summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-01-27 03:00:14 +0000
committerGerald Carter <jerry@samba.org>2005-01-27 03:00:14 +0000
commit0250258c9da8364493d230c076f6de76ec520b63 (patch)
treeeefa50fa52b95f959a4a2f0b15a213c5e9f15c1b
parenta3c5a5b5d7b4874e0d74fcc50720becb802e3080 (diff)
downloadsamba-0250258c9da8364493d230c076f6de76ec520b63.tar.gz
r5030: svn merge -r5020:5029 svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0 (hopefully last changes for 3.0.11rc1)
-rw-r--r--source/printing/nt_printing.c11
-rw-r--r--source/rpc_server/srv_samr_nt.c57
2 files changed, 31 insertions, 37 deletions
diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c
index d5cf58f54d8..2a525ef560b 100644
--- a/source/printing/nt_printing.c
+++ b/source/printing/nt_printing.c
@@ -2595,6 +2595,7 @@ static BOOL map_nt_printer_info2_to_dsspooler(NT_PRINTER_INFO_LEVEL_2 *info2)
{
REGVAL_CTR *ctr = NULL;
fstring longname;
+ fstring dnssuffix;
char *allocated_string = NULL;
const char *ascii_str;
int i;
@@ -2606,7 +2607,15 @@ static BOOL map_nt_printer_info2_to_dsspooler(NT_PRINTER_INFO_LEVEL_2 *info2)
map_sz_into_ctr(ctr, SPOOL_REG_PRINTERNAME, info2->sharename);
map_sz_into_ctr(ctr, SPOOL_REG_SHORTSERVERNAME, global_myname());
- get_mydnsfullname(longname);
+ /* we make the assumption that the netbios name is the same
+ as the DNS name sinc ethe former will be what we used to
+ join the domain */
+
+ if ( get_mydnsdomname( dnssuffix ) )
+ fstr_sprintf( longname, "%s.%s", global_myname(), dnssuffix );
+ else
+ fstrcpy( longname, global_myname() );
+
map_sz_into_ctr(ctr, SPOOL_REG_SERVERNAME, longname);
asprintf(&allocated_string, "\\\\%s\\%s", longname, info2->sharename);
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index ec52f55b4e3..3742e213832 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -294,13 +294,15 @@ static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token,
}
- DEBUG(2,("%s: ACCESS DENIED (requested: %#010x)\n", debug, des_access));
-
done:
/* add in any bits saved during the privilege check (only
matters is syayus is ok) */
*acc_granted |= saved_mask;
+
+ DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
+ debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
+ des_access, *acc_granted));
return status;
}
@@ -2301,12 +2303,6 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA
return NT_STATUS_INVALID_PARAMETER;
}
- /* find the account: tell the caller if it exists.
- lkclXXXX i have *no* idea if this is a problem or not
- or even if you are supposed to construct a different
- reply if the account already exists...
- */
-
rpcstr_pull(account, user_account.buffer, sizeof(account), user_account.uni_str_len*2, 0);
strlower_m(account);
@@ -2335,16 +2331,9 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA
*********************************************************************/
pw = Get_Pwnam(account);
-
- /*
- * we can't check both the ending $ and the acb_info.
- *
- * UserManager creates trust accounts (ending in $,
- * normal that hidden accounts) with the acb_info equals to ACB_NORMAL.
- * JFM, 11/29/2001
- */
- if (account[strlen(account)-1] == '$') {
+ /* determine which user right we need to check based on the acb_info */
+ if ( acb_info == ACB_WSTRUST ) {
se_priv_copy( &se_rights, &se_machine_account );
pstrcpy(add_script, lp_addmachine_script());
}
@@ -3080,17 +3069,10 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
-
- /* the access mask depends on what the caller wants to do */
- switch (switch_value) {
- case 24:
- acc_required = SA_RIGHT_USER_SET_PASSWORD | SA_RIGHT_USER_SET_ATTRIBUTES | SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
- break;
- default:
- acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */
- break;
- }
+ /* observed when joining an XP client to a Samba domain */
+
+ acc_required = SA_RIGHT_USER_SET_PASSWORD | SA_RIGHT_USER_SET_ATTRIBUTES | SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo"))) {
return r_u->status;
@@ -3226,8 +3208,11 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
+
+ /* observed when joining XP client to Samba domain */
+
+ acc_required = SA_RIGHT_USER_SET_PASSWORD | SA_RIGHT_USER_SET_ATTRIBUTES | SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
- acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */
if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo2"))) {
return r_u->status;
}
@@ -3274,14 +3259,6 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch (switch_value) {
- case 21:
- if (!set_user_info_21(ctr->info.id21, pwd))
- return NT_STATUS_ACCESS_DENIED;
- break;
- case 20:
- if (!set_user_info_20(ctr->info.id20, pwd))
- r_u->status = NT_STATUS_ACCESS_DENIED;
- break;
case 16:
if (!set_user_info_10(ctr->info.id10, pwd))
r_u->status = NT_STATUS_ACCESS_DENIED;
@@ -3291,6 +3268,14 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_
if (!set_user_info_12(ctr->info.id12, pwd))
r_u->status = NT_STATUS_ACCESS_DENIED;
break;
+ case 20:
+ if (!set_user_info_20(ctr->info.id20, pwd))
+ r_u->status = NT_STATUS_ACCESS_DENIED;
+ break;
+ case 21:
+ if (!set_user_info_21(ctr->info.id21, pwd))
+ return NT_STATUS_ACCESS_DENIED;
+ break;
default:
r_u->status = NT_STATUS_INVALID_INFO_CLASS;
}