summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2008-03-28 23:39:57 +0100
committerGünther Deschner <gd@samba.org>2008-03-28 23:43:31 +0100
commit921bdec52d449a23fc58b726489d7ffce58cd9e8 (patch)
treedefc3a5c5ca2bc7a77bd8aa11d6ef2ac9f64f082 /source3/rpc_server
parente191b0edd534d13e9bdbe62a56d41a240f33f001 (diff)
downloadsamba-921bdec52d449a23fc58b726489d7ffce58cd9e8.tar.gz
samba-921bdec52d449a23fc58b726489d7ffce58cd9e8.tar.bz2
samba-921bdec52d449a23fc58b726489d7ffce58cd9e8.zip
Add some paranoia fixes for _wkssvc_NetrJoinDomain2/UnjoinDomain2.
Guenther (This used to be commit 72101a7d0868b19a413b17f8142637f92c6cdad5)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c24
1 files changed, 22 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index f864aad86a..32d315f96f 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -4,7 +4,8 @@
*
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Gerald (Jerry) Carter 2006.
- *
+ * Copyright (C) Guenther Deschner 2007-2008.
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
@@ -298,6 +299,10 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
return WERR_INVALID_PARAM;
}
+ if (!r->in.admin_account || !r->in.encrypted_password) {
+ return WERR_INVALID_PARAM;
+ }
+
if (!user_has_privileges(token, &se_machine_account) &&
!nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
!nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
@@ -306,6 +311,11 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
return WERR_ACCESS_DENIED;
}
+ if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED) ||
+ (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
+ return WERR_NOT_SUPPORTED;
+ }
+
werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
r->in.encrypted_password,
&p->session_key,
@@ -336,7 +346,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
unbecome_root();
if (!W_ERROR_IS_OK(werr)) {
- DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join gave %s\n",
+ DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join failed with: %s\n",
j->out.error_string ? j->out.error_string :
dos_errstr(werr)));
}
@@ -359,6 +369,10 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
WERROR werr;
struct nt_user_token *token = p->pipe_user.nt_user_token;
+ if (!r->in.account || !r->in.encrypted_password) {
+ return WERR_INVALID_PARAM;
+ }
+
if (!user_has_privileges(token, &se_machine_account) &&
!nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
!nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
@@ -396,6 +410,12 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
werr = libnet_Unjoin(p->mem_ctx, u);
unbecome_root();
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(5,("_wkssvc_NetrUnjoinDomain2: libnet_Unjoin failed with: %s\n",
+ u->out.error_string ? u->out.error_string :
+ dos_errstr(werr)));
+ }
+
TALLOC_FREE(u);
return werr;
}