#include "auth/auth.h"
#include "param/param.h"
+/*
+ wrapper around gensec_session_info() that handles the special case
+ of not changing existing inherited credentials from a SMB pipe
+ when schannel is in use
+ */
+static NTSTATUS dcesrv_session_info(struct dcesrv_connection *dce_conn)
+{
+ if (dce_conn->auth_state.gensec_security->ops->auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
+ talloc_get_type(dce_conn->auth_state.session_info, struct auth_session_info)) {
+ return NT_STATUS_OK;
+ }
+ return gensec_session_info(dce_conn->auth_state.gensec_security,
+ &dce_conn->auth_state.session_info);
+}
+
/*
parse any auth information from a dcerpc bind request
return false if we can't handle the auth request for some
&dce_conn->auth_state.auth_info->credentials);
if (NT_STATUS_IS_OK(status)) {
- status = gensec_session_info(dce_conn->auth_state.gensec_security,
- &dce_conn->auth_state.session_info);
+ status = dcesrv_session_info(dce_conn);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
return status;
dce_conn->auth_state.auth_info->credentials,
&dce_conn->auth_state.auth_info->credentials);
if (NT_STATUS_IS_OK(status)) {
- status = gensec_session_info(dce_conn->auth_state.gensec_security,
- &dce_conn->auth_state.session_info);
+ status = dcesrv_session_info(dce_conn);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
return false;
&dce_conn->auth_state.auth_info->credentials);
if (NT_STATUS_IS_OK(status)) {
- status = gensec_session_info(dce_conn->auth_state.gensec_security,
- &dce_conn->auth_state.session_info);
+ status = dcesrv_session_info(dce_conn);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
return status;