From a49eb60e041a55122ce04ed6f576c2ba09c11fe3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 29 Jun 2012 17:59:36 +0200
Subject: [PATCH] s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  6 11:50:40 CEST 2012 on sn-devel-104
---
 source4/rpc_server/lsa/lsa_lookup.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index e8fd7920d4..07d5c2ff86 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -668,11 +668,16 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
 				TALLOC_CTX *mem_ctx,
 				struct lsa_LookupSids3 *r)
 {
+	enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
 	struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
 	struct lsa_policy_state *policy_state;
 	struct lsa_LookupSids2 q;
 	NTSTATUS status;
 
+	if (transport != NCACN_IP_TCP) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
 	/*
 	 * We don't have policy handles on this call. So this must be restricted
 	 * to crypto connections only.
@@ -886,11 +891,16 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
 NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 				 struct lsa_LookupNames4 *r)
 {
+	enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
 	struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
 	struct lsa_policy_state *policy_state;
 	struct lsa_LookupNames3 q;
 	NTSTATUS status;
 
+	if (transport != NCACN_IP_TCP) {
+		DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+	}
+
 	/*
 	 * We don't have policy handles on this call. So this must be restricted
 	 * to crypto connections only.
-- 
2.34.1