CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index a992120bc04d7090607548603958ba67c1bef634..55efdacf90a9b61f03611f9b49b8dbccc083e0d5 100644 (file)
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -4321,17 +4321,12 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
        NTSTATUS status;
        enum dcerpc_transport_t transport =
                dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
-       enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
 
        if (transport != NCACN_IP_TCP && transport != NCALRPC) {
                DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
        }
 
-       if (dce_call->conn->auth_state.auth_info != NULL) {
-               auth_level = dce_call->conn->auth_state.auth_info->auth_level;
-       }
-
-       if (auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
+       if (dce_call->conn->auth_state.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
                DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
        }