Changeset 920 for trunk/server
- Timestamp:
- Jun 9, 2016, 2:23:12 PM (9 years ago)
- Location:
- trunk/server
- Files:
-
- 90 edited
- 9 copied
-
. (modified) (1 prop)
-
docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml (modified) (1 diff)
-
docs-xml/smbdotconf/protocol/clientusespnego.xml (modified) (1 diff)
-
docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml (copied) (copied from vendor/current/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml )
-
docs-xml/smbdotconf/security/clientipcsigning.xml (copied) (copied from vendor/current/docs-xml/smbdotconf/security/clientipcsigning.xml )
-
docs-xml/smbdotconf/security/clientntlmv2auth.xml (modified) (1 diff)
-
docs-xml/smbdotconf/security/clientsigning.xml (modified) (1 diff)
-
docs-xml/smbdotconf/security/rawntlmv2auth.xml (copied) (copied from vendor/current/docs-xml/smbdotconf/security/rawntlmv2auth.xml )
-
docs-xml/smbdotconf/winbind/winbindsealedpipes.xml (copied) (copied from vendor/current/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml )
-
lib/util/bitmap.h (copied) (copied from vendor/current/lib/util/bitmap.h )
-
lib/util/wscript_build (modified) (1 diff)
-
libcli/auth/ntlmssp.h (modified) (1 diff)
-
libcli/auth/proto.h (modified) (1 diff)
-
libcli/auth/smbencrypt.c (modified) (3 diffs)
-
libcli/auth/wscript_build (modified) (1 diff)
-
librpc/ABI (copied) (copied from vendor/current/librpc/ABI )
-
librpc/idl/dcerpc.idl (modified) (5 diffs)
-
librpc/idl/idl_types.h (modified) (1 diff)
-
librpc/ndr/libndr.h (modified) (8 diffs)
-
librpc/ndr/ndr.c (modified) (8 diffs)
-
librpc/ndr/ndr_basic.c (modified) (34 diffs)
-
librpc/ndr/ndr_dcerpc.c (copied) (copied from vendor/current/librpc/ndr/ndr_dcerpc.c )
-
librpc/ndr/ndr_dcerpc.h (copied) (copied from vendor/current/librpc/ndr/ndr_dcerpc.h )
-
librpc/ndr/ndr_misc.c (modified) (1 diff)
-
librpc/ndr/ndr_ntlmssp.c (modified) (1 diff)
-
librpc/ndr/ndr_ntlmssp.h (modified) (1 diff)
-
librpc/rpc/dcerpc_util.c (modified) (5 diffs)
-
librpc/rpc/rpc_common.h (modified) (2 diffs)
-
librpc/wscript_build (modified) (1 diff)
-
pidl/lib/Parse/Pidl/ODL.pm (modified) (1 diff)
-
pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm (modified) (1 diff)
-
pidl/pidl (modified) (1 diff)
-
selftest/target/Samba3.pm (modified) (2 diffs)
-
source3/Makefile-smbtorture4 (modified) (1 diff)
-
source3/Makefile.in (modified) (19 diffs)
-
source3/auth/auth_util.c (modified) (2 diffs)
-
source3/include/ntdomain.h (modified) (2 diffs)
-
source3/include/proto.h (modified) (5 diffs)
-
source3/include/smb.h (modified) (2 diffs)
-
source3/lib/bitmap.c (modified) (6 diffs)
-
source3/libads/sasl.c (modified) (1 diff)
-
source3/librpc/rpc/dcerpc.h (modified) (3 diffs)
-
source3/librpc/rpc/dcerpc_helpers.c (modified) (10 diffs)
-
source3/libsmb/cliconnect.c (modified) (1 diff)
-
source3/libsmb/clidfs.c (modified) (2 diffs)
-
source3/libsmb/libsmb_server.c (modified) (5 diffs)
-
source3/libsmb/ntlmssp.c (modified) (10 diffs)
-
source3/modules/vfs_acl_common.c (modified) (1 diff)
-
source3/modules/vfs_full_audit.c (modified) (1 diff)
-
source3/modules/vfs_shadow_copy2.c (modified) (4 diffs)
-
source3/param/loadparm.c (modified) (18 diffs)
-
source3/passdb/pdb_get_set.c (modified) (1 diff)
-
source3/rpc_client/cli_pipe.c (modified) (40 diffs)
-
source3/rpc_client/rpc_client.h (modified) (1 diff)
-
source3/rpc_server/dfs/srv_dfs_nt.c (modified) (18 diffs)
-
source3/rpc_server/dssetup/srv_dssetup_nt.c (modified) (10 diffs)
-
source3/rpc_server/echo/srv_echo_nt.c (modified) (5 diffs)
-
source3/rpc_server/epmapper/srv_epmapper.c (modified) (5 diffs)
-
source3/rpc_server/eventlog/srv_eventlog_nt.c (modified) (16 diffs)
-
source3/rpc_server/lsa/srv_lsa_nt.c (modified) (36 diffs)
-
source3/rpc_server/netlogon/srv_netlog_nt.c (modified) (35 diffs)
-
source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c (modified) (58 diffs)
-
source3/rpc_server/rpc_handles.c (modified) (1 diff)
-
source3/rpc_server/rpc_ncacn_np.c (modified) (3 diffs)
-
source3/rpc_server/rpc_server.c (modified) (3 diffs)
-
source3/rpc_server/samr/srv_samr_nt.c (modified) (10 diffs)
-
source3/rpc_server/spoolss/srv_spoolss_nt.c (modified) (57 diffs)
-
source3/rpc_server/srv_pipe.c (modified) (42 diffs)
-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c (modified) (35 diffs)
-
source3/rpc_server/svcctl/srv_svcctl_nt.c (modified) (28 diffs)
-
source3/rpc_server/winreg/srv_winreg_nt.c (modified) (5 diffs)
-
source3/rpc_server/wkssvc/srv_wkssvc_nt.c (modified) (27 diffs)
-
source3/rpcclient/rpcclient.c (modified) (3 diffs)
-
source3/script/tests/test_rpcclient.sh (copied) (copied from vendor/current/source3/script/tests/test_rpcclient.sh )
-
source3/selftest/knownfail (modified) (1 diff)
-
source3/selftest/skip (modified) (1 diff)
-
source3/selftest/tests.py (modified) (3 diffs)
-
source3/smbd/conn.c (modified) (1 diff)
-
source3/smbd/dir.c (modified) (1 diff)
-
source3/smbd/files.c (modified) (1 diff)
-
source3/smbd/smb2_server.c (modified) (1 diff)
-
source3/smbd/vfs.c (modified) (2 diffs)
-
source3/winbindd/winbindd_cm.c (modified) (3 diffs)
-
source4/heimdal/cf/make-proto.pl (modified) (2 diffs)
-
source4/lib/ldb/wscript (modified) (1 diff)
-
source4/librpc/rpc/dcerpc.c (modified) (3 diffs)
-
source4/librpc/rpc/dcerpc_util.c (modified) (1 diff)
-
source4/rpc_server/dcesrv_auth.c (modified) (6 diffs)
-
source4/torture/basic/base.c (modified) (5 diffs)
-
source4/torture/ndr/dfsblob.c (modified) (1 diff)
-
source4/torture/ndr/drsblobs.c (modified) (2 diffs)
-
source4/torture/ndr/nbt.c (modified) (1 diff)
-
source4/torture/ndr/ndr.c (modified) (7 diffs)
-
source4/torture/ndr/ndr.h (modified) (2 diffs)
-
source4/torture/ndr/ntlmssp.c (modified) (1 diff)
-
source4/torture/raw/samba3misc.c (modified) (4 diffs)
-
source4/torture/rpc/rpc.c (modified) (1 diff)
-
source4/torture/rpc/samba3rpc.c (modified) (1 diff)
-
source4/torture/rpc/samr.c (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 919
- Property svn:mergeinfo changed
-
trunk/server/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
r414 r920 35 35 36 36 <para> 37 The default value is <emphasis>plain</emphasis> which is not irritable 38 to KRB5 clock skew errors. That implies synchronizing the time 39 with the KDC in the case of using <emphasis>sign</emphasis> or 40 <emphasis>seal</emphasis>. 37 The default value is <emphasis>sign</emphasis>. That implies synchronizing the time 38 with the KDC in the case of using <emphasis>Kerberos</emphasis>. 41 39 </para> 42 40 </description> 43 <value type="default"> plain</value>41 <value type="default">sign</value> 44 42 </samba:parameter> -
trunk/server/docs-xml/smbdotconf/protocol/clientusespnego.xml
r414 r920 10 10 3.0) to agree upon an authentication 11 11 mechanism. This enables Kerberos authentication in particular.</para> 12 13 <para>When <smbconfoption name="client NTLMv2 auth"/> is also set to 14 <constant>yes</constant> extended security (SPNEGO) is required 15 in order to use NTLMv2 only within NTLMSSP. This behavior was 16 introduced with the patches for CVE-2016-2111.</para> 12 17 </description> 13 18 -
trunk/server/docs-xml/smbdotconf/security/clientntlmv2auth.xml
r918 r920 29 29 'best practice' security polices) only allow NTLMv2 responses, and 30 30 not the weaker LM or NTLM.</para> 31 32 <para>When <smbconfoption name="client use spnego"/> is also set to 33 <constant>yes</constant> extended security (SPNEGO) is required 34 in order to use NTLMv2 only within NTLMSSP. This behavior was 35 introduced with the patches for CVE-2016-2111.</para> 31 36 </description> 32 37 <value type="default">yes</value> -
trunk/server/docs-xml/smbdotconf/security/clientsigning.xml
r414 r920 13 13 When set to mandatory, SMB signing is required and if set 14 14 to disabled, SMB signing is not offered either. 15 16 <para>IPC$ connections for DCERPC e.g. in winbindd, are handled by the 17 <smbconfoption name="client ipc signing"/> option.</para> 15 18 </para> 16 19 </description> -
trunk/server/lib/util/wscript_build
r918 r920 100 100 private_library=True, 101 101 local_include=False 102 102 ) 103 103 104 bld.SAMBA_LIBRARY('bitmap', 105 source='bitmap.c', 106 deps='talloc samba-util', 107 local_include=False, 108 private_library=True) 109 -
trunk/server/libcli/auth/ntlmssp.h
r918 r920 84 84 DATA_BLOB session_key; 85 85 86 uint32_t required_flags; 86 87 uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */ 87 88 -
trunk/server/libcli/auth/proto.h
r918 r920 140 140 DATA_BLOB *lm_response, DATA_BLOB *nt_response, 141 141 DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ; 142 NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name, 143 const char *account_domain, 144 const DATA_BLOB response, 145 const struct netlogon_creds_CredentialState *creds, 146 const char *workgroup); 142 147 143 148 /*********************************************************** -
trunk/server/libcli/auth/smbencrypt.c
r918 r920 27 27 #include "../lib/crypto/crypto.h" 28 28 #include "../libcli/auth/libcli_auth.h" 29 #include "../librpc/gen_ndr/n tlmssp.h"29 #include "../librpc/gen_ndr/ndr_ntlmssp.h" 30 30 31 31 void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]) … … 356 356 357 357 /* Deliberately ignore return here.. */ 358 (void)msrpc_gen(mem_ctx, &names_blob, 359 "aaa", 360 MsvAvNbDomainName, domain, 361 MsvAvNbComputerName, hostname, 362 MsvAvEOL, ""); 358 if (hostname != NULL) { 359 (void)msrpc_gen(mem_ctx, &names_blob, 360 "aaa", 361 MsvAvNbDomainName, domain, 362 MsvAvNbComputerName, hostname, 363 MsvAvEOL, ""); 364 } else { 365 (void)msrpc_gen(mem_ctx, &names_blob, 366 "aa", 367 MsvAvNbDomainName, domain, 368 MsvAvEOL, ""); 369 } 363 370 return names_blob; 364 371 } … … 516 523 } 517 524 525 NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name, 526 const char *account_domain, 527 const DATA_BLOB response, 528 const struct netlogon_creds_CredentialState *creds, 529 const char *workgroup) 530 { 531 TALLOC_CTX *frame = NULL; 532 /* RespType + HiRespType */ 533 static const char *magic = "\x01\x01"; 534 int cmp; 535 struct NTLMv2_RESPONSE v2_resp; 536 enum ndr_err_code err; 537 const struct AV_PAIR *av_nb_cn = NULL; 538 const struct AV_PAIR *av_nb_dn = NULL; 539 540 if (response.length < 48) { 541 /* 542 * NTLMv2_RESPONSE has at least 48 bytes. 543 */ 544 return NT_STATUS_OK; 545 } 546 547 cmp = memcmp(response.data + 16, magic, 2); 548 if (cmp != 0) { 549 /* 550 * It doesn't look like a valid NTLMv2_RESPONSE 551 */ 552 return NT_STATUS_OK; 553 } 554 555 frame = talloc_stackframe(); 556 557 err = ndr_pull_struct_blob(&response, frame, &v2_resp, 558 (ndr_pull_flags_fn_t)ndr_pull_NTLMv2_RESPONSE); 559 if (!NDR_ERR_CODE_IS_SUCCESS(err)) { 560 NTSTATUS status; 561 status = ndr_map_error2ntstatus(err); 562 DEBUG(2,("Failed to parse NTLMv2_RESPONSE " 563 "length %u - %s - %s\n", 564 (unsigned)response.length, 565 ndr_map_error2string(err), 566 nt_errstr(status))); 567 dump_data(2, response.data, response.length); 568 TALLOC_FREE(frame); 569 return status; 570 } 571 572 if (DEBUGLVL(10)) { 573 NDR_PRINT_DEBUG(NTLMv2_RESPONSE, &v2_resp); 574 } 575 576 /* 577 * Make sure the netbios computer name in the 578 * NTLMv2_RESPONSE matches the computer name 579 * in the secure channel credentials for workstation 580 * trusts. 581 * 582 * And the netbios domain name matches our 583 * workgroup. 584 * 585 * This prevents workstations from requesting 586 * the session key of NTLMSSP sessions of clients 587 * to other hosts. 588 */ 589 if (creds->secure_channel_type == SEC_CHAN_WKSTA) { 590 av_nb_cn = ndr_ntlmssp_find_av(&v2_resp.Challenge.AvPairs, 591 MsvAvNbComputerName); 592 av_nb_dn = ndr_ntlmssp_find_av(&v2_resp.Challenge.AvPairs, 593 MsvAvNbDomainName); 594 } 595 596 if (av_nb_cn != NULL) { 597 const char *v = NULL; 598 char *a = NULL; 599 size_t len; 600 601 v = av_nb_cn->Value.AvNbComputerName; 602 603 a = talloc_strdup(frame, creds->account_name); 604 if (a == NULL) { 605 TALLOC_FREE(frame); 606 return NT_STATUS_NO_MEMORY; 607 } 608 len = strlen(a); 609 if (len > 0 && a[len - 1] == '$') { 610 a[len - 1] = '\0'; 611 } 612 613 #ifdef SAMBA4_INTERNAL_HEIMDAL /* smbtorture4 for make test */ 614 cmp = strcasecmp_m(a, v); 615 #else /* smbd */ 616 cmp = StrCaseCmp(a, v); 617 #endif 618 if (cmp != 0) { 619 DEBUG(2,("%s: NTLMv2_RESPONSE with " 620 "NbComputerName[%s] rejected " 621 "for user[%s\\%s] " 622 "against SEC_CHAN_WKSTA[%s/%s] " 623 "in workgroup[%s]\n", 624 __func__, v, 625 account_domain, 626 account_name, 627 creds->computer_name, 628 creds->account_name, 629 workgroup)); 630 TALLOC_FREE(frame); 631 return NT_STATUS_LOGON_FAILURE; 632 } 633 } 634 if (av_nb_dn != NULL) { 635 const char *v = NULL; 636 637 v = av_nb_dn->Value.AvNbDomainName; 638 639 #ifdef SAMBA4_INTERNAL_HEIMDAL /* smbtorture4 for make test */ 640 cmp = strcasecmp_m(workgroup, v); 641 #else /* smbd */ 642 cmp = StrCaseCmp(workgroup, v); 643 #endif 644 if (cmp != 0) { 645 DEBUG(2,("%s: NTLMv2_RESPONSE with " 646 "NbDomainName[%s] rejected " 647 "for user[%s\\%s] " 648 "against SEC_CHAN_WKSTA[%s/%s] " 649 "in workgroup[%s]\n", 650 __func__, v, 651 account_domain, 652 account_name, 653 creds->computer_name, 654 creds->account_name, 655 workgroup)); 656 TALLOC_FREE(frame); 657 return NT_STATUS_LOGON_FAILURE; 658 } 659 } 660 661 TALLOC_FREE(frame); 662 return NT_STATUS_OK; 663 } 664 518 665 /*********************************************************** 519 666 encode a password buffer with a unicode password. The buffer -
trunk/server/libcli/auth/wscript_build
r918 r920 20 20 bld.SAMBA_SUBSYSTEM('LIBCLI_AUTH', 21 21 source='credentials.c session.c smbencrypt.c smbdes.c', 22 public_deps='MSRPC_PARSE ',22 public_deps='MSRPC_PARSE NDR_NTLMSSP', 23 23 public_headers='credentials.h:domain_credentials.h' 24 24 ) -
trunk/server/librpc/idl/dcerpc.idl
r862 r920 10 10 */ 11 11 import "misc.idl"; 12 13 cpp_quote("extern const uint8_t DCERPC_SEC_VT_MAGIC[8];") 12 14 13 15 interface dcerpc … … 454 456 455 457 /* pfc_flags values */ 456 const uint8 DCERPC_PFC_FLAG_FIRST = 0x01; /* First fragment */ 457 const uint8 DCERPC_PFC_FLAG_LAST = 0x02; /* Last fragment */ 458 const uint8 DCERPC_PFC_FLAG_PENDING_CANCEL = 0x04; /* Cancel was pending at sender */ 459 const uint8 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN = DCERPC_PFC_FLAG_PENDING_CANCEL; /* depends on the pdu type */ 460 const uint8 DCERPC_PFC_FLAG_CONC_MPX = 0x10; /* supports concurrent multiplexing of a single connection. */ 461 const uint8 DCERPC_PFC_FLAG_DID_NOT_EXECUTE = 0x20; /* on a fault it means the server hasn't done anything */ 462 const uint8 DCERPC_PFC_FLAG_MAYBE = 0x40; /* `maybe' call semantics requested */ 463 const uint8 DCERPC_PFC_FLAG_OBJECT_UUID = 0x80; /* on valid guid is in the optional object field */ 458 typedef [bitmap8bit] bitmap { 459 DCERPC_PFC_FLAG_FIRST = 0x01, /* First fragment */ 460 DCERPC_PFC_FLAG_LAST = 0x02, /* Last fragment */ 461 DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING = 0x04, /* depends on the pdu type */ 462 DCERPC_PFC_FLAG_CONC_MPX = 0x10, /* supports concurrent multiplexing of a single connection. */ 463 DCERPC_PFC_FLAG_DID_NOT_EXECUTE = 0x20, /* on a fault it means the server hasn't done anything */ 464 DCERPC_PFC_FLAG_MAYBE = 0x40, /* `maybe' call semantics requested */ 465 DCERPC_PFC_FLAG_OBJECT_UUID = 0x80 /* on valid guid is in the optional object field */ 466 } dcerpc_pfc_flags; 467 468 /* Cancel was pending at sender */ 469 const int DCERPC_PFC_FLAG_PENDING_CANCEL = 470 DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING; 471 const ist DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN = 472 DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING; 464 473 465 474 /* these offsets are needed by the signing code */ … … 467 476 const uint8 DCERPC_DREP_OFFSET = 4; 468 477 const uint8 DCERPC_FRAG_LEN_OFFSET = 8; 478 const uint32 DCERPC_FRAG_MAX_SIZE = 5840; 469 479 const uint8 DCERPC_AUTH_LEN_OFFSET = 10; 470 480 const uint8 DCERPC_CALL_ID_OFFSET = 12; 481 const uint8 DCERPC_NCACN_PAYLOAD_OFFSET = 16; 482 const uint32 DCERPC_NCACN_PAYLOAD_MAX_SIZE = 0x400000; /* 4 MByte */ 471 483 472 484 /* little-endian flag */ … … 477 489 uint8 rpc_vers_minor; /* Minor version */ 478 490 dcerpc_pkt_type ptype; /* Packet type */ 479 uint8 pfc_flags;/* Fragmentation flags */491 dcerpc_pfc_flags pfc_flags; /* Fragmentation flags */ 480 492 uint8 drep[4]; /* NDR data representation */ 481 493 uint16 frag_length; /* Total length of fragment */ … … 507 519 [switch_is(ptype)] dcerpc_payload u; 508 520 } ncadg_packet; 521 522 typedef [bitmap16bit] bitmap { 523 DCERPC_SEC_VT_COMMAND_ENUM = 0x3FFF, 524 DCERPC_SEC_VT_COMMAND_END = 0x4000, 525 DCERPC_SEC_VT_MUST_PROCESS = 0x8000 526 } dcerpc_sec_vt_command; 527 528 typedef [enum16bit] enum { 529 DCERPC_SEC_VT_COMMAND_BITMASK1 = 0x0001, 530 DCERPC_SEC_VT_COMMAND_PCONTEXT = 0x0002, 531 DCERPC_SEC_VT_COMMAND_HEADER2 = 0x0003 532 } dcerpc_sec_vt_command_enum; 533 534 typedef [bitmap32bit] bitmap { 535 DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING = 0x00000001 536 } dcerpc_sec_vt_bitmask1; 537 538 typedef struct { 539 ndr_syntax_id abstract_syntax; 540 ndr_syntax_id transfer_syntax; 541 } dcerpc_sec_vt_pcontext; 542 543 typedef struct { 544 dcerpc_pkt_type ptype; /* Packet type */ 545 [value(0)] uint8 reserved1; 546 [value(0)] uint16 reserved2; 547 uint8 drep[4]; /* NDR data representation */ 548 uint32 call_id; /* Call identifier */ 549 uint16 context_id; 550 uint16 opnum; 551 } dcerpc_sec_vt_header2; 552 553 typedef [switch_type(dcerpc_sec_vt_command_enum),nodiscriminant] union { 554 [case(DCERPC_SEC_VT_COMMAND_BITMASK1)] dcerpc_sec_vt_bitmask1 bitmask1; 555 [case(DCERPC_SEC_VT_COMMAND_PCONTEXT)] dcerpc_sec_vt_pcontext pcontext; 556 [case(DCERPC_SEC_VT_COMMAND_HEADER2)] dcerpc_sec_vt_header2 header2; 557 [default,flag(NDR_REMAINING)] DATA_BLOB _unknown; 558 } dcerpc_sec_vt_union; 559 560 typedef struct { 561 dcerpc_sec_vt_command command; 562 [switch_is(command & DCERPC_SEC_VT_COMMAND_ENUM)] 563 [subcontext(2),flag(NDR_SUBCONTEXT_NO_UNREAD_BYTES)] 564 dcerpc_sec_vt_union u; 565 } dcerpc_sec_vt; 566 567 typedef [public,nopush,nopull] struct { 568 uint16 count; 569 } dcerpc_sec_vt_count; 570 571 /* 572 * We assume that the whole verification trailer fits into 573 * the last 1024 bytes after the stub data. 574 * 575 * There're currently only 3 commands defined and each should 576 * only be used once. 577 */ 578 const uint16 DCERPC_SEC_VT_MAX_SIZE = 1024; 579 580 typedef [public,flag(NDR_PAHEX)] struct { 581 [flag(NDR_ALIGN4)] DATA_BLOB _pad; 582 [value(DCERPC_SEC_VT_MAGIC)] uint8 magic[8]; 583 dcerpc_sec_vt_count count; 584 dcerpc_sec_vt commands[count.count]; 585 } dcerpc_sec_verification_trailer; 509 586 } -
trunk/server/librpc/idl/idl_types.h
r918 r920 48 48 #define NDR_RELATIVE_REVERSE LIBNDR_FLAG_RELATIVE_REVERSE 49 49 #define NDR_NO_RELATIVE_REVERSE LIBNDR_FLAG_NO_RELATIVE_REVERSE 50 51 #define NDR_SUBCONTEXT_NO_UNREAD_BYTES LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES -
trunk/server/librpc/ndr/libndr.h
