The Samba-Bugzilla – Attachment 4069 Details for
Bug 6089
Winbind samr_OpenDomain not possible with Samba 3.2.6+
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 3.2 only.
look (text/plain), 3.01 KB, created by
Jeremy Allison
on 2009-04-15 16:09:32 UTC
(
hide
)
Description:
Patch for 3.2 only.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2009-04-15 16:09:32 UTC
Size:
3.01 KB
patch
obsolete
>diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h >index 649e806..bf5b85f 100644 >--- a/source/include/rpc_secdes.h >+++ b/source/include/rpc_secdes.h >@@ -224,7 +224,7 @@ struct standard_mapping { > #define SA_RIGHT_SAM_INITIALISE_SERVER 0x00000004 > #define SA_RIGHT_SAM_CREATE_DOMAIN 0x00000008 > #define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010 >-#define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020 >+#define SA_RIGHT_SAM_LOOKUP_DOMAIN 0x00000020 > > #define SA_RIGHT_SAM_ALL_ACCESS 0x0000003F > >@@ -244,7 +244,7 @@ struct standard_mapping { > > #define GENERIC_RIGHTS_SAM_EXECUTE \ > (STANDARD_RIGHTS_EXECUTE_ACCESS | \ >- SA_RIGHT_SAM_OPEN_DOMAIN | \ >+ SA_RIGHT_SAM_LOOKUP_DOMAIN | \ > SA_RIGHT_SAM_CONNECT_SERVER) > > >diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c >index 6e37ea5..f14c53b 100644 >--- a/source/rpc_server/srv_samr_nt.c >+++ b/source/rpc_server/srv_samr_nt.c >@@ -620,13 +620,6 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p, > if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) ) > return NT_STATUS_INVALID_HANDLE; > >- status = access_check_samr_function(info->acc_granted, >- SA_RIGHT_SAM_OPEN_DOMAIN, >- "_samr_OpenDomain" ); >- >- if ( !NT_STATUS_IS_OK(status) ) >- return status; >- > /*check if access can be granted as requested by client. */ > map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); > >@@ -2957,7 +2950,7 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, > } > > status = access_check_samr_function(info->acc_granted, >- SA_RIGHT_SAM_OPEN_DOMAIN, >+ SA_RIGHT_SAM_LOOKUP_DOMAIN, > "_samr_QueryDomainInfo" ); > > if ( !NT_STATUS_IS_OK(status) ) >@@ -3357,7 +3350,7 @@ NTSTATUS _samr_Connect(pipes_struct *p, > map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); > > se_map_generic( &des_access, &sam_generic_mapping ); >- info->acc_granted = des_access & (SA_RIGHT_SAM_ENUM_DOMAINS|SA_RIGHT_SAM_OPEN_DOMAIN); >+ info->acc_granted = des_access & (SA_RIGHT_SAM_ENUM_DOMAINS|SA_RIGHT_SAM_LOOKUP_DOMAIN); > > /* get a (unique) handle. open a policy on it. */ > if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info)) >@@ -3544,7 +3537,7 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p, > Reverted that change so we will work with RAS servers again */ > > status = access_check_samr_function(info->acc_granted, >- SA_RIGHT_SAM_OPEN_DOMAIN, >+ SA_RIGHT_SAM_LOOKUP_DOMAIN, > "_samr_LookupDomain"); > if (!NT_STATUS_IS_OK(status)) { > return status; >diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c >index 0476394..1eaa1c6 100644 >--- a/source/utils/net_rpc.c >+++ b/source/utils/net_rpc.c >@@ -6280,7 +6280,7 @@ static int rpc_trustdom_list(int argc, const char **argv) > /* SamrConnect2 */ > nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, > pipe_hnd->cli->desthost, >- SA_RIGHT_SAM_OPEN_DOMAIN, >+ SA_RIGHT_SAM_LOOKUP_DOMAIN, > &connect_hnd); > if (!NT_STATUS_IS_OK(nt_status)) { > DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4069">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6089
:
4068
| 4069