From d94f3e3db35580af366017e100b2047b96d85a9d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 01:21:49 +0100 Subject: s3-samr: avoid enumeration and user creation on builtin domain handle. Guenther --- source3/rpc_server/srv_samr_nt.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 4b8fa67208..71eec0a59c 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1484,6 +1484,11 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; + if (info->builtin_domain) { + DEBUG(5,("_samr_QueryDisplayInfo: Nothing in BUILTIN\n")); + return NT_STATUS_OK; + } + status = access_check_samr_function(info->acc_granted, SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, "_samr_QueryDisplayInfo"); @@ -3281,6 +3286,11 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, &disp_info)) return NT_STATUS_INVALID_HANDLE; + if (disp_info->builtin_domain) { + DEBUG(5,("_samr_CreateUser2: Refusing user create in BUILTIN\n")); + return NT_STATUS_ACCESS_DENIED; + } + nt_status = access_check_samr_function(acc_granted, SAMR_DOMAIN_ACCESS_CREATE_USER, "_samr_CreateUser2"); -- cgit