r918 r920 125 125 #define LIBNDR_STRING_FLAGS (0x7FFC) 126 126 127 /* 128 * don't debug NDR_ERR_BUFSIZE failures, 129 * as the available buffer might be incomplete. 130 * 131 * return NDR_ERR_INCOMPLETE_BUFFER instead. 132 */ 133 #define LIBNDR_FLAG_INCOMPLETE_BUFFER (1<<16) 134 135 /* 136 * This lets ndr_pull_subcontext_end() return 137 * NDR_ERR_UNREAD_BYTES. 138 */ 139 #define LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES (1<<17) 140 127 141 /* set if relative pointers should *not* be marshalled in reverse order */ 128 142 #define LIBNDR_FLAG_NO_RELATIVE_REVERSE (1<<18) … … 164 178 /* useful macro for debugging */ 165 179 #define NDR_PRINT_DEBUG(type, p) ndr_print_debug((ndr_print_fn_t)ndr_print_ ##type, #p, p) 180 #define NDR_PRINT_DEBUGC(dbgc_class, type, p) ndr_print_debugc(dbgc_class, (ndr_print_fn_t)ndr_print_ ##type, #p, p) 166 181 #define NDR_PRINT_UNION_DEBUG(type, level, p) ndr_print_union_debug((ndr_print_fn_t)ndr_print_ ##type, #p, level, p) 167 182 #define NDR_PRINT_FUNCTION_DEBUG(type, flags, p) ndr_print_function_debug((ndr_print_function_t)ndr_print_ ##type, #type, flags, p) … … 200 215 NDR_ERR_INVALID_POINTER, 201 216 NDR_ERR_UNREAD_BYTES, 202 NDR_ERR_NDR64 217 NDR_ERR_NDR64, 218 NDR_ERR_FLAGS, 219 NDR_ERR_INCOMPLETE_BUFFER 203 220 }; 204 221 … … 218 235 /* 219 236 flags passed to control parse flow 237 These are deliberately in a different range to the NDR_IN/NDR_OUT 238 flags to catch mixups 220 239 */ 221 #define NDR_SCALARS 1222 #define NDR_BUFFERS 2240 #define NDR_SCALARS 0x100 241 #define NDR_BUFFERS 0x200 223 242 224 243 /* 225 flags passed to ndr_print_*() 244 flags passed to ndr_print_*() and ndr pull/push for functions 245 These are deliberately in a different range to the NDR_SCALARS/NDR_BUFFERS 246 flags to catch mixups 226 247 */ 227 #define NDR_IN 1 228 #define NDR_OUT 2 229 #define NDR_BOTH 3 230 #define NDR_SET_VALUES 4 248 #define NDR_IN 0x10 249 #define NDR_OUT 0x20 250 #define NDR_BOTH 0x30 251 #define NDR_SET_VALUES 0x40 252 253 254 #define NDR_PULL_CHECK_FLAGS(ndr, ndr_flags) do { \ 255 if ((ndr_flags) & ~(NDR_SCALARS|NDR_BUFFERS)) { \ 256 return ndr_pull_error(ndr, NDR_ERR_FLAGS, "Invalid pull struct ndr_flags 0x%x", ndr_flags); \ 257 } \ 258 } while (0) 259 260 #define NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags) do { \ 261 if ((ndr_flags) & ~(NDR_SCALARS|NDR_BUFFERS)) \ 262 return ndr_push_error(ndr, NDR_ERR_FLAGS, "Invalid push struct ndr_flags 0x%x", ndr_flags); \ 263 } while (0) 264 265 #define NDR_PULL_CHECK_FN_FLAGS(ndr, flags) do { \ 266 if ((flags) & ~(NDR_BOTH|NDR_SET_VALUES)) { \ 267 return ndr_pull_error(ndr, NDR_ERR_FLAGS, "Invalid fn pull flags 0x%x", flags); \ 268 } \ 269 } while (0) 270 271 #define NDR_PUSH_CHECK_FN_FLAGS(ndr, flags) do { \ 272 if ((flags) & ~(NDR_BOTH|NDR_SET_VALUES)) \ 273 return ndr_push_error(ndr, NDR_ERR_FLAGS, "Invalid fn push flags 0x%x", flags); \ 274 } while (0) 231 275 232 276 #define NDR_PULL_NEED_BYTES(ndr, n) do { \ 233 277 if (unlikely((n) > ndr->data_size || ndr->offset + (n) > ndr->data_size)) { \ 278 if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { \ 279 uint32_t _available = ndr->data_size - ndr->offset; \ 280 uint32_t _missing = n - _available; \ 281 ndr->relative_highest_offset = _missing; \ 282 } \ 234 283 return ndr_pull_error(ndr, NDR_ERR_BUFSIZE, "Pull bytes %u (%s)", (unsigned)n, __location__); \ 235 284 } \ … … 248 297 } \ 249 298 if (unlikely(ndr->offset > ndr->data_size)) { \ 299 if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { \ 300 uint32_t _missing = ndr->offset - ndr->data_size; \ 301 ndr->relative_highest_offset = _missing; \ 302 } \ 250 303 return ndr_pull_error(ndr, NDR_ERR_BUFSIZE, "Pull align %u", (unsigned)n); \ 251 304 } \ … … 403 456 void ndr_print_GUID(struct ndr_print *ndr, const char *name, const struct GUID *guid); 404 457 bool ndr_syntax_id_equal(const struct ndr_syntax_id *i1, const struct ndr_syntax_id *i2); 458 char *ndr_syntax_id_to_string(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *id); 459 bool ndr_syntax_id_from_string(const char *s, struct ndr_syntax_id *id); 405 460 enum ndr_err_code ndr_push_struct_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, const void *p, ndr_push_flags_fn_t fn); 406 461 enum ndr_err_code ndr_push_union_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, void *p, uint32_t level, ndr_push_flags_fn_t fn); … … 425 480 size_t ndr_align_size(uint32_t offset, size_t n); 426 481 struct ndr_pull *ndr_pull_init_blob(const DATA_BLOB *blob, TALLOC_CTX *mem_ctx); 482 enum ndr_err_code ndr_pull_append(struct ndr_pull *ndr, DATA_BLOB *blob); 483 enum ndr_err_code ndr_pull_pop(struct ndr_pull *ndr); 427 484 enum ndr_err_code ndr_pull_advance(struct ndr_pull *ndr, uint32_t size); 428 485 struct ndr_push *ndr_push_init_ctx(TALLOC_CTX *mem_ctx); … … 430 487 enum ndr_err_code ndr_push_expand(struct ndr_push *ndr, uint32_t extra_size); 431 488 void ndr_print_debug_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); 489 void ndr_print_debugc_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); 432 490 void ndr_print_printf_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); 433 491 void ndr_print_string_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); 434 492 void ndr_print_debug(ndr_print_fn_t fn, const char *name, void *ptr); 493 void ndr_print_debugc(int dbgc_class, ndr_print_fn_t fn, const char *name, void *ptr); 435 494 void ndr_print_union_debug(ndr_print_fn_t fn, const char *name, uint32_t level, void *ptr); 436 495 void ndr_print_function_debug(ndr_print_function_t fn, const char *name, int flags, void *ptr); -
trunk/server/librpc/ndr/ndr.c
r918 r920 78 78 } 79 79 80 _PUBLIC_ enum ndr_err_code ndr_pull_append(struct ndr_pull *ndr, DATA_BLOB *blob) 81 { 82 enum ndr_err_code ndr_err; 83 DATA_BLOB b; 84 uint32_t append = 0; 85 bool ok; 86 87 if (blob->length == 0) { 88 return NDR_ERR_SUCCESS; 89 } 90 91 ndr_err = ndr_token_retrieve(&ndr->array_size_list, ndr, &append); 92 if (ndr_err == NDR_ERR_TOKEN) { 93 append = 0; 94 ndr_err = NDR_ERR_SUCCESS; 95 } 96 NDR_CHECK(ndr_err); 97 98 if (ndr->data_size == 0) { 99 ndr->data = NULL; 100 append = UINT32_MAX; 101 } 102 103 if (append == UINT32_MAX) { 104 /* 105 * append == UINT32_MAX means that 106 * ndr->data is either NULL or a valid 107 * talloc child of ndr, which means 108 * we can use data_blob_append() without 109 * data_blob_talloc() of the existing callers data 110 */ 111 b = data_blob_const(ndr->data, ndr->data_size); 112 } else { 113 b = data_blob_talloc(ndr, ndr->data, ndr->data_size); 114 if (b.data == NULL) { 115 return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__); 116 } 117 } 118 119 ok = data_blob_append(ndr, &b, blob->data, blob->length); 120 if (!ok) { 121 return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__); 122 } 123 124 ndr->data = b.data; 125 ndr->data_size = b.length; 126 127 return ndr_token_store(ndr, &ndr->array_size_list, ndr, UINT32_MAX); 128 } 129 130 _PUBLIC_ enum ndr_err_code ndr_pull_pop(struct ndr_pull *ndr) 131 { 132 uint32_t skip = 0; 133 uint32_t append = 0; 134 135 if (ndr->relative_base_offset != 0) { 136 return ndr_pull_error(ndr, NDR_ERR_RELATIVE, 137 "%s", __location__); 138 } 139 if (ndr->relative_highest_offset != 0) { 140 return ndr_pull_error(ndr, NDR_ERR_RELATIVE, 141 "%s", __location__); 142 } 143 if (ndr->relative_list != NULL) { 144 return ndr_pull_error(ndr, NDR_ERR_RELATIVE, 145 "%s", __location__); 146 } 147 if (ndr->relative_base_list != NULL) { 148 return ndr_pull_error(ndr, NDR_ERR_RELATIVE, 149 "%s", __location__); 150 } 151 152 /* 153 * we need to keep up to 7 bytes 154 * in order to get the aligment right. 155 */ 156 skip = ndr->offset & 0xFFFFFFF8; 157 158 if (skip == 0) { 159 return NDR_ERR_SUCCESS; 160 } 161 162 ndr->offset -= skip; 163 ndr->data_size -= skip; 164 165 append = ndr_token_peek(&ndr->array_size_list, ndr); 166 if (append != UINT32_MAX) { 167 /* 168 * here we assume, that ndr->data is not a 169 * talloc child of ndr. 170 */ 171 ndr->data += skip; 172 return NDR_ERR_SUCCESS; 173 } 174 175 memmove(ndr->data, ndr->data + skip, ndr->data_size); 176 177 ndr->data = talloc_realloc(ndr, ndr->data, uint8_t, ndr->data_size); 178 if (ndr->data_size != 0 && ndr->data == NULL) { 179 return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__); 180 } 181 182 return NDR_ERR_SUCCESS; 183 } 184 80 185 /* 81 186 advance by 'size' bytes … … 166 271 167 272 return NDR_ERR_SUCCESS; 273 } 274 275 _PUBLIC_ void ndr_print_debugc_helper(struct ndr_print *ndr, const char *format, ...) 276 { 277 va_list ap; 278 char *s = NULL; 279 uint32_t i; 280 int ret; 281 int dbgc_class; 282 283 va_start(ap, format); 284 ret = vasprintf(&s, format, ap); 285 va_end(ap); 286 287 if (ret == -1) { 288 return; 289 } 290 291 dbgc_class = *(int *)ndr->private_data; 292 293 if (ndr->no_newline) { 294 DEBUGADDC(dbgc_class, 1,("%s", s)); 295 free(s); 296 return; 297 } 298 299 for (i=0;i<ndr->depth;i++) { 300 DEBUGADDC(dbgc_class, 1,(" ")); 301 } 302 303 DEBUGADDC(dbgc_class, 1,("%s\n", s)); 304 free(s); 168 305 } 169 306 … … 236 373 "\n"); 237 374 } 375 } 376 377 /* 378 a useful helper function for printing idl structures via DEBUGC() 379 */ 380 _PUBLIC_ void ndr_print_debugc(int dbgc_class, ndr_print_fn_t fn, const char *name, void *ptr) 381 { 382 struct ndr_print *ndr; 383 384 DEBUGC(dbgc_class, 1,(" ")); 385 386 ndr = talloc_zero(NULL, struct ndr_print); 387 if (!ndr) return; 388 ndr->private_data = &dbgc_class; 389 ndr->print = ndr_print_debugc_helper; 390 ndr->depth = 1; 391 ndr->flags = 0; 392 fn(ndr, name, ptr); 393 talloc_free(ndr); 238 394 } 239 395 … … 403 559 va_list ap; 404 560 int ret; 561 562 if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { 563 switch (ndr_err) { 564 case NDR_ERR_BUFSIZE: 565 return NDR_ERR_INCOMPLETE_BUFFER; 566 default: 567 break; 568 } 569 } 405 570 406 571 va_start(ap, format); … … 558 723 break; 559 724 } 725 case 0xFFFFFFFF: 726 /* 727 * a shallow copy like subcontext 728 * useful for DCERPC pipe chunks. 729 */ 730 subndr = talloc_zero(ndr, struct ndr_pull); 731 NDR_ERR_HAVE_NO_MEMORY(subndr); 732 733 subndr->flags = ndr->flags; 734 subndr->current_mem_ctx = ndr->current_mem_ctx; 735 subndr->data = ndr->data; 736 subndr->offset = ndr->offset; 737 subndr->data_size = ndr->data_size; 738 739 *_subndr = subndr; 740 return NDR_ERR_SUCCESS; 741 560 742 default: 561 743 return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext (PULL) header_size %d", … … 590 772 { 591 773 uint32_t advance; 592 if (size_is >= 0) { 774 uint32_t highest_ofs; 775 776 if (header_size == 0xFFFFFFFF) { 777 advance = subndr->offset - ndr->offset; 778 } else if (size_is >= 0) { 593 779 advance = size_is; 594 780 } else if (header_size > 0) { … … 597 783 advance = subndr->offset; 598 784 } 785 786 if (subndr->offset > ndr->relative_highest_offset) { 787 highest_ofs = subndr->offset; 788 } else { 789 highest_ofs = subndr->relative_highest_offset; 790 } 791 if (!(subndr->flags & LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES)) { 792 /* 793 * avoid an error unless SUBCONTEXT_NO_UNREAD_BYTES is specified 794 */ 795 highest_ofs = advance; 796 } 797 if (highest_ofs < advance) { 798 return ndr_pull_error(subndr, NDR_ERR_UNREAD_BYTES, 799 "not all bytes consumed ofs[%u] advance[%u]", 800 highest_ofs, advance); 801 } 802 599 803 NDR_CHECK(ndr_pull_advance(ndr, advance)); 600 804 return NDR_ERR_SUCCESS; … … 1441 1645 { NDR_ERR_UNREAD_BYTES, "Unread Bytes" }, 1442 1646 { NDR_ERR_NDR64, "NDR64 assertion error" }, 1647 { NDR_ERR_INCOMPLETE_BUFFER, "Incomplete Buffer" }, 1443 1648 { 0, NULL } 1444 1649 }; -
trunk/server/librpc/ndr/ndr_basic.c
r918 r920 62 62 _PUBLIC_ enum ndr_err_code ndr_pull_int8(struct ndr_pull *ndr, int ndr_flags, int8_t *v) 63 63 { 64 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 64 65 NDR_PULL_NEED_BYTES(ndr, 1); 65 66 *v = (int8_t)CVAL(ndr->data, ndr->offset); … … 73 74 _PUBLIC_ enum ndr_err_code ndr_pull_uint8(struct ndr_pull *ndr, int ndr_flags, uint8_t *v) 74 75 { 76 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 75 77 NDR_PULL_NEED_BYTES(ndr, 1); 76 78 *v = CVAL(ndr->data, ndr->offset); … … 84 86 _PUBLIC_ enum ndr_err_code ndr_pull_int16(struct ndr_pull *ndr, int ndr_flags, int16_t *v) 85 87 { 88 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 86 89 NDR_PULL_ALIGN(ndr, 2); 87 90 NDR_PULL_NEED_BYTES(ndr, 2); … … 96 99 _PUBLIC_ enum ndr_err_code ndr_pull_uint16(struct ndr_pull *ndr, int ndr_flags, uint16_t *v) 97 100 { 101 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 98 102 NDR_PULL_ALIGN(ndr, 2); 99 103 NDR_PULL_NEED_BYTES(ndr, 2); … … 108 112 _PUBLIC_ enum ndr_err_code ndr_pull_uint1632(struct ndr_pull *ndr, int ndr_flags, uint16_t *v) 109 113 { 114 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 110 115 if (unlikely(ndr->flags & LIBNDR_FLAG_NDR64)) { 111 116 uint32_t v32 = 0; … … 126 131 _PUBLIC_ enum ndr_err_code ndr_pull_int32(struct ndr_pull *ndr, int ndr_flags, int32_t *v) 127 132 { 133 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 128 134 NDR_PULL_ALIGN(ndr, 4); 129 135 NDR_PULL_NEED_BYTES(ndr, 4); … … 138 144 _PUBLIC_ enum ndr_err_code ndr_pull_uint32(struct ndr_pull *ndr, int ndr_flags, uint32_t *v) 139 145 { 146 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 140 147 NDR_PULL_ALIGN(ndr, 4); 141 148 NDR_PULL_NEED_BYTES(ndr, 4); … … 152 159 uint64_t v64; 153 160 enum ndr_err_code err; 161 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 154 162 if (likely(!(ndr->flags & LIBNDR_FLAG_NDR64))) { 155 163 return ndr_pull_uint32(ndr, ndr_flags, v); … … 170 178 _PUBLIC_ enum ndr_err_code ndr_pull_double(struct ndr_pull *ndr, int ndr_flags, double *v) 171 179 { 180 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 172 181 NDR_PULL_ALIGN(ndr, 8); 173 182 NDR_PULL_NEED_BYTES(ndr, 8); … … 218 227 _PUBLIC_ enum ndr_err_code ndr_pull_udlong(struct ndr_pull *ndr, int ndr_flags, uint64_t *v) 219 228 { 229 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 220 230 NDR_PULL_ALIGN(ndr, 4); 221 231 NDR_PULL_NEED_BYTES(ndr, 8); … … 231 241 _PUBLIC_ enum ndr_err_code ndr_pull_udlongr(struct ndr_pull *ndr, int ndr_flags, uint64_t *v) 232 242 { 243 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 233 244 NDR_PULL_ALIGN(ndr, 4); 234 245 NDR_PULL_NEED_BYTES(ndr, 8); … … 265 276 { 266 277 uintptr_t h; 278 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 267 279 NDR_PULL_ALIGN(ndr, sizeof(h)); 268 280 NDR_PULL_NEED_BYTES(ndr, sizeof(h)); … … 279 291 { 280 292 uint32_t v; 293 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 281 294 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); 282 295 *status = NT_STATUS(v); … … 303 316 { 304 317 uint32_t v; 318 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 305 319 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); 306 320 *status = W_ERROR(v); … … 415 429 _PUBLIC_ enum ndr_err_code ndr_pull_array_uint8(struct ndr_pull *ndr, int ndr_flags, uint8_t *data, uint32_t n) 416 430 { 431 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 417 432 if (!(ndr_flags & NDR_SCALARS)) { 418 433 return NDR_ERR_SUCCESS; … … 426 441 _PUBLIC_ enum ndr_err_code ndr_push_int8(struct ndr_push *ndr, int ndr_flags, int8_t v) 427 442 { 443 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 428 444 NDR_PUSH_NEED_BYTES(ndr, 1); 429 445 SCVAL(ndr->data, ndr->offset, (uint8_t)v); … … 437 453 _PUBLIC_ enum ndr_err_code ndr_push_uint8(struct ndr_push *ndr, int ndr_flags, uint8_t v) 438 454 { 455 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 439 456 NDR_PUSH_NEED_BYTES(ndr, 1); 440 457 SCVAL(ndr->data, ndr->offset, v); … … 448 465 _PUBLIC_ enum ndr_err_code ndr_push_int16(struct ndr_push *ndr, int ndr_flags, int16_t v) 449 466 { 467 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 450 468 NDR_PUSH_ALIGN(ndr, 2); 451 469 NDR_PUSH_NEED_BYTES(ndr, 2); … … 460 478 _PUBLIC_ enum ndr_err_code ndr_push_uint16(struct ndr_push *ndr, int ndr_flags, uint16_t v) 461 479 { 480 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 462 481 NDR_PUSH_ALIGN(ndr, 2); 463 482 NDR_PUSH_NEED_BYTES(ndr, 2); … … 483 502 _PUBLIC_ enum ndr_err_code ndr_push_int32(struct ndr_push *ndr, int ndr_flags, int32_t v) 484 503 { 504 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 485 505 NDR_PUSH_ALIGN(ndr, 4); 486 506 NDR_PUSH_NEED_BYTES(ndr, 4); … … 495 515 _PUBLIC_ enum ndr_err_code ndr_push_uint32(struct ndr_push *ndr, int ndr_flags, uint32_t v) 496 516 { 517 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 497 518 NDR_PUSH_ALIGN(ndr, 4); 498 519 NDR_PUSH_NEED_BYTES(ndr, 4); … … 518 539 _PUBLIC_ enum ndr_err_code ndr_push_udlong(struct ndr_push *ndr, int ndr_flags, uint64_t v) 519 540 { 541 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 520 542 NDR_PUSH_ALIGN(ndr, 4); 521 543 NDR_PUSH_NEED_BYTES(ndr, 8); … … 531 553 _PUBLIC_ enum ndr_err_code ndr_push_udlongr(struct ndr_push *ndr, int ndr_flags, uint64_t v) 532 554 { 555 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 533 556 NDR_PUSH_ALIGN(ndr, 4); 534 557 NDR_PUSH_NEED_BYTES(ndr, 8); … … 564 587 _PUBLIC_ enum ndr_err_code ndr_push_double(struct ndr_push *ndr, int ndr_flags, double v) 565 588 { 589 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 566 590 NDR_PUSH_ALIGN(ndr, 8); 567 591 NDR_PUSH_NEED_BYTES(ndr, 8); … … 577 601 { 578 602 uintptr_t h = (intptr_t)v; 603 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 579 604 NDR_PUSH_ALIGN(ndr, sizeof(h)); 580 605 NDR_PUSH_NEED_BYTES(ndr, sizeof(h)); … … 687 712 _PUBLIC_ enum ndr_err_code ndr_push_array_uint8(struct ndr_push *ndr, int ndr_flags, const uint8_t *data, uint32_t n) 688 713 { 714 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 689 715 if (!(ndr_flags & NDR_SCALARS)) { 690 716 return NDR_ERR_SUCCESS; … … 739 765 _PUBLIC_ enum ndr_err_code ndr_push_NTTIME(struct ndr_push *ndr, int ndr_flags, NTTIME t) 740 766 { 767 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 741 768 NDR_CHECK(ndr_push_udlong(ndr, ndr_flags, t)); 742 769 return NDR_ERR_SUCCESS; … … 748 775 _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME(struct ndr_pull *ndr, int ndr_flags, NTTIME *t) 749 776 { 777 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 750 778 NDR_CHECK(ndr_pull_udlong(ndr, ndr_flags, t)); 751 779 return NDR_ERR_SUCCESS; … … 757 785 _PUBLIC_ enum ndr_err_code ndr_push_NTTIME_1sec(struct ndr_push *ndr, int ndr_flags, NTTIME t) 758 786 { 787 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 759 788 t /= 10000000; 760 789 NDR_CHECK(ndr_push_hyper(ndr, ndr_flags, t)); … … 767 796 _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME_1sec(struct ndr_pull *ndr, int ndr_flags, NTTIME *t) 768 797 { 798 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 769 799 NDR_CHECK(ndr_pull_hyper(ndr, ndr_flags, t)); 770 800 (*t) *= 10000000; … … 777 807 _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME_hyper(struct ndr_pull *ndr, int ndr_flags, NTTIME *t) 778 808 { 809 NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); 779 810 NDR_CHECK(ndr_pull_hyper(ndr, ndr_flags, t)); 780 811 return NDR_ERR_SUCCESS; … … 786 817 _PUBLIC_ enum ndr_err_code ndr_push_NTTIME_hyper(struct ndr_push *ndr, int ndr_flags, NTTIME t) 787 818 { 819 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 788 820 NDR_CHECK(ndr_push_hyper(ndr, ndr_flags, t)); 789 821 return NDR_ERR_SUCCESS; … … 815 847 _PUBLIC_ enum ndr_err_code ndr_push_uid_t(struct ndr_push *ndr, int ndr_flags, uid_t u) 816 848 { 849 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 817 850 return ndr_push_hyper(ndr, NDR_SCALARS, (uint64_t)u); 818 851 } … … 840 873 _PUBLIC_ enum ndr_err_code ndr_push_gid_t(struct ndr_push *ndr, int ndr_flags, gid_t g) 841 874 { 875 NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); 842 876 return ndr_push_hyper(ndr, NDR_SCALARS, (uint64_t)g); 843 877 } -
trunk/server/librpc/ndr/ndr_misc.c
r414 r920 36 36 && (i1->if_version == i2->if_version); 37 37 } 38 39 _PUBLIC_ char *ndr_syntax_id_to_string(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *id) 40 { 41 return talloc_asprintf(mem_ctx, 42 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x/0x%08x", 43 id->uuid.time_low, id->uuid.time_mid, 44 id->uuid.time_hi_and_version, 45 id->uuid.clock_seq[0], 46 id->uuid.clock_seq[1], 47 id->uuid.node[0], id->uuid.node[1], 48 id->uuid.node[2], id->uuid.node[3], 49 id->uuid.node[4], id->uuid.node[5], 50 (unsigned)id->if_version); 51 } 52 53 _PUBLIC_ bool ndr_syntax_id_from_string(const char *s, struct ndr_syntax_id *id) 54 { 55 int ret; 56 size_t i; 57 uint32_t time_low; 58 uint32_t time_mid, time_hi_and_version; 59 uint32_t clock_seq[2]; 60 uint32_t node[6]; 61 uint32_t if_version; 62 63 ret = sscanf(s, 64 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x/0x%08x", 65 &time_low, &time_mid, &time_hi_and_version, 66 &clock_seq[0], &clock_seq[1], 67 &node[0], &node[1], &node[2], &node[3], &node[4], &node[5], 68 &if_version); 69 if (ret != 12) { 70 return false; 71 } 72 73 id->uuid.time_low = time_low; 74 id->uuid.time_mid = time_mid; 75 id->uuid.time_hi_and_version = time_hi_and_version; 76 id->uuid.clock_seq[0] = clock_seq[0]; 77 id->uuid.clock_seq[1] = clock_seq[1]; 78 for (i=0; i<6; i++) { 79 id->uuid.node[i] = node[i]; 80 } 81 id->if_version = if_version; 82 83 return true; 84 } -
trunk/server/librpc/ndr/ndr_ntlmssp.c
r918 r920 177 177 } 178 178 179 _PUBLIC_ struct AV_PAIR *ndr_ntlmssp_find_av(const struct AV_PAIR_LIST *av_list, 180 enum ntlmssp_AvId AvId) 181 { 182 struct AV_PAIR *res = NULL; 183 uint32_t i = 0; 179 184 185 for (i = 0; i < av_list->count; i++) { 186 if (av_list->pair[i].AvId != AvId) { 187 continue; 188 } 189 190 res = discard_const_p(struct AV_PAIR, &av_list->pair[i]); 191 break; 192 } 193 194 return res; 195 } -
trunk/server/librpc/ndr/ndr_ntlmssp.h
r918 r920 32 32 _PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r); 33 33 34 _PUBLIC_ struct AV_PAIR *ndr_ntlmssp_find_av(const struct AV_PAIR_LIST *av_list, 35 enum ntlmssp_AvId AvId); -
trunk/server/librpc/rpc/dcerpc_util.c
