|
1 --- source3/rpc_server/srv_lsa_nt.c.orig 2012-04-07 14:59:17.000000000 +0100 |
|
2 +++ source3/rpc_server/srv_lsa_nt.c 2012-04-27 20:10:36.000000000 +0100 |
|
3 @@ -1691,6 +1691,10 @@ |
|
4 struct lsa_info *handle; |
|
5 struct lsa_info *info; |
|
6 uint32_t acc_granted; |
|
7 + uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS & |
|
8 + ~(LSA_ACCOUNT_ADJUST_PRIVILEGES| |
|
9 + LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS| |
|
10 + STD_RIGHT_DELETE_ACCESS)); |
|
11 struct security_descriptor *psd; |
|
12 size_t sd_size; |
|
13 |
|
14 @@ -1718,7 +1722,7 @@ |
|
15 |
|
16 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, |
|
17 &lsa_account_mapping, |
|
18 - r->in.sid, LSA_POLICY_ALL_ACCESS); |
|
19 + r->in.sid, owner_access); |
|
20 if (!NT_STATUS_IS_OK(status)) { |
|
21 return status; |
|
22 } |
|
23 @@ -1764,6 +1768,10 @@ |
|
24 size_t sd_size; |
|
25 uint32_t des_access = r->in.access_mask; |
|
26 uint32_t acc_granted; |
|
27 + uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS & |
|
28 + ~(LSA_ACCOUNT_ADJUST_PRIVILEGES| |
|
29 + LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS| |
|
30 + STD_RIGHT_DELETE_ACCESS)); |
|
31 NTSTATUS status; |
|
32 |
|
33 /* find the connection policy handle. */ |
|
34 @@ -1788,7 +1796,7 @@ |
|
35 /* get the generic lsa account SD until we store it */ |
|
36 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, |
|
37 &lsa_account_mapping, |
|
38 - r->in.sid, LSA_ACCOUNT_ALL_ACCESS); |
|
39 + r->in.sid, owner_access); |
|
40 if (!NT_STATUS_IS_OK(status)) { |
|
41 return status; |
|
42 } |
|
43 @@ -2174,10 +2182,10 @@ |
|
44 return NT_STATUS_INVALID_HANDLE; |
|
45 } |
|
46 |
|
47 - /* get the generic lsa account SD for this SID until we store it */ |
|
48 + /* get the generic lsa account SD until we store it */ |
|
49 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, |
|
50 &lsa_account_mapping, |
|
51 - r->in.sid, LSA_ACCOUNT_ALL_ACCESS); |
|
52 + NULL, 0); |
|
53 if (!NT_STATUS_IS_OK(status)) { |
|
54 return status; |
|
55 } |
|
56 @@ -2245,10 +2253,10 @@ |
|
57 return NT_STATUS_INVALID_HANDLE; |
|
58 } |
|
59 |
|
60 - /* get the generic lsa account SD for this SID until we store it */ |
|
61 + /* get the generic lsa account SD until we store it */ |
|
62 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, |
|
63 &lsa_account_mapping, |
|
64 - r->in.sid, LSA_ACCOUNT_ALL_ACCESS); |
|
65 + NULL, 0); |
|
66 if (!NT_STATUS_IS_OK(status)) { |
|
67 return status; |
|
68 } |