diff options
| author | Stefan Metzmacher <metze@samba.org> | 2014-04-23 13:01:00 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2014-04-24 11:21:05 +0200 |
| commit | 054ef133afa98cf02e80b6398a3a719f26bbf44b (patch) | |
| tree | 26254e5ccaab261ce91bd19a2a04f0b1bce1867e /source3/rpc_server | |
| parent | 2ed1789e4d8ac09ed78e5ecccf0eb97d1dfa8f65 (diff) | |
| download | samba-054ef133afa98cf02e80b6398a3a719f26bbf44b.tar.gz samba-054ef133afa98cf02e80b6398a3a719f26bbf44b.tar.xz samba-054ef133afa98cf02e80b6398a3a719f26bbf44b.zip | |
s3:rpc_server: handle everything but AUTH_TYPE_NONE as gensec in verify_final
The NCALRPC_AS_SYSTEM doesn't use pipe_auth_verify_final() yet,
so it's fine for now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 67c9a68b98..aaf58871d3 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -526,22 +526,23 @@ static bool pipe_auth_generic_verify_final(TALLOC_CTX *mem_ctx, static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) { struct gensec_security *gensec_security; + bool ok; - switch (p->auth.auth_type) { - case DCERPC_AUTH_TYPE_NTLMSSP: - case DCERPC_AUTH_TYPE_KRB5: - case DCERPC_AUTH_TYPE_SPNEGO: - gensec_security = talloc_get_type_abort(p->auth.auth_ctx, - struct gensec_security); - if (!pipe_auth_generic_verify_final(p, gensec_security, - p->auth.auth_level, - &p->session_info)) { - return NT_STATUS_ACCESS_DENIED; - } - break; - default: - DEBUG(0, (__location__ ": incorrect auth type (%u).\n", - (unsigned int)p->auth.auth_type)); + if (p->auth.auth_type == DCERPC_AUTH_TYPE_NONE) { + p->pipe_bound = true; + return NT_STATUS_OK; + } + + gensec_security = talloc_get_type(p->auth.auth_ctx, + struct gensec_security); + if (gensec_security == NULL) { + return NT_STATUS_INTERNAL_ERROR; + } + + ok = pipe_auth_generic_verify_final(p, gensec_security, + p->auth.auth_level, + &p->session_info); + if (!ok) { return NT_STATUS_ACCESS_DENIED; } |