Changeset 228 for branches/samba-3.2.x/source/rpc_server

Timestamp:

May 26, 2009, 9:44:50 AM (16 years ago)

Author:

Herwig Bauernfeind

Message:

Update 3.2 branch to 3.2.6

Location:

branches/samba-3.2.x/source/rpc_server

Files:

• srv_eventlog_lib.c (modified) (7 diffs)
• srv_eventlog_nt.c (modified) (9 diffs)
• srv_lsa_nt.c (modified) (8 diffs)
• srv_samr_nt.c (modified) (36 diffs)
• srv_srvsvc_nt.c (modified) (1 diff)

branches/samba-3.2.x/source/rpc_server/srv_eventlog_lib.c

@@ -141 +141 @@
 ********************************************************************/
 
-static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed,
+static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32_t needed,
                                     bool whack_by_date )
 {
-        int start_record, i, new_start;
-        int end_record;
-        int nbytes, reclen, len, Retention, MaxSize;
-        int tresv1, trecnum, timegen, timewr;
+        int32_t start_record, i, new_start;
+        int32_t end_record;
+        int32_t reclen, tresv1, trecnum, timegen, timewr;
+        int nbytes, len, Retention, MaxSize;
         TDB_DATA key, ret;
         time_t current_time, exp_time;
@@ -174 +174 @@
 
         DEBUG( 3,
-               ( "MaxSize [%d] Retention [%d] Current Time [%d]  exp_time [%d]\n",
-                 MaxSize, Retention, (uint32)current_time, (uint32)exp_time ) );
+               ( "MaxSize [%d] Retention [%d] Current Time [%u]  exp_time [%u]\n",
+                 MaxSize, Retention, (unsigned int)current_time, (unsigned int)exp_time ) );
         DEBUG( 3,
-               ( "Start Record [%d] End Record [%d]\n", start_record,
-                 end_record ) );
+               ( "Start Record [%u] End Record [%u]\n",
+                (unsigned int)start_record,
+                (unsigned int)end_record ));
 
         for ( i = start_record; i < end_record; i++ ) {
                 /* read a record, add the amt to nbytes */
-                key.dsize = sizeof( int32 );
-                key.dptr = ( uint8 * ) ( int32 * ) & i;
+                key.dsize = sizeof(int32_t);
+                key.dptr = (unsigned char *)&i;
                 ret = tdb_fetch( the_tdb, key );
                 if ( ret.dsize == 0 ) {
@@ -199 +200 @@
                         DEBUG( 10,("make_way_for_eventlogs: tdb_unpack failed.\n"));
                         tdb_unlock_bystring( the_tdb, EVT_NEXT_RECORD );
+                        SAFE_FREE( ret.dptr );
                         return False;
                 }
 
                 DEBUG( 8,
-                       ( "read record %d, record size is [%d], total so far [%d]\n",
-                         i, reclen, nbytes ) );
+                       ( "read record %u, record size is [%d], total so far [%d]\n",
+                         (unsigned int)i, reclen, nbytes ) );
 
                 SAFE_FREE( ret.dptr );
@@ -221 +223 @@
 
         DEBUG( 3,
-               ( "nbytes [%d] needed [%d] start_record is [%d], should be set to [%d]\n",
-                 nbytes, needed, start_record, i ) );
+               ( "nbytes [%d] needed [%d] start_record is [%u], should be set to [%u]\n",
+                 nbytes, needed, (unsigned int)start_record, (unsigned int)i ) );
         /* todo - remove eventlog entries here and set starting record to start_record... */
         new_start = i;
         if ( start_record != new_start ) {
                 for ( i = start_record; i < new_start; i++ ) {
-                        key.dsize = sizeof( int32 );
-                        key.dptr = ( uint8 * ) ( int32 * ) & i;
+                        key.dsize = sizeof(int32_t);
+                        key.dptr = (unsigned char *)&i;
                         tdb_delete( the_tdb, key );
                 }
@@ -268 +270 @@
 ********************************************************************/
 
