summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server/lsa')
-rw-r--r--source4/rpc_server/lsa/lsa_lookup.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index dffd2a572f..0855b9dfce 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -861,10 +861,20 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct lsa_LookupNames4 *r)
{
+ struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
struct lsa_policy_state *policy_state;
struct lsa_LookupNames3 q;
NTSTATUS status;
+ /*
+ * We don't have policy handles on this call. So this must be restricted
+ * to crypto connections only.
+ */
+ if (auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
+ auth_info->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+ DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+ }
+
status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &policy_state);
if (!NT_STATUS_IS_OK(status)) {
return status;