summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-09-26 11:13:55 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-09-26 11:13:55 +0000
commit6744ca0a369ef85858b6e1a129649cd175187e51 (patch)
tree2b9c8eb5bc05c7b87cd5aa138165d388b008e0b5 /source3/rpc_server
parent345a670324ae5023cd755ba81a4d9a29031ccfc5 (diff)
downloadsamba-6744ca0a369ef85858b6e1a129649cd175187e51.tar.gz
samba-6744ca0a369ef85858b6e1a129649cd175187e51.tar.bz2
samba-6744ca0a369ef85858b6e1a129649cd175187e51.zip
More updates to prevent account-guessing.
This moves the check that ensures that the account being looked up is the same account as the machine logged in as to the front, before we even start with passdb. Merge for 2.2.2? Andrew Bartlett (This used to be commit f7ed0ecc14aeba5ad260f24a76ced70cf52f8e48)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_netlog_nt.c22
1 files changed, 10 insertions, 12 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 173c4218cb..bf615682d3 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -391,6 +391,16 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
+ /*
+ * Check the machine account name we're changing is the same
+ * as the one we've authenticated from. This prevents arbitrary
+ * machines changing other machine account passwords.
+ */
+
+ if (!strequal(mach_acct, p->dc.mach_acct)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
pdb_init_sam(&sampass);
become_root();
@@ -403,18 +413,6 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
pdb_free_sam(sampass);
return NT_STATUS_NO_SUCH_USER;
}
-
- /*
- * Check the machine account name we're changing is the same
- * as the one we've authenticated from. This prevents arbitrary
- * machines changing other machine account passwords.
- */
-
- if (!strequal(mach_acct, p->dc.mach_acct)) {
- pdb_free_sam(sampass);
- return NT_STATUS_ACCESS_DENIED;
- }
-
DEBUG(100,("Server password set : new given value was :\n"));
for(i = 0; i < 16; i++)