auth3 is allowed if auth_started is true and auth_finished is false.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
call->conn->allow_bind = false;
call->conn->allow_alter = false;
- call->conn->allow_auth3 = false;
call->conn->allow_request = false;
call->conn->default_auth_state->auth_invalid = true;
struct tevent_req *subreq = NULL;
NTSTATUS status;
- if (!call->conn->allow_auth3) {
+ if (!auth->auth_started) {
return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
}
dce_conn->wait_private = NULL;
dce_conn->allow_bind = false;
- dce_conn->allow_auth3 = false;
dce_conn->allow_alter = false;
dce_conn->allow_request = false;
NTSTATUS (*session_key_fn)(struct dcesrv_auth *, DATA_BLOB *session_key);
bool client_hdr_signing;
bool hdr_signing;
+ bool auth_started;
bool auth_finished;
bool auth_invalid;
};
* remember which pdu types are allowed
*/
bool allow_bind;
- bool allow_auth3;
bool allow_alter;
bool allow_request;
bool want_header_signing = false;
NTSTATUS status;
+ if (auth->auth_started) {
+ return false;
+ }
+
+ auth->auth_started = true;
+
if (auth->auth_invalid) {
return false;
}
auth->auth_type = DCERPC_AUTH_TYPE_NONE;
auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
auth->auth_context_id = 0;
+ auth->auth_started = true;
log_successful_dcesrv_authz_event(call);
struct dcesrv_auth *auth = call->auth_state;
dce_conn->allow_alter = true;
- dce_conn->allow_auth3 = true;
if (call->pkt.auth_length == 0) {
auth->auth_finished = true;