s4-lsarpc: Restrict LookupNames4 to crypto connections only.

author Andreas Schneider <asn@samba.org>

Fri, 29 Jun 2012 14:41:29 +0000 (16:41 +0200)

committer Andreas Schneider <asn@cryptomilk.org>

Fri, 6 Jul 2012 08:00:58 +0000 (10:00 +0200)
author Andreas Schneider <asn@samba.org>
Fri, 29 Jun 2012 14:41:29 +0000 (16:41 +0200)
committer Andreas Schneider <asn@cryptomilk.org>
Fri, 6 Jul 2012 08:00:58 +0000 (10:00 +0200)
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c

index dffd2a572fa0dfba3fb9ba31bb28faed476ebdf2..0855b9dfce741ff1db962b1b09bd734c4bdb7697 100644 (file)
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -861,10 +861,20 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
  NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                  struct lsa_LookupNames4 *r)
  {
+       struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
         struct lsa_policy_state *policy_state;
         struct lsa_LookupNames3 q;
         NTSTATUS status;
  
+       /*
+        * We don't have policy handles on this call. So this must be restricted
+        * to crypto connections only.
+        */
+       if (auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
+           auth_info->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+               DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+       }
+
         status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &policy_state);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
author	Andreas Schneider <asn@samba.org>
	Fri, 29 Jun 2012 14:41:29 +0000 (16:41 +0200)
committer	Andreas Schneider <asn@cryptomilk.org>
	Fri, 6 Jul 2012 08:00:58 +0000 (10:00 +0200)