diff options
author | Günther Deschner <gd@samba.org> | 2008-11-27 01:21:49 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2008-11-27 18:28:43 +0100 |
commit | d94f3e3db35580af366017e100b2047b96d85a9d (patch) | |
tree | 655fdd08129b1e0ed28e19f294d7cf3ceb088cce | |
parent | 5f9524a9561ba3b29113ac0d2894617f1c6c40e6 (diff) | |
download | samba-d94f3e3db35580af366017e100b2047b96d85a9d.tar.gz samba-d94f3e3db35580af366017e100b2047b96d85a9d.tar.bz2 samba-d94f3e3db35580af366017e100b2047b96d85a9d.zip |
s3-samr: avoid enumeration and user creation on builtin domain handle.
Guenther
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 4b8fa67208..71eec0a59c 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1484,6 +1484,11 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; + if (info->builtin_domain) { + DEBUG(5,("_samr_QueryDisplayInfo: Nothing in BUILTIN\n")); + return NT_STATUS_OK; + } + status = access_check_samr_function(info->acc_granted, SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, "_samr_QueryDisplayInfo"); @@ -3281,6 +3286,11 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, &disp_info)) return NT_STATUS_INVALID_HANDLE; + if (disp_info->builtin_domain) { + DEBUG(5,("_samr_CreateUser2: Refusing user create in BUILTIN\n")); + return NT_STATUS_ACCESS_DENIED; + } + nt_status = access_check_samr_function(acc_granted, SAMR_DOMAIN_ACCESS_CREATE_USER, "_samr_CreateUser2"); |