAM_EXECUTE (
(STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ACCESS_OPEN_DOMAIN|SAMR_ACCESS_CONNECT_TO_SERVER)
)
+#define GENERIC_RIGHTS_SAM_EXECUTE (
(STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ACCESS_LOOKUP_DOMAIN|SAMR_ACCESS_CONNECT_TO_SERVER)
)
#define SAMR_USER_ACCESS_ALL_ACCESS ( 0x000007FF )
#define GENERIC_RIGHTS_USER_ALL_ACCESS (
(STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_USER_ACCESS_ALL_ACCESS) )
#define GENERIC_RIGHTS_USER_READ (
(STANDARD_RIGHTS_READ_ACCESS|SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP|SAMR_USER_ACCESS_GET_GROUPS|SAMR_USER_ACCESS_GET_ATTRIBUTES|SAMR_USER_ACCESS_GET_LOGONINFO|SAMR_USER_ACCESS_GET_LOCALE)
)
@@ -97,7 +97,7 @@ enum samr_RejectReason
#define SAMR_ACCESS_INITIALIZE_SERVER ( 0x00000004 )
#define SAMR_ACCESS_CREATE_DOMAIN ( 0x00000008 )
#define SAMR_ACCESS_ENUM_DOMAINS ( 0x00000010 )
-#define SAMR_ACCESS_OPEN_DOMAIN ( 0x00000020 )
+#define SAMR_ACCESS_LOOKUP_DOMAIN ( 0x00000020 )
/* bitmap samr_UserAccessMask */
#define SAMR_USER_ACCESS_GET_NAME_ETC ( 0x00000001 )
diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl
index 7d5d877..bcd8ca0 100644
--- a/librpc/idl/samr.idl
+++ b/librpc/idl/samr.idl
@@ -64,7 +64,7 @@ import "misc.idl", "lsa.idl", "security.idl";
SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
- SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
+ SAMR_ACCESS_LOOKUP_DOMAIN = 0x00000020
} samr_ConnectAccessMask;
const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
@@ -85,7 +85,7 @@ import "misc.idl", "lsa.idl", "security.idl";
const int GENERIC_RIGHTS_SAM_EXECUTE =
(STANDARD_RIGHTS_EXECUTE_ACCESS |
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_CONNECT_TO_SERVER);
/* User Object specific access rights */
diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c
index c09632a..004fd3a 100644
--- a/source3/lib/netapi/group.c
+++ b/source3/lib/netapi/group.c
@@ -79,7 +79,7 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_CREATE_GROUP |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -250,7 +250,7 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -415,7 +415,7 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -650,7 +650,7 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -766,7 +766,7 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -887,7 +887,7 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -1165,7 +1165,7 @@ WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
@@ -1296,7 +1296,7 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -1448,7 +1448,7 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
index 13405b5..d389c1f 100644
--- a/source3/lib/netapi/localgroup.c
+++ b/source3/lib/netapi/localgroup.c
@@ -157,7 +157,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -182,7 +182,7 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -277,7 +277,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -302,7 +302,7 @@ WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -449,7 +449,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -474,7 +474,7 @@ WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -620,7 +620,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -647,7 +647,7 @@ WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -762,7 +762,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
@@ -774,7 +774,7 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
@@ -1068,7 +1068,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct
libnetapi_ctx *ctx,
}
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_ENUM_DOMAINS,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -1098,7 +1098,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct
libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -1318,4 +1318,3 @@ WERROR NetLocalGroupSetMembers_l(struct libnetapi_ctx
*ctx,
{
LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupSetMembers);
}
-
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
index 1cbb883..849ba9c 100644
--- a/source3/lib/netapi/user.c
+++ b/source3/lib/netapi/user.c
@@ -395,7 +395,7 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
SAMR_DOMAIN_ACCESS_CREATE_USER |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
@@ -517,7 +517,7 @@ WERROR NetUserDel_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -1223,7 +1223,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
&connect_handle,
@@ -1234,7 +1234,7 @@ WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
@@ -1522,7 +1522,7 @@ WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx
*ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
