CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level...

author Stefan Metzmacher <metze@samba.org>

Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)

committer Stefan Metzmacher <metze@samba.org>

Wed, 30 Mar 2016 02:10:08 +0000 (04:10 +0200)
author Stefan Metzmacher <metze@samba.org>
Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)
committer Stefan Metzmacher <metze@samba.org>
Wed, 30 Mar 2016 02:10:08 +0000 (04:10 +0200)
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c

index 8d92ba89d06610fe75555b4dacd23989dc4a2a5b..d90ca70c0c10ded659087dcf8de1a2a0d76b1370 100644 (file)
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -718,7 +718,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
  {
         enum dcerpc_transport_t transport =
                 dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
-       struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
+       const struct dcesrv_auth *auth = &dce_call->conn->auth_state;
         struct lsa_policy_state *policy_state;
         struct lsa_LookupSids2 q;
         NTSTATUS status;
@@ -731,8 +731,8 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
          * We don't have policy handles on this call. So this must be restricted
          * to crypto connections only.
          */
-       if (auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
-           auth_info->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+       if (auth->auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
+           auth->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
                 DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
         }
  
@@ -944,7 +944,7 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
  {
         enum dcerpc_transport_t transport =
                 dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
-       struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
+       const struct dcesrv_auth *auth = &dce_call->conn->auth_state;
         struct lsa_policy_state *policy_state;
         struct lsa_LookupNames3 q;
         NTSTATUS status;
@@ -957,8 +957,8 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
          * We don't have policy handles on this call. So this must be restricted
          * to crypto connections only.
          */
-       if (auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
-           auth_info->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+       if (auth->auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
+           auth->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
                 DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
         }
author	Stefan Metzmacher <metze@samba.org>
	Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 30 Mar 2016 02:10:08 +0000 (04:10 +0200)