s3-rpc_server: allow to set minimal auth level for a DCE/RPC service

[samba.git] / source3 / rpc_server / srv_pipe.c

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 0633b5fa78cecb9b4f4b7a73144fc9463790fb76..3af0daf410ec8a13722ec799186955122bc712d5 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1357,6 +1357,18 @@ static bool api_pipe_request(struct pipes_struct *p,
                                            pipe_fns->syntax.if_version);
        SMB_ASSERT(interface_name != NULL);
 
+       if (p->auth.auth_level < pipe_fns->min_auth_level) {
+
+               DEBUG(1, ("%s: auth level required for %s: 0x%x, got: 0x%0x\n",
+                         __func__, interface_name,
+                         pipe_fns->min_auth_level,
+                         p->auth.auth_level));
+
+               setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED));
+               TALLOC_FREE(frame);
+               return true;
+       }
+
        switch (p->auth.auth_level) {
        case DCERPC_AUTH_LEVEL_NONE:
        case DCERPC_AUTH_LEVEL_PACKET: