summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2012-06-29 17:59:36 +0200
committerAndreas Schneider <asn@cryptomilk.org>2012-07-06 11:50:40 +0200
commita49eb60e041a55122ce04ed6f576c2ba09c11fe3 (patch)
tree5c27ce0aea288e1166c987003f9a10a25c046578
parent1744e99d0a339824a4e73038dccd673920f0c7bb (diff)
downloadsamba-a49eb60e041a55122ce04ed6f576c2ba09c11fe3.tar.gz
samba-a49eb60e041a55122ce04ed6f576c2ba09c11fe3.tar.bz2
samba-a49eb60e041a55122ce04ed6f576c2ba09c11fe3.zip
s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jul 6 11:50:40 CEST 2012 on sn-devel-104
-rw-r--r--source4/rpc_server/lsa/lsa_lookup.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index e8fd7920d4..07d5c2ff86 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -668,11 +668,16 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_LookupSids3 *r)
{
+ enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
struct lsa_policy_state *policy_state;
struct lsa_LookupSids2 q;
NTSTATUS status;
+ if (transport != NCACN_IP_TCP) {
+ DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+ }
+
/*
* We don't have policy handles on this call. So this must be restricted
* to crypto connections only.
@@ -886,11 +891,16 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_LookupNames4 *r)
{
+ enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
struct lsa_policy_state *policy_state;
struct lsa_LookupNames3 q;
NTSTATUS status;
+ if (transport != NCACN_IP_TCP) {
+ DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+ }
+
/*
* We don't have policy handles on this call. So this must be restricted
* to crypto connections only.