git.samba.org
/
kai
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
5f9524a
)
s3-samr: avoid enumeration and user creation on builtin domain handle.
author
Günther Deschner
<gd@samba.org>
Thu, 27 Nov 2008 00:21:49 +0000
(
01:21
+0100)
committer
Günther Deschner
<gd@samba.org>
Thu, 27 Nov 2008 17:28:43 +0000
(18:28 +0100)
Guenther
source3/rpc_server/srv_samr_nt.c
patch
|
blob
|
history
diff --git
a/source3/rpc_server/srv_samr_nt.c
b/source3/rpc_server/srv_samr_nt.c
index 4b8fa67208aa67093a318e93faf08a819758da77..71eec0a59ca782da5414464b8d937fcd18d685ee 100644
(file)
--- a/
source3/rpc_server/srv_samr_nt.c
+++ b/
source3/rpc_server/srv_samr_nt.c
@@
-1484,6
+1484,11
@@
NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
+ if (info->builtin_domain) {
+ DEBUG(5,("_samr_QueryDisplayInfo: Nothing in BUILTIN\n"));
+ return NT_STATUS_OK;
+ }
+
status = access_check_samr_function(info->acc_granted,
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_QueryDisplayInfo");
status = access_check_samr_function(info->acc_granted,
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_QueryDisplayInfo");
@@
-3281,6
+3286,11
@@
NTSTATUS _samr_CreateUser2(pipes_struct *p,
&disp_info))
return NT_STATUS_INVALID_HANDLE;
&disp_info))
return NT_STATUS_INVALID_HANDLE;
+ if (disp_info->builtin_domain) {
+ DEBUG(5,("_samr_CreateUser2: Refusing user create in BUILTIN\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
nt_status = access_check_samr_function(acc_granted,
SAMR_DOMAIN_ACCESS_CREATE_USER,
"_samr_CreateUser2");
nt_status = access_check_samr_function(acc_granted,
SAMR_DOMAIN_ACCESS_CREATE_USER,
"_samr_CreateUser2");