summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2008-11-27 01:21:49 +0100
committerGünther Deschner <gd@samba.org>2008-11-27 18:28:43 +0100
commitd94f3e3db35580af366017e100b2047b96d85a9d (patch)
tree655fdd08129b1e0ed28e19f294d7cf3ceb088cce
parent5f9524a9561ba3b29113ac0d2894617f1c6c40e6 (diff)
downloadsamba-d94f3e3db35580af366017e100b2047b96d85a9d.tar.gz
samba-d94f3e3db35580af366017e100b2047b96d85a9d.tar.bz2
samba-d94f3e3db35580af366017e100b2047b96d85a9d.zip
s3-samr: avoid enumeration and user creation on builtin domain handle.
Guenther
-rw-r--r--source3/rpc_server/srv_samr_nt.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 4b8fa67208..71eec0a59c 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1484,6 +1484,11 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
+ if (info->builtin_domain) {
+ DEBUG(5,("_samr_QueryDisplayInfo: Nothing in BUILTIN\n"));
+ return NT_STATUS_OK;
+ }
+
status = access_check_samr_function(info->acc_granted,
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_QueryDisplayInfo");
@@ -3281,6 +3286,11 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
&disp_info))
return NT_STATUS_INVALID_HANDLE;
+ if (disp_info->builtin_domain) {
+ DEBUG(5,("_samr_CreateUser2: Refusing user create in BUILTIN\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
nt_status = access_check_samr_function(acc_granted,
SAMR_DOMAIN_ACCESS_CREATE_USER,
"_samr_CreateUser2");