diff options
author | Andreas Schneider <asn@samba.org> | 2012-06-29 16:41:29 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2012-07-06 10:00:58 +0200 |
commit | 1a12bbd5d8a328ae91b8513a47e76c4e32607df4 (patch) | |
tree | f10d029c60bc565bb6f41b1cb508cf8a1f0dea61 | |
parent | 13a7f98f9f9a6dd26d0a2ab73ca8d0b40fc441e2 (diff) | |
download | samba-1a12bbd5d8a328ae91b8513a47e76c4e32607df4.tar.gz samba-1a12bbd5d8a328ae91b8513a47e76c4e32607df4.tar.bz2 samba-1a12bbd5d8a328ae91b8513a47e76c4e32607df4.zip |
s4-lsarpc: Restrict LookupNames4 to crypto connections only.
-rw-r--r-- | source4/rpc_server/lsa/lsa_lookup.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index dffd2a572f..0855b9dfce 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -861,10 +861,20 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_LookupNames4 *r) { + struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info; struct lsa_policy_state *policy_state; struct lsa_LookupNames3 q; NTSTATUS status; + /* + * We don't have policy handles on this call. So this must be restricted + * to crypto connections only. + */ + if (auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL || + auth_info->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &policy_state); if (!NT_STATUS_IS_OK(status)) { return status; |