sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-11-07 12:23:51 +03:00
Code Activity

r14715: Correct the definition of the DCE/RPC bind_nak, per the OpenGroup spec.

Browse Source 
This allows us to correctly parse the bind_nak from NT4, when we use
an invalid auth type (the unsupported SPNEGO)..

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2006-03-25 11:40:16 +00:00
committed by Gerald (Jerry) Carter
parent 6d57d1dbb7
commit ce0c7f86fd
3 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
source/librpc/idl/dcerpc.idl
View File

@@ -59,6 +59,8 @@ interface dcerpc
const int DCERPC_BIND_PROVIDER_REJECT = 2; const int DCERPC_BIND_PROVIDER_REJECT = 2;
const int DCERPC_BIND_REASON_ASYNTAX = 1; const int DCERPC_BIND_REASON_ASYNTAX = 1;
const int DECRPC_BIND_PROTOCOL_VERSION_NOT_SUPPORTED = 4;
const int DCERPC_BIND_REASON_INVALID_AUTH_TYPE = 8;
typedef struct { typedef struct {
uint16 result; uint16 result;
@@ -78,9 +80,18 @@ interface dcerpc
} dcerpc_bind_ack; } dcerpc_bind_ack;
typedef struct { typedef struct {
uint16 reject_reason;
uint32 num_versions; uint32 num_versions;
uint32 versions[num_versions]; uint32 versions[num_versions];
} dcerpc_bind_nak_versions;
typedef [nodiscriminant] union {
[case(DECRPC_BIND_PROTOCOL_VERSION_NOT_SUPPORTED)] dcerpc_bind_nak_versions v;
[default] ;
} dcerpc_bind_nak_versions_ctr;
typedef struct {
uint16 reject_reason;
[switch_is(reject_reason)] dcerpc_bind_nak_versions_ctr versions;
} dcerpc_bind_nak; } dcerpc_bind_nak;
const uint8 DCERPC_RESPONSE_LENGTH = 24; const uint8 DCERPC_RESPONSE_LENGTH = 24;

7
source/librpc/rpc/dcerpc.c
View File

@@ -72,6 +72,11 @@ struct dcerpc_connection *dcerpc_connection_init(TALLOC_CTX *mem_ctx,
} }
c->event_ctx = ev; c->event_ctx = ev;
if (!talloc_reference(c, ev)) {
talloc_free(c);
return NULL;
}
c->call_id = 1; c->call_id = 1;
c->security_state.auth_info = NULL; c->security_state.auth_info = NULL;
c->security_state.session_key = dcerpc_generic_session_key; c->security_state.session_key = dcerpc_generic_session_key;
@@ -478,6 +483,8 @@ static NTSTATUS dcerpc_map_reason(uint16_t reason)
switch (reason) { switch (reason) {
case DCERPC_BIND_REASON_ASYNTAX: case DCERPC_BIND_REASON_ASYNTAX:
return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX; return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX;
case DCERPC_BIND_REASON_INVALID_AUTH_TYPE:
return NT_STATUS_INVALID_PARAMETER;
} }
return NT_STATUS_UNSUCCESSFUL; return NT_STATUS_UNSUCCESSFUL;
} }

7
source/rpc_server/dcerpc_server.c
View File

@@ -433,7 +433,9 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason)
pkt.ptype = DCERPC_PKT_BIND_NAK; pkt.ptype = DCERPC_PKT_BIND_NAK;
pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
pkt.u.bind_nak.reject_reason = reason; pkt.u.bind_nak.reject_reason = reason;
pkt.u.bind_nak.num_versions = 0; if (pkt.u.bind_nak.reject_reason == DECRPC_BIND_PROTOCOL_VERSION_NOT_SUPPORTED) {
pkt.u.bind_nak.versions.v.num_versions = 0;
}
rep = talloc(call, struct data_blob_list_item); rep = talloc(call, struct data_blob_list_item);
if (!rep) { if (!rep) {
@@ -527,8 +529,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
/* handle any authentication that is being requested */ /* handle any authentication that is being requested */
if (!dcesrv_auth_bind(call)) { if (!dcesrv_auth_bind(call)) {
/* TODO: work out the right reject code */ return dcesrv_bind_nak(call, DCERPC_BIND_REASON_INVALID_AUTH_TYPE);
return dcesrv_bind_nak(call, 0);
} }
/* setup a bind_ack */ /* setup a bind_ack */