On Wed, Dec 10, 2008 at 01:41:12PM -0800, Jeremy Allison wrote:
> Ok, this looks like the following cut-and-paste
> error by me. We're testing a user handle permission
> set against a domain handle permission bit by mistake.
>
> Damn, I was *sure* I had tested this (but must have
> tested as root by mistake).
>
> Can you confirm this fixes the problem (it does here).
Actually, I was using the wrong bit. SAMR_USER_ACCESS_GET_ATTRIBUTES
is the correct bit to use here. This is the correct patch.
Jeremy.
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index e2cf8cd..0ab8b5d 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -2709,7 +2709,7 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+ SAMR_USER_ACCESS_GET_ATTRIBUTES,
"_samr_QueryUserInfo");
if (!NT_STATUS_IS_OK(status)) {
return status;
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
