mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
r5603: add "authservice()" property to the interface property list
so we can specify allowed target service names in the idl file
the default is "host"
metze
(This used to be commit bf40d5321f
)
This commit is contained in:
parent
70f7c56168
commit
4a3ca96fb4
@ -2008,18 +2008,40 @@ sub FunctionTable($)
|
||||
pidl "";
|
||||
|
||||
pidl "static const struct dcerpc_endpoint_list $interface->{NAME}\_endpoints = {";
|
||||
pidl "\t$endpoint_count, $interface->{NAME}\_endpoint_strings";
|
||||
pidl "\t.count\t= $endpoint_count,";
|
||||
pidl "\t.names\t= $interface->{NAME}\_endpoint_strings";
|
||||
pidl "};";
|
||||
pidl "";
|
||||
|
||||
if (! defined $interface->{PROPERTIES}->{authservice}) {
|
||||
$interface->{PROPERTIES}->{authservice} = "\"host\"";
|
||||
}
|
||||
|
||||
my @a = split / /, $interface->{PROPERTIES}->{authservice};
|
||||
my $authservice_count = $#a + 1;
|
||||
|
||||
pidl "static const char * const $interface->{NAME}\_authservice_strings[] = {";
|
||||
foreach my $ap (@a) {
|
||||
pidl "\t$ap, ";
|
||||
}
|
||||
pidl "};";
|
||||
pidl "";
|
||||
|
||||
pidl "static const struct dcerpc_authservice_list $interface->{NAME}\_authservices = {";
|
||||
pidl "\t.count\t= $endpoint_count,";
|
||||
pidl "\t.names\t= $interface->{NAME}\_authservice_strings";
|
||||
pidl "};";
|
||||
pidl "";
|
||||
|
||||
pidl "\nconst struct dcerpc_interface_table dcerpc_table_$interface->{NAME} = {";
|
||||
pidl "\t\"$interface->{NAME}\",";
|
||||
pidl "\tDCERPC_$uname\_UUID,";
|
||||
pidl "\tDCERPC_$uname\_VERSION,";
|
||||
pidl "\tDCERPC_$uname\_HELPSTRING,";
|
||||
pidl "\t$count,";
|
||||
pidl "\t$interface->{NAME}\_calls,";
|
||||
pidl "\t&$interface->{NAME}\_endpoints";
|
||||
pidl "\t.name\t\t= \"$interface->{NAME}\",";
|
||||
pidl "\t.uuid\t\t= DCERPC_$uname\_UUID,";
|
||||
pidl "\t.if_version\t= DCERPC_$uname\_VERSION,";
|
||||
pidl "\t.helpstring\t= DCERPC_$uname\_HELPSTRING,";
|
||||
pidl "\t.num_calls\t= $count,";
|
||||
pidl "\t.calls\t\t= $interface->{NAME}\_calls,";
|
||||
pidl "\t.endpoints\t= &$interface->{NAME}\_endpoints,";
|
||||
pidl "\t.authservices\t= &$interface->{NAME}\_authservices";
|
||||
pidl "};";
|
||||
pidl "";
|
||||
|
||||
|
@ -153,6 +153,11 @@ struct dcerpc_endpoint_list {
|
||||
const char * const *names;
|
||||
};
|
||||
|
||||
struct dcerpc_authservice_list {
|
||||
uint32_t count;
|
||||
const char * const *names;
|
||||
};
|
||||
|
||||
struct dcerpc_interface_table {
|
||||
const char *name;
|
||||
const char *uuid;
|
||||
@ -161,6 +166,7 @@ struct dcerpc_interface_table {
|
||||
uint32_t num_calls;
|
||||
const struct dcerpc_interface_call *calls;
|
||||
const struct dcerpc_endpoint_list *endpoints;
|
||||
const struct dcerpc_authservice_list *authservices;
|
||||
};
|
||||
|
||||
struct dcerpc_interface_list {
|
||||
@ -175,6 +181,7 @@ struct dcerpc_binding {
|
||||
uint16_t object_version;
|
||||
const char *host;
|
||||
const char *endpoint;
|
||||
const char *authservice;
|
||||
const char **options;
|
||||
uint32_t flags;
|
||||
};
|
||||
|
@ -146,7 +146,8 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p,
|
||||
const char *domain,
|
||||
const char *username,
|
||||
const char *password,
|
||||
uint8_t auth_type)
|
||||
uint8_t auth_type,
