1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...

This requires transport encryption.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-02-28 22:48:11 +01:00
parent f762be4343
commit 521316d749

View File

@ -4321,11 +4321,20 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
NTSTATUS status;
enum dcerpc_transport_t transport =
dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
if (transport != NCACN_IP_TCP && transport != NCALRPC) {
DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
}
if (dce_call->conn->auth_state.auth_info != NULL) {
auth_level = dce_call->conn->auth_state.auth_info->auth_level;
}
if (auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
}
(*r->out.rep) = talloc_zero(mem_ctx, union samr_ValidatePasswordRep);
r2.in.domain_name = NULL;