-bool can_write_to_eventlog( TDB_CONTEXT * tdb, int32 needed )
+bool can_write_to_eventlog( TDB_CONTEXT * tdb, int32_t needed )
 {
         int calcd_size;
@@ -314 +316 @@
 {
         TDB_CONTEXT *tdb = NULL;
-        uint32 vers_id;
+        uint32_t vers_id;
         ELOG_TDB *ptr;
         char *tdbpath = NULL;
@@ -455 +457 @@
         TALLOC_CTX *mem_ctx = NULL;
         TDB_DATA kbuf, ebuf;
-        uint32 n_packed;
+        uint32_t n_packed;
 
         if ( !ee )

branches/samba-3.2.x/source/rpc_server/srv_eventlog_nt.c

@@ -81 +81 @@
         
         sec_desc = get_nt_acl_no_snum( info, tdbname );
-        SAFE_FREE( tdbname );
+        TALLOC_FREE( tdbname );
         
         if ( !sec_desc ) {
@@ -292 +292 @@
         TDB_DATA ret, key;
 
-        int srecno;
-        int reclen;
+        int32_t srecno;
+        int32_t reclen;
         int len;
 
@@ -302 +302 @@
         char *puserdata = NULL;
 
-        key.dsize = sizeof(int32);
+        key.dsize = sizeof(int32_t);
 
         srecno = recno;
-        key.dptr = ( uint8 * ) &srecno;
+        key.dptr = (unsigned char *)&srecno;
 
         ret = tdb_fetch( tdb, key );
@@ -428 +428 @@
         WERROR wresult;
         char *elogname = info->logname;
-        TALLOC_CTX *ctx = talloc_tos();
+        TALLOC_CTX *ctx = talloc_stackframe();
         bool ret = false;
 
@@ -435 +435 @@
         if ( !info->etdb ) {
                 DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) );
-                return False;
+                goto done;
         }
         /* set resonable defaults.  512Kb on size and 1 week on time */
@@ -449 +449 @@
         path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname );
         if (!path) {
-                return false;
+                goto done;
         }
 
@@ -459 +459 @@
                        ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
                          path, dos_errstr( wresult ) ) );
-                return false;
+                goto done;
         }
 
@@ -466 +466 @@
                 DEBUG(4, ("Failed to query value \"Retention\": %s\n",
                           dos_errstr(wresult)));
-                ret = false;
                 goto done;
         }
@@ -475 +474 @@
                 DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
                           dos_errstr(wresult)));
-                ret = false;
                 goto done;
         }

branches/samba-3.2.x/source/rpc_server/srv_lsa_nt.c

@@ -435 +435 @@
 
         if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) {
-                if (geteuid() != 0) {
+                if (p->pipe_user.ut.uid != sec_initial_uid()) {
                         return status;
                 }
@@ -1531 +1531 @@
            account_pol.tdb was already opened as root, this is all we have */
 
-        if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+        if ( p->pipe_user.ut.uid != sec_initial_uid()
+                && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
                 return NT_STATUS_ACCESS_DENIED;
 
@@ -1617 +1618 @@
                 return NT_STATUS_INVALID_HANDLE;
 
+        if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
+                return NT_STATUS_ACCESS_DENIED;
+
         if ( !get_privileges_for_sids( &mask, &info->sid, 1 ) )
                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -1677 +1681 @@
                 return NT_STATUS_INVALID_HANDLE;
 
+        if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
+                return NT_STATUS_ACCESS_DENIED;
+
         if (!lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, NULL))
                 return NT_STATUS_ACCESS_DENIED;
@@ -1711 +1718 @@
            account_pol.tdb was already opened as root, this is all we have */
 
-        if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+        if ( p->pipe_user.ut.uid != sec_initial_uid()
+                && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
                 return NT_STATUS_ACCESS_DENIED;
 
@@ -1820 +1828 @@
         if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
                 return NT_STATUS_ACCESS_DENIED;
-
 
         switch (r->in.sec_info) {
@@ -2079 +2086 @@
                 return NT_STATUS_INVALID_HANDLE;
 
