summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1997-10-29 14:34:17 +0000
committerLuke Leighton <lkcl@samba.org>1997-10-29 14:34:17 +0000
commit0db5b8fdc97d24bdfadefb9b043df614644c578a (patch)
tree9456081799cadc501187cd1d1c584bc04f5fa308
parenta2cbf43a6d6166ac35513e2cc78b98736345181e (diff)
downloadsamba-0db5b8fdc97d24bdfadefb9b043df614644c578a.tar.gz
samba-0db5b8fdc97d24bdfadefb9b043df614644c578a.tar.bz2
samba-0db5b8fdc97d24bdfadefb9b043df614644c578a.zip
ipc.c :
bind ack should contain \PIPE\pipename not just pipename. ntclientpipe.c : sanity in bind ack: pipe name checks; transfer syntax checks; reason checks. (This used to be commit c2e2197e9d87795bda0198247c7bb132fe586fc1)
-rw-r--r--source3/ntclientpipe.c25
-rw-r--r--source3/smbd/ipc.c13
2 files changed, 34 insertions, 4 deletions
diff --git a/source3/ntclientpipe.c b/source3/ntclientpipe.c
index 79b1e1cd9c..6a4fa59f80 100644
--- a/source3/ntclientpipe.c
+++ b/source3/ntclientpipe.c
@@ -182,15 +182,34 @@ BOOL bind_rpc_pipe(char *pipe_name, uint16 fnum, uint32 call_id,
if (p)
{
/* check the transfer syntax */
- valid_ack = hdr_ba.transfer.version == transfer->version &&
- memcmp(hdr_ba.transfer.data, transfer->data,
- sizeof(transfer->version));
+ valid_ack = (hdr_ba.transfer.version == transfer->version) &&
+ (memcmp(hdr_ba.transfer.data, transfer->data,
+ sizeof(transfer->version)) ==0);
if (!valid_ack)
{
DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n"));
p = NULL;
}
}
+
+ if (p)
+ {
+ /* check the results */
+ valid_ack = (hdr_ba.res.num_results == 0x1) &&
+ (hdr_ba.res.result == 0);
+
+ if (!valid_ack)
+ {
+ DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n",
+ hdr_ba.res.num_results,
+ hdr_ba.res.reason));
+ p = NULL;
+ }
+ else
+ {
+ DEBUG(5,("bind_rpc_pipe: accepted!\n"));
+ }
+ }
}
if (rparam) free(rparam);
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index aa1d2d5c4f..c2cfc15a21 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -2945,20 +2945,31 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf,
if (api_fd_commands[i].subcommand != -1)
{
RPC_HDR hdr;
+
+ /* process the rpc header */
char *q = smb_io_rpc_hdr(True, &hdr, data, data, 4, 0);
+ /* bind request received */
if ((bind_req = ((q != NULL) && (hdr.pkt_type == RPC_BIND))))
{
RPC_HDR_RB hdr_rb;
+ /* decode the bind request */
char *p = smb_io_rpc_hdr_rb(True, &hdr_rb, q, data, 4, 0);
if ((bind_req = (p != NULL)))
{
RPC_HDR_BA hdr_ba;
+ fstring ack_pipe_name;
+
+ /* name has to be \PIPE\xxxxx */
+ strcpy(ack_pipe_name, "\\PIPE\\");
+ strcat(ack_pipe_name, api_fd_commands[i].pipename);
+
+ /* make a bind acknowledgement */
make_rpc_hdr_ba(&hdr_ba,
hdr_rb.bba.max_tsize, hdr_rb.bba.max_rsize, hdr_rb.bba.assoc_gid,
- api_fd_commands[i].pipename,
+ ack_pipe_name,
0x1, 0x0, 0x0,
&(hdr_rb.transfer));