s4:rpc_server: add a min_auth_level to context handles

author Stefan Metzmacher <metze@samba.org>

Wed, 21 Nov 2018 22:27:50 +0000 (23:27 +0100)

committer Jeremy Allison <jra@samba.org>

Sat, 12 Jan 2019 02:13:37 +0000 (03:13 +0100)
author Stefan Metzmacher <metze@samba.org>
Wed, 21 Nov 2018 22:27:50 +0000 (23:27 +0100)
committer Jeremy Allison <jra@samba.org>
Sat, 12 Jan 2019 02:13:37 +0000 (03:13 +0100)
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h

index 4b6c0d145bf73ef82d30b0aba0e66f46f194efe8..abfb5c0b8944f219b590d8dc29a1223bad6da8cc 100644 (file)
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -189,6 +189,7 @@ struct dcesrv_handle {
         struct dcesrv_assoc_group *assoc_group;
         struct policy_handle wire_handle;
         struct dom_sid *sid;
         struct dcesrv_assoc_group *assoc_group;
         struct policy_handle wire_handle;
         struct dom_sid *sid;
+       enum dcerpc_AuthLevel min_auth_level;
         const struct dcesrv_interface *iface;
         void *data;
  };
         const struct dcesrv_interface *iface;
         void *data;
  };
diff --git a/source4/rpc_server/handles.c b/source4/rpc_server/handles.c

index b0cef1c27f7c5d3d664754c2bfe30b7961982f0b..68bacefaaf52ec725ab1cc69bb636a59e669fd22 100644 (file)
--- a/source4/rpc_server/handles.c
+++ b/source4/rpc_server/handles.c
@@ -65,6 +65,7 @@ struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,
                 talloc_free(h);
                 return NULL;
         }
                 talloc_free(h);
                 return NULL;
         }
+       h->min_auth_level = call->auth_state->auth_level;
         h->assoc_group = context->conn->assoc_group;
         h->iface = context->iface;
         h->wire_handle.handle_type = handle_type;
         h->assoc_group = context->conn->assoc_group;
         h->iface = context->iface;
         h->wire_handle.handle_type = handle_type;
@@ -120,6 +121,12 @@ struct dcesrv_handle *dcesrv_handle_lookup(struct dcesrv_call_state *call,
                                          dom_sid_string(context, sid)));
                                 return NULL;
                         }
                                          dom_sid_string(context, sid)));
                                 return NULL;
                         }
+                       if (call->auth_state->auth_level < h->min_auth_level) {
+                               DEBUG(0,(__location__ ": Attempt to use invalid auth_level %u < %u\n",
+                                        call->auth_state->auth_level,
+                                        h->min_auth_level));
+                               return NULL;
+                       }
                         if (h->iface != context->iface) {
                                 DEBUG(0,(__location__ ": Attempt to use invalid iface\n"));
                                 return NULL;
                         if (h->iface != context->iface) {
                                 DEBUG(0,(__location__ ": Attempt to use invalid iface\n"));
                                 return NULL;
author	Stefan Metzmacher <metze@samba.org>
	Wed, 21 Nov 2018 22:27:50 +0000 (23:27 +0100)
committer	Jeremy Allison <jra@samba.org>
	Sat, 12 Jan 2019 02:13:37 +0000 (03:13 +0100)
source4/rpc_server/dcerpc_server.h		patch \| blob \| history
source4/rpc_server/handles.c		patch \| blob \| history