From: Günther Deschner <gd@samba.org>
Date: Thu, 27 Nov 2008 00:21:49 +0000 (+0100)
Subject: s3-samr: avoid enumeration and user creation on builtin domain handle.
X-Git-Tag: samba-4.0.0alpha6~480^2~99
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d94f3e3db35580af366017e100b2047b96d85a9d;p=thirdparty%2Fsamba.git

s3-samr: avoid enumeration and user creation on builtin domain handle.

Guenther
---

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 4b8fa67208a..71eec0a59ca 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1484,6 +1484,11 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
 	if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
+	if (info->builtin_domain) {
+		DEBUG(5,("_samr_QueryDisplayInfo: Nothing in BUILTIN\n"));
+		return NT_STATUS_OK;
+	}
+
 	status = access_check_samr_function(info->acc_granted,
 					    SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
 					    "_samr_QueryDisplayInfo");
@@ -3281,6 +3286,11 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
 				     &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
 
+	if (disp_info->builtin_domain) {
+		DEBUG(5,("_samr_CreateUser2: Refusing user create in BUILTIN\n"));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	nt_status = access_check_samr_function(acc_granted,
 					       SAMR_DOMAIN_ACCESS_CREATE_USER,
 					       "_samr_CreateUser2");