r862 r920 28 28 #include "librpc/gen_ndr/ndr_dcerpc.h" 29 29 #include "rpc_common.h" 30 #include "lib/util/bitmap.h" 30 31 31 32 /* we need to be able to get/set the fragment length without doing a full … … 92 93 * @return - A NTSTATUS error code. 93 94 */ 94 NTSTATUS dcerpc_pull_auth_trailer( struct ncacn_packet *pkt,95 NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, 95 96 TALLOC_CTX *mem_ctx, 96 DATA_BLOB *pkt_trailer,97 const DATA_BLOB *pkt_trailer, 97 98 struct dcerpc_auth *auth, 98 uint32_t * auth_length,99 uint32_t *_auth_length, 99 100 bool auth_data_only) 100 101 { 101 102 struct ndr_pull *ndr; 102 103 enum ndr_err_code ndr_err; 103 uint32_t data_and_pad; 104 105 data_and_pad = pkt_trailer->length 106 - (DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length); 107 108 /* paranoia check for pad size. This would be caught anyway by 109 the ndr_pull_advance() a few lines down, but it scared 110 Jeremy enough for him to call me, so we might as well check 111 it now, just to prevent someone posting a bogus YouTube 112 video in the future. 113 */ 114 if (data_and_pad > pkt_trailer->length) { 115 return NT_STATUS_INFO_LENGTH_MISMATCH; 116 } 117 118 *auth_length = pkt_trailer->length - data_and_pad; 104 uint16_t data_and_pad; 105 uint16_t auth_length; 106 uint32_t tmp_length; 107 108 ZERO_STRUCTP(auth); 109 if (_auth_length != NULL) { 110 *_auth_length = 0; 111 } 112 113 /* Paranoia checks for auth_length. The caller should check this... */ 114 if (pkt->auth_length == 0) { 115 return NT_STATUS_INTERNAL_ERROR; 116 } 117 118 /* Paranoia checks for auth_length. The caller should check this... */ 119 if (pkt->auth_length > pkt->frag_length) { 120 return NT_STATUS_INTERNAL_ERROR; 121 } 122 tmp_length = DCERPC_NCACN_PAYLOAD_OFFSET; 123 tmp_length += DCERPC_AUTH_TRAILER_LENGTH; 124 tmp_length += pkt->auth_length; 125 if (tmp_length > pkt->frag_length) { 126 return NT_STATUS_INTERNAL_ERROR; 127 } 128 if (pkt_trailer->length > UINT16_MAX) { 129 return NT_STATUS_INTERNAL_ERROR; 130 } 131 132 auth_length = DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length; 133 if (pkt_trailer->length < auth_length) { 134 return NT_STATUS_RPC_PROTOCOL_ERROR; 135 } 136 137 data_and_pad = pkt_trailer->length - auth_length; 119 138 120 139 ndr = ndr_pull_init_blob(pkt_trailer, mem_ctx); … … 136 155 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 137 156 talloc_free(ndr); 157 ZERO_STRUCTP(auth); 138 158 return ndr_map_error2ntstatus(ndr_err); 139 159 } 140 160 141 if ( auth_data_only && data_and_pad !=auth->auth_pad_length) {142 DEBUG(1, (__location__ ": WARNING: pad length mismatch. "161 if (data_and_pad < auth->auth_pad_length) { 162 DEBUG(1, (__location__ ": ERROR: pad length mismatch. " 143 163 "Calculated %u got %u\n", 144 164 (unsigned)data_and_pad, 145 165 (unsigned)auth->auth_pad_length)); 166 talloc_free(ndr); 167 ZERO_STRUCTP(auth); 168 return NT_STATUS_RPC_PROTOCOL_ERROR; 169 } 170 171 if (auth_data_only && data_and_pad != auth->auth_pad_length) { 172 DEBUG(1, (__location__ ": ERROR: pad length mismatch. " 173 "Calculated %u got %u\n", 174 (unsigned)data_and_pad, 175 (unsigned)auth->auth_pad_length)); 176 talloc_free(ndr); 177 ZERO_STRUCTP(auth); 178 return NT_STATUS_RPC_PROTOCOL_ERROR; 146 179 } 147 180 … … 151 184 talloc_steal(mem_ctx, auth->credentials.data); 152 185 talloc_free(ndr); 186 187 if (_auth_length != NULL) { 188 *_auth_length = auth_length; 189 } 190 191 return NT_STATUS_OK; 192 } 193 194 /** 195 * @brief Verify the fields in ncacn_packet header. 196 * 197 * @param pkt - The ncacn_packet strcuture 198 * @param ptype - The expected PDU type 199 * @param max_auth_info - The maximum size of a possible auth trailer 200 * @param required_flags - The required flags for the pdu. 201 * @param optional_flags - The possible optional flags for the pdu. 202 * 203 * @return - A NTSTATUS error code. 204 */ 205 NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, 206 enum dcerpc_pkt_type ptype, 207 size_t max_auth_info, 208 uint8_t required_flags, 209 uint8_t optional_flags) 210 { 211 if (pkt->rpc_vers != 5) { 212 return NT_STATUS_RPC_PROTOCOL_ERROR; 213 } 214 215 if (pkt->rpc_vers_minor != 0) { 216 return NT_STATUS_RPC_PROTOCOL_ERROR; 217 } 218 219 if (pkt->auth_length > pkt->frag_length) { 220 return NT_STATUS_RPC_PROTOCOL_ERROR; 221 } 222 223 if (pkt->ptype != ptype) { 224 return NT_STATUS_RPC_PROTOCOL_ERROR; 225 } 226 227 if (max_auth_info > UINT16_MAX) { 228 return NT_STATUS_INTERNAL_ERROR; 229 } 230 231 if (pkt->auth_length > 0) { 232 size_t max_auth_length; 233 234 if (max_auth_info <= DCERPC_AUTH_TRAILER_LENGTH) { 235 return NT_STATUS_RPC_PROTOCOL_ERROR; 236 } 237 max_auth_length = max_auth_info - DCERPC_AUTH_TRAILER_LENGTH; 238 239 if (pkt->auth_length > max_auth_length) { 240 return NT_STATUS_RPC_PROTOCOL_ERROR; 241 } 242 } 243 244 if ((pkt->pfc_flags & required_flags) != required_flags) { 245 return NT_STATUS_RPC_PROTOCOL_ERROR; 246 } 247 if (pkt->pfc_flags & ~(optional_flags|required_flags)) { 248 return NT_STATUS_RPC_PROTOCOL_ERROR; 249 } 250 251 if (pkt->drep[0] & ~DCERPC_DREP_LE) { 252 return NT_STATUS_RPC_PROTOCOL_ERROR; 253 } 254 if (pkt->drep[1] != 0) { 255 return NT_STATUS_RPC_PROTOCOL_ERROR; 256 } 257 if (pkt->drep[2] != 0) { 258 return NT_STATUS_RPC_PROTOCOL_ERROR; 259 } 260 if (pkt->drep[3] != 0) { 261 return NT_STATUS_RPC_PROTOCOL_ERROR; 262 } 153 263 154 264 return NT_STATUS_OK; … … 342 452 return NT_STATUS_OK; 343 453 } 454 455 struct dcerpc_sec_vt_header2 dcerpc_sec_vt_header2_from_ncacn_packet(const struct ncacn_packet *pkt) 456 { 457 struct dcerpc_sec_vt_header2 ret; 458 459 ZERO_STRUCT(ret); 460 ret.ptype = pkt->ptype; 461 memcpy(&ret.drep, pkt->drep, sizeof(ret.drep)); 462 ret.call_id = pkt->call_id; 463 464 switch (pkt->ptype) { 465 case DCERPC_PKT_REQUEST: 466 ret.context_id = pkt->u.request.context_id; 467 ret.opnum = pkt->u.request.opnum; 468 break; 469 470 case DCERPC_PKT_RESPONSE: 471 ret.context_id = pkt->u.response.context_id; 472 break; 473 474 case DCERPC_PKT_FAULT: 475 ret.context_id = pkt->u.fault.context_id; 476 break; 477 478 default: 479 break; 480 } 481 482 return ret; 483 } 484 485 bool dcerpc_sec_vt_header2_equal(const struct dcerpc_sec_vt_header2 *v1, 486 const struct dcerpc_sec_vt_header2 *v2) 487 { 488 if (v1->ptype != v2->ptype) { 489 return false; 490 } 491 492 if (memcmp(v1->drep, v2->drep, sizeof(v1->drep)) != 0) { 493 return false; 494 } 495 496 if (v1->call_id != v2->call_id) { 497 return false; 498 } 499 500 if (v1->context_id != v2->context_id) { 501 return false; 502 } 503 504 if (v1->opnum != v2->opnum) { 505 return false; 506 } 507 508 return true; 509 } 510 511 static bool dcerpc_sec_vt_is_valid(const struct dcerpc_sec_verification_trailer *r) 512 { 513 bool ret = false; 514 TALLOC_CTX *frame = talloc_stackframe(); 515 struct bitmap *commands_seen; 516 int i; 517 518 if (r->count.count == 0) { 519 ret = true; 520 goto done; 521 } 522 523 if (memcmp(r->magic, DCERPC_SEC_VT_MAGIC, sizeof(r->magic)) != 0) { 524 goto done; 525 } 526 527 commands_seen = bitmap_talloc(frame, DCERPC_SEC_VT_COMMAND_ENUM + 1); 528 if (commands_seen == NULL) { 529 goto done; 530 } 531 532 for (i=0; i < r->count.count; i++) { 533 enum dcerpc_sec_vt_command_enum cmd = 534 r->commands[i].command & DCERPC_SEC_VT_COMMAND_ENUM; 535 536 if (bitmap_query(commands_seen, cmd)) { 537 /* Each command must appear at most once. */ 538 goto done; 539 } 540 bitmap_set(commands_seen, cmd); 541 542 switch (cmd) { 543 case DCERPC_SEC_VT_COMMAND_BITMASK1: 544 case DCERPC_SEC_VT_COMMAND_PCONTEXT: 545 case DCERPC_SEC_VT_COMMAND_HEADER2: 546 break; 547 default: 548 if ((r->commands[i].u._unknown.length % 4) != 0) { 549 goto done; 550 } 551 break; 552 } 553 } 554 ret = true; 555 done: 556 TALLOC_FREE(frame); 557 return ret; 558 } 559 560 #define CHECK(msg, ok) \ 561 do { \ 562 if (!ok) { \ 563 DEBUG(10, ("SEC_VT check %s failed\n", msg)); \ 564 return false; \ 565 } \ 566 } while(0) 567 568 #define CHECK_SYNTAX(msg, s1, s2) \ 569 do { \ 570 if (!ndr_syntax_id_equal(&s1, &s2)) { \ 571 TALLOC_CTX *frame = talloc_stackframe(); \ 572 DEBUG(10, ("SEC_VT check %s failed: %s vs. %s\n", msg, \ 573 ndr_syntax_id_to_string(frame, &s1), \ 574 ndr_syntax_id_to_string(frame, &s1))); \ 575 TALLOC_FREE(frame); \ 576 return false; \ 577 } \ 578 } while(0) 579 580 581 bool dcerpc_sec_verification_trailer_check( 582 const struct dcerpc_sec_verification_trailer *vt, 583 const uint32_t *bitmask1, 584 const struct dcerpc_sec_vt_pcontext *pcontext, 585 const struct dcerpc_sec_vt_header2 *header2) 586 { 587 size_t i; 588 589 if (!dcerpc_sec_vt_is_valid(vt)) { 590 return false; 591 } 592 593 for (i=0; i < vt->count.count; i++) { 594 struct dcerpc_sec_vt *c = &vt->commands[i]; 595 596 switch (c->command & DCERPC_SEC_VT_COMMAND_ENUM) { 597 case DCERPC_SEC_VT_COMMAND_BITMASK1: 598 if (bitmask1 == NULL) { 599 CHECK("Bitmask1 must_process_command", 600 !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); 601 break; 602 } 603 604 if (c->u.bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING) { 605 CHECK("Bitmask1 client_header_signing", 606 *bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING); 607 } 608 break; 609 610 case DCERPC_SEC_VT_COMMAND_PCONTEXT: 611 if (pcontext == NULL) { 612 CHECK("Pcontext must_process_command", 613 !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); 614 break; 615 } 616 617 CHECK_SYNTAX("Pcontect abstract_syntax", 618 pcontext->abstract_syntax, 619 c->u.pcontext.abstract_syntax); 620 CHECK_SYNTAX("Pcontext transfer_syntax", 621 pcontext->transfer_syntax, 622 c->u.pcontext.transfer_syntax); 623 break; 624 625 case DCERPC_SEC_VT_COMMAND_HEADER2: { 626 if (header2 == NULL) { 627 CHECK("Header2 must_process_command", 628 !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); 629 break; 630 } 631 632 CHECK("Header2", dcerpc_sec_vt_header2_equal(header2, &c->u.header2)); 633 break; 634 } 635 636 default: 637 CHECK("Unknown must_process_command", 638 !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); 639 break; 640 } 641 } 642 643 return true; 644 } -
trunk/server/librpc/rpc/rpc_common.h
r862 r920 159 159 * @return - A NTSTATUS error code. 160 160 */ 161 NTSTATUS dcerpc_pull_auth_trailer( struct ncacn_packet *pkt,161 NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, 162 162 TALLOC_CTX *mem_ctx, 163 DATA_BLOB *pkt_trailer,163 const DATA_BLOB *pkt_trailer, 164 164 struct dcerpc_auth *auth, 165 165 uint32_t *auth_length, 166 166 bool auth_data_only); 167 NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, 168 enum dcerpc_pkt_type ptype, 169 size_t max_auth_info, 170 uint8_t required_flags, 171 uint8_t optional_flags); 167 172 struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, 168 173 struct tevent_context *ev, … … 297 302 void *r_ptr); 298 303 304 /** 305 * Extract header information from a ncacn_packet 306 * as a dcerpc_sec_vt_header2 as used by the security verification trailer. 307 * 308 * @param[in] pkt a packet 309 * 310 * @return a dcerpc_sec_vt_header2 311 */ 312 struct dcerpc_sec_vt_header2 dcerpc_sec_vt_header2_from_ncacn_packet(const struct ncacn_packet *pkt); 313 314 315 /** 316 * Test if two dcerpc_sec_vt_header2 structures are equal 317 * without consideration of reserved fields. 318 * 319 * @param v1 a pointer to a dcerpc_sec_vt_header2 structure 320 * @param v2 a pointer to a dcerpc_sec_vt_header2 structure 321 * 322 * @retval true if *v1 equals *v2 323 */ 324 bool dcerpc_sec_vt_header2_equal(const struct dcerpc_sec_vt_header2 *v1, 325 const struct dcerpc_sec_vt_header2 *v2); 326 327 /** 328 * Check for consistency of the security verification trailer with the PDU header. 329 * See <a href="http://msdn.microsoft.com/en-us/library/cc243559.aspx">MS-RPCE 2.2.2.13</a>. 330 * A check with an empty trailer succeeds. 331 * 332 * @param[in] vt a pointer to the security verification trailer. 333 * @param[in] bitmask1 which flags were negotiated on the connection. 334 * @param[in] pcontext the syntaxes negotiatied for the presentation context. 335 * @param[in] header2 some fields from the PDU header. 336 * 337 * @retval true on success. 338 */ 339 bool dcerpc_sec_verification_trailer_check( 340 const struct dcerpc_sec_verification_trailer *vt, 341 const uint32_t *bitmask1, 342 const struct dcerpc_sec_vt_pcontext *pcontext, 343 const struct dcerpc_sec_vt_header2 *header2); 344 299 345 #endif /* __DEFAULT_LIBRPC_RPCCOMMON_H__ */ -
trunk/server/librpc/wscript_build
r918 r920 275 275 276 276 bld.SAMBA_SUBSYSTEM('NDR_DCERPC', 277 source='gen_ndr/ndr_dcerpc.c ',277 source='gen_ndr/ndr_dcerpc.c ndr/ndr_dcerpc.c', 278 278 public_deps='ndr', 279 deps='bitmap', 279 280 public_headers='gen_ndr/ndr_dcerpc.h gen_ndr/dcerpc.h', 280 281 header_path= [ ('*gen_ndr*', 'gen_ndr') ], -
trunk/server/pidl/lib/Parse/Pidl/ODL.pm
r414 r920 71 71 } 72 72 my $podl = Parse::Pidl::IDL::parse_file($idl_path, $opt_incdirs); 73 if (defined( @$podl)) {73 if (defined($podl)) { 74 74 require Parse::Pidl::Typelist; 75 75 my $basename = basename($idl_path, ".idl"); -
trunk/server/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
r918 r920 184 184 185 185 pidl ""; 186 pidl "if (p-> rng_fault_state) {";186 pidl "if (p->fault_state) {"; 187 187 pidl "\ttalloc_free(r);"; 188 188 pidl "\t/* Return true here, srv_pipe_hnd.c will take care */"; -
trunk/server/pidl/pidl
r918 r920 606 606 607 607 $pidl = Parse::Pidl::IDL::parse_file($idl_file, \@opt_incdirs); 608 defined @$pidl || die "Failed to parse $idl_file";608 defined $pidl || die "Failed to parse $idl_file"; 609 609 } 610 610 -
trunk/server/selftest/target/Samba3.pm
r862 r920 128 128 domain logons = yes 129 129 lanman auth = yes 130 raw NTLMv2 auth = yes 130 131 "; 131 132 … … 231 232 security = server 232 233 password server = $s3dcvars->{SERVER_IP} 234 client ntlmv2 auth = no 233 235 "; 234 236 -
trunk/server/source3/Makefile-smbtorture4
r918 r920 7 7 @(cd .. && \ 8 8 CFLAGS='' $(WAF) reconfigure || \ 9 CFLAGS='' $(WAF) configure --enable-socket-wrapper --enable-nss-wrapper --enable-uid-wrapper --nonshared-binary=$(SAMBA4_BINARIES) --enable-auto-reconfigure )9 CFLAGS='' $(WAF) configure --enable-socket-wrapper --enable-nss-wrapper --enable-uid-wrapper --nonshared-binary=$(SAMBA4_BINARIES) --enable-auto-reconfigure --bundled-libraries=ALL --disable-gnutls ) 10 10 11 11 .PHONY: samba4-configure -
trunk/server/source3/Makefile.in
r873 r920 324 324 librpc/ndr/util.o \ 325 325 librpc/gen_ndr/ndr_server_id.o \ 326 librpc/gen_ndr/ndr_dcerpc.o 326 librpc/gen_ndr/ndr_dcerpc.o \ 327 ../librpc/ndr/ndr_dcerpc.o 327 328 328 329 LIBNDR_GEN_OBJ0 = librpc/gen_ndr/ndr_samr.o \ … … 455 456 ../libds/common/flag_mapping.o \ 456 457 lib/access.o lib/smbrun.o \ 457 lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \458 ../lib/util/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \ 458 459 lib/wins_srv.o \ 459 460 lib/util_str.o lib/clobber.o lib/util_sid.o \ … … 783 784 PROFILES_OBJ = utils/profiles.o \ 784 785 $(LIBSMB_ERR_OBJ) \ 786 $(LIBNDR_NTLMSSP_OBJ) \ 785 787 $(PARAM_OBJ) \ 786 788 $(LIB_OBJ) $(LIB_DUMMY_OBJ) \ … … 988 990 $(PASSCHANGE_OBJ) $(FNAME_UTIL_OBJ) \ 989 991 $(LIBCLI_SAMR_OBJ) \ 990 rpc_client/init_lsa.o 992 $(LIBCLI_NETLOGON_OBJ) \ 993 rpc_client/init_lsa.o \ 994 rpc_client/init_netlogon.o 991 995 992 996 STATUS_OBJ = utils/status.o utils/status_profile.o \ 993 997 $(LOCKING_OBJ) $(PARAM_OBJ) \ 994 998 $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ 995 $(LIBSMB_ERR_OBJ) $( FNAME_UTIL_OBJ)999 $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(FNAME_UTIL_OBJ) 996 1000 997 1001 SMBCONTROL_OBJ = utils/smbcontrol.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ 998 $(LIBSMB_ERR_OBJ) $( POPT_LIB_OBJ) $(PRINTBASE_OBJ)1002 $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(POPT_LIB_OBJ) $(PRINTBASE_OBJ) 999 1003 1000 1004 SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \ … … 1004 1008 $(LIBMSRPC_GEN_OBJ) \ 1005 1009 $(LIBMSRPC_OBJ) \ 1006 $(LIBCLI_SRVSVC_OBJ) 1010 $(LIBCLI_SRVSVC_OBJ) \ 1011 $(LIBCLI_NETLOGON_OBJ) \ 1012 rpc_client/init_netlogon.o 1007 1013 1008 1014 TESTPARM_OBJ = utils/testparm.o \ 1009 1015 $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ 1010 $(LIBSMB_ERR_OBJ) 1016 $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) 1011 1017 1012 1018 SMBTA_UTIL_OBJ = utils/smbta-util.o $(PARAM_OBJ) $(POPT_LIB_OBJ) \ 1013 1019 $(LIB_NONSMBD_OBJ) \ 1014 $(LIBSMB_ERR_OBJ) $( FNAME_UTIL_OBJ)1020 $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(FNAME_UTIL_OBJ) 1015 1021 1016 1022 TEST_LP_LOAD_OBJ = param/test_lp_load.o \ … … 1026 1032 $(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) \ 1027 1033 $(LIBCLI_SAMR_OBJ) \ 1028 rpc_client/init_lsa.o 1034 $(LIBCLI_NETLOGON_OBJ) \ 1035 rpc_client/init_lsa.o \ 1036 rpc_client/init_netlogon.o 1029 1037 1030 1038 PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \ … … 1099 1107 $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ 1100 1108 $(LIBCLI_SRVSVC_OBJ) \ 1101 $(LIBCLI_LSA_OBJ) 1109 $(LIBCLI_LSA_OBJ) \ 1110 $(LIBCLI_NETLOGON_OBJ) \ 1111 rpc_client/init_netlogon.o 1102 1112 1103 1113 LIBSMBCLIENT_OBJ = $(LIBSMBCLIENT_OBJ1) … … 1122 1132 $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ 1123 1133 $(DISPLAY_SEC_OBJ) \ 1124 $(LIBCLI_SRVSVC_OBJ) 1134 $(LIBCLI_SRVSVC_OBJ) \ 1135 $(LIBCLI_NETLOGON_OBJ) \ 1136 rpc_client/init_netlogon.o 1125 1137 1126 1138 LIBSMBCONF_OBJ = ../lib/smbconf/smbconf.o \ … … 1136 1148 $(PARAM_OBJ) \ 1137 1149 $(LIBSMB_ERR_OBJ) \ 1150 $(LIBNDR_NTLMSSP_OBJ) \ 1138 1151 $(POPT_LIB_OBJ) 1139 1152 … … 1219 1232 1220 1233 NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) \ 1221 $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) 1234 $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) 1222 1235 1223 1236 SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \ … … 1234 1247 torture/wbc_async.o \ 1235 1248 ../nsswitch/wb_reqtrans.o \ 1236 $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) 1249 $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) \ 1250 $(LIBCLI_NETLOGON_OBJ) rpc_client/init_netlogon.o 1251 1237 1252 1238 1253 MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ … … 1241 1256 1242 1257 MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_ERR_OBJ) \ 1258 $(LIBNDR_NTLMSSP_OBJ) \ 1243 1259 $(LIB_NONSMBD_OBJ) \ 1244 1260 $(LIBNDR_GEN_OBJ0) … … 1257 1273 VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ) 1258 1274 1259 SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) 1275 SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) 1260 1276 1261 1277 LOG2PCAP_OBJ = utils/log2pcaphex.o … … 1269 1285 $(PASSDB_OBJ) $(GROUPDB_OBJ) $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ 1270 1286 $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) \ 1271 $(LIBCLI_LSA_OBJ) 1287 $(LIBCLI_LSA_OBJ) \ 1288 $(LIBCLI_NETLOGON_OBJ) \ 1289 rpc_client/init_netlogon.o 1272 1290 1273 1291 SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ … … 1276 1294 $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(POPT_LIB_OBJ) \ 1277 1295 $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ 1278 $(LIBCLI_LSA_OBJ) 1296 $(LIBCLI_LSA_OBJ) \ 1297 $(LIBCLI_NETLOGON_OBJ) \ 1298 rpc_client/init_netlogon.o 1279 1299 1280 1300 EVTLOGADM_OBJ0 = utils/eventlogadm.o 1281 1301 1282 1302 EVTLOGADM_OBJ = $(EVTLOGADM_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ 1283 $(LIBSMB_ERR_OBJ) $(LIB _EVENTLOG_OBJ) \1303 $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(LIB_EVENTLOG_OBJ) \ 1284 1304 librpc/gen_ndr/ndr_eventlog.o \ 1285 1305 librpc/gen_ndr/ndr_lsa.o … … 1287 1307 SHARESEC_OBJ0 = utils/sharesec.o 1288 1308 SHARESEC_OBJ = $(SHARESEC_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ 1289 $(LIBSMB_ERR_OBJ) \1309 $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) \ 1290 1310 $(POPT_LIB_OBJ) 1291 1311 1292 1312 TALLOCTORT_OBJ = @tallocdir@/testsuite.o @tallocdir@/testsuite_main.o \ 1293 $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) 1313 $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) 1294 1314 1295 1315 REPLACETORT_OBJ = @libreplacedir@/test/testsuite.o \ … … 1307 1327 1308 1328 WINBIND_WINS_NSS_OBJ = ../nsswitch/wins.o $(PARAM_OBJ) \ 1309 $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBN MB_OBJ)1329 $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(LIBNMB_OBJ) 1310 1330 1311 1331 PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \ … … 1515 1535 $(PARAM_OBJ) \ 1516 1536 $(LIB_NONSMBD_OBJ) \ 1517 $(LIBSMB_ERR_OBJ) 1537 $(LIBSMB_ERR_OBJ) \ 1538 $(LIBNDR_NTLMSSP_OBJ) 1518 1539 1519 1540 DBWRAP_TORTURE_OBJ = utils/dbwrap_torture.o \ … … 1521 1542 $(LIB_NONSMBD_OBJ) \ 1522 1543 $(LIBSMB_ERR_OBJ) \ 1544 $(LIBNDR_NTLMSSP_OBJ) \ 1523 1545 $(POPT_LIB_OBJ) 1524 1546 -
trunk/server/source3/auth/auth_util.c
r862 r920 31 31 #include "lib/winbind_util.h" 32 32 #include "passdb.h" 33 #include "../lib/tsocket/tsocket.h" 33 34 34 35 #undef DBGC_CLASS … … 368 369 DATA_BLOB lm_resp, DATA_BLOB nt_resp) 369 370 { 371 bool allow_raw = lp_raw_ntlmv2_auth(); 372 373 if (!allow_raw && nt_resp.length >= 48) { 374 /* 375 * NTLMv2_RESPONSE has at least 48 bytes 376 * and should only be supported via NTLMSSP. 377 */ 378 DEBUG(2,("Rejecting raw NTLMv2 authentication with " 379 "user [%s\\%s]\n", 380 client_domain, smb_name)); 381 return NT_STATUS_INVALID_PARAMETER; 382 } 383 370 384 return make_user_info_map(user_info, smb_name, 371 385 client_domain, -
trunk/server/source3/include/ntdomain.h
r918 r920 88 88 int n_cmds; 89 89 uint32 context_id; 90 90 struct ndr_syntax_id syntax; 91 92 /* 93 * shall we allow "connect" auth level for this interface ? 94 */ 95 bool allow_connect; 91 96 } PIPE_RPC_FNS; 92 97 … … 135 140 136 141 /* 137 * Set to true when we should return fault PDU's for everything. 138 */ 139 140 bool fault_state; 141 142 /* 143 * Set to true when we should return fault PDU's for a bad handle. 144 */ 145 146 bool bad_handle_fault_state; 147 148 /* 149 * Set to true when the backend does not support a call. 150 */ 151 152 bool rng_fault_state; 142 * States we can be in. 143 */ 144 bool allow_alter; 145 bool allow_bind; 146 bool allow_auth3; 147 148 /* 149 * Set the DCERPC_FAULT to return. 150 */ 151 152 int fault_state; 153 153 154 154 /* -