+        if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
+                return NT_STATUS_ACCESS_DENIED;
+
         /* according to an NT4 PDC, you can add privileges to SIDs even without
            call_lsa_create_account() first.  And you can use any arbitrary SID. */
@@ -2120 +2130 @@
         if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
                 return NT_STATUS_INVALID_HANDLE;
+
+        if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
+                return NT_STATUS_ACCESS_DENIED;
 
         name = r->in.name->string;

branches/samba-3.2.x/source/rpc_server/srv_samr_nt.c

@@ -6 +6 @@
  *  Copyright (C) Paul Ashton                       1997,
  *  Copyright (C) Marc Jacobsen                     1999,
- *  Copyright (C) Jeremy Allison                    2001-2005,
+ *  Copyright (C) Jeremy Allison                    2001-2008,
  *  Copyright (C) Jean François Micouleau           1998-2001,
  *  Copyright (C) Jim McDonough <jmcd@us.ibm.com>   2002,
@@ -250 +250 @@
 
 /*******************************************************************
+ Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set.
+********************************************************************/
+
+static void map_max_allowed_access(const NT_USER_TOKEN *token,
+                                        uint32_t *pacc_requested)
+{
+        if (!((*pacc_requested) & MAXIMUM_ALLOWED_ACCESS)) {
+                return;
+        }
+        *pacc_requested &= ~MAXIMUM_ALLOWED_ACCESS;
+
+        /* At least try for generic read. */
+        *pacc_requested = GENERIC_READ_ACCESS;
+
+        /* root gets anything. */
+        if (geteuid() == sec_initial_uid()) {
+                *pacc_requested |= GENERIC_ALL_ACCESS;
+                return;
+        }
+
+        /* Full Access for 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
+
+        if (is_sid_in_token(token, &global_sid_Builtin_Administrators) ||
+                        is_sid_in_token(token, &global_sid_Builtin_Account_Operators)) {
+                *pacc_requested |= GENERIC_ALL_ACCESS;
+                return;
+        }
+
+        /* Full access for DOMAIN\Domain Admins. */
+        if ( IS_DC ) {
+                DOM_SID domadmin_sid;
+                sid_copy( &domadmin_sid, get_global_sam_sid() );
+                sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
+                if (is_sid_in_token(token, &domadmin_sid)) {
+                        *pacc_requested |= GENERIC_ALL_ACCESS;
+                        return;
+                }
+        }
+        /* TODO ! Check privileges. */
+}
+
+/*******************************************************************
  Fetch or create a dispinfo struct.
 ********************************************************************/
@@ -587 +629 @@
 
         /*check if access can be granted as requested by client. */
+        map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
 
         make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 );
@@ -826 +869 @@
         DEBUG(10,("_samr_QuerySecurity: querying security on SID: %s\n",
                   sid_string_dbg(&pol_sid)));
+
+        status = access_check_samr_function(acc_granted,
+                                            STD_RIGHT_READ_CONTROL_ACCESS,
+                                            "_samr_QuerySecurity");
+        if (!NT_STATUS_IS_OK(status)) {
+                return status;
+        }
 
         /* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */
@@ -1155 +1205 @@
                 return NT_STATUS_INVALID_HANDLE;
 
+        DEBUG(5,("_samr_EnumDomainAliases: sid %s\n",
+                 sid_string_dbg(&info->sid)));
+
         status = access_check_samr_function(info->acc_granted,
                                             SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
@@ -1161 +1214 @@
                 return status;
         }
-
-        DEBUG(5,("_samr_EnumDomainAliases: sid %s\n",
-                 sid_string_dbg(&info->sid)));
 
         samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
@@ -1430 +1480 @@
         if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
                 return NT_STATUS_INVALID_HANDLE;
+
+        status = access_check_samr_function(info->acc_granted,
+                                            SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+                                            "_samr_QueryDisplayInfo");
+        if (!NT_STATUS_IS_OK(status)) {
+                return status;
+        }
 
