s4:rpc_server: add some protection checks to dcesrv_auth_prepare_gensec()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2018-11-08 16:36:52 +0100
committer: Jeremy Allison <jra@samba.org> 2019-01-12 03:13:37 +0100
commit: 76976eab01cd64ccf3ea2a2247a77997db3094ed (patch)
tree: 1f6f74ebec34eccbb76a376c7afe97048421b67e /source4
parent: 2640f60e885335b47bc7a1d509c8b26ba95a86ed (diff)
download: samba-76976eab01cd64ccf3ea2a2247a77997db3094ed.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index c58314b13f9..60bebe39cbd 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -40,6 +40,18 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
 	bool want_header_signing = false;
 	NTSTATUS status;
 
+	if (auth->auth_invalid) {
+		return false;
+	}
+
+	if (auth->auth_finished) {
+		return false;
+	}
+
+	if (auth->gensec_security != NULL) {
+		return false;
+	}
+
 	switch (call->in_auth_info.auth_level) {
 	case DCERPC_AUTH_LEVEL_CONNECT:
 	case DCERPC_AUTH_LEVEL_CALL:
author	Stefan Metzmacher <metze@samba.org>	2018-11-08 16:36:52 +0100
committer	Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +0100
commit	76976eab01cd64ccf3ea2a2247a77997db3094ed (patch)
tree	1f6f74ebec34eccbb76a376c7afe97048421b67e /source4
parent	2640f60e885335b47bc7a1d509c8b26ba95a86ed (diff)
download	samba-76976eab01cd64ccf3ea2a2247a77997db3094ed.tar.gz