The branch, v3-5-test has been updated via a5af824... s3-passdb: move open_schannel_session_store() to passdb/secrets_schannel.c. via 50b1a41... s3-net: acct_flags are uint32_t in net_sam_set_userflag(). via ed9df48... adssearch: dump some more nttime timestamps. via d8f6db0... s3-lsa: add lsa_trusted_domain_mapping. via 6e3444c... lsa: add LSA_TRUSTED_DOMAIN access masks. via 87c1eb2... s3-passdb: add secrets_delete_generic(). via cebefbe... s3-lsa: add lsa_secret_mapping. via c765a61... lsa: add LSA_SECRET access masks. via cd3b6ee... s3-lsa: use correct function name in_lsa_RemoveAccountRights(). via 70e65d3... s3-lsa: pure cosmetic indentation fixes. via 48e7b9e... s3-lsa: use enum lsa_LookupNamesLevel in lsa_lookup_level_to_flags(). from 4b69d99... Fix map readonly in smb.conf, it is a single word
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log ----------------------------------------------------------------- commit a5af824b953a7446ac7ce2e0efc18f0e1ca538bd Author: Günther Deschner <g...@samba.org> Date: Wed Oct 28 11:36:13 2009 +0100 s3-passdb: move open_schannel_session_store() to passdb/secrets_schannel.c. Guenther commit 50b1a41bc19c6ca8a9364fe5a95e8bd6ba4f9894 Author: Günther Deschner <g...@samba.org> Date: Wed Oct 28 10:56:01 2009 +0100 s3-net: acct_flags are uint32_t in net_sam_set_userflag(). Guenther commit ed9df48953fc3877013e2cf09bc782fce36ea825 Author: Günther Deschner <g...@samba.org> Date: Wed Oct 28 10:55:14 2009 +0100 adssearch: dump some more nttime timestamps. Guenther commit d8f6db0626c6a7e404e98fa708cd29d55ec9e381 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 27 15:29:02 2009 +0100 s3-lsa: add lsa_trusted_domain_mapping. Guenther commit 6e3444cc8b5c1989c3076f7656289b6226222e45 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 27 15:28:06 2009 +0100 lsa: add LSA_TRUSTED_DOMAIN access masks. Guenther commit 87c1eb24a5d63bdb53b7400d111ff13fb4d35c48 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 27 14:59:25 2009 +0100 s3-passdb: add secrets_delete_generic(). Guenther commit cebefbeaeec5acf646964c52862e8337719fafb1 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 27 13:50:43 2009 +0100 s3-lsa: add lsa_secret_mapping. Guenther commit c765a61bbff44666d78f80ec2ce87a58f32bd034 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 27 13:49:21 2009 +0100 lsa: add LSA_SECRET access masks. Guenther commit cd3b6eead757434d32535107746713d9631c15be Author: Günther Deschner <g...@samba.org> Date: Mon Oct 26 23:47:01 2009 +0100 s3-lsa: use correct function name in_lsa_RemoveAccountRights(). Guenther commit 70e65d3c947b261f1d26d95b620627237a3c4fe2 Author: Günther Deschner <g...@samba.org> Date: Mon Oct 26 23:37:21 2009 +0100 s3-lsa: pure cosmetic indentation fixes. Guenther commit 48e7b9e2c0ef95b9e3fbf439ad68ff412c156ebd Author: Günther Deschner <g...@samba.org> Date: Mon Oct 26 23:28:30 2009 +0100 s3-lsa: use enum lsa_LookupNamesLevel in lsa_lookup_level_to_flags(). Guenther ----------------------------------------------------------------------- Summary of changes: examples/misc/adssearch.pl | 2 + librpc/gen_ndr/lsa.h | 8 ++++ librpc/idl/lsa.idl | 48 +++++++++++++++++++++++++ source3/include/proto.h | 3 +- source3/passdb/secrets.c | 69 ++++++------------------------------- source3/passdb/secrets_schannel.c | 63 +++++++++++++++++++++++++++++++++ source3/rpc_server/srv_lsa_nt.c | 63 ++++++++++++++++++++------------- source3/utils/net_sam.c | 2 +- 8 files changed, 173 insertions(+), 85 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/misc/adssearch.pl b/examples/misc/adssearch.pl index 026853d..13a85be 100755 --- a/examples/misc/adssearch.pl +++ b/examples/misc/adssearch.pl @@ -518,6 +518,7 @@ my %attr_handler = ( "instanceType" => \&dump_instance_type, "lastLogon" => \&dump_nttime, "lastLogonTimestamp" => \&dump_nttime, + "lastSetTime" => \&dump_nttime, "lockOutObservationWindow" => \&dump_nttime_abs, "lockoutDuration" => \&dump_nttime_abs, "lockoutTime" => \&dump_nttime, @@ -538,6 +539,7 @@ my %attr_handler = ( "objectSid" => \&dump_sid, "pKT" => \&dump_pkt, "pKTGuid" => \&dump_guid, + "priorSetTime" => \&dump_nttime, "pwdLastSet" => \&dump_nttime, "pwdProperties" => \&dump_pwdproperties, "sAMAccountType" => \&dump_atype, diff --git a/librpc/gen_ndr/lsa.h b/librpc/gen_ndr/lsa.h index f101fb6..a0af571 100644 --- a/librpc/gen_ndr/lsa.h +++ b/librpc/gen_ndr/lsa.h @@ -17,6 +17,14 @@ #define LSA_ACCOUNT_READ ( (STANDARD_RIGHTS_READ_ACCESS|LSA_ACCOUNT_VIEW) ) #define LSA_ACCOUNT_WRITE ( (STANDARD_RIGHTS_READ_ACCESS|LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_QUOTAS|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS) ) #define LSA_ACCOUNT_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS) ) +#define LSA_SECRET_ALL_ACCESS ( (LSA_SECRET_QUERY_VALUE|LSA_SECRET_SET_VALUE|SEC_STD_DELETE|STANDARD_RIGHTS_READ_ACCESS|SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER) ) +#define LSA_SECRET_READ ( (LSA_SECRET_QUERY_VALUE|STANDARD_RIGHTS_READ_ACCESS) ) +#define LSA_SECRET_WRITE ( (LSA_SECRET_SET_VALUE|STANDARD_RIGHTS_READ_ACCESS) ) +#define LSA_SECRET_EXECUTE ( (STANDARD_RIGHTS_READ_ACCESS) ) +#define LSA_TRUSTED_DOMAIN_ALL_ACCESS ( (LSA_TRUSTED_QUERY_DOMAIN_NAME|LSA_TRUSTED_QUERY_CONTROLLERS|LSA_TRUSTED_SET_CONTROLLERS|LSA_TRUSTED_QUERY_POSIX|LSA_TRUSTED_SET_POSIX|LSA_TRUSTED_SET_AUTH|LSA_TRUSTED_QUERY_AUTH|SEC_STD_DELETE|STANDARD_RIGHTS_READ_ACCESS|SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER) ) +#define LSA_TRUSTED_DOMAIN_READ ( (LSA_TRUSTED_QUERY_DOMAIN_NAME|STANDARD_RIGHTS_READ_ACCESS) ) +#define LSA_TRUSTED_DOMAIN_WRITE ( (LSA_TRUSTED_SET_CONTROLLERS|LSA_TRUSTED_SET_POSIX|LSA_TRUSTED_SET_AUTH|STANDARD_RIGHTS_READ_ACCESS) ) +#define LSA_TRUSTED_DOMAIN_EXECUTE ( (LSA_TRUSTED_QUERY_DOMAIN_NAME|LSA_TRUSTED_QUERY_POSIX|STANDARD_RIGHTS_READ_ACCESS) ) #define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER ( 60 ) #define LSA_REF_DOMAIN_LIST_MULTIPLIER ( 32 ) #define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER ( 82 ) diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl index 253b6d7..097dda5 100644 --- a/librpc/idl/lsa.idl +++ b/librpc/idl/lsa.idl @@ -213,6 +213,25 @@ import "misc.idl", "security.idl"; LSA_SECRET_QUERY_VALUE = 0x00000002 } lsa_SecretAccessMask; + const int LSA_SECRET_ALL_ACCESS = + (LSA_SECRET_QUERY_VALUE | + LSA_SECRET_SET_VALUE | + SEC_STD_DELETE | + STANDARD_RIGHTS_READ_ACCESS | + SEC_STD_WRITE_DAC | + SEC_STD_WRITE_OWNER); /* 0x000F0003 */ + + const int LSA_SECRET_READ = + (LSA_SECRET_QUERY_VALUE | + STANDARD_RIGHTS_READ_ACCESS); /* 0x00020002 */ + + const int LSA_SECRET_WRITE = + (LSA_SECRET_SET_VALUE | + STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */ + + const int LSA_SECRET_EXECUTE = + (STANDARD_RIGHTS_READ_ACCESS); /* 0x00020000 */ + typedef [public,bitmap32bit] bitmap { LSA_TRUSTED_QUERY_DOMAIN_NAME = 0x00000001, LSA_TRUSTED_QUERY_CONTROLLERS = 0x00000002, @@ -223,6 +242,35 @@ import "misc.idl", "security.idl"; LSA_TRUSTED_QUERY_AUTH = 0x00000040 } lsa_TrustedAccessMask; + const int LSA_TRUSTED_DOMAIN_ALL_ACCESS = + (LSA_TRUSTED_QUERY_DOMAIN_NAME | + LSA_TRUSTED_QUERY_CONTROLLERS | + LSA_TRUSTED_SET_CONTROLLERS | + LSA_TRUSTED_QUERY_POSIX | + LSA_TRUSTED_SET_POSIX | + LSA_TRUSTED_SET_AUTH | + LSA_TRUSTED_QUERY_AUTH | + SEC_STD_DELETE | + STANDARD_RIGHTS_READ_ACCESS | + SEC_STD_WRITE_DAC | + SEC_STD_WRITE_OWNER); /* 0x000F007F */ + + const int LSA_TRUSTED_DOMAIN_READ = + (LSA_TRUSTED_QUERY_DOMAIN_NAME | + STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */ + + const int LSA_TRUSTED_DOMAIN_WRITE = + (LSA_TRUSTED_SET_CONTROLLERS | + LSA_TRUSTED_SET_POSIX | + LSA_TRUSTED_SET_AUTH | + STANDARD_RIGHTS_READ_ACCESS); /* 0x00020034 */ + + const int LSA_TRUSTED_DOMAIN_EXECUTE = + (LSA_TRUSTED_QUERY_DOMAIN_NAME | + LSA_TRUSTED_QUERY_POSIX | + STANDARD_RIGHTS_READ_ACCESS); /* 0x0002000C */ + + /* notice the screwup with the system_name - thats why MS created OpenPolicy2 */ [public] NTSTATUS lsa_OpenPolicy ( diff --git a/source3/include/proto.h b/source3/include/proto.h index b79ced7..c863d55 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4718,14 +4718,15 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, bool secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfile); bool secrets_fetch_afs_key(const char *cell, struct afs_key *result); void secrets_fetch_ipc_userpass(char **username, char **domain, char **password); -TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx); bool secrets_store_generic(const char *owner, const char *key, const char *secret); char *secrets_fetch_generic(const char *owner, const char *key); +bool secrets_delete_generic(const char *owner, const char *key); bool secrets_store_local_schannel_key(uint8_t schannel_key[16]); bool secrets_fetch_local_schannel_key(uint8_t schannel_key[16]); /* The following definitions come from passdb/secrets_schannel.c */ +TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx); NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, const char *computer_name, struct netlogon_creds_CredentialState **pcreds); diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 29e0662..369abf8 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -1132,70 +1132,23 @@ void secrets_fetch_ipc_userpass(char **username, char **domain, char **password) } } -/****************************************************************************** - Open or create the schannel session store tdb. -*******************************************************************************/ - -#define SCHANNEL_STORE_VERSION_1 1 -#define SCHANNEL_STORE_VERSION_2 2 /* should not be used */ -#define SCHANNEL_STORE_VERSION_CURRENT SCHANNEL_STORE_VERSION_1 - -TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx) +bool secrets_store_generic(const char *owner, const char *key, const char *secret) { - TDB_DATA vers; - uint32 ver; - TDB_CONTEXT *tdb_sc = NULL; - char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", lp_private_dir()); - - if (!fname) { - return NULL; - } - - tdb_sc = tdb_open_log(fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + char *tdbkey = NULL; + bool ret; - if (!tdb_sc) { - DEBUG(0,("open_schannel_session_store: Failed to open %s\n", fname)); - TALLOC_FREE(fname); - return NULL; - } - - again: - vers = tdb_fetch_bystring(tdb_sc, "SCHANNEL_STORE_VERSION"); - if (vers.dptr == NULL) { - /* First opener, no version. */ - SIVAL(&ver,0,SCHANNEL_STORE_VERSION_CURRENT); - vers.dptr = (uint8 *)&ver; - vers.dsize = 4; - tdb_store_bystring(tdb_sc, "SCHANNEL_STORE_VERSION", vers, TDB_REPLACE); - vers.dptr = NULL; - } else if (vers.dsize == 4) { - ver = IVAL(vers.dptr,0); - if (ver == SCHANNEL_STORE_VERSION_2) { - DEBUG(0,("open_schannel_session_store: wrong version number %d in %s\n", - (int)ver, fname )); - tdb_wipe_all(tdb_sc); - goto again; - } - if (ver != SCHANNEL_STORE_VERSION_CURRENT) { - DEBUG(0,("open_schannel_session_store: wrong version number %d in %s\n", - (int)ver, fname )); - tdb_close(tdb_sc); - tdb_sc = NULL; - } - } else { - tdb_close(tdb_sc); - tdb_sc = NULL; - DEBUG(0,("open_schannel_session_store: wrong version number size %d in %s\n", - (int)vers.dsize, fname )); + if (asprintf(&tdbkey, "SECRETS/GENERIC/%s/%s", owner, key) < 0) { + DEBUG(0, ("asprintf failed!