         /*
@@ -1592 +1649 @@
         total_data_size=num_account*struct_size;
 
-        if (num_account) {
+        if (max_entries <= num_account) {
                 status = STATUS_MORE_ENTRIES;
         } else {
@@ -1794 +1851 @@
         uint32  acc_granted;
         struct samr_Ids rids, types;
+        uint32_t num_mapped = 0;
 
         DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
@@ -1841 +1899 @@
 
                 if (type[i] != SID_NAME_UNKNOWN) {
-                        status = NT_STATUS_OK;
+                        num_mapped++;
                 }
+        }
+
+        if (num_mapped == num_rids) {
+                status = NT_STATUS_OK;
+        } else if (num_mapped == 0) {
+                status = NT_STATUS_NONE_MAPPED;
+        } else {
+                status = STATUS_SOME_UNMAPPED;
         }
 
@@ -2063 +2129 @@
         if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL))
                 return NT_STATUS_INVALID_HANDLE;
+
+        status = access_check_samr_function(acc_granted,
+                                            SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+                                            "_samr__LookupRids");
+        if (!NT_STATUS_IS_OK(status)) {
+                return status;
+        }
 
         if (num_rids > 1000) {
@@ -2158 +2231 @@
 
         /* check if access can be granted as requested by client. */
+
+        map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
 
         make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW);
@@ -2634 +2709 @@
                 return NT_STATUS_INVALID_HANDLE;
 
+        status = access_check_samr_function(info->acc_granted,
+                                            SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+                                            "_samr_QueryUserInfo");
+        if (!NT_STATUS_IS_OK(status)) {
+                return status;
+        }
+
         domain_sid = info->sid;
 
@@ -2839 +2921 @@
 
 /*******************************************************************
- samr_QueryDomainInfo_internal
+ _samr_QueryDomainInfo
  ********************************************************************/
 
-static NTSTATUS samr_QueryDomainInfo_internal(const char *fn_name,
-                                              pipes_struct *p,
-                                              struct policy_handle *handle,
-                                              uint32_t level,
-                                              union samr_DomainInfo **dom_info_ptr)
+NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
+                               struct samr_QueryDomainInfo *r)
 {
         NTSTATUS status = NT_STATUS_OK;
@@ -2868 +2947 @@
         uint32 num_users=0, num_groups=0, num_aliases=0;
 
-        DEBUG(5,("%s: %d\n", fn_name, __LINE__));
+        DEBUG(5,("_samr_QueryDomainInfo: %d\n", __LINE__));
 
         dom_info = TALLOC_ZERO_P(p->mem_ctx, union samr_DomainInfo);
@@ -2875 +2954 @@
         }
 
-        *dom_info_ptr = dom_info;
-
         /* find the policy handle.  open a policy on it. */
-        if (!find_policy_by_hnd(p, handle, (void **)(void *)&info)) {
+        if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) {
                 return NT_STATUS_INVALID_HANDLE;
         }
 
-        switch (level) {
+        status = access_check_samr_function(info->acc_granted,
+                                            SA_RIGHT_SAM_OPEN_DOMAIN,
+                                            "_samr_QueryDomainInfo" );
+
+        if ( !NT_STATUS_IS_OK(status) )
+                return status;
+
+        switch (r->in.level) {
                 case 0x01:
 
@@ -2910 +2994 @@
                         unix_to_nt_time_abs(&nt_expire, u_expire);
                         unix_to_nt_time_abs(&nt_min_age, u_min_age);
+
+                        if (lp_check_password_script() && *lp_check_password_script()) {
+                                password_properties |= DOMAIN_PASSWORD_COMPLEX;
+                        }
 
                         init_samr_DomInfo1(&dom_info->info1,
@@ -3054 +3142 @@
         }
 
-        DEBUG(5,("%s: %d\n", fn_name, __LINE__));
+        *r->out.info = dom_info;
+
+        DEBUG(5,("_samr_QueryDomainInfo: %d\n", __LINE__));
 
         return status;
-}
-
-/*******************************************************************
- _samr_QueryDomainInfo
- ********************************************************************/
-
-NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
-                               struct samr_QueryDomainInfo *r)
-{
-        return samr_QueryDomainInfo_internal("_samr_QueryDomainInfo",
-                                             p,
-                                             r->in.domain_handle,
-                                             r->in.level,
-                                             r->out.info);
 }
 
