1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.

See MS-LAT, Section 2.1 Transport.
This commit is contained in:
Andreas Schneider 2012-06-25 18:49:11 +02:00 committed by Andreas Schneider
parent bbf70e793c
commit 426cf362ed

View File

@ -1034,12 +1034,8 @@ NTSTATUS _lsa_LookupSids(struct pipes_struct *p,
return status;
}
/***************************************************************************
_lsa_LookupSids2
***************************************************************************/
NTSTATUS _lsa_LookupSids2(struct pipes_struct *p,
struct lsa_LookupSids2 *r)
static NTSTATUS _lsa_LookupSids_common(struct pipes_struct *p,
struct lsa_LookupSids2 *r)
{
NTSTATUS status;
struct lsa_info *handle;
@ -1049,11 +1045,6 @@ NTSTATUS _lsa_LookupSids2(struct pipes_struct *p,
struct lsa_TranslatedName2 *names = NULL;
bool check_policy = true;
if (p->transport != NCACN_NP && p->transport != NCALRPC) {
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
return NT_STATUS_ACCESS_DENIED;
}
switch (p->opnum) {
case NDR_LSA_LOOKUPSIDS3:
check_policy = false;
@ -1105,6 +1096,21 @@ NTSTATUS _lsa_LookupSids2(struct pipes_struct *p,
return status;
}
/***************************************************************************
_lsa_LookupSids2
***************************************************************************/
NTSTATUS _lsa_LookupSids2(struct pipes_struct *p,
struct lsa_LookupSids2 *r)
{
if (p->transport != NCACN_NP && p->transport != NCALRPC) {
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
return NT_STATUS_ACCESS_DENIED;
}
return _lsa_LookupSids_common(p, r);
}
/***************************************************************************
_lsa_LookupSids3
***************************************************************************/
@ -1114,6 +1120,11 @@ NTSTATUS _lsa_LookupSids3(struct pipes_struct *p,
{
struct lsa_LookupSids2 q;
if (p->transport != NCACN_IP_TCP) {
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
return NT_STATUS_ACCESS_DENIED;
}
/* No policy handle on this call. Restrict to crypto connections. */
if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
DEBUG(0,("_lsa_LookupSids3: client %s not using schannel for netlogon\n",
@ -1133,7 +1144,7 @@ NTSTATUS _lsa_LookupSids3(struct pipes_struct *p,
q.out.names = r->out.names;
q.out.count = r->out.count;
return _lsa_LookupSids2(p, &q);
return _lsa_LookupSids_common(p, &q);
}
/***************************************************************************