\n")); + return False; } - SAFE_FREE(vers.dptr); - TALLOC_FREE(fname); + ret = secrets_store(tdbkey, secret, strlen(secret)+1); - return tdb_sc; + SAFE_FREE(tdbkey); + return ret; } -bool secrets_store_generic(const char *owner, const char *key, const char *secret) +bool secrets_delete_generic(const char *owner, const char *key) { char *tdbkey = NULL; bool ret; @@ -1205,7 +1158,7 @@ bool secrets_store_generic(const char *owner, const char *key, const char *secre return False; } - ret = secrets_store(tdbkey, secret, strlen(secret)+1); + ret = secrets_delete(tdbkey); SAFE_FREE(tdbkey); return ret; diff --git a/source3/passdb/secrets_schannel.c b/source3/passdb/secrets_schannel.c index 84a860e..f4da625 100644 --- a/source3/passdb/secrets_schannel.c +++ b/source3/passdb/secrets_schannel.c @@ -21,6 +21,69 @@ #include "../libcli/auth/schannel_state.h" /****************************************************************************** + Open or create the schannel session store tdb. +*******************************************************************************/ + +#define SCHANNEL_STORE_VERSION_1 1 +#define SCHANNEL_STORE_VERSION_2 2 /* should not be used */ +#define SCHANNEL_STORE_VERSION_CURRENT SCHANNEL_STORE_VERSION_1 + +TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx) +{ + TDB_DATA vers; + uint32 ver; + TDB_CONTEXT *tdb_sc = NULL; + char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", lp_private_dir()); + + if (!fname) { + return NULL; + } + + tdb_sc = tdb_open_log(fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + + if (!tdb_sc) { + DEBUG(0,("open_schannel_session_store: Failed to open %s\n", fname)); + TALLOC_FREE(fname); + return NULL; + } + + again: + vers = tdb_fetch_bystring(tdb_sc, "SCHANNEL_STORE_VERSION"); + if (vers.dptr == NULL) { + /* First opener, no version. */ + SIVAL(&ver,0,SCHANNEL_STORE_VERSION_CURRENT); + vers.dptr = (uint8 *)&ver; + vers.dsize = 4; + tdb_store_bystring(tdb_sc, "SCHANNEL_STORE_VERSION", vers, TDB_REPLACE); + vers.dptr = NULL; + } else if (vers.dsize == 4) { + ver = IVAL(vers.dptr,0); + if (ver == SCHANNEL_STORE_VERSION_2) { + DEBUG(0,("open_schannel_session_store: wrong version number %d in %s\n", + (int)ver, fname )); + tdb_wipe_all(tdb_sc); + goto again; + } + if (ver != SCHANNEL_STORE_VERSION_CURRENT) { + DEBUG(0,("open_schannel_session_store: wrong version number %d in %s\n", + (int)ver, fname )); + tdb_close(tdb_sc); + tdb_sc = NULL; + } + } else { + tdb_close(tdb_sc); + tdb_sc = NULL; + DEBUG(0,("open_schannel_session_store: wrong version number size %d in %s\n", + (int)vers.dsize, fname )); + } + + SAFE_FREE(vers.dptr); + TALLOC_FREE(fname); + + return tdb_sc; +} + +/****************************************************************************** Wrapper around schannel_fetch_session_key_tdb() Note we must be root here. *******************************************************************************/ diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index a9a4fa5..d90dfee 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -59,6 +59,20 @@ const struct generic_mapping lsa_policy_mapping = { LSA_POLICY_ALL_ACCESS }; +const struct generic_mapping lsa_secret_mapping = { + LSA_SECRET_READ, + LSA_SECRET_WRITE, + LSA_SECRET_EXECUTE, + LSA_SECRET_ALL_ACCESS +}; + +const struct generic_mapping lsa_trusted_domain_mapping = { + LSA_TRUSTED_DOMAIN_READ, + LSA_TRUSTED_DOMAIN_WRITE, + LSA_TRUSTED_DOMAIN_EXECUTE, + LSA_TRUSTED_DOMAIN_ALL_ACCESS +}; + /*************************************************************************** init_lsa_ref_domain_list - adds a domain if it's