sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00
Code

s3-netlogon: enable RPC-NETLOGON-ADMIN test against s3.

Browse Source 
Guenther
This commit is contained in:
Günther Deschner 2009-11-09 17:34:47 +01:00
parent e9c6984cb6
commit d7ce873391
2 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
source3/rpc_server/srv_netlog_nt.c
View File

@ -177,6 +177,7 @@ WERROR _netr_LogonControl2Ex(pipes_struct *p,
struct netr_NETLOGON_INFO_3 *info3;
struct netr_NETLOGON_INFO_4 *info4;
const char *fn;
uint32_t acct_ctrl;
switch (p->hdr_req.opnum) {
case NDR_NETR_LOGONCONTROL:
@ -192,12 +193,16 @@ WERROR _netr_LogonControl2Ex(pipes_struct *p,
return WERR_INVALID_PARAM;
}
acct_ctrl = pdb_get_acct_ctrl(p->server_info->sam_account);
switch (r->in.function_code) {
case NETLOGON_CONTROL_TC_VERIFY:
case NETLOGON_CONTROL_CHANGE_PASSWORD:
case NETLOGON_CONTROL_REDISCOVER:
if (!nt_token_check_domain_rid(p->server_info->ptok, DOMAIN_GROUP_RID_ADMINS) &&
!nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->ptok)) {
if ((geteuid() != sec_initial_uid()) &&
!nt_token_check_domain_rid(p->server_info->ptok, DOMAIN_RID_ADMINS) &&
!nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->ptok) &&
!(acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST))) {
return WERR_ACCESS_DENIED;
}
break;
@ -215,9 +220,23 @@ WERROR _netr_LogonControl2Ex(pipes_struct *p,
case NETLOGON_CONTROL_SYNCHRONIZE:
case NETLOGON_CONTROL_PDC_REPLICATE:
case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
case NETLOGON_CONTROL_TRUNCATE_LOG:
case NETLOGON_CONTROL_BREAKPOINT:
return WERR_ACCESS_DENIED;
if (acct_ctrl & ACB_NORMAL) {
return WERR_NOT_SUPPORTED;
} else if (acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST)) {
return WERR_ACCESS_DENIED;
} else {
return WERR_ACCESS_DENIED;
}
case NETLOGON_CONTROL_TRUNCATE_LOG:
if (acct_ctrl & ACB_NORMAL) {
break;
} else if (acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST)) {
return WERR_ACCESS_DENIED;
} else {
return WERR_ACCESS_DENIED;
}
case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
case NETLOGON_CONTROL_FORCE_DNS_REG:
case NETLOGON_CONTROL_QUERY_DNS_REG:

3
source3/script/tests/test_posix_s3.sh
View File

@ -45,7 +45,8 @@ rpc="$rpc RPC-LSA-GETUSER RPC-LSA-LOOKUPSIDS RPC-LSA-LOOKUPNAMES"
rpc="$rpc RPC-LSA-PRIVILEGES "
rpc="$rpc RPC-SAMR RPC-SAMR-USERS RPC-SAMR-USERS-PRIVILEGES RPC-SAMR-PASSWORDS"
rpc="$rpc RPC-SAMR-PASSWORDS-PWDLASTSET RPC-SAMR-LARGE-DC RPC-SAMR-MACHINE-AUTH"
rpc="$rpc RPC-NETLOGON-S3 RPC-SCHANNEL RPC-SCHANNEL2 RPC-BENCH-SCHANNEL1 RPC-JOIN"
rpc="$rpc RPC-NETLOGON-S3 RPC-NETLOGON-ADMIN"
rpc="$rpc RPC-SCHANNEL RPC-SCHANNEL2 RPC-BENCH-SCHANNEL1 RPC-JOIN"
local="LOCAL-NSS-WRAPPER"