[SCM] Samba Shared Repository - branch v3-5-test updated

Volker Lendecke vlendec at samba.org
Thu Jan 7 04:02:25 MST 2010 

The branch, v3-5-test has been updated
       via  ea7d299... s3: Lock down some srvsvc calls according to what w2k3 seems to do
      from  22ee5d4... WHATSNEW: Update changes.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit ea7d2995f383e183ef4d8a21705a343581e71f4a
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jan 7 11:47:09 2010 +0100

    s3: Lock down some srvsvc calls according to what w2k3 seems to do

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_srvsvc_nt.c |   21 +++++++++++++++++++++
 1 files changed, 21 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index d35557e..a2d1d07 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1033,6 +1033,13 @@ WERROR _srvsvc_NetFileEnum(pipes_struct *p,
 		return WERR_UNKNOWN_LEVEL;
 	}
 
+	if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+				p->server_info->ptok)) {
+		DEBUG(1, ("Enumerating files only allowed for "
+			  "administrators\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
 	ctx = talloc_tos();
 	ctr3 = r->in.info_ctr->ctr.ctr3;
 	if (!ctr3) {
@@ -1185,6 +1192,13 @@ WERROR _srvsvc_NetConnEnum(pipes_struct *p,
 
 	DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__));
 
+	if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+				p->server_info->ptok)) {
+		DEBUG(1, ("Enumerating connections only allowed for "
+			  "administrators\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
 	switch (r->in.info_ctr->level) {
 		case 0:
 			werr = init_srv_conn_info_0(r->in.info_ctr->ctr.ctr0,
@@ -1216,6 +1230,13 @@ WERROR _srvsvc_NetSessEnum(pipes_struct *p,
 
 	DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__));
 
+	if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+				p->server_info->ptok)) {
+		DEBUG(1, ("Enumerating sessions only allowed for "
+			  "administrators\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
 	switch (r->in.info_ctr->level) {
 		case 0:
 			werr = init_srv_sess_info_0(p,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list