svn commit: samba r22504 - in branches: SAMBA_3_0/source/rpc_server
SAMBA_3_0_25/source/rpc_server
jmcd at samba.org
jmcd at samba.org
Tue Apr 24 15:56:02 GMT 2007
Author: jmcd
Date: 2007-04-24 15:56:02 +0000 (Tue, 24 Apr 2007)
New Revision: 22504
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22504
Log:
Fix bug Jerry found during his tutorial. Sorry :-(
Allows authorized users (e.g. BUILTIN\Administrators members) to
set attributes on an account, particularly "user cannot change
password".
add become_root() around updating attributes, after checking that
access has been granted.
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2007-04-24 13:55:04 UTC (rev 22503)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2007-04-24 15:56:02 UTC (rev 22504)
@@ -724,7 +724,12 @@
return NT_STATUS_ACCESS_DENIED;
}
- status = pdb_update_sam_account(sampass);
+ status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj");
+ if NT_STATUS_IS_OK(status) {
+ become_root();
+ status = pdb_update_sam_account(sampass);
+ unbecome_root();
+ }
TALLOC_FREE(sampass);
Modified: branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c 2007-04-24 13:55:04 UTC (rev 22503)
+++ branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c 2007-04-24 15:56:02 UTC (rev 22504)
@@ -739,7 +739,12 @@
return NT_STATUS_ACCESS_DENIED;
}
- status = pdb_update_sam_account(sampass);
+ status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj");
+ if NT_STATUS_IS_OK(status) {
+ become_root();
+ status = pdb_update_sam_account(sampass);
+ unbecome_root();
+ }
TALLOC_FREE(sampass);
More information about the samba-cvs
mailing list