diff options
author | Luke Leighton <lkcl@samba.org> | 1997-10-29 14:34:17 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1997-10-29 14:34:17 +0000 |
commit | 0db5b8fdc97d24bdfadefb9b043df614644c578a (patch) | |
tree | 9456081799cadc501187cd1d1c584bc04f5fa308 | |
parent | a2cbf43a6d6166ac35513e2cc78b98736345181e (diff) | |
download | samba-0db5b8fdc97d24bdfadefb9b043df614644c578a.tar.gz samba-0db5b8fdc97d24bdfadefb9b043df614644c578a.tar.bz2 samba-0db5b8fdc97d24bdfadefb9b043df614644c578a.zip |
ipc.c :
bind ack should contain \PIPE\pipename not just pipename.
ntclientpipe.c :
sanity in bind ack: pipe name checks; transfer syntax checks; reason checks.
(This used to be commit c2e2197e9d87795bda0198247c7bb132fe586fc1)
-rw-r--r-- | source3/ntclientpipe.c | 25 | ||||
-rw-r--r-- | source3/smbd/ipc.c | 13 |
2 files changed, 34 insertions, 4 deletions
diff --git a/source3/ntclientpipe.c b/source3/ntclientpipe.c index 79b1e1cd9c..6a4fa59f80 100644 --- a/source3/ntclientpipe.c +++ b/source3/ntclientpipe.c @@ -182,15 +182,34 @@ BOOL bind_rpc_pipe(char *pipe_name, uint16 fnum, uint32 call_id, if (p) { /* check the transfer syntax */ - valid_ack = hdr_ba.transfer.version == transfer->version && - memcmp(hdr_ba.transfer.data, transfer->data, - sizeof(transfer->version)); + valid_ack = (hdr_ba.transfer.version == transfer->version) && + (memcmp(hdr_ba.transfer.data, transfer->data, + sizeof(transfer->version)) ==0); if (!valid_ack) { DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n")); p = NULL; } } + + if (p) + { + /* check the results */ + valid_ack = (hdr_ba.res.num_results == 0x1) && + (hdr_ba.res.result == 0); + + if (!valid_ack) + { + DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n", + hdr_ba.res.num_results, + hdr_ba.res.reason)); + p = NULL; + } + else + { + DEBUG(5,("bind_rpc_pipe: accepted!\n")); + } + } } if (rparam) free(rparam); diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index aa1d2d5c4f..c2cfc15a21 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2945,20 +2945,31 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, if (api_fd_commands[i].subcommand != -1) { RPC_HDR hdr; + + /* process the rpc header */ char *q = smb_io_rpc_hdr(True, &hdr, data, data, 4, 0); + /* bind request received */ if ((bind_req = ((q != NULL) && (hdr.pkt_type == RPC_BIND)))) { RPC_HDR_RB hdr_rb; + /* decode the bind request */ char *p = smb_io_rpc_hdr_rb(True, &hdr_rb, q, data, 4, 0); if ((bind_req = (p != NULL))) { RPC_HDR_BA hdr_ba; + fstring ack_pipe_name; + + /* name has to be \PIPE\xxxxx */ + strcpy(ack_pipe_name, "\\PIPE\\"); + strcat(ack_pipe_name, api_fd_commands[i].pipename); + + /* make a bind acknowledgement */ make_rpc_hdr_ba(&hdr_ba, hdr_rb.bba.max_tsize, hdr_rb.bba.max_rsize, hdr_rb.bba.assoc_gid, - api_fd_commands[i].pipename, + ack_pipe_name, 0x1, 0x0, 0x0, &(hdr_rb.transfer)); |