diff options
author | Andreas Schneider <asn@samba.org> | 2012-06-29 17:59:36 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2012-07-06 11:50:40 +0200 |
commit | a49eb60e041a55122ce04ed6f576c2ba09c11fe3 (patch) | |
tree | 5c27ce0aea288e1166c987003f9a10a25c046578 | |
parent | 1744e99d0a339824a4e73038dccd673920f0c7bb (diff) | |
download | samba-a49eb60e041a55122ce04ed6f576c2ba09c11fe3.tar.gz samba-a49eb60e041a55122ce04ed6f576c2ba09c11fe3.tar.bz2 samba-a49eb60e041a55122ce04ed6f576c2ba09c11fe3.zip |
s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 6 11:50:40 CEST 2012 on sn-devel-104
-rw-r--r-- | source4/rpc_server/lsa/lsa_lookup.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index e8fd7920d4..07d5c2ff86 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -668,11 +668,16 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_LookupSids3 *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info; struct lsa_policy_state *policy_state; struct lsa_LookupSids2 q; NTSTATUS status; + if (transport != NCACN_IP_TCP) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + /* * We don't have policy handles on this call. So this must be restricted * to crypto connections only. @@ -886,11 +891,16 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_LookupNames4 *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info; struct lsa_policy_state *policy_state; struct lsa_LookupNames3 q; NTSTATUS status; + if (transport != NCACN_IP_TCP) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + /* * We don't have policy handles on this call. So this must be restricted * to crypto connections only. |