not already in, returns the index. ***************************************************************************/ @@ -372,9 +386,8 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, } status = access_check_object(psd, p->server_info->ptok, - NULL, 0, des_access, - &acc_granted, "_lsa_OpenPolicy2" ); - + NULL, 0, des_access, + &acc_granted, "_lsa_OpenPolicy2" ); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -1017,23 +1030,24 @@ NTSTATUS _lsa_LookupSids3(pipes_struct *p, /*************************************************************************** ***************************************************************************/ -static int lsa_lookup_level_to_flags(uint16 level) +static int lsa_lookup_level_to_flags(enum lsa_LookupNamesLevel level) { int flags; switch (level) { - case 1: + case LSA_LOOKUP_NAMES_ALL: /* 1 */ flags = LOOKUP_NAME_ALL; break; - case 2: + case LSA_LOOKUP_NAMES_DOMAINS_ONLY: /* 2 */ flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_REMOTE|LOOKUP_NAME_ISOLATED; break; - case 3: + case LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY: /* 3 */ flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED; break; - case 4: - case 5: - case 6: + case LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY: /* 4 */ + case LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY: /* 5 */ + case LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2: /* 6 */ + case LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC: /* 7 */ default: flags = LOOKUP_NAME_NONE; break; @@ -1674,9 +1688,9 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p, return status; } - status = access_check_object(psd, p->server_info->ptok, - NULL, 0, r->in.access_mask, - &acc_granted, "_lsa_CreateAccount"); + status = access_check_object(psd, p->server_info->ptok, + NULL, 0, r->in.access_mask, + &acc_granted, "_lsa_CreateAccount"); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -1745,9 +1759,8 @@ NTSTATUS _lsa_OpenAccount(pipes_struct *p, } status = access_check_object(psd, p->server_info->ptok, - NULL, 0, des_access, - &acc_granted, "_lsa_OpenAccount" ); - + NULL, 0, des_access, + &acc_granted, "_lsa_OpenAccount" ); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2137,10 +2150,10 @@ NTSTATUS _lsa_AddAccountRights(pipes_struct *p, * on the account sid. We don't check here so just use the latter. JRA. */ - status = access_check_object(psd, p->server_info->ptok, - NULL, 0, LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW, - &acc_granted, "_lsa_AddAccountRights" ); - + status = access_check_object(psd, p->server_info->ptok, + NULL, 0, + LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW, + &acc_granted, "_lsa_AddAccountRights" ); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2207,11 +2220,11 @@ NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p, * and DELETE on the account sid. */ - status = access_check_object(psd, p->server_info->ptok, - NULL, 0, LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS| - LSA_ACCOUNT_VIEW|STD_RIGHT_DELETE_ACCESS, - &acc_granted, "_lsa_AddAccountRights" ); - + status = access_check_object(psd, p->server_info->ptok, + NULL, 0, + LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS| + LSA_ACCOUNT_VIEW|STD_RIGHT_DELETE_ACCESS, + &acc_granted, "_lsa_RemoveAccountRights"); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 95405f3..fe84ce4 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -137,7 +137,7 @@ static int net_sam_set_userflag(struct net_context *c, int argc, enum lsa_SidType type; const char *dom, *name; NTSTATUS status; - uint16 acct_flags; + uint32_t acct_flags; if ((argc != 2) || c->display_usage || (!strequal(argv[1], "yes") && -- Samba Shared Repository