summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-01-09 11:32:12 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:08:34 -0500
commite74b3ed6f195e66cb5fa0f387cea0f59fb66711b (patch)
tree0e57da2f311045035ff0f6d63a4d016fecb3adc1 /source4/librpc
parentab9ca559269f9ef921eb3e6ec3007d2e249c6cfe (diff)
downloadsamba-e74b3ed6f195e66cb5fa0f387cea0f59fb66711b.tar.gz
samba-e74b3ed6f195e66cb5fa0f387cea0f59fb66711b.tar.bz2
samba-e74b3ed6f195e66cb5fa0f387cea0f59fb66711b.zip
r4618: - tidied up the alter_context client code a bit
- there is no alter_nak or alter_ack packet, its all done in an alter_response - auto-allocated the contex_ids - tried to fix up the dcom code to work again with alter_context. Jelmer, please take a look :) (This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/idl/dcerpc.idl20
-rw-r--r--source4/librpc/rpc/dcerpc.c35
-rw-r--r--source4/librpc/rpc/dcerpc.h3
-rw-r--r--source4/librpc/rpc/dcerpc_auth.c89
-rw-r--r--source4/librpc/rpc/dcerpc_spnego.c5
-rw-r--r--source4/librpc/rpc/dcerpc_util.c6
6 files changed, 45 insertions, 113 deletions
diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl
index d9ed119abd..d4fb026c8c 100644
--- a/source4/librpc/idl/dcerpc.idl
+++ b/source4/librpc/idl/dcerpc.idl
@@ -160,7 +160,7 @@ interface dcerpc
DCERPC_PKT_BIND_ACK = 12,
DCERPC_PKT_BIND_NAK = 13,
DCERPC_PKT_ALTER = 14,
- DCERPC_PKT_ALTER_ACK = 15,
+ DCERPC_PKT_ALTER_RESP = 15,
DCERPC_PKT_AUTH3 = 16,
DCERPC_PKT_SHUTDOWN = 17,
DCERPC_PKT_CO_CANCEL = 18,
@@ -168,15 +168,15 @@ interface dcerpc
} dcerpc_pkt_type;
typedef [nodiscriminant] union {
- [case(DCERPC_PKT_REQUEST)] dcerpc_request request;
- [case(DCERPC_PKT_RESPONSE)] dcerpc_response response;
- [case(DCERPC_PKT_BIND)] dcerpc_bind bind;
- [case(DCERPC_PKT_BIND_ACK)] dcerpc_bind_ack bind_ack;
- [case(DCERPC_PKT_ALTER)] dcerpc_bind alter;
- [case(DCERPC_PKT_ALTER_ACK)] dcerpc_bind_ack alter_ack;
- [case(DCERPC_PKT_FAULT)] dcerpc_fault fault;
- [case(DCERPC_PKT_AUTH3)] dcerpc_auth3 auth3;
- [case(DCERPC_PKT_BIND_NAK)] dcerpc_bind_nak bind_nak;
+ [case(DCERPC_PKT_REQUEST)] dcerpc_request request;
+ [case(DCERPC_PKT_RESPONSE)] dcerpc_response response;
+ [case(DCERPC_PKT_BIND)] dcerpc_bind bind;
+ [case(DCERPC_PKT_BIND_ACK)] dcerpc_bind_ack bind_ack;
+ [case(DCERPC_PKT_ALTER)] dcerpc_bind alter;
+ [case(DCERPC_PKT_ALTER_RESP)] dcerpc_bind_ack alter_resp;
+ [case(DCERPC_PKT_FAULT)] dcerpc_fault fault;
+ [case(DCERPC_PKT_AUTH3)] dcerpc_auth3 auth3;
+ [case(DCERPC_PKT_BIND_NAK)] dcerpc_bind_nak bind_nak;
} dcerpc_payload;
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index d75f6db935..e133c77d07 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -562,6 +562,18 @@ static NTSTATUS full_request(struct dcerpc_connection *c,
return state->status;
}
+/*
+ map a bind nak reason to a NTSTATUS
+*/
+static NTSTATUS dcerpc_map_reason(uint16_t reason)
+{
+ switch (reason) {
+ case DCERPC_BIND_REASON_ASYNTAX:
+ return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX;
+ }
+ return NT_STATUS_UNSUCCESSFUL;
+}
+
/*
perform a bind using the given syntax
@@ -622,7 +634,7 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p,
if (pkt.ptype == DCERPC_PKT_BIND_NAK) {
DEBUG(2,("dcerpc: bind_nak reason %d\n", pkt.u.bind_nak.reject_reason));
- return NT_STATUS_ACCESS_DENIED;
+ return dcerpc_map_reason(pkt.u.bind_nak.reject_reason);
}
if ((pkt.ptype != DCERPC_PKT_BIND_ACK) ||
@@ -1387,20 +1399,23 @@ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p,
return status;
}
- if (pkt.ptype == DCERPC_PKT_BIND_NAK) {
- DEBUG(2,("dcerpc: alter_nak reason %d\n", pkt.u.bind_nak.reject_reason));
- return NT_STATUS_ACCESS_DENIED;
+ if (pkt.ptype == DCERPC_PKT_ALTER_RESP &&
+ pkt.u.alter_resp.num_results == 1 &&
+ pkt.u.alter_resp.ctx_list[0].result != 0) {
+ DEBUG(2,("dcerpc: alter_resp failed - reason %d\n",
+ pkt.u.alter_resp.ctx_list[0].reason));
+ return dcerpc_map_reason(pkt.u.alter_resp.ctx_list[0].reason);
}
- if ((pkt.ptype != DCERPC_PKT_ALTER_ACK) ||
- pkt.u.alter_ack.num_results == 0 ||
- pkt.u.alter_ack.ctx_list[0].result != 0) {
+ if (pkt.ptype != DCERPC_PKT_ALTER_RESP ||
+ pkt.u.alter_resp.num_results == 0 ||
+ pkt.u.alter_resp.ctx_list[0].result != 0) {
return NT_STATUS_UNSUCCESSFUL;
}
- /* the alter_ack might contain a reply set of credentials */
- if (p->conn->security_state.auth_info && pkt.u.alter_ack.auth_info.length) {
