From c3bd192703c6a0360f6fa7eef9e13bc32949c5eb Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 3 Jun 2002 03:02:39 +0000 Subject: Restrict anonymous checks for the SAMR pipe. This is done by returning access denied for a SAMR_CONNECT by an anonymous user which seems to be the way 2K does it rather than blocking individual RPC calls like NT. Also checked is the SAMR_GET_DOM_PWINFO rpc which for some reason doesn't require a policy handle to return information. No idea what it's actually used. (This used to be commit 40c68fa85c31c1baf7ba2c8ed62cd06c34711913) --- source3/rpc_server/srv_samr_nt.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 7c16bc7128..066a293414 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2026,6 +2026,14 @@ NTSTATUS _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CO { struct samr_info *info = NULL; + /* Access check */ + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_connect_anon\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + /* set up the SAMR connect_anon response */ r_u->status = NT_STATUS_OK; @@ -2053,6 +2061,14 @@ NTSTATUS _samr_connect(pipes_struct *p, SAMR_Q_CONNECT *q_u, SAMR_R_CONNECT *r_u DEBUG(5,("_samr_connect: %d\n", __LINE__)); + /* Access check */ + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_connect\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + r_u->status = NT_STATUS_OK; /* associate the user's SID with the new handle. */ @@ -3594,7 +3610,18 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_ NTSTATUS _samr_get_dom_pwinfo(pipes_struct *p, SAMR_Q_GET_DOM_PWINFO *q_u, SAMR_R_GET_DOM_PWINFO *r_u) { + /* Perform access check. Since this rpc does not require a + policy handle it will not be caught by the access checks on + SAMR_CONNECT or SAMR_CONNECT_ANON. */ + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_get_dom_pwinfo\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + /* Actually, returning zeros here works quite well :-). */ + return NT_STATUS_OK; } -- cgit