s4:rpc_server: verifiy the auth_info against the per connection values

Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

1 files changed, 15 insertions, 0 deletions

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 7ec0d43bfd7..a11526ddaec 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -319,6 +319,9 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 
 	if (!dce_conn->auth_state.auth_info ||
 	    !dce_conn->auth_state.gensec_security) {
+		if (pkt->auth_length != 0) {
+			return false;
+		}
 		return true;
 	}
 
@@ -353,6 +356,18 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 		return false;
 	}
 
+	if (auth.auth_type != dce_conn->auth_state.auth_info->auth_type) {
+		return false;
+	}
+
+	if (auth.auth_level != dce_conn->auth_state.auth_info->auth_level) {
+		return false;
+	}
+
+	if (auth.auth_context_id != dce_conn->auth_state.auth_info->auth_context_id) {
+		return false;
+	}
+
 	pkt->u.request.stub_and_verifier.length -= auth_length;
 
 	/* check signature or unseal the packet */