@@ -3218 +3294 @@
         sid_compose(&sid, get_global_sam_sid(), *r->out.rid);
 
+        map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+
         make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
                             &sid, SAMR_USR_RIGHTS_WRITE_PW);
@@ -3279 +3357 @@
            user level access control on shares)   --jerry */
 
-        if (des_access == MAXIMUM_ALLOWED_ACCESS) {
-                /* Map to max possible knowing we're filtered below. */
-                des_access = GENERIC_ALL_ACCESS;
-        }
+        map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
 
         se_map_generic( &des_access, &sam_generic_mapping );
@@ -3318 +3393 @@
         }
 
+        map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+
         make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
         se_map_generic(&des_access, &sam_generic_mapping);
@@ -3366 +3443 @@
                 return NT_STATUS_ACCESS_DENIED;
         }
+
+        map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
 
         make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
@@ -3415 +3494 @@
                 return NT_STATUS_ACCESS_DENIED;
         }
+
+        map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
 
         make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
@@ -3582 +3663 @@
 
         /*check if access can be granted as requested by client. */
+
+        map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
 
         make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0);
@@ -4068 +4151 @@
 
 /*******************************************************************
- samr_SetUserInfo_internal
+ samr_SetUserInfo
  ********************************************************************/
 
-static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
-                                          pipes_struct *p,
-                                          struct policy_handle *user_handle,
-                                          uint16_t level,
-                                          union samr_UserInfo *info)
+NTSTATUS _samr_SetUserInfo(pipes_struct *p,
+                           struct samr_SetUserInfo *r)
 {
         NTSTATUS status;
         struct samu *pwd = NULL;
         DOM_SID sid;
-        POLICY_HND *pol = user_handle;
-        uint16_t switch_value = level;
+        POLICY_HND *pol = r->in.user_handle;
+        union samr_UserInfo *info = r->in.info;
+        uint16_t switch_value = r->in.level;
         uint32_t acc_granted;
         uint32_t acc_required;
@@ -4089 +4170 @@
         DISP_INFO *disp_info = NULL;
 
-        DEBUG(5,("%s: %d\n", fn_name, __LINE__));
+        DEBUG(5,("_samr_SetUserInfo: %d\n", __LINE__));
 
         /* find the policy handle.  open a policy on it. */
@@ -4119 +4200 @@
         status = access_check_samr_function(acc_granted,
                                             acc_required,
-                                            fn_name);
+                                            "_samr_SetUserInfo");
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
 
-        DEBUG(5, ("%s: sid:%s, level:%d\n",
-                  fn_name, sid_string_dbg(&sid), switch_value));
+        DEBUG(5, ("_samr_SetUserInfo: sid:%s, level:%d\n",
+                  sid_string_dbg(&sid), switch_value));
 
         if (info == NULL) {
-                DEBUG(5, ("%s: NULL info level\n", fn_name));
+                DEBUG(5, ("_samr_SetUserInfo: NULL info level\n"));
                 return NT_STATUS_INVALID_INFO_CLASS;
         }
@@ -4162 +4243 @@
         }
 
-        DEBUG(5, ("%s: %s does%s possess sufficient rights\n",
-                  fn_name,
+        DEBUG(5, ("_samr_SetUserInfo: %s does%s possess sufficient rights\n",
                   uidtoname(p->pipe_user.ut.uid),
                   has_enough_rights ? "" : " not"));
@@ -4290 +4370 @@
 
