diff options
author | Stefan Metzmacher <metze@samba.org> | 2010-10-23 11:02:43 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2010-10-23 11:02:43 +0200 |
commit | f0879fc3b2dbdf9508443429cdb242f759d31cfe (patch) | |
tree | d0ebba3e8661f7f611837cb32bbc96170f7fff02 | |
parent | c2696b2ec37815a1bc0594295b6fe81b3e156c11 (diff) | |
download | samba-f0879fc3b2dbdf9508443429cdb242f759d31cfe.tar.gz samba-f0879fc3b2dbdf9508443429cdb242f759d31cfe.tar.bz2 samba-f0879fc3b2dbdf9508443429cdb242f759d31cfe.zip |
s4:rpc_server/netlogon: netr_ServerAuthenticate3 should reject invalid sec_channel_types early
metze
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 0f4d7465b5..1e45207da9 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -125,6 +125,19 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca NETLOGON_NEG_AUTHENTICATED_RPC_LSASS | NETLOGON_NEG_AUTHENTICATED_RPC; + switch (r->in.secure_channel_type) { + case SEC_CHAN_WKSTA: + case SEC_CHAN_DNS_DOMAIN: + case SEC_CHAN_DOMAIN: + case SEC_CHAN_BDC: + case SEC_CHAN_RODC: + break; + default: + DEBUG(1, ("Client asked for an invalid secure channel type: %d\n", + r->in.secure_channel_type)); + return NT_STATUS_INVALID_PARAMETER; + } + sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx), 0); if (sam_ctx == NULL) { @@ -221,9 +234,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca return NT_STATUS_ACCESS_DENIED; } } else { - DEBUG(1, ("Client asked for an invalid secure channel type: %d\n", - r->in.secure_channel_type)); - return NT_STATUS_ACCESS_DENIED; + /* we should never reach this */ + return NT_STATUS_INTERNAL_ERROR; } *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0], |