sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-29 13:49:30 +03:00
Code Activity

s4-lsarpc: Restrict LookupSids3 to crypto connections only.

Browse Source
This commit is contained in:
Andreas Schneider
2012-06-29 16:42:16 +02:00
committed by Andreas Schneider
parent 1a12bbd5d8
commit 997c780d24
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
source4/rpc_server/lsa/lsa_lookup.c
View File

@ -663,10 +663,20 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct lsa_LookupSids3 *r)
{
struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
struct lsa_policy_state *policy_state;
struct lsa_LookupSids2 q;
NTSTATUS status;
/*
* We don't have policy handles on this call. So this must be restricted
* to crypto connections only.
*/
if (auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
auth_info->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
}
status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &policy_state);
if (!NT_STATUS_IS_OK(status)) {
return status;