trunk/server/source3/include/proto.h
r862 r920 61 61 bool get_audit_category_from_param(const char *param, uint32 *audit_category); 62 62 const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy); 63 64 /* The following definitions come from lib/bitmap.c */65 66 struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n);67 int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src);68 bool bitmap_set(struct bitmap *bm, unsigned i);69 bool bitmap_clear(struct bitmap *bm, unsigned i);70 bool bitmap_query(struct bitmap *bm, unsigned i);71 int bitmap_find(struct bitmap *bm, unsigned ofs);72 63 73 64 /* The following definitions come from lib/charcnv.c */ … … 1270 1261 void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list); 1271 1262 void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature); 1263 bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature); 1272 1264 NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, 1273 1265 const DATA_BLOB in, DATA_BLOB *out) ; … … 1499 1491 bool lp_lanman_auth(void); 1500 1492 bool lp_ntlm_auth(void); 1493 bool lp_raw_ntlmv2_auth(void); 1501 1494 bool lp_client_plaintext_auth(void); 1502 1495 bool lp_client_lanman_auth(void); … … 1698 1691 int lp_winbind_max_clients(void); 1699 1692 const char **lp_winbind_nss_info(void); 1693 bool lp_winbind_sealed_pipes(void); 1700 1694 int lp_algorithmic_rid_base(void); 1701 1695 int lp_name_cache_timeout(void); 1702 1696 int lp_client_signing(void); 1697 int lp_client_ipc_signing(void); 1703 1698 int lp_server_signing(void); 1704 1699 int lp_client_ldap_sasl_wrapping(void); … … 1827 1822 void widelinks_warning(int snum); 1828 1823 char *lp_ncalrpc_dir(void); 1824 bool lp_allow_dcerpc_auth_level_connect(void); 1829 1825 1830 1826 /* The following definitions come from param/loadparm_server_role.c */ -
trunk/server/source3/include/smb.h
r862 r920 713 713 }; 714 714 715 716 715 /* the following are used by loadparm for option lists */ 717 716 typedef enum { … … 759 758 #define FLAG_META 0x8000 /* A meta directive - not a real parameter */ 760 759 #define FLAG_CMDLINE 0x10000 /* option has been overridden */ 761 762 struct bitmap {763 uint32 *b;764 unsigned int n;765 };766 760 767 761 /* offsets into message for common items */ -
trunk/server/source3/lib/bitmap.c
r918 r920 19 19 20 20 #include "includes.h" 21 #include "lib/util/bitmap.h" 21 22 22 23 /* these functions provide a simple way to allocate integers from a … … 30 31 struct bitmap *bm; 31 32 32 bm = TALLOC_P(mem_ctx, struct bitmap);33 bm = talloc_zero(mem_ctx, struct bitmap); 33 34 34 35 if (!bm) return NULL; 35 36 36 37 bm->n = n; 37 bm->b = TALLOC_ZERO_ARRAY(bm, uint32, (n+31)/32);38 bm->b = talloc_zero_array(bm, uint32_t, (n+31)/32); 38 39 if (!bm->b) { 39 40 TALLOC_FREE(bm); … … 52 53 53 54 SMB_ASSERT(dst->b != src->b); 54 memcpy(dst->b, src->b, sizeof(uint32 )*((count+31)/32));55 memcpy(dst->b, src->b, sizeof(uint32_t)*((count+31)/32)); 55 56 56 57 return count; … … 65 66 DEBUG(0,("Setting invalid bitmap entry %d (of %d)\n", 66 67 i, bm->n)); 67 return False;68 return false; 68 69 } 69 70 bm->b[i/32] |= (1<<(i%32)); 70 return True;71 return true; 71 72 } 72 73 … … 79 80 DEBUG(0,("clearing invalid bitmap entry %d (of %d)\n", 80 81 i, bm->n)); 81 return False;82 return false; 82 83 } 83 84 bm->b[i/32] &= ~(1<<(i%32)); 84 return True;85 return true; 85 86 } 86 87 … … 90 91 bool bitmap_query(struct bitmap *bm, unsigned i) 91 92 { 92 if (i >= bm->n) return False;93 if (i >= bm->n) return false; 93 94 if (bm->b[i/32] & (1<<(i%32))) { 94 return True;95 return true; 95 96 } 96 return False;97 return false; 97 98 } 98 99 -
trunk/server/source3/libads/sasl.c
r918 r920 261 261 /* we have a reference conter on ntlmssp_state, if we are signing 262 262 then the state will be kept by the signing engine */ 263 264 if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SEAL) { 265 bool ok; 266 267 ok = ntlmssp_have_feature(ntlmssp_state, 268 NTLMSSP_FEATURE_SEAL); 269 if (!ok) { 270 DEBUG(0,("The ntlmssp feature sealing request, but unavailable\n")); 271 TALLOC_FREE(ntlmssp_state); 272 return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); 273 } 274 275 ok = ntlmssp_have_feature(ntlmssp_state, 276 NTLMSSP_FEATURE_SIGN); 277 if (!ok) { 278 DEBUG(0,("The ntlmssp feature signing request, but unavailable\n")); 279 TALLOC_FREE(ntlmssp_state); 280 return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); 281 } 282 283 } else if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SIGN) { 284 bool ok; 285 286 ok = ntlmssp_have_feature(ntlmssp_state, 287 NTLMSSP_FEATURE_SIGN); 288 if (!ok) { 289 DEBUG(0,("The gensec feature signing request, but unavailable\n")); 290 TALLOC_FREE(ntlmssp_state); 291 return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); 292 } 293 } 263 294 264 295 if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) { -
trunk/server/source3/librpc/rpc/dcerpc.h
r918 r920 40 40 enum dcerpc_AuthType auth_type; 41 41 enum dcerpc_AuthLevel auth_level; 42 bool verified_bitmask1; 42 43 43 44 void *auth_ctx; 45 uint32_t auth_context_id; 44 46 45 47 /* Only the client code uses these 3 for now */ … … 71 73 const DATA_BLOB *credentials, 72 74 DATA_BLOB *blob); 73 NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,74 const DATA_BLOB *blob,75 struct dcerpc_auth *r,76 bool bigendian);77 75 NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, 78 76 size_t header_len, size_t data_left, … … 85 83 struct ncacn_packet *pkt, 86 84 DATA_BLOB *pkt_trailer, 87 size_t header_size, 88 DATA_BLOB *raw_pkt, 89 size_t *pad_len); 85 uint8_t header_size, 86 DATA_BLOB *raw_pkt); 90 87 91 88 /* The following definitions come from librpc/rpc/rpc_common.c */ -
trunk/server/source3/librpc/rpc/dcerpc_helpers.c
r862 r920 211 211 212 212 /** 213 * @brief Decodes a dcerpc_auth blob214 *215 * @param mem_ctx The memory context on which to allocate the packet216 * elements217 * @param blob The blob of data to decode218 * @param r An empty dcerpc_auth structure, must not be NULL219 *220 * @return a NTSTATUS error code221 */222 NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,223 const DATA_BLOB *blob,224 struct dcerpc_auth *r,225 bool bigendian)226 {227 enum ndr_err_code ndr_err;228 struct ndr_pull *ndr;229 230 ndr = ndr_pull_init_blob(blob, mem_ctx);231 if (!ndr) {232 return NT_STATUS_NO_MEMORY;233 }234 if (bigendian) {235 ndr->flags |= LIBNDR_FLAG_BIGENDIAN;236 }237 238 ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, r);239 240 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {241 talloc_free(ndr);242 return ndr_map_error2ntstatus(ndr_err);243 }244 talloc_free(ndr);245 246 if (DEBUGLEVEL >= 10) {247 NDR_PRINT_DEBUG(dcerpc_auth, r);248 }249 250 return NT_STATUS_OK;251 }252 253 /**254 213 * @brief Calculate how much data we can in a packet, including calculating 255 214 * auth token and pad lengths. … … 783 742 auth->auth_level, 784 743 pad_len, 785 1 /* context id. */,744 auth->auth_context_id, 786 745 &auth_blob, 787 746 &auth_info); … … 845 804 * @param auth The auth data for the connection 846 805 * @param pkt The actual ncacn_packet 847 * @param pkt_trailer The stub_and_verifier part of the packet 806 * @param pkt_trailer [in][out] The stub_and_verifier part of the packet, 807 * the auth_trailer and padding will be removed. 848 808 * @param header_size The header size 849 809 * @param raw_pkt The whole raw packet data blob 850 * @param pad_len [out] The padding length used in the packet851 810 * 852 811 * @return A NTSTATUS error code … … 855 814 struct ncacn_packet *pkt, 856 815 DATA_BLOB *pkt_trailer, 857 size_t header_size, 858 DATA_BLOB *raw_pkt, 859 size_t *pad_len) 816 uint8_t header_size, 817 DATA_BLOB *raw_pkt) 860 818 { 861 819 struct schannel_state *schannel_auth; … … 869 827 DATA_BLOB data; 870 828 829 /* 830 * These check should be done in the caller. 831 */ 832 SMB_ASSERT(raw_pkt->length == pkt->frag_length); 833 SMB_ASSERT(header_size <= pkt->frag_length); 834 SMB_ASSERT(pkt_trailer->length < pkt->frag_length); 835 SMB_ASSERT((pkt_trailer->length + header_size) <= pkt->frag_length); 836 871 837 switch (auth->auth_level) { 872 838 case DCERPC_AUTH_LEVEL_PRIVACY: … … 882 848 break; 883 849 } 884 *pad_len = 0;885 850 return NT_STATUS_OK; 886 851 … … 891 856 return NT_STATUS_INVALID_PARAMETER; 892 857 } 893 *pad_len = 0;894 858 return NT_STATUS_OK; 895 859 … … 900 864 } 901 865 902 /* Paranioa checks for auth_length. */ 903 if (pkt->auth_length > pkt->frag_length) { 904 return NT_STATUS_INFO_LENGTH_MISMATCH; 905 } 906 if (((unsigned int)pkt->auth_length 907 + DCERPC_AUTH_TRAILER_LENGTH < (unsigned int)pkt->auth_length) || 908 ((unsigned int)pkt->auth_length 909 + DCERPC_AUTH_TRAILER_LENGTH < DCERPC_AUTH_TRAILER_LENGTH)) { 910 /* Integer wrap attempt. */ 911 return NT_STATUS_INFO_LENGTH_MISMATCH; 866 if (pkt->auth_length == 0) { 867 return NT_STATUS_INVALID_PARAMETER; 912 868 } 913 869 … … 918 874 } 919 875 876 if (auth_info.auth_type != auth->auth_type) { 877 return NT_STATUS_INVALID_PARAMETER; 878 } 879 880 if (auth_info.auth_level != auth->auth_level) { 881 return NT_STATUS_INVALID_PARAMETER; 882 } 883 884 if (auth_info.auth_context_id != auth->auth_context_id) { 885 return NT_STATUS_INVALID_PARAMETER; 886 } 887 888 pkt_trailer->length -= auth_length; 920 889 data = data_blob_const(raw_pkt->data + header_size, 921 pkt_trailer->length - auth_length);922 full_pkt = data_blob_const(raw_pkt->data, 923 raw_pkt->length - auth_info.credentials.length);890 pkt_trailer->length); 891 full_pkt = data_blob_const(raw_pkt->data, raw_pkt->length); 892 full_pkt.length -= auth_info.credentials.length; 924 893 925 894 switch (auth->auth_type) { … … 997 966 * are still both used in later calls */ 998 967 if (auth->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { 968 if (pkt_trailer->length != data.length) { 969 return NT_STATUS_INVALID_PARAMETER; 970 } 999 971 memcpy(pkt_trailer->data, data.data, data.length); 1000 972 } 1001 973 1002 *pad_len= auth_info.auth_pad_length;974 pkt_trailer->length -= auth_info.auth_pad_length; 1003 975 data_blob_free(&auth_info.credentials); 1004 976 return NT_STATUS_OK; -
trunk/server/source3/libsmb/cliconnect.c
r862 r920 2078 2078 2079 2079 /* otherwise do a NT1 style session setup */ 2080 if (lp_client_ntlmv2_auth() && lp_client_use_spnego()) { 2081 /* 2082 * Don't send an NTLMv2 response without NTLMSSP 2083 * if we want to use spnego support 2084 */ 2085 DEBUG(1, ("Server does not support EXTENDED_SECURITY " 2086 " but 'client use spnego = yes" 2087 " and 'client ntlmv2 auth = yes'\n")); 2088 return NT_STATUS_ACCESS_DENIED; 2089 } 2090 2080 2091 status = cli_session_setup_nt1(cli, user, pass, passlen, 2081 2092 ntpass, ntpasslen, workgroup); -
trunk/server/source3/libsmb/clidfs.c
r918 r920 99 99 const char *password; 100 100 NTSTATUS status; 101 int signing_state = get_cmdline_auth_info_signing_state(auth_info); 102 103 if (force_encrypt) { 104 signing_state = Required; 105 } 101 106 102 107 /* make a copy so we don't modify the global string 'service' */ … … 133 138 134 139 /* have to open a new connection */ 135 c = cli_initialise_ex( get_cmdline_auth_info_signing_state(auth_info));140 c = cli_initialise_ex(signing_state); 136 141 if (c == NULL) { 137 142 d_printf("Connection to %s failed\n", server_n); -
trunk/server/source3/libsmb/libsmb_server.c
r918 r920 259 259 NTSTATUS status; 260 260 char *newserver, *newshare; 261 int signing_state = Undefined; 261 262 262 263 zero_sockaddr(&ss); … … 405 406 zero_sockaddr(&ss); 406 407 408 if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { 409 signing_state = Required; 410 } 411 407 412 /* have to open a new connection */ 408 if ((c = cli_initialise ()) == NULL) {413 if ((c = cli_initialise_ex(signing_state)) == NULL) { 409 414 errno = ENOMEM; 410 415 return NULL; … … 751 756 pp_workgroup, pp_username, pp_password); 752 757 if (!ipc_srv) { 758 int signing_state = Undefined; 753 759 754 760 /* We didn't find a cached connection. Get the password */ … … 772 778 flags |= CLI_FULL_CONNECTION_USE_CCACHE; 773 779 } 780 if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { 781 signing_state = Required; 782 } 774 783 775 784 zero_sockaddr(&ss); … … 781 790 *pp_password, 782 791 flags, 783 Undefined);792 signing_state); 784 793 if (! NT_STATUS_IS_OK(nt_status)) { 785 794 DEBUG(1,("cli_full_connection failed! (%s)\n", -
trunk/server/source3/libsmb/ntlmssp.c
r918 r920 163 163 } 164 164 165 bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, 166 uint32_t feature) 167 { 168 if (feature & NTLMSSP_FEATURE_SIGN) { 169 if (ntlmssp_state->session_key.length == 0) { 170 return false; 171 } 172 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { 173 return true; 174 } 175 } 176 177 if (feature & NTLMSSP_FEATURE_SEAL) { 178 if (ntlmssp_state->session_key.length == 0) { 179 return false; 180 } 181 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { 182 return true; 183 } 184 } 185 186 if (feature & NTLMSSP_FEATURE_SESSION_KEY) { 187 if (ntlmssp_state->session_key.length > 0) { 188 return true; 189 } 190 } 191 192 return false; 193 } 194 165 195 /** 166 196 * Request features for the NTLMSSP negotiation … … 177 207 */ 178 208 if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, True)) { 179 ntlmssp_state-> neg_flags |= NTLMSSP_NEGOTIATE_SIGN;209 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; 180 210 } 181 211 if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, True)) { 182 ntlmssp_state-> neg_flags |= NTLMSSP_NEGOTIATE_SIGN;212 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; 183 213 } 184 214 if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) { 185 ntlmssp_state-> neg_flags |= NTLMSSP_NEGOTIATE_SEAL;215 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL; 186 216 } 187 217 if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) { 188 218 ntlmssp_state->use_ccache = true; 189 219 } 220 221 ntlmssp_state->neg_flags |= ntlmssp_state->required_flags; 190 222 } 191 223 … … 200 232 /* As per JRA's comment above */ 201 233 if (feature & NTLMSSP_FEATURE_SESSION_KEY) { 202 ntlmssp_state-> neg_flags |= NTLMSSP_NEGOTIATE_SIGN;234 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; 203 235 } 204 236 if (feature & NTLMSSP_FEATURE_SIGN) { 205 ntlmssp_state-> neg_flags |= NTLMSSP_NEGOTIATE_SIGN;237 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; 206 238 } 207 239 if (feature & NTLMSSP_FEATURE_SEAL) { 208 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; 240 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; 241 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL; 209 242 } 210 243 if (feature & NTLMSSP_FEATURE_CCACHE) { 211 244 ntlmssp_state->use_ccache = true; 212 245 } 246 247 ntlmssp_state->neg_flags |= ntlmssp_state->required_flags; 213 248 } 214 249 … … 388 423 389 424 if (ntlmssp_state->use_ntlmv2) { 390 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; 425 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_NTLM2; 426 ntlmssp_state->allow_lm_key = false; 427 } 428 429 if (ntlmssp_state->allow_lm_key) { 430 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; 391 431 } 392 432 … … 421 461 422 462 return NT_STATUS_MORE_PROCESSING_REQUIRED; 463 } 464 465 static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, 466 uint32_t flags) 467 { 468 uint32_t missing_flags = ntlmssp_state->required_flags; 469 470 if (flags & NTLMSSP_NEGOTIATE_UNICODE) { 471 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; 472 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM; 473 ntlmssp_state->unicode = true; 474 } else { 475 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_UNICODE; 476 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM; 477 ntlmssp_state->unicode = false; 478 } 479 480 /* 481 * NTLMSSP_NEGOTIATE_NTLM2 (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) 482 * has priority over NTLMSSP_NEGOTIATE_LM_KEY 483 */ 484 if (!(flags & NTLMSSP_NEGOTIATE_NTLM2)) { 485 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; 486 } 487 488 if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { 489 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; 490 } 491 492 if (!(flags & NTLMSSP_NEGOTIATE_LM_KEY)) { 493 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; 494 } 495 496 if (!(flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) { 497 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN; 498 } 499 500 if (!(flags & NTLMSSP_NEGOTIATE_128)) { 501 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128; 502 } 503 504 if (!(flags & NTLMSSP_NEGOTIATE_56)) { 505 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56; 506 } 507 508 if (!(flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) { 509 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH; 510 } 511 512 if (!(flags & NTLMSSP_NEGOTIATE_SIGN)) { 513 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN; 514 } 515 516 if (!(flags & NTLMSSP_NEGOTIATE_SEAL)) { 517 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL; 518 } 519 520 if ((flags & NTLMSSP_REQUEST_TARGET)) { 521 ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET; 522 } 523 524 missing_flags &= ~ntlmssp_state->neg_flags; 525 if (missing_flags != 0) { 526 NTSTATUS status = NT_STATUS_RPC_SEC_PKG_ERROR; 527 DEBUG(1, ("%s: Got challenge flags[0x%08x] " 528 "- possible downgrade detected! " 529 "missing_flags[0x%08x] - %s\n", 530 __func__, 531 (unsigned)flags, 532 (unsigned)missing_flags, 533 nt_errstr(status))); 534 debug_ntlmssp_flags(missing_flags); 535 DEBUGADD(4, ("neg_flags[0x%08x]\n", 536 (unsigned)ntlmssp_state->neg_flags)); 537 debug_ntlmssp_flags(ntlmssp_state->neg_flags); 538 539 return status; 540 } 541 542 return NT_STATUS_OK; 423 543 } 424 544 … … 449 569 NTSTATUS nt_status = NT_STATUS_OK; 450 570 571 if (!msrpc_parse(ntlmssp_state, &reply, "CdBd", 572 "NTLMSSP", 573 &ntlmssp_command, 574 &server_domain_blob, 575 &chal_flags)) { 576 DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n")); 577 dump_data(2, reply.data, reply.length); 578 579 return NT_STATUS_INVALID_PARAMETER; 580 } 581 data_blob_free(&server_domain_blob); 582 583 DEBUG(3, ("Got challenge flags:\n")); 584 debug_ntlmssp_flags(chal_flags); 585 586 nt_status = ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags); 587 if (!NT_STATUS_IS_OK(nt_status)) { 588 return nt_status; 589 } 590 451 591 if (ntlmssp_state->use_ccache) { 452 592 struct wbcCredentialCacheParams params; … … 498 638 499 639 noccache: 500 501 if (!msrpc_parse(ntlmssp_state, &reply, "CdBd",502 "NTLMSSP",503 &ntlmssp_command,504 &server_domain_blob,505 &chal_flags)) {506 DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));507 dump_data(2, reply.data, reply.length);508 509 return NT_STATUS_INVALID_PARAMETER;510 }511 640 512 641 if (DEBUGLEVEL >= 10) { … … 525 654 } 526 655 } 527 528 data_blob_free(&server_domain_blob);529 530 DEBUG(3, ("Got challenge flags:\n"));531 debug_ntlmssp_flags(chal_flags);532 533 ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, lp_client_lanman_auth());534 656 535 657 if (ntlmssp_state->unicode) { … … 770 892 771 893 ntlmssp_state->use_ntlmv2 = use_ntlmv2; 894 ntlmssp_state->allow_lm_key = lp_client_lanman_auth(); 772 895 773 896 ntlmssp_state->expected_state = NTLMSSP_INITIAL; … … 781 904 NTLMSSP_REQUEST_TARGET; 782 905 906 if (ntlmssp_state->use_ntlmv2) { 907 ntlmssp_state->allow_lm_key = false; 908 } 909 783 910 ntlmssp_state->client.netbios_name = talloc_strdup(ntlmssp_state, netbios_name); 784 911 if (!ntlmssp_state->client.netbios_name) { -
trunk/server/source3/modules/vfs_acl_common.c
r862 r920 24 24 #include "../libcli/security/security.h" 25 25 #include "../librpc/gen_ndr/ndr_security.h" 26 #include "../lib/util/bitmap.h" 26 27 27 28 static NTSTATUS create_acl_blob(const struct security_descriptor *psd, -
trunk/server/source3/modules/vfs_full_audit.c
r918 r920 65 65 #include "auth.h" 66 66 #include "ntioctl.h" 67 #include "lib/util/bitmap.h" 67 68 68 69 static int vfs_full_audit_debug_level = DBGC_VFS; -
trunk/server/source3/modules/vfs_shadow_copy2.c
r918 r920 22 22 #include "includes.h" 23 23 #include "smbd/smbd.h" 24 #include "smbd/globals.h" 25 #include "../libcli/security/security.h" 24 26 #include "system/filesys.h" 25 27 #include "ntioctl.h" … … 765 767 } 766 768 769 static bool check_access_snapdir(struct vfs_handle_struct *handle, 770 const char *path) 771 { 772 struct smb_filename smb_fname; 773 int ret; 774 NTSTATUS status; 775 uint32_t access_granted = 0; 776 777 ZERO_STRUCT(smb_fname); 778 smb_fname.base_name = talloc_asprintf(talloc_tos(), 779 "%s", 780 path); 781 if (smb_fname.base_name == NULL) { 782 return false; 783 } 784 785 ret = SMB_VFS_NEXT_STAT(handle, &smb_fname); 786 if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) { 787 TALLOC_FREE(smb_fname.base_name); 788 return false; 789 } 790 791 status = smbd_check_open_rights(handle->conn, 792 &smb_fname, 793 SEC_DIR_LIST, 794 &access_granted); 795 if (!NT_STATUS_IS_OK(status)) { 796 DEBUG(0,("user does not have list permission " 797 "on snapdir %s\n", 798 smb_fname.base_name)); 799 TALLOC_FREE(smb_fname.base_name); 800 return false; 801 } 802 TALLOC_FREE(smb_fname.base_name); 803 return true; 804 } 805 767 806 static int shadow_copy2_rmdir(vfs_handle_struct *handle, const char *fname) 768 807 { … … 878 917 TALLOC_CTX *tmp_ctx = talloc_new(handle->data); 879 918 char *snapshot; 919 bool ret; 880 920 881 921 snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle); … … 884 924 handle->conn->connectpath)); 885 925 errno = EINVAL; 926 talloc_free(tmp_ctx); 927 return -1; 928 } 929 ret = check_access_snapdir(handle, snapdir); 930 if (!ret) { 931 DEBUG(0,("access denied on listing snapdir %s\n", snapdir)); 932 errno = EACCES; 886 933 talloc_free(tmp_ctx); 887 934 return -1; -
