The Samba-Bugzilla – Attachment 6975 Details for
Bug 8509
Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch #1
look (text/plain), 1.76 KB, created by
Jeremy Allison
on 2011-10-06 21:23:48 UTC
(
hide
)
Description:
Patch #1
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-10-06 21:23:48 UTC
Size:
1.76 KB
patch
obsolete
>diff --git a/source3/rpc_server/srv_access_check.c b/source3/rpc_server/srv_access_check.c >index 12d9024..4e74b04 100644 >--- a/source3/rpc_server/srv_access_check.c >+++ b/source3/rpc_server/srv_access_check.c >@@ -52,6 +52,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t > { > NTSTATUS status = NT_STATUS_ACCESS_DENIED; > uint32 saved_mask = 0; >+ bool priv_granted = false; > > /* check privileges; certain SAM access bits should be overridden > by privileges (mostly having to do with creating/modifying/deleting >@@ -59,6 +60,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t > > if ((needed_priv_1 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_1)) || > (needed_priv_2 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_2))) { >+ priv_granted = true; > saved_mask = (des_access & rights_mask); > des_access &= ~saved_mask; > >@@ -81,6 +83,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t > DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", debug, des_access)); > DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n")); > >+ priv_granted = true; > *acc_granted = des_access; > > status = NT_STATUS_OK; >@@ -89,10 +92,12 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t > > > done: >- /* add in any bits saved during the privilege check (only >- matters is status is ok) */ >+ if (priv_granted) { >+ /* add in any bits saved during the privilege check (only >+ matters if status is ok) */ > >- *acc_granted |= rights_mask; >+ *acc_granted |= rights_mask; >+ } > > DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n", > debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 8509
:
6975
|
6976
|
6981