git.samba.org
/
obnox
/
samba
/
samba-obnox.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
f794e8d
)
s4-lsasrv: make sure only admins can alter privileges
author
Andrew Tridgell
<tridge@samba.org>
Fri, 16 Oct 2009 07:22:48 +0000
(18:22 +1100)
committer
Andrew Tridgell
<tridge@samba.org>
Sat, 17 Oct 2009 02:01:02 +0000
(13:01 +1100)
source4/rpc_server/lsa/dcesrv_lsa.c
patch
|
blob
|
history
diff --git
a/source4/rpc_server/lsa/dcesrv_lsa.c
b/source4/rpc_server/lsa/dcesrv_lsa.c
index 0a5fc54d684e151514d68fa50dbcdc9c8d5576a9..0e6a55ec2f5df42d6c948179e58c1161a0ad0d5b 100644
(file)
--- a/
source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/
source4/rpc_server/lsa/dcesrv_lsa.c
@@
-1939,6
+1939,12
@@
static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_
struct lsa_EnumAccountRights r2;
char *dnstr;
+ if (security_session_user_level(dce_call->conn->auth_state.session_info) <
+ SECURITY_ADMINISTRATOR) {
+ DEBUG(0,("lsa_AddRemoveAccount refused for supplied security token\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;