mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.
See MS-LAT, Section 2.1 Transport.
This commit is contained in:
parent
bbf70e793c
commit
426cf362ed
@ -1034,12 +1034,8 @@ NTSTATUS _lsa_LookupSids(struct pipes_struct *p,
|
||||
return status;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
_lsa_LookupSids2
|
||||
***************************************************************************/
|
||||
|
||||
NTSTATUS _lsa_LookupSids2(struct pipes_struct *p,
|
||||
struct lsa_LookupSids2 *r)
|
||||
static NTSTATUS _lsa_LookupSids_common(struct pipes_struct *p,
|
||||
struct lsa_LookupSids2 *r)
|
||||
{
|
||||
NTSTATUS status;
|
||||
struct lsa_info *handle;
|
||||
@ -1049,11 +1045,6 @@ NTSTATUS _lsa_LookupSids2(struct pipes_struct *p,
|
||||
struct lsa_TranslatedName2 *names = NULL;
|
||||
bool check_policy = true;
|
||||
|
||||
if (p->transport != NCACN_NP && p->transport != NCALRPC) {
|
||||
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
switch (p->opnum) {
|
||||
case NDR_LSA_LOOKUPSIDS3:
|
||||
check_policy = false;
|
||||
@ -1105,6 +1096,21 @@ NTSTATUS _lsa_LookupSids2(struct pipes_struct *p,
|
||||
return status;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
_lsa_LookupSids2
|
||||
***************************************************************************/
|
||||
|
||||
NTSTATUS _lsa_LookupSids2(struct pipes_struct *p,
|
||||
struct lsa_LookupSids2 *r)
|
||||
{
|
||||
if (p->transport != NCACN_NP && p->transport != NCALRPC) {
|
||||
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
return _lsa_LookupSids_common(p, r);
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
_lsa_LookupSids3
|
||||
***************************************************************************/
|
||||
@ -1114,6 +1120,11 @@ NTSTATUS _lsa_LookupSids3(struct pipes_struct *p,
|
||||
{
|
||||
struct lsa_LookupSids2 q;
|
||||
|
||||
if (p->transport != NCACN_IP_TCP) {
|
||||
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
/* No policy handle on this call. Restrict to crypto connections. */
|
||||
if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
|
||||
DEBUG(0,("_lsa_LookupSids3: client %s not using schannel for netlogon\n",
|
||||
@ -1133,7 +1144,7 @@ NTSTATUS _lsa_LookupSids3(struct pipes_struct *p,
|
||||
q.out.names = r->out.names;
|
||||
q.out.count = r->out.count;
|
||||
|
||||
return _lsa_LookupSids2(p, &q);
|
||||
return _lsa_LookupSids_common(p, &q);
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
|
Loading…
Reference in New Issue
Block a user