mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
librpc/rpc: add support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
You can trigger it like this: ncacn_ip_tcp:172.31.9.234[sign,hdrsign] or ncacn_ip_tcp:172.31.9.234[seal,hdrsign] metze
This commit is contained in:
parent
60b3523da4
commit
54f1fca582
@ -83,7 +83,8 @@ static const struct {
|
||||
{"print", DCERPC_DEBUG_PRINT_BOTH},
|
||||
{"padcheck", DCERPC_DEBUG_PAD_CHECK},
|
||||
{"bigendian", DCERPC_PUSH_BIGENDIAN},
|
||||
{"smb2", DCERPC_SMB2}
|
||||
{"smb2", DCERPC_SMB2},
|
||||
{"hdrsign", DCERPC_HEADER_SIGNING}
|
||||
};
|
||||
|
||||
const char *epm_floor_string(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor)
|
||||
|
@ -658,6 +658,16 @@ static void dcerpc_bind_recv_handler(struct rpc_request *req,
|
||||
conn->srv_max_xmit_frag = pkt->u.bind_ack.max_xmit_frag;
|
||||
conn->srv_max_recv_frag = pkt->u.bind_ack.max_recv_frag;
|
||||
|
||||
if ((req->p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) &&
|
||||
(pkt->pfc_flags & DCERPC_PFC_FLAG_CONC_MPX)) {
|
||||
conn->flags |= DCERPC_CONCURRENT_MULTIPLEX;
|
||||
}
|
||||
|
||||
if ((req->p->binding->flags & DCERPC_HEADER_SIGNING) &&
|
||||
(pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)) {
|
||||
conn->flags |= DCERPC_HEADER_SIGNING;
|
||||
}
|
||||
|
||||
/* the bind_ack might contain a reply set of credentials */
|
||||
if (conn->security_state.auth_info &&
|
||||
pkt->u.bind_ack.auth_info.length) {
|
||||
@ -731,6 +741,10 @@ struct composite_context *dcerpc_bind_send(struct dcerpc_pipe *p,
|
||||
pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
|
||||
}
|
||||
|
||||
if (p->binding->flags & DCERPC_HEADER_SIGNING) {
|
||||
pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
|
||||
}
|
||||
|
||||
pkt.u.bind.max_xmit_frag = 5840;
|
||||
pkt.u.bind.max_recv_frag = 5840;
|
||||
pkt.u.bind.assoc_group_id = p->binding->assoc_group_id;
|
||||
@ -806,6 +820,14 @@ NTSTATUS dcerpc_auth3(struct dcerpc_pipe *p,
|
||||
pkt.u.auth3._pad = 0;
|
||||
pkt.u.auth3.auth_info = data_blob(NULL, 0);
|
||||
|
||||
if (p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) {
|
||||
pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
|
||||
}
|
||||
|
||||
if (p->binding->flags & DCERPC_HEADER_SIGNING) {
|
||||
pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
|
||||
}
|
||||
|
||||
/* construct the NDR form of the packet */
|
||||
status = ncacn_push_auth(&blob, mem_ctx,
|
||||
p->conn->iconv_convenience,
|
||||
@ -1630,6 +1652,10 @@ struct composite_context *dcerpc_alter_context_send(struct dcerpc_pipe *p,
|
||||
pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
|
||||
}
|
||||
|
||||
if (p->binding->flags & DCERPC_HEADER_SIGNING) {
|
||||
pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
|
||||
}
|
||||
|
||||
pkt.u.alter.max_xmit_frag = 5840;
|
||||
pkt.u.alter.max_recv_frag = 5840;
|
||||
pkt.u.alter.assoc_group_id = p->binding->assoc_group_id;
|
||||
|
@ -163,6 +163,9 @@ struct dcerpc_pipe {
|
||||
/* this triggers the DCERPC_PFC_FLAG_CONC_MPX flag in the bind request */
|
||||
#define DCERPC_CONCURRENT_MULTIPLEX (1<<19)
|
||||
|
||||
/* this triggers the DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN flag in the bind request */
|
||||
#define DCERPC_HEADER_SIGNING (1<<20)
|
||||
|
||||
/* this describes a binding to a particular transport/pipe */
|
||||
struct dcerpc_binding {
|
||||
enum dcerpc_transport_t transport;
|
||||
|
@ -137,6 +137,10 @@ static void bind_auth_next_step(struct composite_context *c)
|
||||
|
||||
if (!composite_is_ok(c)) return;
|
||||
|
||||
if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) {
|
||||
gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER);
|
||||
}
|
||||
|
||||
if (state->credentials.length == 0) {
|
||||
composite_done(c);
|
||||
return;
|
||||
|
Loading…
Reference in New Issue
Block a user