@@ -1648,7 +1648,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -1659,7 +1659,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
&connect_handle,
@@ -1800,7 +1800,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
@@ -1812,7 +1812,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
&connect_handle,
@@ -2220,7 +2220,7 @@ WERROR NetUserModalsGet_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
access_mask,
&connect_handle,
&domain_handle,
@@ -2698,7 +2698,7 @@ WERROR NetUserModalsSet_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
access_mask,
&connect_handle,
&domain_handle,
@@ -2831,7 +2831,7 @@ WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -2982,7 +2982,7 @@ WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
&connect_handle,
&domain_handle,
@@ -3264,7 +3264,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
&connect_handle,
@@ -3276,7 +3276,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
SAMR_ACCESS_ENUM_DOMAINS |
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
&connect_handle,
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index fe9fd66..6b0604b 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -785,7 +785,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX
*mem_ctx,
status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
pipe_hnd->desthost,
SAMR_ACCESS_ENUM_DOMAINS
- | SAMR_ACCESS_OPEN_DOMAIN,
+ | SAMR_ACCESS_LOOKUP_DOMAIN,
&sam_pol);
if (!NT_STATUS_IS_OK(status)) {
goto done;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 7881ca6..b153bef 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -609,13 +609,6 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void
*)&info) )
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function(info->acc_granted,
- SAMR_ACCESS_OPEN_DOMAIN,
- "_samr_OpenDomain" );
-
- if ( !NT_STATUS_IS_OK(status) )
- return status;
-
/*check if access can be granted as requested by client. */
map_max_allowed_access(p->server_info->ptok, &des_access);
@@ -2812,7 +2805,7 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
}
status = access_check_samr_function(info->acc_granted,
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
"_samr_QueryDomainInfo" );
if ( !NT_STATUS_IS_OK(status) )
@@ -3217,7 +3210,7 @@ NTSTATUS _samr_Connect(pipes_struct *p,
map_max_allowed_access(p->server_info->ptok, &des_access);
se_map_generic( &des_access, &sam_generic_mapping );
- info->acc_granted = des_access &
(SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN);
+ info->acc_granted = des_access &
(SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_LOOKUP_DOMAIN);
/* get a (unique) handle. open a policy on it. */
if (!create_policy_hnd(p, r->out.connect_handle, info))
@@ -3372,7 +3365,7 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p,
Reverted that change so we will work with RAS servers again */
status = access_check_samr_function(info->acc_granted,
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
"_samr_LookupDomain");
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 6f8f8ed..979e5b5 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -2073,7 +2073,7 @@ static bool api_RNetGroupEnum(connection_struct
*conn,uint16 vuid,
}
status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(),
- SAMR_ACCESS_OPEN_DOMAIN, &samr_handle);
+ SAMR_ACCESS_LOOKUP_DOMAIN, &samr_handle);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n",
nt_errstr(status)));
@@ -2254,7 +2254,7 @@ static bool api_NetUserGetGroups(connection_struct
*conn,uint16 vuid,
}
status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(),
- SAMR_ACCESS_OPEN_DOMAIN, &samr_handle);
+ SAMR_ACCESS_LOOKUP_DOMAIN, &samr_handle);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n",
nt_errstr(status)));
@@ -2409,7 +2409,7 @@ static bool api_RNetUserEnum(connection_struct *conn,
uint16 vuid,
}
status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(),
- SAMR_ACCESS_OPEN_DOMAIN, &samr_handle);
+ SAMR_ACCESS_LOOKUP_DOMAIN, &samr_handle);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n",
nt_errstr(status)));
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 21881ba..ed7b2f0 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -6102,7 +6102,7 @@ static int rpc_trustdom_list(struct net_context *c, int
argc, const char **argv)
/* SamrConnect2 */
nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
pipe_hnd->desthost,
- SAMR_ACCESS_OPEN_DOMAIN,
+ SAMR_ACCESS_LOOKUP_DOMAIN,
&connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
--
Samba Shared Repository
