diff options
| author | Gerald Carter <jerry@samba.org> | 2003-10-01 22:00:19 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-10-01 22:00:19 +0000 |
| commit | e9568f8df282a8de58d077fb88b54b43023795ca (patch) | |
| tree | d1b06a99b783c59f282b004ca1cdbddf05585f59 /source3/rpc_server | |
| parent | b8092fbf99d01783110566b51dfaf26d4802f403 (diff) | |
| download | samba-e9568f8df282a8de58d077fb88b54b43023795ca.tar.gz samba-e9568f8df282a8de58d077fb88b54b43023795ca.tar.bz2 samba-e9568f8df282a8de58d077fb88b54b43023795ca.zip | |
commit sign only patch from Andrew; bug 167; tested using 2k & XP clientspreviously joined to the Samba domain
(This used to be commit 9d2e585e5e6f9066c6901aa8d8308734f8667296)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index d1fb587d74..96261c665f 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -254,18 +254,19 @@ BOOL create_next_pdu(pipes_struct *p) } if (p->netsec_auth_validated) { + int auth_type, auth_level; char *data; RPC_HDR_AUTH auth_info; - static const uchar netsec_sig[8] = NETSEC_SIGNATURE; - static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 }; RPC_AUTH_NETSEC_CHK verf; prs_struct rverf; prs_struct rauth; data = prs_data_p(&outgoing_pdu) + data_pos; + /* Check it's the type of reply we were expecting to decode */ - init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL, + get_auth_type_level(p->netsec_auth.auth_flags, &auth_type, &auth_level); + init_rpc_hdr_auth(&auth_info, auth_type, auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) { @@ -277,10 +278,8 @@ BOOL create_next_pdu(pipes_struct *p) prs_init(&rverf, 0, p->mem_ctx, MARSHALL); prs_init(&rauth, 0, p->mem_ctx, MARSHALL); - init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes, nullbytes, nullbytes); - netsec_encode(&p->netsec_auth, - AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL, + p->netsec_auth.auth_flags, SENDER_IS_ACCEPTOR, &verf, data, data_len); @@ -1337,10 +1336,19 @@ BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in) return False; } - if ((auth_info.auth_type != NETSEC_AUTH_TYPE) || - (auth_info.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL)) { - DEBUG(0,("Invalid auth info %d or level %d on schannel\n", - auth_info.auth_type, auth_info.auth_level)); + if (auth_info.auth_type != NETSEC_AUTH_TYPE) { + DEBUG(0,("Invalid auth info %d on schannel\n", + auth_info.auth_type)); + return False; + } + + if (auth_info.auth_level == RPC_PIPE_AUTH_SEAL_LEVEL) { + p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL; + } else if (auth_info.auth_level == RPC_PIPE_AUTH_SIGN_LEVEL) { + p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN; + } else { + DEBUG(0,("Invalid auth level %d on schannel\n", + auth_info.auth_level)); return False; } @@ -1350,7 +1358,7 @@ BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in) } if (!netsec_decode(&p->netsec_auth, - AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL, + p->netsec_auth.auth_flags, SENDER_IS_INITIATOR, &netsec_chk, prs_data_p(rpc_in)+old_offset, data_len)) { |