s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  6 11:50:40 CEST 2012 on sn-devel-104

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index e8fd7920d47d0b372d04cc5fc47af54ba5335b4b..07d5c2ff862e098b63a1b69df846d468aa353e83 100644 (file)
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -668,11 +668,16 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
                                TALLOC_CTX *mem_ctx,
                                struct lsa_LookupSids3 *r)
 {
+       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
        struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
        struct lsa_policy_state *policy_state;
        struct lsa_LookupSids2 q;
        NTSTATUS status;
 
+       if (transport != NCACN_IP_TCP) {
+               DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+       }
+
        /*
         * We don't have policy handles on this call. So this must be restricted
         * to crypto connections only.
@@ -886,11 +891,16 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
 NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                 struct lsa_LookupNames4 *r)
 {
+       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
        struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
        struct lsa_policy_state *policy_state;
        struct lsa_LookupNames3 q;
        NTSTATUS status;
 
+       if (transport != NCACN_IP_TCP) {
+               DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+       }
+
        /*
         * We don't have policy handles on this call. So this must be restricted
         * to crypto connections only.