From 6744ca0a369ef85858b6e1a129649cd175187e51 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Sep 2001 11:13:55 +0000 Subject: More updates to prevent account-guessing. This moves the check that ensures that the account being looked up is the same account as the machine logged in as to the front, before we even start with passdb. Merge for 2.2.2? Andrew Bartlett (This used to be commit f7ed0ecc14aeba5ad260f24a76ced70cf52f8e48) --- source3/rpc_server/srv_netlog_nt.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 173c4218cb..bf615682d3 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -391,6 +391,16 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct)); + /* + * Check the machine account name we're changing is the same + * as the one we've authenticated from. This prevents arbitrary + * machines changing other machine account passwords. + */ + + if (!strequal(mach_acct, p->dc.mach_acct)) { + return NT_STATUS_ACCESS_DENIED; + } + pdb_init_sam(&sampass); become_root(); @@ -403,18 +413,6 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * pdb_free_sam(sampass); return NT_STATUS_NO_SUCH_USER; } - - /* - * Check the machine account name we're changing is the same - * as the one we've authenticated from. This prevents arbitrary - * machines changing other machine account passwords. - */ - - if (!strequal(mach_acct, p->dc.mach_acct)) { - pdb_free_sam(sampass); - return NT_STATUS_ACCESS_DENIED; - } - DEBUG(100,("Server password set : new given value was :\n")); for(i = 0; i < 16; i++) -- cgit