The branch, master has been updated via b784c20... s3:net rpc registry: make getsd succeed when key sd only gives access to SD not key contents from e78f2b2... s3:fix an outdated comment.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit b784c20df8fcafc3a5c66f847b1af58b77eeb42b Author: Michael Adam <ob...@samba.org> Date: Mon Jun 21 12:32:57 2010 +0200 s3:net rpc registry: make getsd succeed when key sd only gives access to SD not key contents You don't need the REG_KEY_READ permissions to access the SD of a key. And for instance, the key HKLM\security ususally has no specific bits set for builtin\administrators, but the READ_CONTROL_ACCESS. I.e. builtin\administrators can get the sd but not enumerate the key. ----------------------------------------------------------------------- Summary of changes: source3/utils/net_rpc_registry.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c index 59971af..fb1e14f 100644 --- a/source3/utils/net_rpc_registry.c +++ b/source3/utils/net_rpc_registry.c @@ -1208,8 +1208,7 @@ static NTSTATUS rpc_registry_getsd_internal(struct net_context *c, uint32_t sec_info; DATA_BLOB blob; struct security_descriptor sec_desc; - uint32_t access_mask = REG_KEY_READ | - SEC_FLAG_MAXIMUM_ALLOWED | + uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED | SEC_FLAG_SYSTEM_SECURITY; if (argc <1 || argc > 2 || c->display_usage) { -- Samba Shared Repository