diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-01-09 11:32:12 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:08:34 -0500 |
commit | e74b3ed6f195e66cb5fa0f387cea0f59fb66711b (patch) | |
tree | 0e57da2f311045035ff0f6d63a4d016fecb3adc1 /source4/librpc | |
parent | ab9ca559269f9ef921eb3e6ec3007d2e249c6cfe (diff) | |
download | samba-e74b3ed6f195e66cb5fa0f387cea0f59fb66711b.tar.gz samba-e74b3ed6f195e66cb5fa0f387cea0f59fb66711b.tar.bz2 samba-e74b3ed6f195e66cb5fa0f387cea0f59fb66711b.zip |
r4618: - tidied up the alter_context client code a bit
- there is no alter_nak or alter_ack packet, its all done in an
alter_response
- auto-allocated the contex_ids
- tried to fix up the dcom code to work again with
alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/idl/dcerpc.idl | 20 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.c | 35 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 3 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 89 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_spnego.c | 5 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 6 |
6 files changed, 45 insertions, 113 deletions
diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl index d9ed119abd..d4fb026c8c 100644 --- a/source4/librpc/idl/dcerpc.idl +++ b/source4/librpc/idl/dcerpc.idl @@ -160,7 +160,7 @@ interface dcerpc DCERPC_PKT_BIND_ACK = 12, DCERPC_PKT_BIND_NAK = 13, DCERPC_PKT_ALTER = 14, - DCERPC_PKT_ALTER_ACK = 15, + DCERPC_PKT_ALTER_RESP = 15, DCERPC_PKT_AUTH3 = 16, DCERPC_PKT_SHUTDOWN = 17, DCERPC_PKT_CO_CANCEL = 18, @@ -168,15 +168,15 @@ interface dcerpc } dcerpc_pkt_type; typedef [nodiscriminant] union { - [case(DCERPC_PKT_REQUEST)] dcerpc_request request; - [case(DCERPC_PKT_RESPONSE)] dcerpc_response response; - [case(DCERPC_PKT_BIND)] dcerpc_bind bind; - [case(DCERPC_PKT_BIND_ACK)] dcerpc_bind_ack bind_ack; - [case(DCERPC_PKT_ALTER)] dcerpc_bind alter; - [case(DCERPC_PKT_ALTER_ACK)] dcerpc_bind_ack alter_ack; - [case(DCERPC_PKT_FAULT)] dcerpc_fault fault; - [case(DCERPC_PKT_AUTH3)] dcerpc_auth3 auth3; - [case(DCERPC_PKT_BIND_NAK)] dcerpc_bind_nak bind_nak; + [case(DCERPC_PKT_REQUEST)] dcerpc_request request; + [case(DCERPC_PKT_RESPONSE)] dcerpc_response response; + [case(DCERPC_PKT_BIND)] dcerpc_bind bind; + [case(DCERPC_PKT_BIND_ACK)] dcerpc_bind_ack bind_ack; + [case(DCERPC_PKT_ALTER)] dcerpc_bind alter; + [case(DCERPC_PKT_ALTER_RESP)] dcerpc_bind_ack alter_resp; + [case(DCERPC_PKT_FAULT)] dcerpc_fault fault; + [case(DCERPC_PKT_AUTH3)] dcerpc_auth3 auth3; + [case(DCERPC_PKT_BIND_NAK)] dcerpc_bind_nak bind_nak; } dcerpc_payload; diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index d75f6db935..e133c77d07 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -562,6 +562,18 @@ static NTSTATUS full_request(struct dcerpc_connection *c, return state->status; } +/* + map a bind nak reason to a NTSTATUS +*/ +static NTSTATUS dcerpc_map_reason(uint16_t reason) +{ + switch (reason) { + case DCERPC_BIND_REASON_ASYNTAX: + return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX; + } + return NT_STATUS_UNSUCCESSFUL; +} + /* perform a bind using the given syntax @@ -622,7 +634,7 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p, if (pkt.ptype == DCERPC_PKT_BIND_NAK) { DEBUG(2,("dcerpc: bind_nak reason %d\n", pkt.u.bind_nak.reject_reason)); - return NT_STATUS_ACCESS_DENIED; + return dcerpc_map_reason(pkt.u.bind_nak.reject_reason); } if ((pkt.ptype != DCERPC_PKT_BIND_ACK) || @@ -1387,20 +1399,23 @@ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p, return status; } - if (pkt.ptype == DCERPC_PKT_BIND_NAK) { - DEBUG(2,("dcerpc: alter_nak reason %d\n", pkt.u.bind_nak.reject_reason)); - return NT_STATUS_ACCESS_DENIED; + if (pkt.ptype == DCERPC_PKT_ALTER_RESP && + pkt.u.alter_resp.num_results == 1 && + pkt.u.alter_resp.ctx_list[0].result != 0) { + DEBUG(2,("dcerpc: alter_resp failed - reason %d\n", + pkt.u.alter_resp.ctx_list[0].reason)); + return dcerpc_map_reason(pkt.u.alter_resp.ctx_list[0].reason); } - if ((pkt.ptype != DCERPC_PKT_ALTER_ACK) || - pkt.u.alter_ack.num_results == 0 || - pkt.u.alter_ack.ctx_list[0].result != 0) { + if (pkt.ptype != DCERPC_PKT_ALTER_RESP || + pkt.u.alter_resp.num_results == 0 || + pkt.u.alter_resp.ctx_list[0].result != 0) { return NT_STATUS_UNSUCCESSFUL; } - /* the alter_ack might contain a reply set of credentials */ - if (p->conn->security_state.auth_info && pkt.u.alter_ack.auth_info.length) { - status = ndr_pull_struct_blob(&pkt.u.alter_ack.auth_info, + /* the alter_resp might contain a reply set of credentials */ + if (p->conn->security_state.auth_info && pkt.u.alter_resp.auth_info.length) { + status = ndr_pull_struct_blob(&pkt.u.alter_resp.auth_info, mem_ctx, p->conn->security_state.auth_info, (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth); diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 00f1fb6488..f5ed637d0b 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -76,6 +76,9 @@ struct dcerpc_connection { /* private pointer for pending full requests */ void *full_request_private; + + /* the next context_id to be assigned */ + uint32_t next_context_id; }; /* diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 9d43218e4b..4ff8fe549e 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -123,92 +123,3 @@ done: return status; } - -#warning "bind_alter not implemented" -#if 0 -NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level, - const char *uuid, uint_t version) -{ - NTSTATUS status; - TALLOC_CTX *mem_ctx; - DATA_BLOB credentials; - DATA_BLOB null_data_blob = data_blob(NULL, 0); - - mem_ctx = talloc_init("dcerpc_bind_auth"); - if (!mem_ctx) { - return NT_STATUS_NO_MEMORY; - } - - if (!p->conn->security_state.generic_state) { - status = gensec_client_start(p, &p->conn->security_state.generic_state); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state, - auth_type, auth_level); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } - - p->conn->security_state.auth_info = talloc_p(p, struct dcerpc_auth); - if (!p->conn->security_state.auth_info) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - p->conn->security_state.auth_info->auth_type = auth_type; - p->conn->security_state.auth_info->auth_level = auth_level; - p->conn->security_state.auth_info->auth_pad_length = 0; - p->conn->security_state.auth_info->auth_reserved = 0; - p->conn->security_state.auth_info->auth_context_id = random(); - p->conn->security_state.auth_info->credentials = null_data_blob; - - status = gensec_update(p->conn->security_state.generic_state, mem_ctx, - null_data_blob, - &credentials); - - if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - goto done; - } - - p->conn->security_state.auth_info->credentials = credentials; - - status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - while(1) { - status = gensec_update(p->conn->security_state.generic_state, mem_ctx, - p->conn->security_state.auth_info->credentials, - &credentials); - - if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - goto done; - } - - p->conn->security_state.auth_info->credentials = credentials; - - status = dcerpc_alter(p, mem_ctx); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - } - -done: - talloc_destroy(mem_ctx); - - if (!NT_STATUS_IS_OK(status)) { - talloc_free(p->conn->security_state.generic_state); - ZERO_STRUCT(p->conn->security_state); - } else { - /* Authenticated connections use the generic session key */ - p->conn->security_state.session_key = dcerpc_generic_session_key; - } - - return status; -} -#endif diff --git a/source4/librpc/rpc/dcerpc_spnego.c b/source4/librpc/rpc/dcerpc_spnego.c index cab8865d6b..f67dd2c7cb 100644 --- a/source4/librpc/rpc/dcerpc_spnego.c +++ b/source4/librpc/rpc/dcerpc_spnego.c @@ -24,9 +24,12 @@ #include "includes.h" -#warning "this needs dcerpc_alter" #if 0 /* + metze, can you tell me what you're trying to do with this? +*/ + +/* do spnego style authentication on a gensec pipe */ NTSTATUS dcerpc_bind_auth_spnego(struct dcerpc_pipe *p, diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 702a1f6ecf..305c1c7725 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -1272,8 +1272,8 @@ void dcerpc_log_packet(const struct dcerpc_interface_table *ndr, this uses dcerpc_alter_context() to create a new dcerpc context_id */ -NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, struct dcerpc_pipe **pp2, - uint32_t context_id, +NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, + struct dcerpc_pipe **pp2, const char *pipe_uuid, uint32_t pipe_version) { @@ -1286,7 +1286,7 @@ NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, struct dcerpc_pipe **pp } p2->conn = talloc_reference(p2, p->conn); - p2->context_id = context_id; + p2->context_id = ++p->conn->next_context_id; status = GUID_from_string(pipe_uuid, &p2->syntax.uuid); if (!NT_STATUS_IS_OK(status)) { |