diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-07-21 07:39:11 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2017-08-07 15:20:03 +0200 |
| commit | b10d01d14a9144f32dfd497edfa8e0d2c365fd96 (patch) | |
| tree | 4660a7ace02ce16fe235d2441e5efcf0fe575629 /source4/rpc_server | |
| parent | c8d14a554e958865cbc354cd3488824599b1a0c4 (diff) | |
| download | samba-b10d01d14a9144f32dfd497edfa8e0d2c365fd96.tar.gz | |
s4:rpc_server/netlogon: check auth_level for validation level 6 already in dcesrv_netr_LogonSamLogon_check()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4/rpc_server')
| -rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 2ed0840c640..a9917b84353 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -849,7 +849,8 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL } -static NTSTATUS dcesrv_netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) +static NTSTATUS dcesrv_netr_LogonSamLogon_check(struct dcesrv_call_state *dce_call, + const struct netr_LogonSamLogonEx *r) { switch (r->in.logon_level) { case NetlogonInteractiveInformation: @@ -905,6 +906,17 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_check(const struct netr_LogonSamLogonE return NT_STATUS_INVALID_PARAMETER; } + switch (r->in.validation_level) { + case NetlogonValidationSamInfo4: /* 6 */ + if (dce_call->conn->auth_state.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { + return NT_STATUS_INVALID_PARAMETER; + } + break; + + default: + break; + } + return NT_STATUS_OK; } @@ -1138,10 +1150,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal break; case 6: - if (dce_call->conn->auth_state.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { - return NT_STATUS_INVALID_PARAMETER; - } - nt_status = auth_convert_user_info_dc_saminfo6(mem_ctx, user_info_dc, &sam6); @@ -1172,7 +1180,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, *r->out.authoritative = 1; - nt_status = dcesrv_netr_LogonSamLogon_check(r); + nt_status = dcesrv_netr_LogonSamLogon_check(dce_call, r); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -1217,7 +1225,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce *r->out.authoritative = 1; - nt_status = dcesrv_netr_LogonSamLogon_check(&r2); + nt_status = dcesrv_netr_LogonSamLogon_check(dce_call, &r2); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } |