From 04e92459a4ea897e22374df996bf74cfb2d6530c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 26 Jun 2015 08:10:46 +0200
Subject: [PATCH] CVE-2015-5370: s4:rpc_server: failing authentication should
 generate a SEC_PKG_ERROR
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---
 source4/rpc_server/dcerpc_server.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 26e52a28cb6..5c5aca635f8 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -1066,13 +1066,7 @@ static NTSTATUS dcesrv_alter_resp(struct dcesrv_call_state *call,
 
 	status = dcesrv_auth_alter_ack(call, &pkt);
 	if (!NT_STATUS_IS_OK(status)) {
-		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)
-		    || NT_STATUS_EQUAL(status, NT_STATUS_LOGON_FAILURE)
-		    || NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
-		    || NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-			return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
-		}
-		return dcesrv_fault(call, 0);
+		return dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
 	}
 
 	rep = talloc_zero(call, struct data_blob_list_item);