git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 496d7f9)
s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as...
authorStefan Metzmacher <metze@samba.org>
Sat, 20 Jun 2015 15:47:14 +0000 (17:47 +0200)
committerKarolin Seeger <kseeger@samba.org>
Sat, 11 Jul 2015 19:59:26 +0000 (21:59 +0200)
Don't send plaintext on the wire because of an internal error...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1bf7ab49b4459e81ab2b82d9668b3d7cb76372f4)

source4/rpc_server/dcesrv_auth.c patch | blob | history

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index c891cc62b7abeb20a6f25be333427d541390f0f0..38189cde69cfda4863d2c651ac824395b74eb4b4 100644 (file)
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -385,7 +385,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
        DATA_BLOB creds2;
 
        /* non-signed packets are simple */
-       if (sig_size == 0) {
+       if (dce_conn->auth_state.auth_info == NULL) {
                status = ncacn_push_auth(blob, call, pkt, NULL);
                return NT_STATUS_IS_OK(status);
        }
@@ -393,6 +393,10 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
        switch (dce_conn->auth_state.auth_info->auth_level) {
        case DCERPC_AUTH_LEVEL_PRIVACY:
        case DCERPC_AUTH_LEVEL_INTEGRITY:
+               if (sig_size == 0) {
+                       return false;
+               }
+
                break;
 
        case DCERPC_AUTH_LEVEL_CONNECT:
Samba Shared Repository