s3: Lock down some srvsvc calls according to what w2k3 seems to do

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index d35557e5bdcade5891098fc1e471532ba0701d35..a2d1d0716d2fc6804ec7743dcb193381b1eb9eb3 100644 (file)
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1033,6 +1033,13 @@ WERROR _srvsvc_NetFileEnum(pipes_struct *p,
                return WERR_UNKNOWN_LEVEL;
        }
 
+       if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+                               p->server_info->ptok)) {
+               DEBUG(1, ("Enumerating files only allowed for "
+                         "administrators\n"));
+               return WERR_ACCESS_DENIED;
+       }
+
        ctx = talloc_tos();
        ctr3 = r->in.info_ctr->ctr.ctr3;
        if (!ctr3) {
@@ -1185,6 +1192,13 @@ WERROR _srvsvc_NetConnEnum(pipes_struct *p,
 
        DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__));
 
+       if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+                               p->server_info->ptok)) {
+               DEBUG(1, ("Enumerating connections only allowed for "
+                         "administrators\n"));
+               return WERR_ACCESS_DENIED;
+       }
+
        switch (r->in.info_ctr->level) {
                case 0:
                        werr = init_srv_conn_info_0(r->in.info_ctr->ctr.ctr0,
@@ -1216,6 +1230,13 @@ WERROR _srvsvc_NetSessEnum(pipes_struct *p,
 
        DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__));
 
+       if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+                               p->server_info->ptok)) {
+               DEBUG(1, ("Enumerating sessions only allowed for "
+                         "administrators\n"));
+               return WERR_ACCESS_DENIED;
+       }
+
        switch (r->in.info_ctr->level) {
                case 0:
                        werr = init_srv_sess_info_0(p,