From 7676bf32a498ac844bd1c8631c1fa8a457ede3ef Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 9 Jan 2014 10:59:01 +0100
Subject: s4:rpc_server: verifiy the auth_info against the per connection
 values

Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
---
 source4/rpc_server/dcesrv_auth.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 7ec0d43bfd..a11526ddae 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -319,6 +319,9 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 
 	if (!dce_conn->auth_state.auth_info ||
 	    !dce_conn->auth_state.gensec_security) {
+		if (pkt->auth_length != 0) {
+			return false;
+		}
 		return true;
 	}
 
@@ -353,6 +356,18 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 		return false;
 	}
 
+	if (auth.auth_type != dce_conn->auth_state.auth_info->auth_type) {
+		return false;
+	}
+
+	if (auth.auth_level != dce_conn->auth_state.auth_info->auth_level) {
+		return false;
+	}
+
+	if (auth.auth_context_id != dce_conn->auth_state.auth_info->auth_context_id) {
+		return false;
+	}
+
 	pkt->u.request.stub_and_verifier.length -= auth_length;
 
 	/* check signature or unseal the packet */
-- 
cgit