From b680e9e0eaf03e60ad00678d7500cc69706bc1ea Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 15 May 2017 14:02:07 +0200 Subject: [PATCH] s4:rpc_server: make use of dcesrv_auth_prepare_auth3() in dcesrv_auth3() It means we also need to call gensec_update_ev() and dcesrv_auth_complete() directly in dcesrv_auth3(). Doing that will make it easier to make dcesrv_auth3() async in the next commits. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source4/rpc_server/dcerpc_server.c | 40 ++++++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index c650c6397b7..40b942a5b11 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -1078,6 +1078,7 @@ static NTSTATUS dcesrv_auth_reply(struct dcesrv_call_state *call) */ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call) { + struct dcesrv_auth *auth = &call->conn->auth_state; NTSTATUS status; if (!call->conn->allow_auth3) { @@ -1105,17 +1106,48 @@ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call) } /* handle the auth3 in the auth code */ - if (!dcesrv_auth_auth3(call)) { + if (!dcesrv_auth_prepare_auth3(call)) { + /* + * we don't send a reply to a auth3 request, + * except by a fault. + * + * In anycase we mark the connection as + * invalid. + */ call->conn->auth_state.auth_invalid = true; if (call->fault_code != 0) { return dcesrv_fault_disconnect(call, call->fault_code); } + TALLOC_FREE(call); + return NT_STATUS_OK; } - talloc_free(call); + status = gensec_update_ev(auth->gensec_security, + call, call->event_ctx, + call->in_auth_info.credentials, + &call->out_auth_info->credentials); - /* we don't send a reply to a auth3 request, except by a - fault */ + status = dcesrv_auth_complete(call, status); + if (!NT_STATUS_IS_OK(status)) { + /* + * we don't send a reply to a auth3 request, + * except by a fault. + * + * In anycase we mark the connection as + * invalid. + */ + call->conn->auth_state.auth_invalid = true; + if (call->fault_code != 0) { + return dcesrv_fault_disconnect(call, call->fault_code); + } + TALLOC_FREE(call); + return NT_STATUS_OK; + } + + /* + * we don't send a reply to a auth3 request. + */ + TALLOC_FREE(call); return NT_STATUS_OK; } -- 2.11.4.GIT