sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

s3-rpc_server: allow to set minimal auth level for a DCE/RPC service

Browse Source 
Guenther

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Günther Deschner 2016-09-26 19:20:24 +02:00 committed by Andreas Schneider
parent 4635c22411
commit 1ec825b28a
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
source3/rpc_server/rpc_pipes.h
View File

@ -98,6 +98,11 @@ struct pipe_rpc_fns {
* shall we allow "connect" auth level for this interface ? * shall we allow "connect" auth level for this interface ?
*/ */
bool allow_connect; bool allow_connect;
/*
* minimal required auth level
*/
enum dcerpc_AuthLevel min_auth_level;
}; };
/* /*

12
source3/rpc_server/srv_pipe.c
View File

@ -1357,6 +1357,18 @@ static bool api_pipe_request(struct pipes_struct *p,
pipe_fns->syntax.if_version); pipe_fns->syntax.if_version);
SMB_ASSERT(interface_name != NULL); SMB_ASSERT(interface_name != NULL);
if (p->auth.auth_level < pipe_fns->min_auth_level) {
DEBUG(1, ("%s: auth level required for %s: 0x%x, got: 0x%0x\n",
__func__, interface_name,
pipe_fns->min_auth_level,
p->auth.auth_level));
setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED));
TALLOC_FREE(frame);
return true;
}
switch (p->auth.auth_level) { switch (p->auth.auth_level) {
case DCERPC_AUTH_LEVEL_NONE: case DCERPC_AUTH_LEVEL_NONE:
case DCERPC_AUTH_LEVEL_PACKET: case DCERPC_AUTH_LEVEL_PACKET: