diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-11-08 16:36:52 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2019-01-12 03:13:37 +0100 |
commit | 76976eab01cd64ccf3ea2a2247a77997db3094ed (patch) | |
tree | 1f6f74ebec34eccbb76a376c7afe97048421b67e /source4 | |
parent | 2640f60e885335b47bc7a1d509c8b26ba95a86ed (diff) | |
download | samba-76976eab01cd64ccf3ea2a2247a77997db3094ed.tar.gz |
s4:rpc_server: add some protection checks to dcesrv_auth_prepare_gensec()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/dcesrv_auth.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index c58314b13f9..60bebe39cbd 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -40,6 +40,18 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call) bool want_header_signing = false; NTSTATUS status; + if (auth->auth_invalid) { + return false; + } + + if (auth->auth_finished) { + return false; + } + + if (auth->gensec_security != NULL) { + return false; + } + switch (call->in_auth_info.auth_level) { case DCERPC_AUTH_LEVEL_CONNECT: case DCERPC_AUTH_LEVEL_CALL: |