From c7e6db566ad2bd5ea6473753a720a9ccc9772b59 Mon Sep 17 00:00:00 2001 From: Guenther Deschner Date: Fri, 15 May 2009 17:49:02 -0700 Subject: [PATCH] s3-samr: Fix samr access checks in _samr_SetDomainInfo(). Guenther --- source3/rpc_server/srv_samr_nt.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 64f6823725a..671e501809a 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -6345,6 +6345,7 @@ NTSTATUS _samr_SetDomainInfo(pipes_struct *p, time_t u_logout; time_t u_lock_duration, u_reset_time; NTSTATUS result; + uint32_t acc_required = 0; DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__)); @@ -6352,15 +6353,29 @@ NTSTATUS _samr_SetDomainInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; - /* We do have different access bits for info - * levels here, but we're really just looking for - * GENERIC_RIGHTS_DOMAIN_WRITE access. Unfortunately - * this maps to different specific bits. So - * assume if we have SAMR_DOMAIN_ACCESS_SET_INFO_1 - * set we are ok. */ + switch (r->in.level) { + case 1: /* DomainPasswordInformation */ + case 12: /* DomainLockoutInformation */ + /* DOMAIN_WRITE_PASSWORD_PARAMETERS */ + acc_required = SAMR_DOMAIN_ACCESS_SET_INFO_1; + break; + case 3: /* DomainLogoffInformation */ + case 4: /* DomainOemInformation */ + /* DOMAIN_WRITE_OTHER_PARAMETERS */ + acc_required = SAMR_DOMAIN_ACCESS_SET_INFO_2; + break; + case 6: /* DomainReplicationInformation */ + case 9: /* DomainStateInformation */ + case 7: /* DomainServerRoleInformation */ + /* DOMAIN_ADMINISTER_SERVER */ + acc_required = SAMR_DOMAIN_ACCESS_SET_INFO_3; + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } result = access_check_samr_function(info->acc_granted, - SAMR_DOMAIN_ACCESS_SET_INFO_1, + acc_required, "_samr_SetDomainInfo"); if (!NT_STATUS_IS_OK(result)) -- 2.11.4.GIT