Restrict dfs add and dfs remote to root at Shirish's advice.

Jeremy.
(This used to be commit 9dd77c4fb1282d23cfbfd9d0ed790be62534e201)

1 files changed, 16 insertions, 0 deletions

diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c
index 22e7a24f58..c01ab8f2d9 100644
--- a/source3/rpc_server/srv_dfs_nt.c
+++ b/source3/rpc_server/srv_dfs_nt.c
@@ -44,6 +44,7 @@ uint32 _dfs_exist(pipes_struct *p, DFS_Q_DFS_EXIST *q_u, DFS_R_DFS_EXIST *r_u)
 
 uint32 _dfs_add(pipes_struct *p, DFS_Q_DFS_ADD* q_u, DFS_R_DFS_ADD *r_u)
 {
+  struct current_user user;
   struct junction_map jn;
   struct referral* old_referral_list = NULL;
   BOOL exists = False;
@@ -51,6 +52,13 @@ uint32 _dfs_add(pipes_struct *p, DFS_Q_DFS_ADD* q_u, DFS_R_DFS_ADD *r_u)
   pstring dfspath, servername, sharename;
   pstring altpath;
 
+  get_current_user(&user,p);
+
+  if (user.uid != 0) {
+	DEBUG(10,("_dfs_add: uid != 0. Access denied.\n"));
+	return ERROR_ACCESS_DENIED;
+  }
+
   unistr2_to_ascii(dfspath, &q_u->DfsEntryPath, sizeof(dfspath)-1);
   unistr2_to_ascii(servername, &q_u->ServerName, sizeof(servername)-1);
   unistr2_to_ascii(sharename, &q_u->ShareName, sizeof(sharename)-1);
@@ -103,12 +111,20 @@ uint32 _dfs_add(pipes_struct *p, DFS_Q_DFS_ADD* q_u, DFS_R_DFS_ADD *r_u)
 
 uint32 _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u, DFS_R_DFS_REMOVE *r_u)
 {
+  struct current_user user;
   struct junction_map jn;
   BOOL found = False;
 
   pstring dfspath, servername, sharename;
   pstring altpath;
 
+  get_current_user(&user,p);
+
+  if (user.uid != 0) {
+	DEBUG(10,("_dfs_add: uid != 0. Access denied.\n"));
+	return ERROR_ACCESS_DENIED;
+  }
+
   unistr2_to_ascii(dfspath, &q_u->DfsEntryPath, sizeof(dfspath)-1);
   if(q_u->ptr_ServerName)
     unistr2_to_ascii(servername, &q_u->ServerName, sizeof(servername)-1);