From ccdd1462cc8d7e5e067b5f3d6122ee8765921b4f Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Wed, 4 Nov 2009 00:34:29 +0100
Subject: s3-netlogon: make sure we protect some function codes in
 _netr_LogonControl2Ex().

Guenther
---
 source3/rpc_server/srv_netlog_nt.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'source3/rpc_server/srv_netlog_nt.c')

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index d5740c06f1..c497455858 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -192,6 +192,19 @@ WERROR _netr_LogonControl2Ex(pipes_struct *p,
 		return WERR_INVALID_PARAM;
 	}
 
+	switch (r->in.function_code) {
+	case NETLOGON_CONTROL_TC_VERIFY:
+	case NETLOGON_CONTROL_CHANGE_PASSWORD:
+	case NETLOGON_CONTROL_REDISCOVER:
+		if (!nt_token_check_domain_rid(p->server_info->ptok, DOMAIN_GROUP_RID_ADMINS) &&
+		    !nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->ptok)) {
+			return WERR_ACCESS_DENIED;
+		}
+		break;
+	default:
+		break;
+	}
+
 	tc_status = WERR_NO_SUCH_DOMAIN;
 
 	switch (r->in.function_code) {
-- 
cgit