From 3c75fb2ac5e804d7e293ba6a2488798677db6524 Mon Sep 17 00:00:00 2001 From: Guenther Deschner Date: Fri, 15 May 2009 18:03:34 -0700 Subject: [PATCH] s3-samr: Fix samr access checks in _samr_QueryUserInfo(). Guenther (cherry picked from commit 5c3c7f6921c9cff58cf4f85c0b691566bf4cd02e) --- source3/rpc_server/srv_samr_nt.c | 74 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 71 insertions(+), 3 deletions(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 22a2fd23fab..74afae14376 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2909,7 +2909,8 @@ static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, struct samr_UserInfo21 *r, struct samu *pw, - DOM_SID *domain_sid) + DOM_SID *domain_sid, + uint32_t acc_granted) { NTSTATUS status; const DOM_SID *sid_user, *sid_group; @@ -3029,13 +3030,80 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, uint32 rid; bool ret = false; struct samu *pwd = NULL; + uint32_t acc_required, acc_granted; /* search for the handle */ if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; + switch (r->in.level) { + case 1: /* UserGeneralInformation */ + /* USER_READ_GENERAL */ + acc_required = SAMR_USER_ACCESS_GET_NAME_ETC; + break; + case 2: /* UserPreferencesInformation */ + /* USER_READ_PREFERENCES | USER_READ_GENERAL */ + acc_required = SAMR_USER_ACCESS_GET_LOCALE | + SAMR_USER_ACCESS_GET_NAME_ETC; + break; + case 3: /* UserLogonInformation */ + /* USER_READ_GENERAL | USER_READ_PREFERENCES | USER_READ_LOGON | USER_READ_ACCOUNT */ + acc_required = SAMR_USER_ACCESS_GET_NAME_ETC | + SAMR_USER_ACCESS_GET_LOCALE | + SAMR_USER_ACCESS_GET_LOGONINFO | + SAMR_USER_ACCESS_GET_ATTRIBUTES; + break; + case 4: /* UserLogonHoursInformation */ + /* USER_READ_LOGON */ + acc_required = SAMR_USER_ACCESS_GET_LOGONINFO; + break; + case 5: /* UserAccountInformation */ + /* USER_READ_GENERAL | USER_READ_PREFERENCES | USER_READ_LOGON | USER_READ_ACCOUNT */ + acc_required = SAMR_USER_ACCESS_GET_NAME_ETC | + SAMR_USER_ACCESS_GET_LOCALE | + SAMR_USER_ACCESS_GET_LOGONINFO | + SAMR_USER_ACCESS_GET_ATTRIBUTES; + break; + case 6: /* UserNameInformation */ + case 7: /* UserAccountNameInformation */ + case 8: /* UserFullNameInformation */ + case 9: /* UserPrimaryGroupInformation */ + case 13: /* UserAdminCommentInformation */ + /* USER_READ_GENERAL */ + acc_required = SAMR_USER_ACCESS_GET_NAME_ETC; + break; + case 10: /* UserHomeInformation */ + case 11: /* UserScriptInformation */ + case 12: /* UserProfileInformation */ + case 14: /* UserWorkStationsInformation */ + /* USER_READ_LOGON */ + acc_required = SAMR_USER_ACCESS_GET_LOGONINFO; + break; + case 16: /* UserControlInformation */ + case 17: /* UserExpiresInformation */ + case 20: /* UserParametersInformation */ + /* USER_READ_ACCOUNT */ + acc_required = SAMR_USER_ACCESS_GET_ATTRIBUTES; + break; + case 21: /* UserAllInformation */ + /* FIXME! - gd */ + acc_required = SAMR_USER_ACCESS_GET_ATTRIBUTES; + break; + case 18: /* UserInternal1Information */ + /* FIXME! - gd */ + acc_required = SAMR_USER_ACCESS_GET_ATTRIBUTES; + break; + case 23: /* UserInternal4Information */ + case 24: /* UserInternal4InformationNew */ + case 25: /* UserInternal4InformationNew */ + case 26: /* UserInternal5InformationNew */ + default: + return NT_STATUS_INVALID_INFO_CLASS; + break; + } + status = access_check_samr_function(info->acc_granted, - SAMR_USER_ACCESS_GET_ATTRIBUTES, + acc_required, "_samr_QueryUserInfo"); if (!NT_STATUS_IS_OK(status)) { return status; @@ -3133,7 +3201,7 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, status = get_user_info_20(p->mem_ctx, &user_info->info20, pwd); break; case 21: - status = get_user_info_21(p->mem_ctx, &user_info->info21, pwd, &domain_sid); + status = get_user_info_21(p->mem_ctx, &user_info->info21, pwd, &domain_sid, acc_granted); break; default: status = NT_STATUS_INVALID_INFO_CLASS; -- 2.11.4.GIT