From b10d01d14a9144f32dfd497edfa8e0d2c365fd96 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 21 Jul 2017 07:39:11 +0200 Subject: s4:rpc_server/netlogon: check auth_level for validation level 6 already in dcesrv_netr_LogonSamLogon_check() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 2ed0840c640..a9917b84353 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -849,7 +849,8 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL } -static NTSTATUS dcesrv_netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) +static NTSTATUS dcesrv_netr_LogonSamLogon_check(struct dcesrv_call_state *dce_call, + const struct netr_LogonSamLogonEx *r) { switch (r->in.logon_level) { case NetlogonInteractiveInformation: @@ -905,6 +906,17 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_check(const struct netr_LogonSamLogonE return NT_STATUS_INVALID_PARAMETER; } + switch (r->in.validation_level) { + case NetlogonValidationSamInfo4: /* 6 */ + if (dce_call->conn->auth_state.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { + return NT_STATUS_INVALID_PARAMETER; + } + break; + + default: + break; + } + return NT_STATUS_OK; } @@ -1138,10 +1150,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal break; case 6: - if (dce_call->conn->auth_state.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { - return NT_STATUS_INVALID_PARAMETER; - } - nt_status = auth_convert_user_info_dc_saminfo6(mem_ctx, user_info_dc, &sam6); @@ -1172,7 +1180,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, *r->out.authoritative = 1; - nt_status = dcesrv_netr_LogonSamLogon_check(r); + nt_status = dcesrv_netr_LogonSamLogon_check(dce_call, r); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -1217,7 +1225,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce *r->out.authoritative = 1; - nt_status = dcesrv_netr_LogonSamLogon_check(&r2); + nt_status = dcesrv_netr_LogonSamLogon_check(dce_call, &r2); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } -- cgit v1.2.1