diff options
author | Günther Deschner <gd@samba.org> | 2008-03-28 23:39:57 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2008-03-28 23:43:31 +0100 |
commit | 921bdec52d449a23fc58b726489d7ffce58cd9e8 (patch) | |
tree | defc3a5c5ca2bc7a77bd8aa11d6ef2ac9f64f082 /source3/rpc_server | |
parent | e191b0edd534d13e9bdbe62a56d41a240f33f001 (diff) | |
download | samba-921bdec52d449a23fc58b726489d7ffce58cd9e8.tar.gz samba-921bdec52d449a23fc58b726489d7ffce58cd9e8.tar.bz2 samba-921bdec52d449a23fc58b726489d7ffce58cd9e8.zip |
Add some paranoia fixes for _wkssvc_NetrJoinDomain2/UnjoinDomain2.
Guenther
(This used to be commit 72101a7d0868b19a413b17f8142637f92c6cdad5)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_wkssvc_nt.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index f864aad86a..32d315f96f 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -4,7 +4,8 @@ * * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Gerald (Jerry) Carter 2006. - * + * Copyright (C) Guenther Deschner 2007-2008. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -298,6 +299,10 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, return WERR_INVALID_PARAM; } + if (!r->in.admin_account || !r->in.encrypted_password) { + return WERR_INVALID_PARAM; + } + if (!user_has_privileges(token, &se_machine_account) && !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) { @@ -306,6 +311,11 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, return WERR_ACCESS_DENIED; } + if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED) || + (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) { + return WERR_NOT_SUPPORTED; + } + werr = decode_wkssvc_join_password_buffer(p->mem_ctx, r->in.encrypted_password, &p->session_key, @@ -336,7 +346,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, unbecome_root(); if (!W_ERROR_IS_OK(werr)) { - DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join gave %s\n", + DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join failed with: %s\n", j->out.error_string ? j->out.error_string : dos_errstr(werr))); } @@ -359,6 +369,10 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, WERROR werr; struct nt_user_token *token = p->pipe_user.nt_user_token; + if (!r->in.account || !r->in.encrypted_password) { + return WERR_INVALID_PARAM; + } + if (!user_has_privileges(token, &se_machine_account) && !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) { @@ -396,6 +410,12 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, werr = libnet_Unjoin(p->mem_ctx, u); unbecome_root(); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(5,("_wkssvc_NetrUnjoinDomain2: libnet_Unjoin failed with: %s\n", + u->out.error_string ? u->out.error_string : + dos_errstr(werr))); + } + TALLOC_FREE(u); return werr; } |