summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-09-25 08:04:54 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:59:12 -0500
commite3e3e4577bf7d4c8570c23ed994c3f4e49c2b0c3 (patch)
tree5e2f71eccfd822a7b6d46c426c1bb05502ef53d1 /source4
parent642ba4bfeee9951957287647628fa82269a318b1 (diff)
downloadsamba-e3e3e4577bf7d4c8570c23ed994c3f4e49c2b0c3.tar.gz
samba-e3e3e4577bf7d4c8570c23ed994c3f4e49c2b0c3.tar.bz2
samba-e3e3e4577bf7d4c8570c23ed994c3f4e49c2b0c3.zip
r2615: fixed a bug in the server side support for CONNECT level security
(This used to be commit fee98137ad6358195b80c97cd6cc8f82ac53f870)
Diffstat (limited to 'source4')
-rw-r--r--source4/rpc_server/dcesrv_auth.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index bfdf557bdf..08af686eff 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -344,10 +344,18 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
ndr_push_zero(ndr, dce_conn->auth_state.auth_info->auth_pad_length);
payload_length = ndr->offset - DCERPC_REQUEST_LENGTH;
-
- dce_conn->auth_state.auth_info->credentials
- = data_blob_talloc(call->mem_ctx, NULL,
- gensec_sig_size(dce_conn->auth_state.gensec_security));
+
+ if (dce_conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
+ status = dcesrv_connect_verifier(call->mem_ctx,
+ &dce_conn->auth_state.auth_info->credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return False;
+ }
+ } else {
+ dce_conn->auth_state.auth_info->credentials
+ = data_blob_talloc(call->mem_ctx, NULL,
+ gensec_sig_size(dce_conn->auth_state.gensec_security));
+ }
/* add the auth verifier */
status = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, dce_conn->auth_state.auth_info);
@@ -388,8 +396,6 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
break;
case DCERPC_AUTH_LEVEL_CONNECT:
- status = dcesrv_connect_verifier(call->mem_ctx,
- &dce_conn->auth_state.auth_info->credentials);
break;
default: