s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np

[mat/samba.git] / source4 / rpc_server / lsa / lsa_lookup.c

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index b96adaa13d0562b45a08efe453a182c2e718d273..e8fd7920d47d0b372d04cc5fc47af54ba5335b4b 100644 (file)
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -639,9 +639,14 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
                                TALLOC_CTX *mem_ctx,
                                struct lsa_LookupSids2 *r)
 {
+       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
        struct lsa_policy_state *state;
        struct dcesrv_handle *h;
 
+       if (transport != NCACN_NP && transport != NCALRPC) {
+               DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+       }
+
        DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
 
        state = h->data;
@@ -716,10 +721,15 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
 NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                               struct lsa_LookupSids *r)
 {
+       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
        struct lsa_LookupSids2 r2;
        NTSTATUS status;
        uint32_t i;
 
+       if (transport != NCACN_NP && transport != NCALRPC) {
+               DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+       }
+
        ZERO_STRUCT(r2);
 
        r2.in.handle   = r->in.handle;
@@ -849,9 +859,14 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
                                 TALLOC_CTX *mem_ctx,
                                 struct lsa_LookupNames3 *r)
 {
+       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
        struct lsa_policy_state *policy_state;
        struct dcesrv_handle *policy_handle;
 
+       if (transport != NCACN_NP && transport != NCALRPC) {
+               DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+       }
+
        DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
 
        policy_state = policy_handle->data;
@@ -926,12 +941,17 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
                                 TALLOC_CTX *mem_ctx,
                                 struct lsa_LookupNames2 *r)
 {
+       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
        struct lsa_policy_state *state;
        struct dcesrv_handle *h;
        uint32_t i;
        struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
        struct lsa_RefDomainList *domains;
 
+       if (transport != NCACN_NP && transport != NCALRPC) {
+               DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+       }
+
        *r->out.domains = NULL;
 
        DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
@@ -1016,10 +1036,15 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
 NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                       struct lsa_LookupNames *r)
 {
+       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
        struct lsa_LookupNames2 r2;
        NTSTATUS status;
        uint32_t i;
 
+       if (transport != NCACN_NP && transport != NCALRPC) {
+               DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+       }
+
        ZERO_STRUCT(r2);
 
        r2.in.handle    = r->in.handle;