summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-10-01 22:00:19 +0000
committerGerald Carter <jerry@samba.org>2003-10-01 22:00:19 +0000
commite9568f8df282a8de58d077fb88b54b43023795ca (patch)
treed1b06a99b783c59f282b004ca1cdbddf05585f59 /source3/rpc_server
parentb8092fbf99d01783110566b51dfaf26d4802f403 (diff)
downloadsamba-e9568f8df282a8de58d077fb88b54b43023795ca.tar.gz
samba-e9568f8df282a8de58d077fb88b54b43023795ca.tar.bz2
samba-e9568f8df282a8de58d077fb88b54b43023795ca.zip
commit sign only patch from Andrew; bug 167; tested using 2k & XP clientspreviously joined to the Samba domain
(This used to be commit 9d2e585e5e6f9066c6901aa8d8308734f8667296)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_pipe.c30
1 files changed, 19 insertions, 11 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index d1fb587d74..96261c665f 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -254,18 +254,19 @@ BOOL create_next_pdu(pipes_struct *p)
}
if (p->netsec_auth_validated) {
+ int auth_type, auth_level;
char *data;
RPC_HDR_AUTH auth_info;
- static const uchar netsec_sig[8] = NETSEC_SIGNATURE;
- static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 };
RPC_AUTH_NETSEC_CHK verf;
prs_struct rverf;
prs_struct rauth;
data = prs_data_p(&outgoing_pdu) + data_pos;
+ /* Check it's the type of reply we were expecting to decode */
- init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL,
+ get_auth_type_level(p->netsec_auth.auth_flags, &auth_type, &auth_level);
+ init_rpc_hdr_auth(&auth_info, auth_type, auth_level,
RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
@@ -277,10 +278,8 @@ BOOL create_next_pdu(pipes_struct *p)
prs_init(&rverf, 0, p->mem_ctx, MARSHALL);
prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
- init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes, nullbytes, nullbytes);
-
netsec_encode(&p->netsec_auth,
- AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL,
+ p->netsec_auth.auth_flags,
SENDER_IS_ACCEPTOR,
&verf, data, data_len);
@@ -1337,10 +1336,19 @@ BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
return False;
}
- if ((auth_info.auth_type != NETSEC_AUTH_TYPE) ||
- (auth_info.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL)) {
- DEBUG(0,("Invalid auth info %d or level %d on schannel\n",
- auth_info.auth_type, auth_info.auth_level));
+ if (auth_info.auth_type != NETSEC_AUTH_TYPE) {
+ DEBUG(0,("Invalid auth info %d on schannel\n",
+ auth_info.auth_type));
+ return False;
+ }
+
+ if (auth_info.auth_level == RPC_PIPE_AUTH_SEAL_LEVEL) {
+ p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL;
+ } else if (auth_info.auth_level == RPC_PIPE_AUTH_SIGN_LEVEL) {
+ p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN;
+ } else {
+ DEBUG(0,("Invalid auth level %d on schannel\n",
+ auth_info.auth_level));
return False;
}
@@ -1350,7 +1358,7 @@ BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
}
if (!netsec_decode(&p->netsec_auth,
- AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL,
+ p->netsec_auth.auth_flags,
SENDER_IS_INITIATOR,
&netsec_chk,
prs_data_p(rpc_in)+old_offset, data_len)) {