mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
dcesrv_core: alter_context logon failures should result in DCERPC_FAULT_ACCESS_DENIED
We should use DCERPC_FAULT_ACCESS_DENIED as default for
gensec status results of e.g. NT_STATUS_LOGON_FAILURE or
NT_STATUS_INVALID_PARAMTER.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 31a422b7e5
)
This commit is contained in:
parent
b6dd675372
commit
fd7bfa6ad2
@ -1905,7 +1905,20 @@ static void dcesrv_alter_done(struct tevent_req *subreq)
|
|||||||
|
|
||||||
status = dcesrv_auth_complete(call, status);
|
status = dcesrv_auth_complete(call, status);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
/*
|
||||||
|
* NT_STATUS_ACCESS_DENIED from gensec means
|
||||||
|
* a signing check or decryption failure,
|
||||||
|
* which should result in DCERPC_FAULT_SEC_PKG_ERROR.
|
||||||
|
*
|
||||||
|
* Any other status, e.g. NT_STATUS_LOGON_FAILURE or
|
||||||
|
* NT_STATUS_INVALID_PARAMETER should result in
|
||||||
|
* DCERPC_FAULT_ACCESS_DENIED.
|
||||||
|
*/
|
||||||
|
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
|
||||||
status = dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
|
status = dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
|
||||||
|
} else {
|
||||||
|
status = dcesrv_fault_disconnect(call, DCERPC_FAULT_ACCESS_DENIED);
|
||||||
|
}
|
||||||
dcesrv_conn_auth_wait_finished(conn, status);
|
dcesrv_conn_auth_wait_finished(conn, status);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -9,5 +9,3 @@
|
|||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_ntlm_auth3
|
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_ntlm_auth3
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_alter
|
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_alter
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3
|
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_schannel_invalid_alter_no_padding.*chgdcpass
|
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_schannel_invalid_alter_tail_padding.*chgdcpass
|
|
||||||
|
Loading…
Reference in New Issue
Block a user