trunk/server/source3/param/loadparm.c
r918 r920 65 65 #include "dbwrap.h" 66 66 #include "smbldap.h" 67 #include "../lib/util/bitmap.h" 67 68 68 69 #ifdef HAVE_SYS_SYSCTL_H … … 219 220 bool bWinbindRefreshTickets; 220 221 bool bWinbindOfflineLogon; 222 bool bWinbindSealedPipes; 221 223 bool bWinbindNormalizeNames; 222 224 bool bWinbindRpcOnly; … … 340 342 bool bLanmanAuth; 341 343 bool bNTLMAuth; 344 bool bRawNTLMv2Auth; 342 345 bool bUseSpnego; 343 346 bool bClientLanManAuth; … … 357 360 bool bHostnameLookups; 358 361 bool bUnixExtensions; 362 bool bAllowDcerpcAuthLevelConnect; 359 363 bool bDisableNetbios; 360 364 char * szDedicatedKeytabFile; … … 369 373 int name_cache_timeout; 370 374 int client_signing; 375 int client_ipc_signing; 371 376 int server_signing; 372 377 int client_ldap_sasl_wrapping; … … 1387 1392 }, 1388 1393 { 1394 .label = "raw NTLMv2 auth", 1395 .type = P_BOOL, 1396 .p_class = P_GLOBAL, 1397 .ptr = &Globals.bRawNTLMv2Auth, 1398 .special = NULL, 1399 .enum_list = NULL, 1400 .flags = FLAG_ADVANCED, 1401 }, 1402 { 1389 1403 .label = "client NTLMv2 auth", 1390 1404 .type = P_BOOL, … … 2295 2309 }, 2296 2310 { 2311 .label = "allow dcerpc auth level connect", 2312 .type = P_BOOL, 2313 .p_class = P_GLOBAL, 2314 .ptr = &Globals.bAllowDcerpcAuthLevelConnect, 2315 .special = NULL, 2316 .enum_list = NULL, 2317 .flags = FLAG_ADVANCED, 2318 }, 2319 { 2297 2320 .label = "use spnego", 2298 2321 .type = P_BOOL, … … 2308 2331 .p_class = P_GLOBAL, 2309 2332 .ptr = &Globals.client_signing, 2333 .special = NULL, 2334 .enum_list = enum_smb_signing_vals, 2335 .flags = FLAG_ADVANCED, 2336 }, 2337 { 2338 .label = "client ipc signing", 2339 .type = P_ENUM, 2340 .p_class = P_GLOBAL, 2341 .ptr = &Globals.client_ipc_signing, 2310 2342 .special = NULL, 2311 2343 .enum_list = enum_smb_signing_vals, … … 4754 4786 .p_class = P_GLOBAL, 4755 4787 .ptr = &Globals.bWinbindOfflineLogon, 4788 .special = NULL, 4789 .enum_list = NULL, 4790 .flags = FLAG_ADVANCED, 4791 }, 4792 { 4793 .label = "winbind sealed pipes", 4794 .type = P_BOOL, 4795 .p_class = P_GLOBAL, 4796 .ptr = &Globals.bWinbindSealedPipes, 4756 4797 .special = NULL, 4757 4798 .enum_list = NULL, … … 5381 5422 Globals.bLanmanAuth = False; /* Do NOT use the LanMan hash, even if it is supplied */ 5382 5423 Globals.bNTLMAuth = True; /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */ 5424 Globals.bRawNTLMv2Auth = false; /* Allow NTLMv2 without NTLMSSP */ 5383 5425 Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */ 5384 5426 /* Note, that we will also use NTLM2 session security (which is different), if it is available */ 5427 5428 Globals.bAllowDcerpcAuthLevelConnect = false; /* we don't allow this by default */ 5385 5429 5386 5430 Globals.map_to_guest = 0; /* By Default, "Never" */ … … 5425 5469 Globals.ldap_debug_threshold = 10; 5426 5470 5471 Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN; 5472 5427 5473 /* This is what we tell the afs client. in reality we set the token 5428 5474 * to never expire, though, when this runs out the afs client will … … 5489 5535 Globals.bWinbindRefreshTickets = False; 5490 5536 Globals.bWinbindOfflineLogon = False; 5537 Globals.bWinbindSealedPipes = True; 5491 5538 5492 5539 Globals.iIdmapCacheTime = 86400 * 7; /* a week by default */ … … 5501 5548 5502 5549 Globals.client_signing = Auto; 5550 Globals.client_ipc_signing = Required; 5503 5551 Globals.server_signing = False; 5504 5552 … … 5754 5802 FN_GLOBAL_STRING(lp_check_password_script, &Globals.szCheckPasswordScript) 5755 5803 5804 FN_GLOBAL_BOOL(lp_allow_dcerpc_auth_level_connect, &Globals.bAllowDcerpcAuthLevelConnect) 5756 5805 FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook) 5757 5806 FN_GLOBAL_CONST_STRING(lp_template_homedir, &Globals.szTemplateHomedir) … … 5767 5816 FN_GLOBAL_BOOL(lp_winbind_refresh_tickets, &Globals.bWinbindRefreshTickets) 5768 5817 FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon) 5818 FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, &Globals.bWinbindSealedPipes) 5769 5819 FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames) 5770 5820 FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly) … … 5863 5913 FN_GLOBAL_BOOL(lp_lanman_auth, &Globals.bLanmanAuth) 5864 5914 FN_GLOBAL_BOOL(lp_ntlm_auth, &Globals.bNTLMAuth) 5915 FN_GLOBAL_BOOL(lp_raw_ntlmv2_auth, &Globals.bRawNTLMv2Auth) 5865 5916 FN_GLOBAL_BOOL(lp_client_plaintext_auth, &Globals.bClientPlaintextAuth) 5866 5917 FN_GLOBAL_BOOL(lp_client_lanman_auth, &Globals.bClientLanManAuth) … … 6101 6152 FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout) 6102 6153 FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing) 6154 FN_GLOBAL_INTEGER(lp_client_ipc_signing, &Globals.client_ipc_signing) 6103 6155 FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing) 6104 6156 FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, &Globals.client_ldap_sasl_wrapping) … … 9753 9805 } 9754 9806 #endif 9807 9808 if (!lp_is_in_client()) { 9809 switch (lp_client_ipc_signing()) { 9810 case Required: 9811 lp_set_cmdline("client signing", "mandatory"); 9812 break; 9813 case Auto: 9814 lp_set_cmdline("client signing", "auto"); 9815 break; 9816 case False: 9817 lp_set_cmdline("client signing", "disabled"); 9818 break; 9819 } 9820 } 9821 9755 9822 init_iconv(); 9756 9823 -
trunk/server/source3/passdb/pdb_get_set.c
r918 r920 26 26 #include "../libcli/auth/libcli_auth.h" 27 27 #include "../libcli/security/security.h" 28 #include "../lib/util/bitmap.h" 28 29 29 30 #undef DBGC_CLASS -
trunk/server/source3/rpc_client/cli_pipe.c
r862 r920 29 29 #include "ntlmssp_wrap.h" 30 30 #include "librpc/gen_ndr/ndr_dcerpc.h" 31 #include "librpc/gen_ndr/ndr_netlogon_c.h" 31 32 #include "librpc/rpc/dcerpc.h" 32 33 #include "librpc/crypto/gse.h" … … 400 401 DATA_BLOB *pdu, 401 402 uint8_t expected_pkt_type, 403 uint32_t call_id, 402 404 DATA_BLOB *rdata, 403 405 DATA_BLOB *reply_pdu) 404 406 { 405 struct dcerpc_response *r; 407 const struct dcerpc_response *r = NULL; 408 DATA_BLOB tmp_stub = data_blob_null; 406 409 NTSTATUS ret = NT_STATUS_OK; 407 size_t pad_len = 0;408 410 409 411 /* … … 413 415 *rdata = *pdu; 414 416 417 if ((pkt->ptype == DCERPC_PKT_BIND_ACK) && 418 !(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) { 419 /* 420 * TODO: do we still need this hack which was introduced 421 * in commit a42afcdcc7ab9aa9ed193ae36d3dbb10843447f0. 422 * 423 * I don't even know what AS/U might be... 424 */ 425 DEBUG(5, (__location__ ": bug in server (AS/U?), setting " 426 "fragment first/last ON.\n")); 427 pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; 428 } 429 415 430 /* Ensure we have the correct type. */ 416 431 switch (pkt->ptype) { 432 case DCERPC_PKT_BIND_NAK: 433 DEBUG(1, (__location__ ": Bind NACK received from %s!\n", 434 rpccli_pipe_txt(talloc_tos(), cli))); 435 436 ret = dcerpc_verify_ncacn_packet_header(pkt, 437 DCERPC_PKT_BIND_NAK, 438 0, /* max_auth_info */ 439 DCERPC_PFC_FLAG_FIRST | 440 DCERPC_PFC_FLAG_LAST, 441 0); /* optional flags */ 442 if (!NT_STATUS_IS_OK(ret)) { 443 DEBUG(1, (__location__ ": Connection to %s got an unexpected " 444 "RPC packet type - %u, expected %u: %s\n", 445 rpccli_pipe_txt(talloc_tos(), cli), 446 pkt->ptype, expected_pkt_type, 447 nt_errstr(ret))); 448 NDR_PRINT_DEBUG(ncacn_packet, pkt); 449 return ret; 450 } 451 452 /* Use this for now... */ 453 return NT_STATUS_NETWORK_ACCESS_DENIED; 454 455 case DCERPC_PKT_BIND_ACK: 456 ret = dcerpc_verify_ncacn_packet_header(pkt, 457 expected_pkt_type, 458 pkt->u.bind_ack.auth_info.length, 459 DCERPC_PFC_FLAG_FIRST | 460 DCERPC_PFC_FLAG_LAST, 461 DCERPC_PFC_FLAG_CONC_MPX | 462 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN); 463 if (!NT_STATUS_IS_OK(ret)) { 464 DEBUG(1, (__location__ ": Connection to %s got an unexpected " 465 "RPC packet type - %u, expected %u: %s\n", 466 rpccli_pipe_txt(talloc_tos(), cli), 467 pkt->ptype, expected_pkt_type, 468 nt_errstr(ret))); 469 NDR_PRINT_DEBUG(ncacn_packet, pkt); 470 return ret; 471 } 472 473 break; 474 417 475 case DCERPC_PKT_ALTER_RESP: 418 case DCERPC_PKT_BIND_ACK: 419 420 /* Client code never receives this kind of packets */ 476 ret = dcerpc_verify_ncacn_packet_header(pkt, 477 expected_pkt_type, 478 pkt->u.alter_resp.auth_info.length, 479 DCERPC_PFC_FLAG_FIRST | 480 DCERPC_PFC_FLAG_LAST, 481 DCERPC_PFC_FLAG_CONC_MPX | 482 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN); 483 if (!NT_STATUS_IS_OK(ret)) { 484 DEBUG(1, (__location__ ": Connection to %s got an unexpected " 485 "RPC packet type - %u, expected %u: %s\n", 486 rpccli_pipe_txt(talloc_tos(), cli), 487 pkt->ptype, expected_pkt_type, 488 nt_errstr(ret))); 489 NDR_PRINT_DEBUG(ncacn_packet, pkt); 490 return ret; 491 } 492 421 493 break; 422 494 423 424 495 case DCERPC_PKT_RESPONSE: 425 496 426 497 r = &pkt->u.response; 498 499 ret = dcerpc_verify_ncacn_packet_header(pkt, 500 expected_pkt_type, 501 r->stub_and_verifier.length, 502 0, /* required_flags */ 503 DCERPC_PFC_FLAG_FIRST | 504 DCERPC_PFC_FLAG_LAST); 505 if (!NT_STATUS_IS_OK(ret)) { 506 DEBUG(1, (__location__ ": Connection to %s got an unexpected " 507 "RPC packet type - %u, expected %u: %s\n", 508 rpccli_pipe_txt(talloc_tos(), cli), 509 pkt->ptype, expected_pkt_type, 510 nt_errstr(ret))); 511 NDR_PRINT_DEBUG(ncacn_packet, pkt); 512 return ret; 513 } 514 515 tmp_stub.data = r->stub_and_verifier.data; 516 tmp_stub.length = r->stub_and_verifier.length; 427 517 428 518 /* Here's where we deal with incoming sign/seal. */ 429 519 ret = dcerpc_check_auth(cli->auth, pkt, 430 & r->stub_and_verifier,520 &tmp_stub, 431 521 DCERPC_RESPONSE_LENGTH, 432 pdu , &pad_len);522 pdu); 433 523 if (!NT_STATUS_IS_OK(ret)) { 524 DEBUG(1, (__location__ ": Connection to %s got an unexpected " 525 "RPC packet type - %u, expected %u: %s\n", 526 rpccli_pipe_txt(talloc_tos(), cli), 527 pkt->ptype, expected_pkt_type, 528 nt_errstr(ret))); 529 NDR_PRINT_DEBUG(ncacn_packet, pkt); 434 530 return ret; 435 531 } 436 532 437 if (pkt->frag_length < DCERPC_RESPONSE_LENGTH + pad_len) {438 return NT_STATUS_BUFFER_TOO_SMALL;439 }440 441 533 /* Point the return values at the NDR data. */ 442 rdata->data = r->stub_and_verifier.data; 443 444 if (pkt->auth_length) { 445 /* We've already done integer wrap tests in 446 * dcerpc_check_auth(). */ 447 rdata->length = r->stub_and_verifier.length 448 - pad_len 449 - DCERPC_AUTH_TRAILER_LENGTH 450 - pkt->auth_length; 451 } else { 452 rdata->length = r->stub_and_verifier.length; 453 } 454 455 DEBUG(10, ("Got pdu len %lu, data_len %lu, ss_len %u\n", 534 *rdata = tmp_stub; 535 536 DEBUG(10, ("Got pdu len %lu, data_len %lu\n", 456 537 (long unsigned int)pdu->length, 457 (long unsigned int)rdata->length, 458 (unsigned int)pad_len)); 538 (long unsigned int)rdata->length)); 459 539 460 540 /* … … 477 557 break; 478 558 479 case DCERPC_PKT_BIND_NAK:480 DEBUG(1, (__location__ ": Bind NACK received from %s!\n",481 rpccli_pipe_txt(talloc_tos(), cli)));482 /* Use this for now... */483 return NT_STATUS_NETWORK_ACCESS_DENIED;484 485 559 case DCERPC_PKT_FAULT: 560 561 ret = dcerpc_verify_ncacn_packet_header(pkt, 562 DCERPC_PKT_FAULT, 563 0, /* max_auth_info */ 564 DCERPC_PFC_FLAG_FIRST | 565 DCERPC_PFC_FLAG_LAST, 566 DCERPC_PFC_FLAG_DID_NOT_EXECUTE); 567 if (!NT_STATUS_IS_OK(ret)) { 568 DEBUG(1, (__location__ ": Connection to %s got an unexpected " 569 "RPC packet type - %u, expected %u: %s\n", 570 rpccli_pipe_txt(talloc_tos(), cli), 571 pkt->ptype, expected_pkt_type, 572 nt_errstr(ret))); 573 NDR_PRINT_DEBUG(ncacn_packet, pkt); 574 return ret; 575 } 486 576 487 577 DEBUG(1, (__location__ ": RPC fault code %s received " … … 498 588 (unsigned int)pkt->ptype, 499 589 rpccli_pipe_txt(talloc_tos(), cli))); 500 return NT_STATUS_INVALID_INFO_CLASS; 501 } 502 503 if (pkt->ptype != expected_pkt_type) { 590 return NT_STATUS_RPC_PROTOCOL_ERROR; 591 } 592 593 594 if (pkt->call_id != call_id) { 504 595 DEBUG(3, (__location__ ": Connection to %s got an unexpected " 505 "RPC packet type- %u, not %u\n",596 "RPC call_id - %u, not %u\n", 506 597 rpccli_pipe_txt(talloc_tos(), cli), 507 pkt->ptype, expected_pkt_type)); 508 return NT_STATUS_INVALID_INFO_CLASS; 509 } 510 511 /* Do this just before return - we don't want to modify any rpc header 512 data before now as we may have needed to do cryptographic actions on 513 it before. */ 514 515 if ((pkt->ptype == DCERPC_PKT_BIND_ACK) && 516 !(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) { 517 DEBUG(5, (__location__ ": bug in server (AS/U?), setting " 518 "fragment first/last ON.\n")); 519 pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; 598 pkt->call_id, call_id)); 599 return NT_STATUS_RPC_PROTOCOL_ERROR; 520 600 } 521 601 … … 874 954 state->pkt = talloc(state, struct ncacn_packet); 875 955 if (!state->pkt) { 956 /* 957 * TODO: do a real async disconnect ... 958 * 959 * For now do it sync... 960 */ 961 TALLOC_FREE(state->cli->transport); 876 962 tevent_req_nterror(req, NT_STATUS_NO_MEMORY); 877 963 return; … … 883 969 !state->endianess); 884 970 if (!NT_STATUS_IS_OK(status)) { 971 /* 972 * TODO: do a real async disconnect ... 973 * 974 * For now do it sync... 975 */ 976 TALLOC_FREE(state->cli->transport); 885 977 tevent_req_nterror(req, status); 886 return;887 }888 889 if (state->incoming_frag.length != state->pkt->frag_length) {890 DEBUG(5, ("Incorrect pdu length %u, expected %u\n",891 (unsigned int)state->incoming_frag.length,892 (unsigned int)state->pkt->frag_length));893 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);894 978 return; 895 979 } … … 899 983 &state->incoming_frag, 900 984 state->expected_pkt_type, 985 state->call_id, 901 986 &rdata, 902 987 &state->reply_pdu); … … 907 992 nt_errstr(status))); 908 993 994 if (state->pkt->ptype != DCERPC_PKT_FAULT && !NT_STATUS_IS_OK(status)) { 995 /* 996 * TODO: do a real async disconnect ... 997 * 998 * For now do it sync... 999 */ 1000 TALLOC_FREE(state->cli->transport); 1001 } else if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) { 1002 /* 1003 * TODO: do a real async disconnect ... 1004 * 1005 * For now do it sync... 1006 */ 1007 TALLOC_FREE(state->cli->transport); 1008 } else if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { 1009 /* 1010 * TODO: do a real async disconnect ... 1011 * 1012 * For now do it sync... 1013 */ 1014 TALLOC_FREE(state->cli->transport); 1015 } 909 1016 if (!NT_STATUS_IS_OK(status)) { 910 1017 tevent_req_nterror(req, status); … … 931 1038 state->endianess?"little":"big", 932 1039 state->pkt->drep[0]?"little":"big")); 933 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); 1040 /* 1041 * TODO: do a real async disconnect ... 1042 * 1043 * For now do it sync... 1044 */ 1045 TALLOC_FREE(state->cli->transport); 1046 tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); 1047 return; 1048 } 1049 1050 if (state->reply_pdu_offset + rdata.length > MAX_RPC_DATA_SIZE) { 1051 /* 1052 * TODO: do a real async disconnect ... 1053 * 1054 * For now do it sync... 1055 */ 1056 TALLOC_FREE(state->cli->transport); 1057 tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); 934 1058 return; 935 1059 } … … 939 1063 if (!data_blob_realloc(NULL, &state->reply_pdu, 940 1064 state->reply_pdu_offset + rdata.length)) { 1065 /* 1066 * TODO: do a real async disconnect ... 1067 * 1068 * For now do it sync... 1069 */ 1070 TALLOC_FREE(state->cli->transport); 941 1071 tevent_req_nterror(req, NT_STATUS_NO_MEMORY); 942 1072 return; … … 968 1098 state->call_id, 969 1099 &state->incoming_frag); 1100 if (subreq == NULL) { 1101 /* 1102 * TODO: do a real async disconnect ... 1103 * 1104 * For now do it sync... 1105 */ 1106 TALLOC_FREE(state->cli->transport); 1107 } 970 1108 if (tevent_req_nomem(subreq, req)) { 971 1109 return; … … 1237 1375 auth->auth_level, 1238 1376 0, /* auth_pad_length */ 1239 1, /* auth_context_id */1377 auth->auth_context_id, 1240 1378 &auth_token, 1241 1379 &auth_info); … … 1270 1408 DATA_BLOB *req_data; 1271 1409 uint32_t req_data_sent; 1410 DATA_BLOB req_trailer; 1411 uint32_t req_trailer_sent; 1412 bool verify_bitmask1; 1413 bool verify_pcontext; 1272 1414 DATA_BLOB rpc_out; 1273 1415 DATA_BLOB reply_pdu; … … 1276 1418 static void rpc_api_pipe_req_write_done(struct tevent_req *subreq); 1277 1419 static void rpc_api_pipe_req_done(struct tevent_req *subreq); 1420 static NTSTATUS prepare_verification_trailer(struct rpc_api_pipe_req_state *state); 1278 1421 static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, 1279 1422 bool *is_last_frag); … … 1311 1454 } 1312 1455 1456 status = prepare_verification_trailer(state); 1457 if (!NT_STATUS_IS_OK(status)) { 1458 goto post_status; 1459 } 1460 1313 1461 status = prepare_next_frag(state, &is_last_frag); 1314 1462 if (!NT_STATUS_IS_OK(status)) { … … 1345 1493 } 1346 1494 1495 static NTSTATUS prepare_verification_trailer(struct rpc_api_pipe_req_state *state) 1496 { 1497 struct pipe_auth_data *a = state->cli->auth; 1498 struct dcerpc_sec_verification_trailer *t; 1499 struct dcerpc_sec_vt *c = NULL; 1500 struct ndr_push *ndr = NULL; 1501 enum ndr_err_code ndr_err; 1502 size_t align = 0; 1503 size_t pad = 0; 1504 1505 if (a == NULL) { 1506 return NT_STATUS_OK; 1507 } 1508 1509 if (a->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { 1510 return NT_STATUS_OK; 1511 } 1512 1513 t = talloc_zero(state, struct dcerpc_sec_verification_trailer); 1514 if (t == NULL) { 1515 return NT_STATUS_NO_MEMORY; 1516 } 1517 1518 if (!a->verified_bitmask1) { 1519 t->commands = talloc_realloc(t, t->commands, 1520 struct dcerpc_sec_vt, 1521 t->count.count + 1); 1522 if (t->commands == NULL) { 1523 return NT_STATUS_NO_MEMORY; 1524 } 1525 c = &t->commands[t->count.count++]; 1526 ZERO_STRUCTP(c); 1527 1528 c->command = DCERPC_SEC_VT_COMMAND_BITMASK1; 1529 state->verify_bitmask1 = true; 1530 } 1531 1532 if (!state->cli->verified_pcontext) { 1533 t->commands = talloc_realloc(t, t->commands, 1534 struct dcerpc_sec_vt, 1535 t->count.count + 1); 1536 if (t->commands == NULL) { 1537 return NT_STATUS_NO_MEMORY; 1538 } 1539 c = &t->commands[t->count.count++]; 1540 ZERO_STRUCTP(c); 1541 1542 c->command = DCERPC_SEC_VT_COMMAND_PCONTEXT; 1543 c->u.pcontext.abstract_syntax = state->cli->abstract_syntax; 1544 c->u.pcontext.transfer_syntax = state->cli->transfer_syntax; 1545 1546 state->verify_pcontext = true; 1547 } 1548 1549 if (true) { /* We do not support header signing */ 1550 t->commands = talloc_realloc(t, t->commands, 1551 struct dcerpc_sec_vt, 1552 t->count.count + 1); 1553 if (t->commands == NULL) { 1554 return NT_STATUS_NO_MEMORY; 1555 } 1556 c = &t->commands[t->count.count++]; 1557 ZERO_STRUCTP(c); 1558 1559 c->command = DCERPC_SEC_VT_COMMAND_HEADER2; 1560 c->u.header2.ptype = DCERPC_PKT_REQUEST; 1561 c->u.header2.drep[0] = DCERPC_DREP_LE; 1562 c->u.header2.drep[1] = 0; 1563 c->u.header2.drep[2] = 0; 1564 c->u.header2.drep[3] = 0; 1565 c->u.header2.call_id = state->call_id; 1566 c->u.header2.context_id = 0; 1567 c->u.header2.opnum = state->op_num; 1568 } 1569 1570 if (t->count.count == 0) { 1571 TALLOC_FREE(t); 1572 return NT_STATUS_OK; 1573 } 1574 1575 c = &t->commands[t->count.count - 1]; 1576 c->command |= DCERPC_SEC_VT_COMMAND_END; 1577 1578 if (DEBUGLEVEL >= 10) { 1579 NDR_PRINT_DEBUG(dcerpc_sec_verification_trailer, t); 1580 } 1581 1582 ndr = ndr_push_init_ctx(state); 1583 if (ndr == NULL) { 1584 return NT_STATUS_NO_MEMORY; 1585 } 1586 1587 ndr_err = ndr_push_dcerpc_sec_verification_trailer(ndr, 1588 NDR_SCALARS | NDR_BUFFERS, 1589 t); 1590 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 1591 return ndr_map_error2ntstatus(ndr_err); 1592 } 1593 state->req_trailer = ndr_push_blob(ndr); 1594 1595 align = state->req_data->length & 0x3; 1596 if (align > 0) { 1597 pad = 4 - align; 1598 } 1599 if (pad > 0) { 1600 bool ok; 1601 uint8_t *p; 1602 const uint8_t zeros[4] = { 0, }; 1603 1604 ok = data_blob_append(ndr, &state->req_trailer, zeros, pad); 1605 if (!ok) { 1606 return NT_STATUS_NO_MEMORY; 1607 } 1608 1609 /* move the padding to the start */ 1610 p = state->req_trailer.data; 1611 memmove(p + pad, p, state->req_trailer.length - pad); 1612 memset(p, 0, pad); 1613 } 1614 1615 return NT_STATUS_OK; 1616 } 1617 1347 1618 static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, 1348 1619 bool *is_last_frag) 1349 1620 { 1350 size_t data_sent_thistime;1351 