mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
r14715: Correct the definition of the DCE/RPC bind_nak, per the OpenGroup spec.
This allows us to correctly parse the bind_nak from NT4, when we use an invalid auth type (the unsupported SPNEGO).. Andrew Bartlett (This used to be commit ce0c7f86fd5eeeacad885d732b66c65ac9103ace)
This commit is contained in:
parent
57589e3b67
commit
ff57359761
@ -59,6 +59,8 @@ interface dcerpc
|
||||
|
||||
const int DCERPC_BIND_PROVIDER_REJECT = 2;
|
||||
const int DCERPC_BIND_REASON_ASYNTAX = 1;
|
||||
const int DECRPC_BIND_PROTOCOL_VERSION_NOT_SUPPORTED = 4;
|
||||
const int DCERPC_BIND_REASON_INVALID_AUTH_TYPE = 8;
|
||||
|
||||
typedef struct {
|
||||
uint16 result;
|
||||
@ -78,9 +80,18 @@ interface dcerpc
|
||||
} dcerpc_bind_ack;
|
||||
|
||||
typedef struct {
|
||||
uint16 reject_reason;
|
||||
uint32 num_versions;
|
||||
uint32 versions[num_versions];
|
||||
} dcerpc_bind_nak_versions;
|
||||
|
||||
typedef [nodiscriminant] union {
|
||||
[case(DECRPC_BIND_PROTOCOL_VERSION_NOT_SUPPORTED)] dcerpc_bind_nak_versions v;
|
||||
[default] ;
|
||||
} dcerpc_bind_nak_versions_ctr;
|
||||
|
||||
typedef struct {
|
||||
uint16 reject_reason;
|
||||
[switch_is(reject_reason)] dcerpc_bind_nak_versions_ctr versions;
|
||||
} dcerpc_bind_nak;
|
||||
|
||||
const uint8 DCERPC_RESPONSE_LENGTH = 24;
|
||||
|
@ -72,6 +72,11 @@ struct dcerpc_connection *dcerpc_connection_init(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
c->event_ctx = ev;
|
||||
|
||||
if (!talloc_reference(c, ev)) {
|
||||
talloc_free(c);
|
||||
return NULL;
|
||||
}
|
||||
c->call_id = 1;
|
||||
c->security_state.auth_info = NULL;
|
||||
c->security_state.session_key = dcerpc_generic_session_key;
|
||||
@ -478,6 +483,8 @@ static NTSTATUS dcerpc_map_reason(uint16_t reason)
|
||||
switch (reason) {
|
||||
case DCERPC_BIND_REASON_ASYNTAX:
|
||||
return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX;
|
||||
case DCERPC_BIND_REASON_INVALID_AUTH_TYPE:
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
@ -433,7 +433,9 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason)
|
||||
pkt.ptype = DCERPC_PKT_BIND_NAK;
|
||||
pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
|
||||
pkt.u.bind_nak.reject_reason = reason;
|
||||
pkt.u.bind_nak.num_versions = 0;
|
||||
if (pkt.u.bind_nak.reject_reason == DECRPC_BIND_PROTOCOL_VERSION_NOT_SUPPORTED) {
|
||||
pkt.u.bind_nak.versions.v.num_versions = 0;
|
||||
}
|
||||
|
||||
rep = talloc(call, struct data_blob_list_item);
|
||||
if (!rep) {
|
||||
@ -527,8 +529,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
|
||||
|
||||
/* handle any authentication that is being requested */
|
||||
if (!dcesrv_auth_bind(call)) {
|
||||
/* TODO: work out the right reject code */
|
||||
return dcesrv_bind_nak(call, 0);
|
||||
return dcesrv_bind_nak(call, DCERPC_BIND_REASON_INVALID_AUTH_TYPE);
|
||||
}
|
||||
|
||||
/* setup a bind_ack */
|
||||
|
Loading…
x
Reference in New Issue
Block a user