CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
authorStefan Metzmacher <metze@samba.org>
Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:30 +0000 (19:25 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
source4/rpc_server/dcerpc_server.c

index 26e52a28cb66b3066942ce9025b71acc2f4d6e47..5c5aca635f828f6d427e4697a7446b6e017e9e78 100644 (file)
@@ -1066,13 +1066,7 @@ static NTSTATUS dcesrv_alter_resp(struct dcesrv_call_state *call,
 
        status = dcesrv_auth_alter_ack(call, &pkt);
        if (!NT_STATUS_IS_OK(status)) {
-               if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)
-                   || NT_STATUS_EQUAL(status, NT_STATUS_LOGON_FAILURE)
-                   || NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
-                   || NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-                       return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
-               }
-               return dcesrv_fault(call, 0);
+               return dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
        }
 
        rep = talloc_zero(call, struct data_blob_list_item);