- status = ndr_pull_struct_blob(&pkt.u.alter_ack.auth_info,
+ /* the alter_resp might contain a reply set of credentials */
+ if (p->conn->security_state.auth_info && pkt.u.alter_resp.auth_info.length) {
+ status = ndr_pull_struct_blob(&pkt.u.alter_resp.auth_info,
mem_ctx,
p->conn->security_state.auth_info,
(ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 00f1fb6488..f5ed637d0b 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -76,6 +76,9 @@ struct dcerpc_connection {
/* private pointer for pending full requests */
void *full_request_private;
+
+ /* the next context_id to be assigned */
+ uint32_t next_context_id;
};
/*
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 9d43218e4b..4ff8fe549e 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -123,92 +123,3 @@ done:
return status;
}
-
-#warning "bind_alter not implemented"
-#if 0
-NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level,
- const char *uuid, uint_t version)
-{
- NTSTATUS status;
- TALLOC_CTX *mem_ctx;
- DATA_BLOB credentials;
- DATA_BLOB null_data_blob = data_blob(NULL, 0);
-
- mem_ctx = talloc_init("dcerpc_bind_auth");
- if (!mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!p->conn->security_state.generic_state) {
- status = gensec_client_start(p, &p->conn->security_state.generic_state);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state,
- auth_type, auth_level);
-
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- }
-
- p->conn->security_state.auth_info = talloc_p(p, struct dcerpc_auth);
- if (!p->conn->security_state.auth_info) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- p->conn->security_state.auth_info->auth_type = auth_type;
- p->conn->security_state.auth_info->auth_level = auth_level;
- p->conn->security_state.auth_info->auth_pad_length = 0;
- p->conn->security_state.auth_info->auth_reserved = 0;
- p->conn->security_state.auth_info->auth_context_id = random();
- p->conn->security_state.auth_info->credentials = null_data_blob;
-
- status = gensec_update(p->conn->security_state.generic_state, mem_ctx,
- null_data_blob,
- &credentials);
-
- if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- goto done;
- }
-
- p->conn->security_state.auth_info->credentials = credentials;
-
- status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- while(1) {
- status = gensec_update(p->conn->security_state.generic_state, mem_ctx,
- p->conn->security_state.auth_info->credentials,
- &credentials);
-
- if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- goto done;
- }
-
- p->conn->security_state.auth_info->credentials = credentials;
-
- status = dcerpc_alter(p, mem_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
- }
-
-done:
- talloc_destroy(mem_ctx);
-
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(p->conn->security_state.generic_state);
- ZERO_STRUCT(p->conn->security_state);
- } else {
- /* Authenticated connections use the generic session key */
- p->conn->security_state.session_key = dcerpc_generic_session_key;
- }
-
- return status;
-}
-#endif
diff --git a/source4/librpc/rpc/dcerpc_spnego.c b/source4/librpc/rpc/dcerpc_spnego.c
index cab8865d6b..f67dd2c7cb 100644
--- a/source4/librpc/rpc/dcerpc_spnego.c
+++ b/source4/librpc/rpc/dcerpc_spnego.c
@@ -24,9 +24,12 @@
#include "includes.h"
-#warning "this needs dcerpc_alter"
#if 0
/*
+ metze, can you tell me what you're trying to do with this?
+*/
+
+/*
do spnego style authentication on a gensec pipe
*/
NTSTATUS dcerpc_bind_auth_spnego(struct dcerpc_pipe *p,
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 702a1f6ecf..305c1c7725 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -1272,8 +1272,8 @@ void dcerpc_log_packet(const struct dcerpc_interface_table *ndr,
this uses dcerpc_alter_context() to create a new dcerpc context_id
*/
-NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, struct dcerpc_pipe **pp2,
- uint32_t context_id,
+NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p,
+ struct dcerpc_pipe **pp2,
const char *pipe_uuid,
uint32_t pipe_version)
{
@@ -1286,7 +1286,7 @@ NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, struct dcerpc_pipe **pp
}
p2->conn = talloc_reference(p2, p->conn);
- p2->context_id = context_id;
+ p2->context_id = ++p->conn->next_context_id;
status = GUID_from_string(pipe_uuid, &p2->syntax.uuid);
if (!NT_STATUS_IS_OK(status)) {