diff options
| author | Jeremy Allison <jra@samba.org> | 2008-03-28 17:31:33 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2008-03-28 17:31:33 -0700 |
| commit | fba9aa4ecf39eee157f5a24e3bc58b68809f092d (patch) | |
| tree | 7439d9e1982fad473330ac0762e2560a2fea143e /source3/rpc_server | |
| parent | e00bfc509219cce65168f9ef4532eeff09e6f5fb (diff) | |
| parent | 9e328fe94281a0ac35d3fd2117f55aaf329e3972 (diff) | |
| download | samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.tar.gz samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.tar.bz2 samba-fba9aa4ecf39eee157f5a24e3bc58b68809f092d.zip | |
Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test
(This used to be commit 985bd1e642b6e54f1bc95cd4cfcceb96107e383d)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_wkssvc_nt.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index f864aad86a..32d315f96f 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -4,7 +4,8 @@ * * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Gerald (Jerry) Carter 2006. - * + * Copyright (C) Guenther Deschner 2007-2008. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -298,6 +299,10 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, return WERR_INVALID_PARAM; } + if (!r->in.admin_account || !r->in.encrypted_password) { + return WERR_INVALID_PARAM; + } + if (!user_has_privileges(token, &se_machine_account) && !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) { @@ -306,6 +311,11 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, return WERR_ACCESS_DENIED; } + if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED) || + (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) { + return WERR_NOT_SUPPORTED; + } + werr = decode_wkssvc_join_password_buffer(p->mem_ctx, r->in.encrypted_password, &p->session_key, @@ -336,7 +346,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, unbecome_root(); if (!W_ERROR_IS_OK(werr)) { - DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join gave %s\n", + DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join failed with: %s\n", j->out.error_string ? j->out.error_string : dos_errstr(werr))); } @@ -359,6 +369,10 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, WERROR werr; struct nt_user_token *token = p->pipe_user.nt_user_token; + if (!r->in.account || !r->in.encrypted_password) { + return WERR_INVALID_PARAM; + } + if (!user_has_privileges(token, &se_machine_account) && !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) && !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) { @@ -396,6 +410,12 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, werr = libnet_Unjoin(p->mem_ctx, u); unbecome_root(); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(5,("_wkssvc_NetrUnjoinDomain2: libnet_Unjoin failed with: %s\n", + u->out.error_string ? u->out.error_string : + dos_errstr(werr))); + } + TALLOC_FREE(u); return werr; } |