sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00
Code

s3: Lock down some srvsvc calls according to what w2k3 seems to do

Browse Source
This commit is contained in:
Volker Lendecke 2010-01-07 11:47:09 +01:00
parent 7248873b48
commit 8289b46173
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
source3/rpc_server/srv_srvsvc_nt.c
View File

@ -1033,6 +1033,13 @@ WERROR _srvsvc_NetFileEnum(pipes_struct *p,
return WERR_UNKNOWN_LEVEL;
}
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
p->server_info->ptok)) {
DEBUG(1, ("Enumerating files only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
}
ctx = talloc_tos();
ctr3 = r->in.info_ctr->ctr.ctr3;
if (!ctr3) {
@ -1185,6 +1192,13 @@ WERROR _srvsvc_NetConnEnum(pipes_struct *p,
DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__));
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
p->server_info->ptok)) {
DEBUG(1, ("Enumerating connections only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
}
switch (r->in.info_ctr->level) {
case 0:
werr = init_srv_conn_info_0(r->in.info_ctr->ctr.ctr0,
@ -1216,6 +1230,13 @@ WERROR _srvsvc_NetSessEnum(pipes_struct *p,
DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__));
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
p->server_info->ptok)) {
DEBUG(1, ("Enumerating sessions only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
}
switch (r->in.info_ctr->level) {
case 0:
werr = init_srv_sess_info_0(p,