1621 size_t auth_len; 1352 1622 size_t frag_len; … … 1354 1624 size_t pad_len; 1355 1625 size_t data_left; 1356 NTSTATUS status; 1626 size_t data_thistime; 1627 size_t trailer_left; 1628 size_t trailer_thistime = 0; 1629 size_t total_left; 1630 size_t total_thistime; 1631 NTSTATUS status; 1632 bool ok; 1357 1633 union dcerpc_payload u; 1358 1634 1359 1635 data_left = state->req_data->length - state->req_data_sent; 1636 trailer_left = state->req_trailer.length - state->req_trailer_sent; 1637 total_left = data_left + trailer_left; 1638 if ((total_left < data_left) || (total_left < trailer_left)) { 1639 /* 1640 * overflow 1641 */ 1642 return NT_STATUS_INVALID_PARAMETER_MIX; 1643 } 1360 1644 1361 1645 status = dcerpc_guess_sizes(state->cli->auth, 1362 DCERPC_REQUEST_LENGTH, data_left,1646 DCERPC_REQUEST_LENGTH, total_left, 1363 1647 state->cli->max_xmit_frag, 1364 1648 CLIENT_NDR_PADDING_SIZE, 1365 & data_sent_thistime,1649 &total_thistime, 1366 1650 &frag_len, &auth_len, &pad_len); 1367 1651 if (!NT_STATUS_IS_OK(status)) { … … 1373 1657 } 1374 1658 1375 if ( data_sent_thistime == data_left) {1659 if (total_thistime == total_left) { 1376 1660 flags |= DCERPC_PFC_FLAG_LAST; 1377 1661 } 1378 1662 1663 data_thistime = MIN(total_thistime, data_left); 1664 if (data_thistime < total_thistime) { 1665 trailer_thistime = total_thistime - data_thistime; 1666 } 1667 1379 1668 data_blob_free(&state->rpc_out); 1380 1669 1381 1670 ZERO_STRUCT(u.request); 1382 1671 1383 u.request.alloc_hint = state->req_data->length;1672 u.request.alloc_hint = total_left; 1384 1673 u.request.context_id = 0; 1385 1674 u.request.opnum = state->op_num; … … 1401 1690 dcerpc_set_frag_length(&state->rpc_out, frag_len); 1402 1691 1403 /* Copy in the data. */ 1404 if (!data_blob_append(NULL, &state->rpc_out, 1692 if (data_thistime > 0) { 1693 /* Copy in the data. */ 1694 ok = data_blob_append(NULL, &state->rpc_out, 1405 1695 state->req_data->data + state->req_data_sent, 1406 data_sent_thistime)) { 1407 return NT_STATUS_NO_MEMORY; 1696 data_thistime); 1697 if (!ok) { 1698 return NT_STATUS_NO_MEMORY; 1699 } 1700 state->req_data_sent += data_thistime; 1701 } 1702 1703 if (trailer_thistime > 0) { 1704 /* Copy in the verification trailer. */ 1705 ok = data_blob_append(NULL, &state->rpc_out, 1706 state->req_trailer.data + state->req_trailer_sent, 1707 trailer_thistime); 1708 if (!ok) { 1709 return NT_STATUS_NO_MEMORY; 1710 } 1711 state->req_trailer_sent += trailer_thistime; 1408 1712 } 1409 1713 … … 1425 1729 } 1426 1730 1427 state->req_data_sent += data_sent_thistime;1428 1731 *is_last_frag = ((flags & DCERPC_PFC_FLAG_LAST) != 0); 1429 1732 … … 1489 1792 return; 1490 1793 } 1794 1795 if (state->cli->auth == NULL) { 1796 tevent_req_done(req); 1797 return; 1798 } 1799 1800 if (state->verify_bitmask1) { 1801 state->cli->auth->verified_bitmask1 = true; 1802 } 1803 1804 if (state->verify_pcontext) { 1805 state->cli->verified_pcontext = true; 1806 } 1807 1491 1808 tevent_req_done(req); 1492 1809 } … … 1560 1877 static NTSTATUS create_rpc_bind_auth3(TALLOC_CTX *mem_ctx, 1561 1878 struct rpc_pipe_client *cli, 1562 uint32 rpc_call_id, 1563 enum dcerpc_AuthType auth_type, 1564 enum dcerpc_AuthLevel auth_level, 1879 struct pipe_auth_data *auth, 1880 uint32_t rpc_call_id, 1565 1881 DATA_BLOB *pauth_blob, 1566 1882 DATA_BLOB *rpc_out) … … 1572 1888 1573 1889 status = dcerpc_push_dcerpc_auth(mem_ctx, 1574 auth _type,1575 auth _level,1890 auth->auth_type, 1891 auth->auth_level, 1576 1892 0, /* auth_pad_length */ 1577 1, /* auth_context_id */1893 auth->auth_context_id, 1578 1894 pauth_blob, 1579 1895 &u.auth3.auth_info); … … 1605 1921 1606 1922 static NTSTATUS create_rpc_alter_context(TALLOC_CTX *mem_ctx, 1607 enum dcerpc_AuthType auth_type, 1608 enum dcerpc_AuthLevel auth_level, 1609 uint32 rpc_call_id, 1923 struct pipe_auth_data *auth, 1924 uint32_t rpc_call_id, 1610 1925 const struct ndr_syntax_id *abstract, 1611 1926 const struct ndr_syntax_id *transfer, … … 1617 1932 1618 1933 status = dcerpc_push_dcerpc_auth(mem_ctx, 1619 auth _type,1620 auth _level,1934 auth->auth_type, 1935 auth->auth_level, 1621 1936 0, /* auth_pad_length */ 1622 1, /* auth_context_id */1937 auth->auth_context_id, 1623 1938 pauth_blob, 1624 1939 &auth_info); … … 1648 1963 bool auth3; 1649 1964 uint32_t rpc_call_id; 1965 struct netr_Authenticator auth; 1966 struct netr_Authenticator return_auth; 1967 struct netlogon_creds_CredentialState *creds; 1968 union netr_Capabilities capabilities; 1969 struct netr_LogonGetCapabilities r; 1650 1970 }; 1651 1971 1652 1972 static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq); 1973 static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req); 1653 1974 static NTSTATUS rpc_bind_next_send(struct tevent_req *req, 1654 1975 struct rpc_pipe_bind_state *state, … … 1754 2075 case DCERPC_AUTH_TYPE_NONE: 1755 2076 case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: 1756 case DCERPC_AUTH_TYPE_SCHANNEL:1757 2077 /* Bind complete. */ 1758 2078 tevent_req_done(req); 1759 2079 return; 1760 2080 1761 case DCERPC_AUTH_TYPE_NTLMSSP: 1762 case DCERPC_AUTH_TYPE_SPNEGO: 1763 case DCERPC_AUTH_TYPE_KRB5: 1764 /* Paranoid lenght checks */ 1765 if (pkt->frag_length < DCERPC_AUTH_TRAILER_LENGTH 1766 + pkt->auth_length) { 1767 tevent_req_nterror(req, 1768 NT_STATUS_INFO_LENGTH_MISMATCH); 2081 case DCERPC_AUTH_TYPE_SCHANNEL: 2082 rpc_pipe_bind_step_two_trigger(req); 2083 return; 2084 2085 default: 2086 if (pkt->auth_length == 0) { 2087 tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); 1769 2088 return; 1770 2089 } 1771 2090 /* get auth credentials */ 1772 status = dcerpc_pull_ dcerpc_auth(talloc_tos(),1773 &pkt->u.bind_ack.auth_info,1774 &auth, false);2091 status = dcerpc_pull_auth_trailer(pkt, talloc_tos(), 2092 &pkt->u.bind_ack.auth_info, 2093 &auth, NULL, true); 1775 2094 if (!NT_STATUS_IS_OK(status)) { 1776 2095 DEBUG(0, ("Failed to pull dcerpc auth: %s.\n", … … 1779 2098 return; 1780 2099 } 2100 2101 if (auth.auth_type != pauth->auth_type) { 2102 DEBUG(0, (__location__ " Auth type %u mismatch expected %u.\n", 2103 auth.auth_type, pauth->auth_type)); 2104 tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); 2105 return; 2106 } 2107 2108 if (auth.auth_level != pauth->auth_level) { 2109 DEBUG(0, (__location__ " Auth level %u mismatch expected %u.\n", 2110 auth.auth_level, pauth->auth_level)); 2111 tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); 2112 return; 2113 } 2114 2115 if (auth.auth_context_id != pauth->auth_context_id) { 2116 DEBUG(0, (__location__ " Auth context id %u mismatch expected %u.\n", 2117 (unsigned)auth.auth_context_id, 2118 (unsigned)pauth->auth_context_id)); 2119 tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); 2120 return; 2121 } 2122 1781 2123 break; 1782 1783 default:1784 goto err_out;1785 2124 } 1786 2125 … … 1870 2209 } 1871 2210 2211 static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq); 2212 2213 static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req) 2214 { 2215 struct rpc_pipe_bind_state *state = 2216 tevent_req_data(req, 2217 struct rpc_pipe_bind_state); 2218 struct dcerpc_binding_handle *b = state->cli->binding_handle; 2219 struct schannel_state *schannel_auth = 2220 talloc_get_type_abort(state->cli->auth->auth_ctx, 2221 struct schannel_state); 2222 struct tevent_req *subreq; 2223 2224 if (schannel_auth == NULL || 2225 !ndr_syntax_id_equal(&state->cli->abstract_syntax, 2226 &ndr_table_netlogon.syntax_id)) { 2227 tevent_req_done(req); 2228 return; 2229 } 2230 2231 ZERO_STRUCT(state->return_auth); 2232 2233 state->creds = netlogon_creds_copy(state, schannel_auth->creds); 2234 if (state->creds == NULL) { 2235 tevent_req_nterror(req, NT_STATUS_NO_MEMORY); 2236 return; 2237 } 2238 2239 netlogon_creds_client_authenticator(state->creds, &state->auth); 2240 2241 state->r.in.server_name = state->cli->srv_name_slash; 2242 state->r.in.computer_name = state->creds->computer_name; 2243 state->r.in.credential = &state->auth; 2244 state->r.in.query_level = 1; 2245 state->r.in.return_authenticator = &state->return_auth; 2246 2247 state->r.out.capabilities = &state->capabilities; 2248 state->r.out.return_authenticator = &state->return_auth; 2249 2250 subreq = dcerpc_netr_LogonGetCapabilities_r_send(talloc_tos(), 2251 state->ev, 2252 b, 2253 &state->r); 2254 if (subreq == NULL) { 2255 tevent_req_nterror(req, NT_STATUS_NO_MEMORY); 2256 return; 2257 } 2258 2259 tevent_req_set_callback(subreq, rpc_pipe_bind_step_two_done, req); 2260 return; 2261 } 2262 2263 static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq) 2264 { 2265 struct tevent_req *req = 2266 tevent_req_callback_data(subreq, 2267 struct tevent_req); 2268 struct rpc_pipe_bind_state *state = 2269 tevent_req_data(req, 2270 struct rpc_pipe_bind_state); 2271 struct schannel_state *schannel_auth = 2272 talloc_get_type_abort(state->cli->auth->auth_ctx, 2273 struct schannel_state); 2274 NTSTATUS status; 2275 2276 status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos()); 2277 TALLOC_FREE(subreq); 2278 if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { 2279 if (state->cli->dc->negotiate_flags & 2280 NETLOGON_NEG_SUPPORTS_AES) { 2281 DEBUG(5, ("AES is not supported and the error was %s\n", 2282 nt_errstr(status))); 2283 tevent_req_nterror(req, 2284 NT_STATUS_INVALID_NETWORK_RESPONSE); 2285 return; 2286 } 2287 2288 /* This is probably NT */ 2289 DEBUG(5, ("We are checking against an NT - %s\n", 2290 nt_errstr(status))); 2291 tevent_req_done(req); 2292 return; 2293 } else if (!NT_STATUS_IS_OK(status)) { 2294 DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n", 2295 nt_errstr(status))); 2296 tevent_req_nterror(req, status); 2297 return; 2298 } 2299 2300 if (NT_STATUS_EQUAL(state->r.out.result, NT_STATUS_NOT_IMPLEMENTED)) { 2301 if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { 2302 /* This means AES isn't supported. */ 2303 DEBUG(5, ("AES is not supported and the error was %s\n", 2304 nt_errstr(state->r.out.result))); 2305 tevent_req_nterror(req, 2306 NT_STATUS_INVALID_NETWORK_RESPONSE); 2307 return; 2308 } 2309 2310 /* This is probably an old Samba version */ 2311 DEBUG(5, ("We are checking against an old Samba version - %s\n", 2312 nt_errstr(state->r.out.result))); 2313 tevent_req_done(req); 2314 return; 2315 } 2316 2317 /* We need to check the credential state here, cause win2k3 and earlier 2318 * returns NT_STATUS_NOT_IMPLEMENTED */ 2319 if (!netlogon_creds_client_check(state->creds, 2320 &state->r.out.return_authenticator->cred)) { 2321 /* 2322 * Server replied with bad credential. Fail. 2323 */ 2324 DEBUG(0,("rpc_pipe_bind_step_two_done: server %s " 2325 "replied with bad credential\n", 2326 state->cli->desthost)); 2327 tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL); 2328 return; 2329 } 2330 2331 TALLOC_FREE(schannel_auth->creds); 2332 schannel_auth->creds = talloc_steal(state->cli, state->creds); 2333 2334 if (!NT_STATUS_IS_OK(state->r.out.result)) { 2335 DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n", 2336 nt_errstr(state->r.out.result))); 2337 tevent_req_nterror(req, state->r.out.result); 2338 return; 2339 } 2340 2341 if (state->creds->negotiate_flags != 2342 state->r.out.capabilities->server_capabilities) { 2343 DEBUG(0, ("The client capabilities don't match the server " 2344 "capabilities: local[0x%08X] remote[0x%08X]\n", 2345 state->creds->negotiate_flags, 2346 state->capabilities.server_capabilities)); 2347 tevent_req_nterror(req, 2348 NT_STATUS_INVALID_NETWORK_RESPONSE); 2349 return; 2350 } 2351 2352 /* TODO: Add downgrade dectection. */ 2353 2354 tevent_req_done(req); 2355 return; 2356 } 2357 1872 2358 static NTSTATUS rpc_bind_next_send(struct tevent_req *req, 1873 2359 struct rpc_pipe_bind_state *state, … … 1881 2367 data_blob_free(&state->rpc_out); 1882 2368 1883 status = create_rpc_alter_context(state, 1884 auth->auth_type, 1885 auth->auth_level, 2369 status = create_rpc_alter_context(state, auth, 1886 2370 state->rpc_call_id, 1887 2371 &state->cli->abstract_syntax, … … 1916 2400 data_blob_free(&state->rpc_out); 1917 2401 1918 status = create_rpc_bind_auth3(state, state->cli, 2402 status = create_rpc_bind_auth3(state, state->cli, auth, 1919 2403 state->rpc_call_id, 1920 auth->auth_type,1921 auth->auth_level,1922 2404 auth_token, 1923 2405 &state->rpc_out); … … 2153 2635 * TODO: do a real async disconnect ... 2154 2636 * 2155 * For now the caller needs to free rpc_cli2637 * For now we do it sync... 2156 2638 */ 2639 TALLOC_FREE(hs->rpc_cli->transport); 2157 2640 hs->rpc_cli = NULL; 2158 2641 … … 2291 2774 result->auth_type = DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM; 2292 2775 result->auth_level = DCERPC_AUTH_LEVEL_CONNECT; 2776 result->auth_context_id = 1; 2293 2777 2294 2778 result->user_name = talloc_strdup(result, ""); … … 2315 2799 result->auth_type = DCERPC_AUTH_TYPE_NONE; 2316 2800 result->auth_level = DCERPC_AUTH_LEVEL_NONE; 2801 result->auth_context_id = 0; 2317 2802 2318 2803 result->user_name = talloc_strdup(result, ""); … … 2352 2837 result->auth_type = auth_type; 2353 2838 result->auth_level = auth_level; 2839 result->auth_context_id = 1; 2354 2840 2355 2841 result->user_name = talloc_strdup(result, username); … … 2423 2909 result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL; 2424 2910 result->auth_level = auth_level; 2911 result->auth_context_id = 1; 2425 2912 2426 2913 result->user_name = talloc_strdup(result, ""); … … 3087 3574 auth->auth_type = DCERPC_AUTH_TYPE_KRB5; 3088 3575 auth->auth_level = auth_level; 3576 auth->auth_context_id = 1; 3089 3577 3090 3578 if (!username) { … … 3157 3645 auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO; 3158 3646 auth->auth_level = auth_level; 3647 auth->auth_context_id = 1; 3159 3648 3160 3649 if (!username) { … … 3231 3720 auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO; 3232 3721 auth->auth_level = auth_level; 3722 auth->auth_context_id = 1; 3233 3723 3234 3724 if (!username) { -
trunk/server/source3/rpc_client/rpc_client.h
r918 r920 40 40 struct ndr_syntax_id abstract_syntax; 41 41 struct ndr_syntax_id transfer_syntax; 42 bool verified_pcontext; 42 43 43 44 char *desthost; -
trunk/server/source3/rpc_server/dfs/srv_dfs_nt.c
r918 r920 412 412 { 413 413 /* FIXME: Implement your code here */ 414 p-> rng_fault_state = True;414 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 415 415 return WERR_NOT_SUPPORTED; 416 416 } … … 419 419 { 420 420 /* FIXME: Implement your code here */ 421 p-> rng_fault_state = True;421 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 422 422 return WERR_NOT_SUPPORTED; 423 423 } … … 426 426 { 427 427 /* FIXME: Implement your code here */ 428 p-> rng_fault_state = True;428 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 429 429 return WERR_NOT_SUPPORTED; 430 430 } … … 433 433 { 434 434 /* FIXME: Implement your code here */ 435 p-> rng_fault_state = True;435 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 436 436 return WERR_NOT_SUPPORTED; 437 437 } … … 440 440 { 441 441 /* FIXME: Implement your code here */ 442 p-> rng_fault_state = True;442 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 443 443 return WERR_NOT_SUPPORTED; 444 444 } … … 447 447 { 448 448 /* FIXME: Implement your code here */ 449 p-> rng_fault_state = True;449 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 450 450 return WERR_NOT_SUPPORTED; 451 451 } … … 454 454 { 455 455 /* FIXME: Implement your code here */ 456 p-> rng_fault_state = True;456 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 457 457 return WERR_NOT_SUPPORTED; 458 458 } … … 461 461 { 462 462 /* FIXME: Implement your code here */ 463 p-> rng_fault_state = True;463 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 464 464 return WERR_NOT_SUPPORTED; 465 465 } … … 468 468 { 469 469 /* FIXME: Implement your code here */ 470 p-> rng_fault_state = True;470 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 471 471 return WERR_NOT_SUPPORTED; 472 472 } … … 475 475 { 476 476 /* FIXME: Implement your code here */ 477 p-> rng_fault_state = True;477 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 478 478 return WERR_NOT_SUPPORTED; 479 479 } … … 482 482 { 483 483 /* FIXME: Implement your code here */ 484 p-> rng_fault_state = True;484 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 485 485 return WERR_NOT_SUPPORTED; 486 486 } … … 489 489 { 490 490 /* FIXME: Implement your code here */ 491 p-> rng_fault_state = True;491 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 492 492 return WERR_NOT_SUPPORTED; 493 493 } … … 496 496 { 497 497 /* FIXME: Implement your code here */ 498 p-> rng_fault_state = True;498 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 499 499 return WERR_NOT_SUPPORTED; 500 500 } … … 503 503 { 504 504 /* FIXME: Implement your code here */ 505 p-> rng_fault_state = True;505 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 506 506 return WERR_NOT_SUPPORTED; 507 507 } … … 510 510 { 511 511 /* FIXME: Implement your code here */ 512 p-> rng_fault_state = True;512 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 513 513 return WERR_NOT_SUPPORTED; 514 514 } … … 517 517 { 518 518 /* FIXME: Implement your code here */ 519 p-> rng_fault_state = True;519 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 520 520 return WERR_NOT_SUPPORTED; 521 521 } … … 524 524 { 525 525 /* FIXME: Implement your code here */ 526 p-> rng_fault_state = True;526 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 527 527 return WERR_NOT_SUPPORTED; 528 528 } … … 531 531 { 532 532 /* FIXME: Implement your code here */ 533 p-> rng_fault_state = True;534 return WERR_NOT_SUPPORTED; 535 } 533 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 534 return WERR_NOT_SUPPORTED; 535 } -
trunk/server/source3/rpc_server/dssetup/srv_dssetup_nt.c
r918 r920 131 131 struct dssetup_DsRoleDnsNameToFlatName *r) 132 132 { 133 p-> rng_fault_state = true;133 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 134 134 return WERR_NOT_SUPPORTED; 135 135 } … … 141 141 struct dssetup_DsRoleDcAsDc *r) 142 142 { 143 p-> rng_fault_state = true;143 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 144 144 return WERR_NOT_SUPPORTED; 145 145 } … … 151 151 struct dssetup_DsRoleDcAsReplica *r) 152 152 { 153 p-> rng_fault_state = true;153 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 154 154 return WERR_NOT_SUPPORTED; 155 155 } … … 161 161 struct dssetup_DsRoleDemoteDc *r) 162 162 { 163 p-> rng_fault_state = true;163 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 164 164 return WERR_NOT_SUPPORTED; 165 165 } … … 171 171 struct dssetup_DsRoleGetDcOperationProgress *r) 172 172 { 173 p-> rng_fault_state = true;173 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 174 174 return WERR_NOT_SUPPORTED; 175 175 } … … 181 181 struct dssetup_DsRoleGetDcOperationResults *r) 182 182 { 183 p-> rng_fault_state = true;183 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 184 184 return WERR_NOT_SUPPORTED; 185 185 } … … 191 191 struct dssetup_DsRoleCancel *r) 192 192 { 193 p-> rng_fault_state = true;193 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 194 194 return WERR_NOT_SUPPORTED; 195 195 } … … 201 201 struct dssetup_DsRoleServerSaveStateForUpgrade *r) 202 202 { 203 p-> rng_fault_state = true;203 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 204 204 return WERR_NOT_SUPPORTED; 205 205 } … … 211 211 struct dssetup_DsRoleUpgradeDownlevelServer *r) 212 212 { 213 p-> rng_fault_state = true;213 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 214 214 return WERR_NOT_SUPPORTED; 215 215 } … … 221 221 struct dssetup_DsRoleAbortDownlevelServerUpgrade *r) 222 222 { 223 p-> rng_fault_state = true;224 return WERR_NOT_SUPPORTED; 225 } 223 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 224 return WERR_NOT_SUPPORTED; 225 } -
trunk/server/source3/rpc_server/echo/srv_echo_nt.c
r918 r920 88 88 void _echo_TestCall(struct pipes_struct *p, struct echo_TestCall *r) 89 89 { 90 p-> rng_fault_state = True;90 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 91 91 return; 92 92 } … … 94 94 NTSTATUS _echo_TestCall2(struct pipes_struct *p, struct echo_TestCall2 *r) 95 95 { 96 p-> rng_fault_state = True;96 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 97 97 return NT_STATUS_OK; 98 98 } … … 106 106 void _echo_TestEnum(struct pipes_struct *p, struct echo_TestEnum *r) 107 107 { 108 p-> rng_fault_state = True;108 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 109 109 return; 110 110 } … … 112 112 void _echo_TestSurrounding(struct pipes_struct *p, struct echo_TestSurrounding *r) 113 113 { 114 p-> rng_fault_state = True;114 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 115 115 return; 116 116 } … … 118 118 uint16 _echo_TestDoublePointer(struct pipes_struct *p, struct echo_TestDoublePointer *r) 119 119 { 120 p-> rng_fault_state = True;120 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 121 121 return 0; 122 122 } -
trunk/server/source3/rpc_server/epmapper/srv_epmapper.c
