[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-533-g72101a7

Günther Deschner gd at samba.org
Fri Mar 28 22:44:36 GMT 2008 

The branch, v3-2-test has been updated
       via  72101a7d0868b19a413b17f8142637f92c6cdad5 (commit)
      from  235c056a0ecbb70b21a2572d42c32067dd699988 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 72101a7d0868b19a413b17f8142637f92c6cdad5
Author: Günther Deschner <gd at samba.org>
Date:   Fri Mar 28 23:39:57 2008 +0100

    Add some paranoia fixes for _wkssvc_NetrJoinDomain2/UnjoinDomain2.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source/rpc_server/srv_wkssvc_nt.c |   24 ++++++++++++++++++++++--
 1 files changed, 22 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/rpc_server/srv_wkssvc_nt.c b/source/rpc_server/srv_wkssvc_nt.c
index f864aad..32d315f 100644
--- a/source/rpc_server/srv_wkssvc_nt.c
+++ b/source/rpc_server/srv_wkssvc_nt.c
@@ -4,7 +4,8 @@
  *
  *  Copyright (C) Andrew Tridgell		1992-1997,
  *  Copyright (C) Gerald (Jerry) Carter		2006.
- *  
+ *  Copyright (C) Guenther Deschner		2007-2008.
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 3 of the License, or
@@ -298,6 +299,10 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
 		return WERR_INVALID_PARAM;
 	}
 
+	if (!r->in.admin_account || !r->in.encrypted_password) {
+		return WERR_INVALID_PARAM;
+	}
+
 	if (!user_has_privileges(token, &se_machine_account) &&
 	    !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
 	    !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
@@ -306,6 +311,11 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
 		return WERR_ACCESS_DENIED;
 	}
 
+	if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED) ||
+	    (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
+		return WERR_NOT_SUPPORTED;
+	}
+
 	werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
 						  r->in.encrypted_password,
 						  &p->session_key,
@@ -336,7 +346,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
 	unbecome_root();
 
 	if (!W_ERROR_IS_OK(werr)) {
-		DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join gave %s\n",
+		DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join failed with: %s\n",
 			j->out.error_string ? j->out.error_string :
 			dos_errstr(werr)));
 	}
@@ -359,6 +369,10 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
 	WERROR werr;
 	struct nt_user_token *token = p->pipe_user.nt_user_token;
 
+	if (!r->in.account || !r->in.encrypted_password) {
+		return WERR_INVALID_PARAM;
+	}
+
 	if (!user_has_privileges(token, &se_machine_account) &&
 	    !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
 	    !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
@@ -396,6 +410,12 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
 	werr = libnet_Unjoin(p->mem_ctx, u);
 	unbecome_root();
 
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(5,("_wkssvc_NetrUnjoinDomain2: libnet_Unjoin failed with: %s\n",
+			u->out.error_string ? u->out.error_string :
+			dos_errstr(werr)));
+	}
+
 	TALLOC_FREE(u);
 	return werr;
 }


-- 
Samba Shared Repository

More information about the samba-cvs mailing list