From e74b3ed6f195e66cb5fa0f387cea0f59fb66711b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 9 Jan 2005 11:32:12 +0000 Subject: r4618: - tidied up the alter_context client code a bit - there is no alter_nak or alter_ack packet, its all done in an alter_response - auto-allocated the contex_ids - tried to fix up the dcom code to work again with alter_context. Jelmer, please take a look :) (This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c) --- source4/librpc/rpc/dcerpc.c | 35 ++++++++++----- source4/librpc/rpc/dcerpc.h | 3 ++ source4/librpc/rpc/dcerpc_auth.c | 89 -------------------------------------- source4/librpc/rpc/dcerpc_spnego.c | 5 ++- source4/librpc/rpc/dcerpc_util.c | 6 +-- 5 files changed, 35 insertions(+), 103 deletions(-) (limited to 'source4/librpc/rpc') diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index d75f6db935..e133c77d07 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -562,6 +562,18 @@ static NTSTATUS full_request(struct dcerpc_connection *c, return state->status; } +/* + map a bind nak reason to a NTSTATUS +*/ +static NTSTATUS dcerpc_map_reason(uint16_t reason) +{ + switch (reason) { + case DCERPC_BIND_REASON_ASYNTAX: + return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX; + } + return NT_STATUS_UNSUCCESSFUL; +} + /* perform a bind using the given syntax @@ -622,7 +634,7 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p, if (pkt.ptype == DCERPC_PKT_BIND_NAK) { DEBUG(2,("dcerpc: bind_nak reason %d\n", pkt.u.bind_nak.reject_reason)); - return NT_STATUS_ACCESS_DENIED; + return dcerpc_map_reason(pkt.u.bind_nak.reject_reason); } if ((pkt.ptype != DCERPC_PKT_BIND_ACK) || @@ -1387,20 +1399,23 @@ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p, return status; } - if (pkt.ptype == DCERPC_PKT_BIND_NAK) { - DEBUG(2,("dcerpc: alter_nak reason %d\n", pkt.u.bind_nak.reject_reason)); - return NT_STATUS_ACCESS_DENIED; + if (pkt.ptype == DCERPC_PKT_ALTER_RESP && + pkt.u.alter_resp.num_results == 1 && + pkt.u.alter_resp.ctx_list[0].result != 0) { + DEBUG(2,("dcerpc: alter_resp failed - reason %d\n", + pkt.u.alter_resp.ctx_list[0].reason)); + return dcerpc_map_reason(pkt.u.alter_resp.ctx_list[0].reason); } - if ((pkt.ptype != DCERPC_PKT_ALTER_ACK) || - pkt.u.alter_ack.num_results == 0 || - pkt.u.alter_ack.ctx_list[0].result != 0) { + if (pkt.ptype != DCERPC_PKT_ALTER_RESP || + pkt.u.alter_resp.num_results == 0 || + pkt.u.alter_resp.ctx_list[0].result != 0) { return NT_STATUS_UNSUCCESSFUL; } - /* the alter_ack might contain a reply set of credentials */ - if (p->conn->security_state.auth_info && pkt.u.alter_ack.auth_info.length) { - status = ndr_pull_struct_blob(&pkt.u.alter_ack.auth_info, + /* the alter_resp might contain a reply set of credentials */ + if (p->conn->security_state.auth_info && pkt.u.alter_resp.auth_info.length) { + status = ndr_pull_struct_blob(&pkt.u.alter_resp.auth_info, mem_ctx, p->conn->security_state.auth_info, (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth); diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 00f1fb6488..f5ed637d0b 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -76,6 +76,9 @@ struct dcerpc_connection { /* private pointer for pending full requests */ void *full_request_private; + + /* the next context_id to be assigned */ + uint32_t next_context_id; }; /* diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 9d43218e4b..4ff8fe549e 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -123,92 +123,3 @@ done: return status; } - -#warning "bind_alter not implemented" -#if 0 -NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level, - const char *uuid, uint_t version) -{ - NTSTATUS status; - TALLOC_CTX *mem_ctx; - DATA_BLOB credentials; - DATA_BLOB null_data_blob = data_blob(NULL, 0); - - mem_ctx = talloc_init("dcerpc_bind_auth"); - if (!mem_ctx) { - return NT_STATUS_NO_MEMORY; - } - - if (!p->conn->security_state.generic_state) { - status = gensec_client_start(p, &p->conn->security_state.generic_state); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state, - auth_type, auth_level); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } - - p->conn->security_state.auth_info = talloc_p(p, struct dcerpc_auth); - if (!p->conn->security_state.auth_info) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - p->conn->security_state.auth_info->auth_type = auth_type; - p->conn->security_state.auth_info->auth_level = auth_level; - p->conn->security_state.auth_info->auth_pad_length = 0; - p->conn->security_state.auth_info->auth_reserved = 0; - p->conn->security_state.auth_info->auth_context_id = random(); - p->conn->security_state.auth_info->credentials = null_data_blob; - - status = gensec_update(p->conn->security_state.generic_state, mem_ctx, - null_data_blob, - &credentials); - - if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - goto done; - } - - p->conn->security_state.auth_info->credentials = credentials; - - status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - while(1) { - status = gensec_update(p->conn->security_state.generic_state, mem_ctx, - p->conn->security_state.auth_info->credentials, - &credentials); - - if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - goto done; - } - - p->conn->security_state.auth_info->credentials = credentials; - - status = dcerpc_alter(p, mem_ctx); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - } - -done: - talloc_destroy(mem_ctx); - - if (!NT_STATUS_IS_OK(status)) { - talloc_free(p->conn->security_state.generic_state); - ZERO_STRUCT(p->conn->security_state); - } else { - /* Authenticated connections use the generic session key */ - p->conn->security_state.session_key = dcerpc_generic_session_key; - } - - return status; -} -#endif diff --git a/source4/librpc/rpc/dcerpc_spnego.c b/source4/librpc/rpc/dcerpc_spnego.c index cab8865d6b..f67dd2c7cb 100644 --- a/source4/librpc/rpc/dcerpc_spnego.c +++ b/source4/librpc/rpc/dcerpc_spnego.c @@ -24,8 +24,11 @@ #include "includes.h" -#warning "this needs dcerpc_alter" #if 0 +/* + metze, can you tell me what you're trying to do with this? +*/ + /* do spnego style authentication on a gensec pipe */ diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 702a1f6ecf..305c1c7725 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -1272,8 +1272,8 @@ void dcerpc_log_packet(const struct dcerpc_interface_table *ndr, this uses dcerpc_alter_context() to create a new dcerpc context_id */ -NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, struct dcerpc_pipe **pp2, - uint32_t context_id, +NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, + struct dcerpc_pipe **pp2, const char *pipe_uuid, uint32_t pipe_version) { @@ -1286,7 +1286,7 @@ NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, struct dcerpc_pipe **pp } p2->conn = talloc_reference(p2, p->conn); - p2->context_id = context_id; + p2->context_id = ++p->conn->next_context_id; status = GUID_from_string(pipe_uuid, &p2->syntax.uuid); if (!NT_STATUS_IS_OK(status)) { -- cgit