s3-netlogon: make sure we protect some function codes in _netr_LogonControl2Ex().

author Günther Deschner <gd@samba.org>

Tue, 3 Nov 2009 23:34:29 +0000 (00:34 +0100)

committer Günther Deschner <gd@samba.org>

Tue, 3 Nov 2009 23:55:49 +0000 (00:55 +0100)
author Günther Deschner <gd@samba.org>
Tue, 3 Nov 2009 23:34:29 +0000 (00:34 +0100)
committer Günther Deschner <gd@samba.org>
Tue, 3 Nov 2009 23:55:49 +0000 (00:55 +0100)
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c

index d5740c06f10c5729be75a6fb1d16ff49fb34f57a..c4974558586c8955a0a516a3f13a7466baad5488 100644 (file)
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -192,6 +192,19 @@ WERROR _netr_LogonControl2Ex(pipes_struct *p,
                 return WERR_INVALID_PARAM;
         }
  
+       switch (r->in.function_code) {
+       case NETLOGON_CONTROL_TC_VERIFY:
+       case NETLOGON_CONTROL_CHANGE_PASSWORD:
+       case NETLOGON_CONTROL_REDISCOVER:
+               if (!nt_token_check_domain_rid(p->server_info->ptok, DOMAIN_GROUP_RID_ADMINS) &&
+                   !nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->ptok)) {
+                       return WERR_ACCESS_DENIED;
+               }
+               break;
+       default:
+               break;
+       }
+
         tc_status = WERR_NO_SUCH_DOMAIN;
  
         switch (r->in.function_code) {
author	Günther Deschner <gd@samba.org>
	Tue, 3 Nov 2009 23:34:29 +0000 (00:34 +0100)
committer	Günther Deschner <gd@samba.org>
	Tue, 3 Nov 2009 23:55:49 +0000 (00:55 +0100)