r918 r920 298 298 if (p->transport != NCALRPC || 299 299 !is_priviledged_pipe(p->session_info)) { 300 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 300 301 return EPMAPPER_STATUS_CANT_PERFORM_OP; 301 302 } … … 434 435 if (p->transport != NCALRPC || 435 436 !is_priviledged_pipe(p->session_info)) { 437 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 436 438 return EPMAPPER_STATUS_CANT_PERFORM_OP; 437 439 } … … 1097 1099 struct epm_InqObject *r) 1098 1100 { 1099 p-> rng_fault_state = true;1101 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1100 1102 return EPMAPPER_STATUS_CANT_PERFORM_OP; 1101 1103 } … … 1111 1113 struct epm_MgmtDelete *r) 1112 1114 { 1113 p-> rng_fault_state = true;1115 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1114 1116 return EPMAPPER_STATUS_CANT_PERFORM_OP; 1115 1117 } … … 1122 1124 struct epm_MapAuth *r) 1123 1125 { 1124 p-> rng_fault_state = true;1126 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1125 1127 return EPMAPPER_STATUS_CANT_PERFORM_OP; 1126 1128 } -
trunk/server/source3/rpc_server/eventlog/srv_eventlog_nt.c
r918 r920 696 696 NTSTATUS _eventlog_BackupEventLogW(struct pipes_struct *p, struct eventlog_BackupEventLogW *r) 697 697 { 698 p-> rng_fault_state = True;698 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 699 699 return NT_STATUS_NOT_IMPLEMENTED; 700 700 } … … 839 839 struct eventlog_DeregisterEventSource *r) 840 840 { 841 p-> rng_fault_state = True;841 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 842 842 return NT_STATUS_NOT_IMPLEMENTED; 843 843 } … … 846 846 struct eventlog_ChangeNotify *r) 847 847 { 848 p-> rng_fault_state = True;848 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 849 849 return NT_STATUS_NOT_IMPLEMENTED; 850 850 } … … 853 853 struct eventlog_RegisterEventSourceW *r) 854 854 { 855 p-> rng_fault_state = True;855 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 856 856 return NT_STATUS_NOT_IMPLEMENTED; 857 857 } … … 860 860 struct eventlog_OpenBackupEventLogW *r) 861 861 { 862 p-> rng_fault_state = True;862 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 863 863 return NT_STATUS_NOT_IMPLEMENTED; 864 864 } … … 867 867 struct eventlog_ClearEventLogA *r) 868 868 { 869 p-> rng_fault_state = True;869 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 870 870 return NT_STATUS_NOT_IMPLEMENTED; 871 871 } … … 874 874 struct eventlog_BackupEventLogA *r) 875 875 { 876 p-> rng_fault_state = True;876 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 877 877 return NT_STATUS_NOT_IMPLEMENTED; 878 878 } … … 881 881 struct eventlog_OpenEventLogA *r) 882 882 { 883 p-> rng_fault_state = True;883 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 884 884 return NT_STATUS_NOT_IMPLEMENTED; 885 885 } … … 888 888 struct eventlog_RegisterEventSourceA *r) 889 889 { 890 p-> rng_fault_state = True;890 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 891 891 return NT_STATUS_NOT_IMPLEMENTED; 892 892 } … … 895 895 struct eventlog_OpenBackupEventLogA *r) 896 896 { 897 p-> rng_fault_state = True;897 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 898 898 return NT_STATUS_NOT_IMPLEMENTED; 899 899 } … … 902 902 struct eventlog_ReadEventLogA *r) 903 903 { 904 p-> rng_fault_state = True;904 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 905 905 return NT_STATUS_NOT_IMPLEMENTED; 906 906 } … … 909 909 struct eventlog_ReportEventA *r) 910 910 { 911 p-> rng_fault_state = True;911 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 912 912 return NT_STATUS_NOT_IMPLEMENTED; 913 913 } … … 916 916 struct eventlog_RegisterClusterSvc *r) 917 917 { 918 p-> rng_fault_state = True;918 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 919 919 return NT_STATUS_NOT_IMPLEMENTED; 920 920 } … … 923 923 struct eventlog_DeregisterClusterSvc *r) 924 924 { 925 p-> rng_fault_state = True;925 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 926 926 return NT_STATUS_NOT_IMPLEMENTED; 927 927 } … … 930 930 struct eventlog_WriteClusterEvents *r) 931 931 { 932 p-> rng_fault_state = True;932 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 933 933 return NT_STATUS_NOT_IMPLEMENTED; 934 934 } … … 937 937 struct eventlog_ReportEventAndSourceW *r) 938 938 { 939 p-> rng_fault_state = True;940 return NT_STATUS_NOT_IMPLEMENTED; 941 } 939 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 940 return NT_STATUS_NOT_IMPLEMENTED; 941 } -
trunk/server/source3/rpc_server/lsa/srv_lsa_nt.c
r918 r920 818 818 819 819 if ((pdb_capabilities() & PDB_CAP_ADS) == 0) { 820 p-> rng_fault_state = True;820 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 821 821 return NT_STATUS_NOT_IMPLEMENTED; 822 822 } … … 3211 3211 NTSTATUS _lsa_SetSecObj(struct pipes_struct *p, struct lsa_SetSecObj *r) 3212 3212 { 3213 p-> rng_fault_state = True;3213 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3214 3214 return NT_STATUS_NOT_IMPLEMENTED; 3215 3215 } … … 3218 3218 struct lsa_ChangePassword *r) 3219 3219 { 3220 p-> rng_fault_state = True;3220 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3221 3221 return NT_STATUS_NOT_IMPLEMENTED; 3222 3222 } … … 3224 3224 NTSTATUS _lsa_SetInfoPolicy(struct pipes_struct *p, struct lsa_SetInfoPolicy *r) 3225 3225 { 3226 p-> rng_fault_state = True;3226 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3227 3227 return NT_STATUS_NOT_IMPLEMENTED; 3228 3228 } … … 3230 3230 NTSTATUS _lsa_ClearAuditLog(struct pipes_struct *p, struct lsa_ClearAuditLog *r) 3231 3231 { 3232 p-> rng_fault_state = True;3232 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3233 3233 return NT_STATUS_NOT_IMPLEMENTED; 3234 3234 } … … 3237 3237 struct lsa_GetQuotasForAccount *r) 3238 3238 { 3239 p-> rng_fault_state = True;3239 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3240 3240 return NT_STATUS_NOT_IMPLEMENTED; 3241 3241 } … … 3244 3244 struct lsa_SetQuotasForAccount *r) 3245 3245 { 3246 p-> rng_fault_state = True;3246 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3247 3247 return NT_STATUS_NOT_IMPLEMENTED; 3248 3248 } … … 3251 3251 struct lsa_SetInformationTrustedDomain *r) 3252 3252 { 3253 p-> rng_fault_state = True;3253 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3254 3254 return NT_STATUS_NOT_IMPLEMENTED; 3255 3255 } … … 3257 3257 NTSTATUS _lsa_QuerySecret(struct pipes_struct *p, struct lsa_QuerySecret *r) 3258 3258 { 3259 p-> rng_fault_state = True;3259 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3260 3260 return NT_STATUS_NOT_IMPLEMENTED; 3261 3261 } … … 3264 3264 struct lsa_SetTrustedDomainInfo *r) 3265 3265 { 3266 p-> rng_fault_state = True;3266 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3267 3267 return NT_STATUS_NOT_IMPLEMENTED; 3268 3268 } … … 3271 3271 struct lsa_StorePrivateData *r) 3272 3272 { 3273 p-> rng_fault_state = True;3273 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3274 3274 return NT_STATUS_NOT_IMPLEMENTED; 3275 3275 } … … 3278 3278 struct lsa_RetrievePrivateData *r) 3279 3279 { 3280 p-> rng_fault_state = True;3280 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3281 3281 return NT_STATUS_NOT_IMPLEMENTED; 3282 3282 } … … 3285 3285 struct lsa_SetInfoPolicy2 *r) 3286 3286 { 3287 p-> rng_fault_state = True;3287 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3288 3288 return NT_STATUS_NOT_IMPLEMENTED; 3289 3289 } … … 3292 3292 struct lsa_SetTrustedDomainInfoByName *r) 3293 3293 { 3294 p-> rng_fault_state = True;3294 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3295 3295 return NT_STATUS_NOT_IMPLEMENTED; 3296 3296 } … … 3311 3311 3312 3312 if (!(pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX)) { 3313 p-> rng_fault_state = True;3313 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3314 3314 return NT_STATUS_NOT_IMPLEMENTED; 3315 3315 } … … 3380 3380 struct lsa_QueryDomainInformationPolicy *r) 3381 3381 { 3382 p-> rng_fault_state = True;3382 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3383 3383 return NT_STATUS_NOT_IMPLEMENTED; 3384 3384 } … … 3387 3387 struct lsa_SetDomainInformationPolicy *r) 3388 3388 { 3389 p-> rng_fault_state = True;3389 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3390 3390 return NT_STATUS_NOT_IMPLEMENTED; 3391 3391 } … … 3393 3393 NTSTATUS _lsa_TestCall(struct pipes_struct *p, struct lsa_TestCall *r) 3394 3394 { 3395 p-> rng_fault_state = True;3395 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3396 3396 return NT_STATUS_NOT_IMPLEMENTED; 3397 3397 } … … 3399 3399 NTSTATUS _lsa_CREDRWRITE(struct pipes_struct *p, struct lsa_CREDRWRITE *r) 3400 3400 { 3401 p-> rng_fault_state = True;3401 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3402 3402 return NT_STATUS_NOT_IMPLEMENTED; 3403 3403 } … … 3405 3405 NTSTATUS _lsa_CREDRREAD(struct pipes_struct *p, struct lsa_CREDRREAD *r) 3406 3406 { 3407 p-> rng_fault_state = True;3407 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3408 3408 return NT_STATUS_NOT_IMPLEMENTED; 3409 3409 } … … 3411 3411 NTSTATUS _lsa_CREDRENUMERATE(struct pipes_struct *p, struct lsa_CREDRENUMERATE *r) 3412 3412 { 3413 p-> rng_fault_state = True;3413 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3414 3414 return NT_STATUS_NOT_IMPLEMENTED; 3415 3415 } … … 3418 3418 struct lsa_CREDRWRITEDOMAINCREDENTIALS *r) 3419 3419 { 3420 p-> rng_fault_state = True;3420 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3421 3421 return NT_STATUS_NOT_IMPLEMENTED; 3422 3422 } … … 3425 3425 struct lsa_CREDRREADDOMAINCREDENTIALS *r) 3426 3426 { 3427 p-> rng_fault_state = True;3427 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3428 3428 return NT_STATUS_NOT_IMPLEMENTED; 3429 3429 } … … 3431 3431 NTSTATUS _lsa_CREDRDELETE(struct pipes_struct *p, struct lsa_CREDRDELETE *r) 3432 3432 { 3433 p-> rng_fault_state = True;3433 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3434 3434 return NT_STATUS_NOT_IMPLEMENTED; 3435 3435 } … … 3438 3438 struct lsa_CREDRGETTARGETINFO *r) 3439 3439 { 3440 p-> rng_fault_state = True;3440 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3441 3441 return NT_STATUS_NOT_IMPLEMENTED; 3442 3442 } … … 3445 3445 struct lsa_CREDRPROFILELOADED *r) 3446 3446 { 3447 p-> rng_fault_state = True;3447 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3448 3448 return NT_STATUS_NOT_IMPLEMENTED; 3449 3449 } … … 3452 3452 struct lsa_CREDRGETSESSIONTYPES *r) 3453 3453 { 3454 p-> rng_fault_state = True;3454 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3455 3455 return NT_STATUS_NOT_IMPLEMENTED; 3456 3456 } … … 3459 3459 struct lsa_LSARREGISTERAUDITEVENT *r) 3460 3460 { 3461 p-> rng_fault_state = True;3461 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3462 3462 return NT_STATUS_NOT_IMPLEMENTED; 3463 3463 } … … 3466 3466 struct lsa_LSARGENAUDITEVENT *r) 3467 3467 { 3468 p-> rng_fault_state = True;3468 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3469 3469 return NT_STATUS_NOT_IMPLEMENTED; 3470 3470 } … … 3473 3473 struct lsa_LSARUNREGISTERAUDITEVENT *r) 3474 3474 { 3475 p-> rng_fault_state = True;3475 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3476 3476 return NT_STATUS_NOT_IMPLEMENTED; 3477 3477 } … … 3480 3480 struct lsa_lsaRQueryForestTrustInformation *r) 3481 3481 { 3482 p-> rng_fault_state = True;3482 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3483 3483 return NT_STATUS_NOT_IMPLEMENTED; 3484 3484 } … … 3993 3993 struct lsa_CREDRRENAME *r) 3994 3994 { 3995 p-> rng_fault_state = True;3995 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 3996 3996 return NT_STATUS_NOT_IMPLEMENTED; 3997 3997 } … … 4000 4000 struct lsa_LSAROPENPOLICYSCE *r) 4001 4001 { 4002 p-> rng_fault_state = True;4002 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 4003 4003 return NT_STATUS_NOT_IMPLEMENTED; 4004 4004 } … … 4007 4007 struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r) 4008 4008 { 4009 p-> rng_fault_state = True;4009 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 4010 4010 return NT_STATUS_NOT_IMPLEMENTED; 4011 4011 } … … 4014 4014 struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r) 4015 4015 { 4016 p-> rng_fault_state = True;4016 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 4017 4017 return NT_STATUS_NOT_IMPLEMENTED; 4018 4018 } … … 4021 4021 struct lsa_LSARADTREPORTSECURITYEVENT *r) 4022 4022 { 4023 p-> rng_fault_state = True;4023 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 4024 4024 return NT_STATUS_NOT_IMPLEMENTED; 4025 4025 } -
trunk/server/source3/rpc_server/netlogon/srv_netlog_nt.c
r916 r920 1509 1509 { 1510 1510 const char *wksname = nt_workstation; 1511 const char *workgroup = lp_workgroup(); 1511 1512 1512 1513 status = make_auth_context_fixed(talloc_tos(), &auth_context, … … 1533 1534 status = NT_STATUS_NO_MEMORY; 1534 1535 } 1536 1537 if (NT_STATUS_IS_OK(status)) { 1538 status = NTLMv2_RESPONSE_verify_netlogon_creds( 1539 user_info->client.account_name, 1540 user_info->client.domain_name, 1541 user_info->password.response.nt, 1542 creds, workgroup); 1543 } 1535 1544 break; 1536 1545 } … … 1637 1646 break; 1638 1647 case 6: 1648 /* Only allow this if the pipe is protected. */ 1649 if (p->auth.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { 1650 DEBUG(0,("netr_Validation6: client %s not using privacy for netlogon\n", 1651 get_remote_machine_name())); 1652 status = NT_STATUS_INVALID_PARAMETER; 1653 break; 1654 } 1655 1639 1656 status = serverinfo_to_SamInfo6(server_info, pipe_session_key, 16, 1640 1657 r->out.validation->sam6); … … 1788 1805 struct netr_LogonUasLogon *r) 1789 1806 { 1790 p-> rng_fault_state = true;1807 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1791 1808 return WERR_NOT_SUPPORTED; 1792 1809 } … … 1798 1815 struct netr_LogonUasLogoff *r) 1799 1816 { 1800 p-> rng_fault_state = true;1817 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1801 1818 return WERR_NOT_SUPPORTED; 1802 1819 } … … 1808 1825 struct netr_DatabaseDeltas *r) 1809 1826 { 1810 p-> rng_fault_state = true;1827 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1811 1828 return NT_STATUS_NOT_IMPLEMENTED; 1812 1829 } … … 1818 1835 struct netr_DatabaseSync *r) 1819 1836 { 1820 p-> rng_fault_state = true;1837 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1821 1838 return NT_STATUS_NOT_IMPLEMENTED; 1822 1839 } … … 1828 1845 struct netr_AccountDeltas *r) 1829 1846 { 1830 p-> rng_fault_state = true;1847 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1831 1848 return NT_STATUS_NOT_IMPLEMENTED; 1832 1849 } … … 1838 1855 struct netr_AccountSync *r) 1839 1856 { 1840 p-> rng_fault_state = true;1857 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1841 1858 return NT_STATUS_NOT_IMPLEMENTED; 1842 1859 } … … 1979 1996 struct netr_DatabaseSync2 *r) 1980 1997 { 1981 p-> rng_fault_state = true;1998 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1982 1999 return NT_STATUS_NOT_IMPLEMENTED; 1983 2000 } … … 1989 2006 struct netr_DatabaseRedo *r) 1990 2007 { 1991 p-> rng_fault_state = true;2008 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1992 2009 return NT_STATUS_NOT_IMPLEMENTED; 1993 2010 } … … 1999 2016 struct netr_DsRGetDCName *r) 2000 2017 { 2001 p-> rng_fault_state = true;2018 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2002 2019 return WERR_NOT_SUPPORTED; 2003 2020 } … … 2018 2035 struct netr_NETRLOGONSETSERVICEBITS *r) 2019 2036 { 2020 p-> rng_fault_state = true;2037 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2021 2038 return WERR_NOT_SUPPORTED; 2022 2039 } … … 2028 2045 struct netr_LogonGetTrustRid *r) 2029 2046 { 2030 p-> rng_fault_state = true;2047 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2031 2048 return WERR_NOT_SUPPORTED; 2032 2049 } … … 2038 2055 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r) 2039 2056 { 2040 p-> rng_fault_state = true;2057 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2041 2058 return WERR_NOT_SUPPORTED; 2042 2059 } … … 2048 2065 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r) 2049 2066 { 2050 p-> rng_fault_state = true;2067 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2051 2068 return WERR_NOT_SUPPORTED; 2052 2069 } … … 2058 2075 struct netr_DsRGetDCNameEx *r) 2059 2076 { 2060 p-> rng_fault_state = true;2077 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2061 2078 return WERR_NOT_SUPPORTED; 2062 2079 } … … 2068 2085 struct netr_DsRGetSiteName *r) 2069 2086 { 2070 p-> rng_fault_state = true;2087 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2071 2088 return WERR_NOT_SUPPORTED; 2072 2089 } … … 2078 2095 struct netr_LogonGetDomainInfo *r) 2079 2096 { 2080 p-> rng_fault_state = true;2097 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2081 2098 return NT_STATUS_NOT_IMPLEMENTED; 2082 2099 } … … 2088 2105 struct netr_ServerPasswordGet *r) 2089 2106 { 2090 p-> rng_fault_state = true;2107 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2091 2108 return WERR_NOT_SUPPORTED; 2092 2109 } … … 2098 2115 struct netr_NETRLOGONSENDTOSAM *r) 2099 2116 { 2100 p-> rng_fault_state = true;2117 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2101 2118 return WERR_NOT_SUPPORTED; 2102 2119 } … … 2108 2125 struct netr_DsRAddressToSitenamesW *r) 2109 2126 { 2110 p-> rng_fault_state = true;2127 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2111 2128 return WERR_NOT_SUPPORTED; 2112 2129 } … … 2118 2135 struct netr_DsRGetDCNameEx2 *r) 2119 2136 { 2120 p-> rng_fault_state = true;2137 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2121 2138 return WERR_NOT_SUPPORTED; 2122 2139 } … … 2128 2145 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r) 2129 2146 { 2130 p-> rng_fault_state = true;2147 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2131 2148 return WERR_NOT_SUPPORTED; 2132 2149 } … … 2138 2155 struct netr_NetrEnumerateTrustedDomainsEx *r) 2139 2156 { 2140 p-> rng_fault_state = true;2157 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2141 2158 return WERR_NOT_SUPPORTED; 2142 2159 } … … 2148 2165 struct netr_DsRAddressToSitenamesExW *r) 2149 2166 { 2150 p-> rng_fault_state = true;2167 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2151 2168 return WERR_NOT_SUPPORTED; 2152 2169 } … … 2158 2175 struct netr_DsrGetDcSiteCoverageW *r) 2159 2176 { 2160 p-> rng_fault_state = true;2177 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2161 2178 return WERR_NOT_SUPPORTED; 2162 2179 } … … 2168 2185 struct netr_DsrEnumerateDomainTrusts *r) 2169 2186 { 2170 p-> rng_fault_state = true;2187 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2171 2188 return WERR_NOT_SUPPORTED; 2172 2189 } … … 2178 2195 struct netr_DsrDeregisterDNSHostRecords *r) 2179 2196 { 2180 p-> rng_fault_state = true;2197 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2181 2198 return WERR_NOT_SUPPORTED; 2182 2199 } … … 2188 2205 struct netr_ServerTrustPasswordsGet *r) 2189 2206 { 2190 p-> rng_fault_state = true;2207 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2191 2208 return NT_STATUS_NOT_IMPLEMENTED; 2192 2209 } … … 2198 2215 struct netr_DsRGetForestTrustInformation *r) 2199 2216 { 2200 p-> rng_fault_state = true;2217 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2201 2218 return WERR_NOT_SUPPORTED; 2202 2219 } … … 2272 2289 /* TODO: check server name */ 2273 2290 2274 status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(), 2275 r->in.computer_name, 2276 r->in.credential, 2277 r->out.return_authenticator, 2278 &creds); 2291 become_root(); 2292 status = netr_creds_server_step_check(p, p->mem_ctx, 2293 r->in.computer_name, 2294 r->in.credential, 2295 r->out.return_authenticator, 2296 &creds); 2297 unbecome_root(); 2279 2298 if (!NT_STATUS_IS_OK(status)) { 2280 2299 return status; … … 2372 2391 /* TODO: check server name */ 2373 2392 2374 status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(), 2375 r->in.computer_name, 2376 r->in.credential, 2377 r->out.return_authenticator, 2378 &creds); 2393 become_root(); 2394 status = netr_creds_server_step_check(p, p->mem_ctx, 2395 r->in.computer_name, 2396 r->in.credential, 2397 r->out.return_authenticator, 2398 &creds); 2399 unbecome_root(); 2379 2400 if (!NT_STATUS_IS_OK(status)) { 2380 2401 return status; … … 2477 2498 struct netr_Unused47 *r) 2478 2499 { 2479 p-> rng_fault_state = true;2500 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2480 2501 return NT_STATUS_NOT_IMPLEMENTED; 2481 2502 } … … 2487 2508 struct netr_DsrUpdateReadOnlyServerDnsRecords *r) 2488 2509 { 2489 p-> rng_fault_state = true;2510 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2490 2511 return NT_STATUS_NOT_IMPLEMENTED; 2491 2512 } -
trunk/server/source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c
