s4:rpc_server: only AUTH_TYPE_NONE should get a transport session key

There's only a logic change for NCALRPC and NCACN_UNIX_STREAM.
dcesrv_generic_session_key() already returned
NT_STATUS_NO_USER_SESSION_KEY for all other cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 398b22279889027b25afb31b6e1c9c9140f4ba65..299469b601dd7ba29f8426682dfb58c05eb69d91 100644 (file)
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -479,6 +479,10 @@ NTSTATUS dcesrv_inherited_session_key(struct dcesrv_connection *p,
 {
        struct dcesrv_auth *auth = &p->auth_state;
 
+       if (auth->auth_type != DCERPC_AUTH_TYPE_NONE) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
        return dcesrv_session_info_session_key(auth, session_key);
 }
 

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index d48d03eefdcc78043b39830a7ffe2a072effdf0e..efc16e91339bbe02f4f362e25984b6a77b04f80f 100644 (file)
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -285,9 +285,6 @@ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
        dce_conn->auth_state.auth_finished = true;
        dce_conn->allow_request = true;
 
-       /* Now that we are authenticated, go back to the generic session key... */
-       dce_conn->auth_state.session_key = dcesrv_generic_session_key;
-
        if (call->pkt.ptype != DCERPC_PKT_AUTH3) {
                return NT_STATUS_OK;
        }