CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index ee6ee95f7bb7af3cee0f8bb6978ec383dd72e357..d1d2d8c22558eb0c41b80fe64ce37acc35662e9b 100644 (file)
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -1066,13 +1066,7 @@ static NTSTATUS dcesrv_alter_resp(struct dcesrv_call_state *call,
 
        status = dcesrv_auth_alter_ack(call, &pkt);
        if (!NT_STATUS_IS_OK(status)) {
-               if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)
-                   || NT_STATUS_EQUAL(status, NT_STATUS_LOGON_FAILURE)
-                   || NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
-                   || NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-                       return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
-               }
-               return dcesrv_fault(call, 0);
+               return dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
        }
 
        rep = talloc_zero(call, struct data_blob_list_item);