From 1744e99d0a339824a4e73038dccd673920f0c7bb Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 29 Jun 2012 17:59:17 +0200 Subject: [PATCH] s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np --- source4/rpc_server/lsa/dcesrv_lsa.c | 10 ++++++++++ source4/rpc_server/lsa/lsa_init.c | 10 ++++++++++ source4/rpc_server/lsa/lsa_lookup.c | 25 +++++++++++++++++++++++++ 3 files changed, 45 insertions(+) diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index cece2b7523b..bdd07777578 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -144,8 +144,13 @@ static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_ static NTSTATUS dcesrv_lsa_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_Close *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; struct dcesrv_handle *h; + if (transport != NCACN_NP && transport != NCALRPC) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + *r->out.handle = *r->in.handle; DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY); @@ -3634,12 +3639,17 @@ static NTSTATUS dcesrv_lsa_RetrievePrivateData(struct dcesrv_call_state *dce_cal static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_GetUserName *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; NTSTATUS status = NT_STATUS_OK; const char *account_name; const char *authority_name; struct lsa_String *_account_name; struct lsa_String *_authority_name = NULL; + if (transport != NCACN_NP && transport != NCALRPC) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + /* this is what w2k3 does */ r->out.account_name = r->in.account_name; r->out.authority_name = r->in.authority_name; diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index 9b95374c057..bee6556dfce 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -154,10 +154,15 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_OpenPolicy2 *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; NTSTATUS status; struct lsa_policy_state *state; struct dcesrv_handle *handle; + if (transport != NCACN_NP && transport != NCALRPC) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + ZERO_STRUCTP(r->out.handle); if (r->in.attr != NULL && @@ -198,8 +203,13 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * NTSTATUS dcesrv_lsa_OpenPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_OpenPolicy *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; struct lsa_OpenPolicy2 r2; + if (transport != NCACN_NP && transport != NCALRPC) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + r2.in.system_name = NULL; r2.in.attr = r->in.attr; r2.in.access_mask = r->in.access_mask; diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index b96adaa13d0..e8fd7920d47 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -639,9 +639,14 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_LookupSids2 *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; struct lsa_policy_state *state; struct dcesrv_handle *h; + if (transport != NCACN_NP && transport != NCALRPC) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); state = h->data; @@ -716,10 +721,15 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_LookupSids *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; struct lsa_LookupSids2 r2; NTSTATUS status; uint32_t i; + if (transport != NCACN_NP && transport != NCALRPC) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + ZERO_STRUCT(r2); r2.in.handle = r->in.handle; @@ -849,9 +859,14 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_LookupNames3 *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; struct lsa_policy_state *policy_state; struct dcesrv_handle *policy_handle; + if (transport != NCACN_NP && transport != NCALRPC) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); policy_state = policy_handle->data; @@ -926,12 +941,17 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_LookupNames2 *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; struct lsa_policy_state *state; struct dcesrv_handle *h; uint32_t i; struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; struct lsa_RefDomainList *domains; + if (transport != NCACN_NP && transport != NCALRPC) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + *r->out.domains = NULL; DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); @@ -1016,10 +1036,15 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_LookupNames *r) { + enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport; struct lsa_LookupNames2 r2; NTSTATUS status; uint32_t i; + if (transport != NCACN_NP && transport != NCALRPC) { + DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); + } + ZERO_STRUCT(r2); r2.in.handle = r->in.handle; -- 2.34.1