Sophie

Sophie

distrib > Mandriva > 2011.0 > i586 > media > main-updates-src > by-pkgid > 7fd2725321605111ec32fb945697c6f3 > files > 15

samba-3.5.10-1.4.src.rpm


taken straight from 3.5.15

diff -Naurp samba-3.5.14/source3/rpc_server/srv_lsa_nt.c samba-3.5.15/source3/rpc_server/srv_lsa_nt.c
--- samba-3.5.14/source3/rpc_server/srv_lsa_nt.c	2012-04-07 13:59:17.000000000 +0000
+++ samba-3.5.15/source3/rpc_server/srv_lsa_nt.c	2012-04-27 19:10:36.000000000 +0000
@@ -1691,6 +1691,10 @@ NTSTATUS _lsa_CreateAccount(pipes_struct
 	struct lsa_info *handle;
 	struct lsa_info *info;
 	uint32_t acc_granted;
+	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
+			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
+			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
+			STD_RIGHT_DELETE_ACCESS));
 	struct security_descriptor *psd;
 	size_t sd_size;
 
@@ -1718,7 +1722,7 @@ NTSTATUS _lsa_CreateAccount(pipes_struct
 
 	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
 				    &lsa_account_mapping,
-				    r->in.sid, LSA_POLICY_ALL_ACCESS);
+				    r->in.sid, owner_access);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -1764,6 +1768,10 @@ NTSTATUS _lsa_OpenAccount(pipes_struct *
 	size_t sd_size;
 	uint32_t des_access = r->in.access_mask;
 	uint32_t acc_granted;
+	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
+			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
+			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
+			STD_RIGHT_DELETE_ACCESS));
 	NTSTATUS status;
 
 	/* find the connection policy handle. */
@@ -1788,7 +1796,7 @@ NTSTATUS _lsa_OpenAccount(pipes_struct *
 	/* get the generic lsa account SD until we store it */
 	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
 				&lsa_account_mapping,
-				r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+				r->in.sid, owner_access);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -2174,10 +2182,10 @@ NTSTATUS _lsa_AddAccountRights(pipes_str
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
-        /* get the generic lsa account SD for this SID until we store it */
+        /* get the generic lsa account SD until we store it */
         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
                                 &lsa_account_mapping,
-                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+                                NULL, 0);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
@@ -2245,10 +2253,10 @@ NTSTATUS _lsa_RemoveAccountRights(pipes_
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
-        /* get the generic lsa account SD for this SID until we store it */
+        /* get the generic lsa account SD until we store it */
         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
                                 &lsa_account_mapping,
-                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+                                NULL, 0);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional