CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...

author Stefan Metzmacher <metze@samba.org>

Sun, 28 Feb 2016 21:48:11 +0000 (22:48 +0100)

committer Stefan Metzmacher <metze@samba.org>

Wed, 30 Mar 2016 02:08:53 +0000 (04:08 +0200)
author Stefan Metzmacher <metze@samba.org>
Sun, 28 Feb 2016 21:48:11 +0000 (22:48 +0100)
committer Stefan Metzmacher <metze@samba.org>
Wed, 30 Mar 2016 02:08:53 +0000 (04:08 +0200)
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c

index 32640f9c1210bc52193d427cd174a468f6270c6b..259b0dd1a9f7e4849cdd51b8883e15aba14b82f4 100644 (file)
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -6746,6 +6746,11 @@ NTSTATUS _samr_ValidatePassword(struct pipes_struct *p,
                 return NT_STATUS_ACCESS_DENIED;
         }
  
+       if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
+               p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
         if (r->in.level < 1 || r->in.level > 3) {
                 return NT_STATUS_INVALID_INFO_CLASS;
         }
author	Stefan Metzmacher <metze@samba.org>
	Sun, 28 Feb 2016 21:48:11 +0000 (22:48 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 30 Mar 2016 02:08:53 +0000 (04:08 +0200)