|
||||
const char *service)
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
@ -189,6 +190,15 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p,
|
||||
return status;
|
||||
}
|
||||
|
||||
if (service) {
|
||||
status = gensec_set_target_service(p->conn->security_state.generic_state, service);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start set GENSEC target service: %s\n",
|
||||
nt_errstr(status)));
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state,
|
||||
auth_type,
|
||||
dcerpc_auth_level(p->conn));
|
||||
|
@ -789,13 +789,15 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
|
||||
|
||||
if (table) {
|
||||
struct dcerpc_binding default_binding;
|
||||
|
||||
|
||||
binding->authservice = talloc_strdup(mem_ctx, table->authservices->names[0]);
|
||||
|
||||
/* Find one of the default pipes for this interface */
|
||||
for (i = 0; i < table->endpoints->count; i++) {
|
||||
status = dcerpc_parse_binding(mem_ctx, table->endpoints->names[i], &default_binding);
|
||||
|
||||
if (NT_STATUS_IS_OK(status) && default_binding.transport == binding->transport && default_binding.endpoint) {
|
||||
binding->endpoint = talloc_strdup(mem_ctx, default_binding.endpoint);
|
||||
binding->endpoint = talloc_strdup(mem_ctx, default_binding.endpoint);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
}
|
||||
@ -808,6 +810,7 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
|
||||
epmapper_binding.options = NULL;
|
||||
epmapper_binding.flags = 0;
|
||||
epmapper_binding.endpoint = NULL;
|
||||
epmapper_binding.authservice = NULL;
|
||||
|
||||
status = dcerpc_pipe_connect_b(&p,
|
||||
&epmapper_binding,
|
||||
@ -903,8 +906,9 @@ static NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
|
||||
|
||||
status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version,
|
||||
domain, username, password,
|
||||
auth_type);
|
||||
} else {
|
||||
auth_type,
|
||||
binding->authservice);
|
||||
} else {
|
||||
status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version);
|
||||
}
|
||||
|
||||
|
@ -53,7 +53,7 @@ BOOL torture_multi_bind(void)
|
||||
|
||||
status = dcerpc_parse_binding(mem_ctx, binding_string, &b);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0,("Failed to parse dcerpc binding '%s'\n", binding_string));
|
||||
printf("Failed to parse dcerpc binding '%s'\n", binding_string);
|
||||
talloc_free(mem_ctx);
|
||||
return False;
|
||||
}
|
||||
@ -82,21 +82,21 @@ BOOL torture_multi_bind(void)
|
||||
|
||||
status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version,
|
||||
domain, username, password,
|
||||
auth_type);
|
||||
} else {
|
||||
auth_type,
|
||||
binding->authservice);
|
||||
} else {
|
||||
status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version);
|
||||
}
|
||||
|
||||
if (NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0,("(incorrectly) allowed re-bind to uuid %s - %s\n",
|
||||
pipe_uuid, nt_errstr(status)));
|
||||
printf("(incorrectly) allowed re-bind to uuid %s - %s\n",
|
||||
pipe_uuid, nt_errstr(status));
|
||||
ret = False;
|
||||
} else {
|
||||
printf("\n");
|
||||
ret = True;
|
||||
}
|
||||
|
||||
printf("\n");
|
||||
|
||||
talloc_free(mem_ctx);
|
||||
torture_rpc_close(p);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user