diff options
author | Andreas Schneider <asn@samba.org> | 2012-06-25 18:53:03 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2012-07-06 10:00:57 +0200 |
commit | d1e829bbabc9d2f2fdbe2e6fde57bf1e0f441b81 (patch) | |
tree | 0c4f6eebf859e608717d57ef8346b7303727cec1 | |
parent | 426cf362ed672d44e266c18d58dff1cbe5f61c53 (diff) | |
download | samba-d1e829bbabc9d2f2fdbe2e6fde57bf1e0f441b81.tar.gz samba-d1e829bbabc9d2f2fdbe2e6fde57bf1e0f441b81.tar.bz2 samba-d1e829bbabc9d2f2fdbe2e6fde57bf1e0f441b81.zip |
s3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections.
See MS-LAT, Section 2.1 Transport.
-rw-r--r-- | source3/rpc_server/lsa/srv_lsa_nt.c | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index d74ed73fdd..4802c49591 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -1316,12 +1316,8 @@ NTSTATUS _lsa_LookupNames2(struct pipes_struct *p, return status; } -/*************************************************************************** - _lsa_LookupNames3 - ***************************************************************************/ - -NTSTATUS _lsa_LookupNames3(struct pipes_struct *p, - struct lsa_LookupNames3 *r) +static NTSTATUS _lsa_LookupNames_common(struct pipes_struct *p, + struct lsa_LookupNames3 *r) { NTSTATUS status; struct lsa_info *handle; @@ -1333,11 +1329,6 @@ NTSTATUS _lsa_LookupNames3(struct pipes_struct *p, int flags = 0; bool check_policy = true; - if (p->transport != NCACN_NP && p->transport != NCALRPC) { - p->fault_state = DCERPC_FAULT_ACCESS_DENIED; - return NT_STATUS_ACCESS_DENIED; - } - switch (p->opnum) { case NDR_LSA_LOOKUPNAMES4: check_policy = false; @@ -1412,6 +1403,21 @@ done: } /*************************************************************************** + _lsa_LookupNames3 + ***************************************************************************/ + +NTSTATUS _lsa_LookupNames3(struct pipes_struct *p, + struct lsa_LookupNames3 *r) +{ + if (p->transport != NCACN_NP && p->transport != NCALRPC) { + p->fault_state = DCERPC_FAULT_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; + } + + return _lsa_LookupNames_common(p, r); +} + +/*************************************************************************** _lsa_LookupNames4 ***************************************************************************/ @@ -1420,6 +1426,11 @@ NTSTATUS _lsa_LookupNames4(struct pipes_struct *p, { struct lsa_LookupNames3 q; + if (p->transport != NCACN_IP_TCP) { + p->fault_state = DCERPC_FAULT_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; + } + /* No policy handle on this call. Restrict to crypto connections. */ if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { DEBUG(0,("_lsa_lookup_names4: client %s not using schannel for netlogon\n", @@ -1440,7 +1451,7 @@ NTSTATUS _lsa_LookupNames4(struct pipes_struct *p, q.out.sids = r->out.sids; q.out.count = r->out.count; - return _lsa_LookupNames3(p, &q); + return _lsa_LookupNames_common(p, &q); } /*************************************************************************** |