From 76f249fb44599450a12b7f0c62f5f3830d203a24 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Sat, 11 Sep 2010 09:52:42 -0400
Subject: s3-dcerps: check auth_type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

make sure the auth type used throught the auth operation is consistent.

Signed-off-by: Günther Deschner <gd@samba.org>
---
 source3/rpc_server/srv_pipe.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 1e369154af..98de58c557 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1201,6 +1201,13 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt)
 	 * as zero. JRA.
 	 */
 
+	if (auth_info.auth_type != p->auth.auth_type) {
+		DEBUG(0, ("Auth type mismatch! Client sent %d, "
+			  "but auth was started as type %d!\n",
+			  auth_info.auth_type, p->auth.auth_type));
+		goto err;
+	}
+
 	switch (auth_info.auth_type) {
 	case DCERPC_AUTH_TYPE_NTLMSSP:
 		ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx,
@@ -1344,6 +1351,14 @@ static bool api_pipe_alter_context(struct pipes_struct *p,
 			goto err_exit;
 		}
 
+		if (auth_info.auth_type != p->auth.auth_type) {
+			DEBUG(0, ("Auth type mismatch! Client sent %d, "
+				  "but auth was started as type %d!\n",
+				  auth_info.auth_type, p->auth.auth_type));
+			goto err_exit;
+		}
+
+
 		switch (auth_info.auth_type) {
 		case DCERPC_AUTH_TYPE_SPNEGO:
 			spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx,
-- 
cgit