diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-11-21 23:27:50 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2019-01-12 03:13:37 +0100 |
commit | 6b02b94d037429e7bdca67377e390fb636c63f64 (patch) | |
tree | 9bf156aec6694b827dde95138e6082ab7537b468 /source4 | |
parent | d8293acdb4f738a5fe66c53bfd01715ebf7952ba (diff) | |
download | samba-6b02b94d037429e7bdca67377e390fb636c63f64.tar.gz |
s4:rpc_server: add a min_auth_level to context handles
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/dcerpc_server.h | 1 | ||||
-rw-r--r-- | source4/rpc_server/handles.c | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index 4b6c0d145bf..abfb5c0b894 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -189,6 +189,7 @@ struct dcesrv_handle { struct dcesrv_assoc_group *assoc_group; struct policy_handle wire_handle; struct dom_sid *sid; + enum dcerpc_AuthLevel min_auth_level; const struct dcesrv_interface *iface; void *data; }; diff --git a/source4/rpc_server/handles.c b/source4/rpc_server/handles.c index b0cef1c27f7..68bacefaaf5 100644 --- a/source4/rpc_server/handles.c +++ b/source4/rpc_server/handles.c @@ -65,6 +65,7 @@ struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call, talloc_free(h); return NULL; } + h->min_auth_level = call->auth_state->auth_level; h->assoc_group = context->conn->assoc_group; h->iface = context->iface; h->wire_handle.handle_type = handle_type; @@ -120,6 +121,12 @@ struct dcesrv_handle *dcesrv_handle_lookup(struct dcesrv_call_state *call, dom_sid_string(context, sid))); return NULL; } + if (call->auth_state->auth_level < h->min_auth_level) { + DEBUG(0,(__location__ ": Attempt to use invalid auth_level %u < %u\n", + call->auth_state->auth_level, + h->min_auth_level)); + return NULL; + } if (h->iface != context->iface) { DEBUG(0,(__location__ ": Attempt to use invalid iface\n")); return NULL; |