From a43c8c6e936b14bce762338b1c818771fd6fbe47 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 26 Feb 2015 08:36:47 -0500
Subject: [PATCH] Merged #239 "Remote Leakage Of Shared Buffers In Jetty Web Server [CVE-2015-2080]"

---
 src/main/java/com/gitblit/auth/WindowsAuthProvider.java |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
index 93cae04..ac15b28 100644
--- a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
@@ -158,9 +158,11 @@
        		groupNames.add(group.getFqn());
         }
 
-        if (groupNames.contains("BUILTIN\\Administrators")) {
-        	// local administrator
-        	user.canAdmin = true;
+       	if (settings.getBoolean(Keys.realm.windows.permitBuiltInAdministrators, true)) {
+       		if (groupNames.contains("BUILTIN\\Administrators")) {
+       			// local administrator
+       			user.canAdmin = true;
+       		}
         }
 
         // TODO consider mapping Windows groups to teams

--
Gitblit v1.9.1