diff options
| author | Jeremy Allison <jra@samba.org> | 2000-09-28 20:36:28 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2000-09-28 20:36:28 +0000 |
| commit | d6a73c3aaeca61dad455c2939ffb048c7670ae7c (patch) | |
| tree | dfe6cdba4f32f05af9dad648dde075b78d192235 /source3/rpc_server/srv_samr.c | |
| parent | b06d83c909e0587accf93e090c62395ff8b1bb87 (diff) | |
| download | samba-d6a73c3aaeca61dad455c2939ffb048c7670ae7c.tar.gz samba-d6a73c3aaeca61dad455c2939ffb048c7670ae7c.tar.bz2 samba-d6a73c3aaeca61dad455c2939ffb048c7670ae7c.zip | |
Added comment on JF's new code. Removed ifdef in passdb/smbpass.c as this
was not correct.
Jeremy.
(This used to be commit 1a3f7ecde2ca031b2f93a079f75822354fe241a0)
Diffstat (limited to 'source3/rpc_server/srv_samr.c')
| -rw-r--r-- | source3/rpc_server/srv_samr.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 2ef29df990..e3425f3247 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -1850,7 +1850,10 @@ static BOOL api_samr_create_user(pipes_struct *p) DEBUG(5,("api_samr_create_user: %d\n", __LINE__)); /* grab the samr create user */ - samr_io_q_create_user("", &q_u, data, 0); + if (!samr_io_q_create_user("", &q_u, data, 0)) { + DEBUG(0,("api_samr_create_user: Unable to unmarshall SAMR_Q_CREATE_USER.\n")); + return False; + } /* find the policy handle. open a policy on it. */ if ((find_lsa_policy_by_hnd(&q_u.pol) == -1)) { @@ -1885,6 +1888,13 @@ static BOOL api_samr_create_user(pipes_struct *p) local_flags=LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_SET_NO_PASSWORD; local_flags|= (q_u.acb_info & ACB_WSTRUST) ? LOCAL_TRUST_ACCOUNT:0; + /* + * NB. VERY IMPORTANT ! This call must be done as the current pipe user, + * *NOT* surrounded by a become_root()/unbecome_root() call. This ensures + * that only people with write access to the smbpasswd file will be able + * to create a user. JRA. + */ + if (!local_password_change(mach_acct, local_flags, NULL, err_str, sizeof(err_str), msg_str, sizeof(msg_str))) { DEBUG(0, ("%s\n", err_str)); r_u.status = NT_STATUS_ACCESS_DENIED; |