From 1a12bbd5d8a328ae91b8513a47e76c4e32607df4 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 29 Jun 2012 16:41:29 +0200 Subject: s4-lsarpc: Restrict LookupNames4 to crypto connections only. --- source4/rpc_server/lsa/lsa_lookup.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'source4') diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index dffd2a572f..0855b9dfce 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -861,10 +861,20 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_LookupNames4 *r) { + struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info; struct lsa_policy_state *policy_state; struct lsa_LookupNames3 q; NTSTATUS status; + /* + * We don't have policy handles on this call. So this must be restricted + * to crypto connections only. + */ + if (auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL || + auth_info->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &policy_state); if (!NT_STATUS_IS_OK(status)) { return status; -- cgit