s4-rpc_server: limit allowed transports for samr_ValidatePassword().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index d987fbaaef720287d8c11cda9a5b48b0303c0378..3826075ebcd08968c12565bb9ff6888a9cd2f5d6 100644 (file)
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -4290,6 +4290,11 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
        DATA_BLOB password;
        enum samr_ValidationStatus res;
        NTSTATUS status;
+       enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
+
+       if (transport != NCACN_IP_TCP && transport != NCALRPC) {
+               DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+       }
 
        (*r->out.rep) = talloc_zero(mem_ctx, union samr_ValidatePasswordRep);