git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2640f60)
s4:rpc_server: add some protection checks to dcesrv_auth_prepare_gensec()
authorStefan Metzmacher <metze@samba.org>
Thu, 8 Nov 2018 15:36:52 +0000 (16:36 +0100)
committerJeremy Allison <jra@samba.org>
Sat, 12 Jan 2019 02:13:37 +0000 (03:13 +0100)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source4/rpc_server/dcesrv_auth.c patch | blob | history

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index c58314b13f99efb8ad3cab6812d1d7a177f9d6b7..60bebe39cbdf3ceb727ce09eecafbc84ea33e7cb 100644 (file)
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -40,6 +40,18 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
        bool want_header_signing = false;
        NTSTATUS status;
 
+       if (auth->auth_invalid) {
+               return false;
+       }
+
+       if (auth->auth_finished) {
+               return false;
+       }
+
+       if (auth->gensec_security != NULL) {
+               return false;
+       }
+
        switch (call->in_auth_info.auth_level) {
        case DCERPC_AUTH_LEVEL_CONNECT:
        case DCERPC_AUTH_LEVEL_CALL:
Samba Shared Repository