mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
This requires transport encryption. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
parent
f762be4343
commit
521316d749
@ -4321,11 +4321,20 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
|
||||
NTSTATUS status;
|
||||
enum dcerpc_transport_t transport =
|
||||
dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
|
||||
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||
|
||||
if (transport != NCACN_IP_TCP && transport != NCALRPC) {
|
||||
DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
|
||||
}
|
||||
|
||||
if (dce_call->conn->auth_state.auth_info != NULL) {
|
||||
auth_level = dce_call->conn->auth_state.auth_info->auth_level;
|
||||
}
|
||||
|
||||
if (auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||
DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
|
||||
}
|
||||
|
||||
(*r->out.rep) = talloc_zero(mem_ctx, union samr_ValidatePasswordRep);
|
||||
|
||||
r2.in.domain_name = NULL;
|
||||
|
Loading…
Reference in New Issue
Block a user