 /*******************************************************************
- _samr_SetUserInfo
- ********************************************************************/
-
-NTSTATUS _samr_SetUserInfo(pipes_struct *p,
-                           struct samr_SetUserInfo *r)
-{
-        return samr_SetUserInfo_internal("_samr_SetUserInfo",
-                                         p,
-                                         r->in.user_handle,
-                                         r->in.level,
-                                         r->in.info);
-}
-
-/*******************************************************************
  _samr_SetUserInfo2
  ********************************************************************/
@@ -4310 +4376 @@
                             struct samr_SetUserInfo2 *r)
 {
-        return samr_SetUserInfo_internal("_samr_SetUserInfo2",
-                                         p,
-                                         r->in.user_handle,
-                                         r->in.level,
-                                         r->in.info);
+        struct samr_SetUserInfo q;
+
+        q.in.user_handle        = r->in.user_handle;
+        q.in.level              = r->in.level;
+        q.in.info               = r->in.info;
+
+        return _samr_SetUserInfo(p, &q);
 }
 
@@ -4816 +4884 @@
         if (!close_policy_hnd(p, r->in.user_handle))
                 return NT_STATUS_OBJECT_NAME_INVALID;
+
+        ZERO_STRUCTP(r->out.user_handle);
 
         force_flush_samr_cache(disp_info);
@@ -5475 +5545 @@
 
         /*check if access can be granted as requested by client. */
+        map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+
         make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0);
         se_map_generic(&des_access,&grp_generic_mapping);
@@ -5587 +5659 @@
                                 struct samr_QueryDomainInfo2 *r)
 {
-        return samr_QueryDomainInfo_internal("_samr_QueryDomainInfo2",
-                                             p,
-                                             r->in.domain_handle,
-                                             r->in.level,
-                                             r->out.info);
+        struct samr_QueryDomainInfo q;
+
+        q.in.domain_handle      = r->in.domain_handle;
+        q.in.level              = r->in.level;
+
+        q.out.info              = r->out.info;
+
+        return _samr_QueryDomainInfo(p, &q);
 }
 
@@ -5601 +5676 @@
                              struct samr_SetDomainInfo *r)
 {
+        struct samr_info *info = NULL;
         time_t u_expire, u_min_age;
         time_t u_logout;
         time_t u_lock_duration, u_reset_time;
+        NTSTATUS result;
 
         DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__));
 
         /* find the policy handle.  open a policy on it. */
-        if (!find_policy_by_hnd(p, r->in.domain_handle, NULL))
+        if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
                 return NT_STATUS_INVALID_HANDLE;
+
+        /* We do have different access bits for info
+         * levels here, but we're really just looking for
+         * GENERIC_RIGHTS_DOMAIN_WRITE access. Unfortunately
+         * this maps to different specific bits. So
+         * assume if we have SA_RIGHT_DOMAIN_SET_INFO_1
+         * set we are ok. */
+
+        result = access_check_samr_function(info->acc_granted,
+                                            SA_RIGHT_DOMAIN_SET_INFO_1,
+                                            "_samr_SetDomainInfo");
+
+        if (!NT_STATUS_IS_OK(result))
+                return result;
 
         DEBUG(5,("_samr_SetDomainInfo: level: %d\n", r->in.level));
@@ -5668 +5759 @@
         uint32_t num_account = 0;
         struct samr_displayentry *entries = NULL;
+        NTSTATUS status;
 
         DEBUG(5,("_samr_GetDisplayEnumerationIndex: %d\n", __LINE__));
@@ -5674 +5766 @@
         if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) {
                 return NT_STATUS_INVALID_HANDLE;
+        }
+
+        status = access_check_samr_function(info->acc_granted,
+                                            SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+                                            "_samr_GetDisplayEnumerationIndex");
+        if (!NT_STATUS_IS_OK(status)) {
+                return status;
         }
 

branches/samba-3.2.x/source/rpc_server/srv_srvsvc_nt.c

@@ -1690 +1690 @@
         DEBUG(5,("_srvsvc_NetShareAdd: %d\n", __LINE__));
 
-        *r->out.parm_error = 0;
+        if (r->out.parm_error) {
+                *r->out.parm_error = 0;
+        }
 
         get_current_user(&user,p);