diff options
author | Gerald Carter <jerry@samba.org> | 2006-07-11 20:02:22 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:19:15 -0500 |
commit | 7c1f79143b4f28e6eff0cf914defd0a008372055 (patch) | |
tree | a45d94214e8aeba6684dbaf688703b6ef298ce2b | |
parent | 060b155cd2f77e37086f97461f93e9ef1ff8dce2 (diff) | |
download | samba-7c1f79143b4f28e6eff0cf914defd0a008372055.tar.gz samba-7c1f79143b4f28e6eff0cf914defd0a008372055.tar.bz2 samba-7c1f79143b4f28e6eff0cf914defd0a008372055.zip |
r16953: Don't allow groups to be renamed to an existing user or other group
(This used to be commit 7d619f127ee70fdd486ffaab4546a53d76a2288c)
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 2e0b355db5..66f196ae3a 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -4590,6 +4590,10 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_ switch (ctr->level) { case 2: + { + fstring group_name; + enum SID_NAME_USE type; + /* We currently do not support renaming groups in the the BUILTIN domain. Refer to util_builtin.c to understand why. The eventually needs to be fixed to be like Windows @@ -4599,13 +4603,26 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_ return NT_STATUS_SPECIAL_ACCOUNT; } - if ( ctr->alias.info2.name.string ) { - unistr2_to_ascii( info.acct_name, ctr->alias.info2.name.string, - sizeof(info.acct_name)-1 ); + /* There has to be a valid name */ + if ( !ctr->alias.info2.name.string ) + return NT_STATUS_INVALID_PARAMETER; + + unistr2_to_ascii( info.acct_name, ctr->alias.info2.name.string, + sizeof(info.acct_name)-1 ); + + /* make sure the name doesn't already exist as a user + or local group */ + + fstr_sprintf( group_name, "%s\\%s", global_myname(), info.acct_name ); + if ( lookup_name( p->mem_ctx, group_name, 0, NULL, NULL, NULL, &type) ) { + if ( type == SID_NAME_USER ) { + return NT_STATUS_USER_EXISTS; + } + + return NT_STATUS_ALIAS_EXISTS; } - else - fstrcpy( info.acct_name, "" ); break; + } case 3: if ( ctr->alias.info3.description.string ) { unistr2_to_ascii( info.acct_desc, |