From e3e3e4577bf7d4c8570c23ed994c3f4e49c2b0c3 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 25 Sep 2004 08:04:54 +0000
Subject: r2615: fixed a bug in the server side support for CONNECT level
 security (This used to be commit fee98137ad6358195b80c97cd6cc8f82ac53f870)

---
 source4/rpc_server/dcesrv_auth.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'source4/rpc_server/dcesrv_auth.c')

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index bfdf557bdf..08af686eff 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -344,10 +344,18 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
 	ndr_push_zero(ndr, dce_conn->auth_state.auth_info->auth_pad_length);
 
 	payload_length = ndr->offset - DCERPC_REQUEST_LENGTH;
-	
-	dce_conn->auth_state.auth_info->credentials
-		= data_blob_talloc(call->mem_ctx, NULL, 
-				   gensec_sig_size(dce_conn->auth_state.gensec_security));
+
+	if (dce_conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
+		status = dcesrv_connect_verifier(call->mem_ctx,
+						 &dce_conn->auth_state.auth_info->credentials);
+		if (!NT_STATUS_IS_OK(status)) {
+			return False;
+		}
+	} else {
+		dce_conn->auth_state.auth_info->credentials
+			= data_blob_talloc(call->mem_ctx, NULL, 
+					   gensec_sig_size(dce_conn->auth_state.gensec_security));
+	}
 
 	/* add the auth verifier */
 	status = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, dce_conn->auth_state.auth_info);
@@ -388,8 +396,6 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
 		break;
 
 	case DCERPC_AUTH_LEVEL_CONNECT:
-		status = dcesrv_connect_verifier(call->mem_ctx,
-						 &dce_conn->auth_state.auth_info->credentials);
 		break;
 
 	default:
-- 
cgit