/* handle the auth3 in the auth code */
if (!dcesrv_auth_auth3(call)) {
- return dcesrv_fault(call, DCERPC_FAULT_OTHER);
+ call->conn->auth_state.auth_invalid = true;
}
talloc_free(call);
/* Now that we are authenticated, go back to the generic session key... */
dce_conn->auth_state.session_key = dcesrv_generic_session_key;
+
+ if (call->out_auth_info->credentials.length != 0) {
+
+ DEBUG(4, ("GENSEC produced output token (len=%u) at bind_auth3\n",
+ (unsigned)call->out_auth_info->credentials.length));
+ return false;
+ }
return true;
} else {
DEBUG(4, ("GENSEC mech rejected the incoming authentication at bind_auth3: %s\n",
return false;
}
+ if (dce_conn->auth_state.auth_invalid) {
+ return false;
+ }
+
if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
hdr_size += 16;
}