From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 26 Jun 2015 06:10:46 +0000 (+0200)
Subject: CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
X-Git-Tag: samba-4.2.10~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5916e0f99a8f9ee048d1a48e2f69a1994ffbfcf;p=thirdparty%2Fsamba.git

CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index ee6ee95f7bb..d1d2d8c2255 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -1066,13 +1066,7 @@ static NTSTATUS dcesrv_alter_resp(struct dcesrv_call_state *call,
 
 	status = dcesrv_auth_alter_ack(call, &pkt);
 	if (!NT_STATUS_IS_OK(status)) {
-		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)
-		    || NT_STATUS_EQUAL(status, NT_STATUS_LOGON_FAILURE)
-		    || NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
-		    || NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-			return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
-		}
-		return dcesrv_fault(call, 0);
+		return dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
 	}
 
 	rep = talloc_zero(call, struct data_blob_list_item);