sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

r22504: Fix bug Jerry found during his tutorial. Sorry :-(

Browse Source 
Allows authorized users (e.g. BUILTIN\Administrators members) to
set attributes on an account, particularly "user cannot change
password".

add become_root() around updating attributes, after checking that
access has been granted.
This commit is contained in:
Jim McDonough 2007-04-24 15:56:02 +00:00 committed by Gerald (Jerry) Carter
parent dcc6517d9d
commit b1ab360519
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source/rpc_server/srv_samr_nt.c
View File

@ -724,7 +724,12 @@ NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_
return NT_STATUS_ACCESS_DENIED;
}
status = pdb_update_sam_account(sampass);
status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj");
if NT_STATUS_IS_OK(status) {
become_root();
status = pdb_update_sam_account(sampass);
unbecome_root();
}
TALLOC_FREE(sampass);