r918 r920 228 228 struct PNP_Disconnect *r) 229 229 { 230 p-> rng_fault_state = true;230 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 231 231 return WERR_NOT_SUPPORTED; 232 232 } … … 238 238 struct PNP_Connect *r) 239 239 { 240 p-> rng_fault_state = true;240 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 241 241 return WERR_NOT_SUPPORTED; 242 242 } … … 248 248 struct PNP_GetGlobalState *r) 249 249 { 250 p-> rng_fault_state = true;250 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 251 251 return WERR_NOT_SUPPORTED; 252 252 } … … 258 258 struct PNP_InitDetection *r) 259 259 { 260 p-> rng_fault_state = true;260 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 261 261 return WERR_NOT_SUPPORTED; 262 262 } … … 268 268 struct PNP_ReportLogOn *r) 269 269 { 270 p-> rng_fault_state = true;270 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 271 271 return WERR_NOT_SUPPORTED; 272 272 } … … 278 278 struct PNP_GetRootDeviceInstance *r) 279 279 { 280 p-> rng_fault_state = true;280 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 281 281 return WERR_NOT_SUPPORTED; 282 282 } … … 288 288 struct PNP_GetRelatedDeviceInstance *r) 289 289 { 290 p-> rng_fault_state = true;290 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 291 291 return WERR_NOT_SUPPORTED; 292 292 } … … 298 298 struct PNP_EnumerateSubKeys *r) 299 299 { 300 p-> rng_fault_state = true;300 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 301 301 return WERR_NOT_SUPPORTED; 302 302 } … … 308 308 struct PNP_GetDepth *r) 309 309 { 310 p-> rng_fault_state = true;310 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 311 311 return WERR_NOT_SUPPORTED; 312 312 } … … 318 318 struct PNP_SetDeviceRegProp *r) 319 319 { 320 p-> rng_fault_state = true;320 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 321 321 return WERR_NOT_SUPPORTED; 322 322 } … … 328 328 struct PNP_GetClassInstance *r) 329 329 { 330 p-> rng_fault_state = true;330 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 331 331 return WERR_NOT_SUPPORTED; 332 332 } … … 338 338 struct PNP_CreateKey *r) 339 339 { 340 p-> rng_fault_state = true;340 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 341 341 return WERR_NOT_SUPPORTED; 342 342 } … … 348 348 struct PNP_DeleteRegistryKey *r) 349 349 { 350 p-> rng_fault_state = true;350 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 351 351 return WERR_NOT_SUPPORTED; 352 352 } … … 358 358 struct PNP_GetClassCount *r) 359 359 { 360 p-> rng_fault_state = true;360 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 361 361 return WERR_NOT_SUPPORTED; 362 362 } … … 368 368 struct PNP_GetClassName *r) 369 369 { 370 p-> rng_fault_state = true;370 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 371 371 return WERR_NOT_SUPPORTED; 372 372 } … … 378 378 struct PNP_DeleteClassKey *r) 379 379 { 380 p-> rng_fault_state = true;380 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 381 381 return WERR_NOT_SUPPORTED; 382 382 } … … 388 388 struct PNP_GetInterfaceDeviceAlias *r) 389 389 { 390 p-> rng_fault_state = true;390 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 391 391 return WERR_NOT_SUPPORTED; 392 392 } … … 398 398 struct PNP_GetInterfaceDeviceList *r) 399 399 { 400 p-> rng_fault_state = true;400 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 401 401 return WERR_NOT_SUPPORTED; 402 402 } … … 408 408 struct PNP_GetInterfaceDeviceListSize *r) 409 409 { 410 p-> rng_fault_state = true;410 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 411 411 return WERR_NOT_SUPPORTED; 412 412 } … … 418 418 struct PNP_RegisterDeviceClassAssociation *r) 419 419 { 420 p-> rng_fault_state = true;420 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 421 421 return WERR_NOT_SUPPORTED; 422 422 } … … 428 428 struct PNP_UnregisterDeviceClassAssociation *r) 429 429 { 430 p-> rng_fault_state = true;430 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 431 431 return WERR_NOT_SUPPORTED; 432 432 } … … 438 438 struct PNP_GetClassRegProp *r) 439 439 { 440 p-> rng_fault_state = true;440 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 441 441 return WERR_NOT_SUPPORTED; 442 442 } … … 448 448 struct PNP_SetClassRegProp *r) 449 449 { 450 p-> rng_fault_state = true;450 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 451 451 return WERR_NOT_SUPPORTED; 452 452 } … … 458 458 struct PNP_CreateDevInst *r) 459 459 { 460 p-> rng_fault_state = true;460 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 461 461 return WERR_NOT_SUPPORTED; 462 462 } … … 468 468 struct PNP_DeviceInstanceAction *r) 469 469 { 470 p-> rng_fault_state = true;470 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 471 471 return WERR_NOT_SUPPORTED; 472 472 } … … 478 478 struct PNP_GetDeviceStatus *r) 479 479 { 480 p-> rng_fault_state = true;480 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 481 481 return WERR_NOT_SUPPORTED; 482 482 } … … 488 488 struct PNP_SetDeviceProblem *r) 489 489 { 490 p-> rng_fault_state = true;490 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 491 491 return WERR_NOT_SUPPORTED; 492 492 } … … 498 498 struct PNP_DisableDevInst *r) 499 499 { 500 p-> rng_fault_state = true;500 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 501 501 return WERR_NOT_SUPPORTED; 502 502 } … … 508 508 struct PNP_UninstallDevInst *r) 509 509 { 510 p-> rng_fault_state = true;510 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 511 511 return WERR_NOT_SUPPORTED; 512 512 } … … 518 518 struct PNP_AddID *r) 519 519 { 520 p-> rng_fault_state = true;520 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 521 521 return WERR_NOT_SUPPORTED; 522 522 } … … 528 528 struct PNP_RegisterDriver *r) 529 529 { 530 p-> rng_fault_state = true;530 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 531 531 return WERR_NOT_SUPPORTED; 532 532 } … … 538 538 struct PNP_QueryRemove *r) 539 539 { 540 p-> rng_fault_state = true;540 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 541 541 return WERR_NOT_SUPPORTED; 542 542 } … … 548 548 struct PNP_RequestDeviceEject *r) 549 549 { 550 p-> rng_fault_state = true;550 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 551 551 return WERR_NOT_SUPPORTED; 552 552 } … … 558 558 struct PNP_IsDockStationPresent *r) 559 559 { 560 p-> rng_fault_state = true;560 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 561 561 return WERR_NOT_SUPPORTED; 562 562 } … … 568 568 struct PNP_RequestEjectPC *r) 569 569 { 570 p-> rng_fault_state = true;570 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 571 571 return WERR_NOT_SUPPORTED; 572 572 } … … 578 578 struct PNP_AddEmptyLogConf *r) 579 579 { 580 p-> rng_fault_state = true;580 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 581 581 return WERR_NOT_SUPPORTED; 582 582 } … … 588 588 struct PNP_FreeLogConf *r) 589 589 { 590 p-> rng_fault_state = true;590 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 591 591 return WERR_NOT_SUPPORTED; 592 592 } … … 598 598 struct PNP_GetFirstLogConf *r) 599 599 { 600 p-> rng_fault_state = true;600 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 601 601 return WERR_NOT_SUPPORTED; 602 602 } … … 608 608 struct PNP_GetNextLogConf *r) 609 609 { 610 p-> rng_fault_state = true;610 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 611 611 return WERR_NOT_SUPPORTED; 612 612 } … … 618 618 struct PNP_GetLogConfPriority *r) 619 619 { 620 p-> rng_fault_state = true;620 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 621 621 return WERR_NOT_SUPPORTED; 622 622 } … … 628 628 struct PNP_AddResDes *r) 629 629 { 630 p-> rng_fault_state = true;630 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 631 631 return WERR_NOT_SUPPORTED; 632 632 } … … 638 638 struct PNP_FreeResDes *r) 639 639 { 640 p-> rng_fault_state = true;640 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 641 641 return WERR_NOT_SUPPORTED; 642 642 } … … 648 648 struct PNP_GetNextResDes *r) 649 649 { 650 p-> rng_fault_state = true;650 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 651 651 return WERR_NOT_SUPPORTED; 652 652 } … … 658 658 struct PNP_GetResDesData *r) 659 659 { 660 p-> rng_fault_state = true;660 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 661 661 return WERR_NOT_SUPPORTED; 662 662 } … … 668 668 struct PNP_GetResDesDataSize *r) 669 669 { 670 p-> rng_fault_state = true;670 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 671 671 return WERR_NOT_SUPPORTED; 672 672 } … … 678 678 struct PNP_ModifyResDes *r) 679 679 { 680 p-> rng_fault_state = true;680 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 681 681 return WERR_NOT_SUPPORTED; 682 682 } … … 688 688 struct PNP_DetectResourceLimit *r) 689 689 { 690 p-> rng_fault_state = true;690 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 691 691 return WERR_NOT_SUPPORTED; 692 692 } … … 698 698 struct PNP_QueryResConfList *r) 699 699 { 700 p-> rng_fault_state = true;700 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 701 701 return WERR_NOT_SUPPORTED; 702 702 } … … 708 708 struct PNP_SetHwProf *r) 709 709 { 710 p-> rng_fault_state = true;710 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 711 711 return WERR_NOT_SUPPORTED; 712 712 } … … 718 718 struct PNP_QueryArbitratorFreeData *r) 719 719 { 720 p-> rng_fault_state = true;720 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 721 721 return WERR_NOT_SUPPORTED; 722 722 } … … 728 728 struct PNP_QueryArbitratorFreeSize *r) 729 729 { 730 p-> rng_fault_state = true;730 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 731 731 return WERR_NOT_SUPPORTED; 732 732 } … … 738 738 struct PNP_RunDetection *r) 739 739 { 740 p-> rng_fault_state = true;740 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 741 741 return WERR_NOT_SUPPORTED; 742 742 } … … 748 748 struct PNP_RegisterNotification *r) 749 749 { 750 p-> rng_fault_state = true;750 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 751 751 return WERR_NOT_SUPPORTED; 752 752 } … … 758 758 struct PNP_UnregisterNotification *r) 759 759 { 760 p-> rng_fault_state = true;760 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 761 761 return WERR_NOT_SUPPORTED; 762 762 } … … 768 768 struct PNP_GetCustomDevProp *r) 769 769 { 770 p-> rng_fault_state = true;770 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 771 771 return WERR_NOT_SUPPORTED; 772 772 } … … 778 778 struct PNP_GetVersionInternal *r) 779 779 { 780 p-> rng_fault_state = true;780 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 781 781 return WERR_NOT_SUPPORTED; 782 782 } … … 788 788 struct PNP_GetBlockedDriverInfo *r) 789 789 { 790 p-> rng_fault_state = true;790 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 791 791 return WERR_NOT_SUPPORTED; 792 792 } … … 798 798 struct PNP_GetServerSideDeviceInstallFlags *r) 799 799 { 800 p-> rng_fault_state = true;801 return WERR_NOT_SUPPORTED; 802 } 800 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 801 return WERR_NOT_SUPPORTED; 802 } -
trunk/server/source3/rpc_server/rpc_handles.c
r918 r920 243 243 dump_data(4, (uint8_t *)hnd, sizeof(*hnd)); 244 244 245 p-> bad_handle_fault_state = true;245 p->fault_state = DCERPC_FAULT_CONTEXT_MISMATCH; 246 246 247 247 return NULL; -
trunk/server/source3/rpc_server/rpc_ncacn_np.c
r918 r920 172 172 p->syntax = *syntax; 173 173 p->transport = NCALRPC; 174 p->allow_bind = true; 174 175 175 176 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n", … … 217 218 218 219 if (p->fault_state) { 219 p->fault_state = false; 220 NTSTATUS status; 221 222 status = NT_STATUS(p->fault_state); 223 p->fault_state = 0; 220 224 data_blob_free(&p->out_data.rdata); 221 225 talloc_free_children(p->mem_ctx); 222 return NT_STATUS_RPC_CALL_FAILED; 223 } 224 225 if (p->bad_handle_fault_state) { 226 p->bad_handle_fault_state = false; 227 data_blob_free(&p->out_data.rdata); 228 talloc_free_children(p->mem_ctx); 229 return NT_STATUS_RPC_SS_CONTEXT_MISMATCH; 230 } 231 232 if (p->rng_fault_state) { 233 p->rng_fault_state = false; 234 data_blob_free(&p->out_data.rdata); 235 talloc_free_children(p->mem_ctx); 236 return NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE; 226 return status; 237 227 } 238 228 … … 792 782 result->auth->auth_type = DCERPC_AUTH_TYPE_NONE; 793 783 result->auth->auth_level = DCERPC_AUTH_LEVEL_NONE; 784 result->auth->auth_context_id = 0; 794 785 795 786 status = rpccli_anon_bind_data(result, &auth); -
trunk/server/source3/rpc_server/rpc_server.c
r745 r920 103 103 p->transport = transport; 104 104 p->ncalrpc_as_system = ncalrpc_as_system; 105 p->allow_bind = true; 105 106 106 107 p->mem_ctx = talloc_named(p, 0, "pipe %s %p", pipe_name, p); … … 661 662 if (ret == -1) { 662 663 DEBUG(2, ("Writev failed!\n")); 664 goto fail; 665 } 666 667 if (npc->p->fault_state != 0) { 668 DEBUG(2, ("Disconnect after fault\n")); 669 sys_errno = EINVAL; 663 670 goto fail; 664 671 } … … 1392 1399 } 1393 1400 1401 if (ncacn_conn->p->fault_state != 0) { 1402 DEBUG(2, ("Disconnect after fault\n")); 1403 sys_errno = EINVAL; 1404 goto fail; 1405 } 1406 1394 1407 /* clear out any data that may have been left around */ 1395 1408 ncacn_conn->count = 0; -
trunk/server/source3/rpc_server/samr/srv_samr_nt.c
r862 r920 6629 6629 struct samr_PwInfo dom_pw_info; 6630 6630 6631 if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { 6632 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 6633 return NT_STATUS_ACCESS_DENIED; 6634 } 6635 6631 6636 if (r->in.level < 1 || r->in.level > 3) { 6632 6637 return NT_STATUS_INVALID_INFO_CLASS; … … 6683 6688 struct samr_Shutdown *r) 6684 6689 { 6685 p-> rng_fault_state = true;6690 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 6686 6691 return NT_STATUS_NOT_IMPLEMENTED; 6687 6692 } … … 6693 6698 struct samr_SetMemberAttributesOfGroup *r) 6694 6699 { 6695 p-> rng_fault_state = true;6700 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 6696 6701 return NT_STATUS_NOT_IMPLEMENTED; 6697 6702 } … … 6703 6708 struct samr_TestPrivateFunctionsDomain *r) 6704 6709 { 6710 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 6705 6711 return NT_STATUS_NOT_IMPLEMENTED; 6706 6712 } … … 6712 6718 struct samr_TestPrivateFunctionsUser *r) 6713 6719 { 6720 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 6714 6721 return NT_STATUS_NOT_IMPLEMENTED; 6715 6722 } … … 6721 6728 struct samr_AddMultipleMembersToAlias *r) 6722 6729 { 6723 p-> rng_fault_state = true;6730 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 6724 6731 return NT_STATUS_NOT_IMPLEMENTED; 6725 6732 } … … 6731 6738 struct samr_RemoveMultipleMembersFromAlias *r) 6732 6739 { 6733 p-> rng_fault_state = true;6740 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 6734 6741 return NT_STATUS_NOT_IMPLEMENTED; 6735 6742 } … … 6741 6748 struct samr_SetBootKeyInformation *r) 6742 6749 { 6743 p-> rng_fault_state = true;6750 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 6744 6751 return NT_STATUS_NOT_IMPLEMENTED; 6745 6752 } … … 6751 6758 struct samr_GetBootKeyInformation *r) 6752 6759 { 6753 p-> rng_fault_state = true;6760 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 6754 6761 return NT_STATUS_NOT_IMPLEMENTED; 6755 6762 } … … 6761 6768 struct samr_SetDsrmPassword *r) 6762 6769 { 6763 p-> rng_fault_state = true;6770 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 6764 6771 return NT_STATUS_NOT_IMPLEMENTED; 6765 6772 } -
trunk/server/source3/rpc_server/spoolss/srv_spoolss_nt.c
r862 r920 2481 2481 "", /* domain */ 2482 2482 "", /* password */ 2483 0, lp_client_signing());2483 0, False); 2484 2484 2485 2485 if ( !NT_STATUS_IS_OK( ret ) ) { … … 10157 10157 struct spoolss_GetPrinterDriver *r) 10158 10158 { 10159 p-> rng_fault_state = true;10159 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10160 10160 return WERR_NOT_SUPPORTED; 10161 10161 } … … 10168 10168 struct spoolss_ReadPrinter *r) 10169 10169 { 10170 p-> rng_fault_state = true;10170 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10171 10171 return WERR_NOT_SUPPORTED; 10172 10172 } … … 10179 10179 struct spoolss_WaitForPrinterChange *r) 10180 10180 { 10181 p-> rng_fault_state = true;10181 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10182 10182 return WERR_NOT_SUPPORTED; 10183 10183 } … … 10190 10190 struct spoolss_ConfigurePort *r) 10191 10191 { 10192 p-> rng_fault_state = true;10192 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10193 10193 return WERR_NOT_SUPPORTED; 10194 10194 } … … 10201 10201 struct spoolss_DeletePort *r) 10202 10202 { 10203 p-> rng_fault_state = true;10203 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10204 10204 return WERR_NOT_SUPPORTED; 10205 10205 } … … 10212 10212 struct spoolss_CreatePrinterIC *r) 10213 10213 { 10214 p-> rng_fault_state = true;10214 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10215 10215 return WERR_NOT_SUPPORTED; 10216 10216 } … … 10223 10223 struct spoolss_PlayGDIScriptOnPrinterIC *r) 10224 10224 { 10225 p-> rng_fault_state = true;10225 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10226 10226 return WERR_NOT_SUPPORTED; 10227 10227 } … … 10234 10234 struct spoolss_DeletePrinterIC *r) 10235 10235 { 10236 p-> rng_fault_state = true;10236 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10237 10237 return WERR_NOT_SUPPORTED; 10238 10238 } … … 10245 10245 struct spoolss_AddPrinterConnection *r) 10246 10246 { 10247 p-> rng_fault_state = true;10247 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10248 10248 return WERR_NOT_SUPPORTED; 10249 10249 } … … 10256 10256 struct spoolss_DeletePrinterConnection *r) 10257 10257 { 10258 p-> rng_fault_state = true;10258 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10259 10259 return WERR_NOT_SUPPORTED; 10260 10260 } … … 10267 10267 struct spoolss_PrinterMessageBox *r) 10268 10268 { 10269 p-> rng_fault_state = true;10269 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10270 10270 return WERR_NOT_SUPPORTED; 10271 10271 } … … 10278 10278 struct spoolss_AddMonitor *r) 10279 10279 { 10280 p-> rng_fault_state = true;10280 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10281 10281 return WERR_NOT_SUPPORTED; 10282 10282 } … … 10289 10289 struct spoolss_DeleteMonitor *r) 10290 10290 { 10291 p-> rng_fault_state = true;10291 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10292 10292 return WERR_NOT_SUPPORTED; 10293 10293 } … … 10300 10300 struct spoolss_DeletePrintProcessor *r) 10301 10301 { 10302 p-> rng_fault_state = true;10302 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10303 10303 return WERR_NOT_SUPPORTED; 10304 10304 } … … 10311 10311 struct spoolss_AddPrintProvidor *r) 10312 10312 { 10313 p-> rng_fault_state = true;10313 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10314 10314 return WERR_NOT_SUPPORTED; 10315 10315 } … … 10322 10322 struct spoolss_DeletePrintProvidor *r) 10323 10323 { 10324 p-> rng_fault_state = true;10324 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10325 10325 return WERR_NOT_SUPPORTED; 10326 10326 } … … 10333 10333 struct spoolss_FindFirstPrinterChangeNotification *r) 10334 10334 { 10335 p-> rng_fault_state = true;10335 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10336 10336 return WERR_NOT_SUPPORTED; 10337 10337 } … … 10344 10344 struct spoolss_FindNextPrinterChangeNotification *r) 10345 10345 { 10346 p-> rng_fault_state = true;10346 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10347 10347 return WERR_NOT_SUPPORTED; 10348 10348 } … … 10355 10355 struct spoolss_RouterFindFirstPrinterChangeNotificationOld *r) 10356 10356 { 10357 p-> rng_fault_state = true;10357 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10358 10358 return WERR_NOT_SUPPORTED; 10359 10359 } … … 10366 10366 struct spoolss_ReplyOpenPrinter *r) 10367 10367 { 10368 p-> rng_fault_state = true;10368 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10369 10369 return WERR_NOT_SUPPORTED; 10370 10370 } … … 10377 10377 struct spoolss_RouterReplyPrinter *r) 10378 10378 { 10379 p-> rng_fault_state = true;10379 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10380 10380 return WERR_NOT_SUPPORTED; 10381 10381 } … … 10388 10388 struct spoolss_ReplyClosePrinter *r) 10389 10389 { 10390 p-> rng_fault_state = true;10390 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10391 10391 return WERR_NOT_SUPPORTED; 10392 10392 } … … 10399 10399 struct spoolss_AddPortEx *r) 10400 10400 { 10401 p-> rng_fault_state = true;10401 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10402 10402 return WERR_NOT_SUPPORTED; 10403 10403 } … … 10410 10410 struct spoolss_RouterFindFirstPrinterChangeNotification *r) 10411 10411 { 10412 p-> rng_fault_state = true;10412 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10413 10413 return WERR_NOT_SUPPORTED; 10414 10414 } … … 10421 10421 struct spoolss_SpoolerInit *r) 10422 10422 { 10423 p-> rng_fault_state = true;10423 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10424 10424 return WERR_NOT_SUPPORTED; 10425 10425 } … … 10432 10432 struct spoolss_ResetPrinterEx *r) 10433 10433 { 10434 p-> rng_fault_state = true;10434 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10435 10435 return WERR_NOT_SUPPORTED; 10436 10436 } … … 10443 10443 struct spoolss_RouterReplyPrinterEx *r) 10444 10444 { 10445 p-> rng_fault_state = true;10445 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10446 10446 return WERR_NOT_SUPPORTED; 10447 10447 } … … 10454 10454 struct spoolss_44 *r) 10455 10455 { 10456 p-> rng_fault_state = true;10456 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10457 10457 return WERR_NOT_SUPPORTED; 10458 10458 } … … 10465 10465 struct spoolss_SetPort *r) 10466 10466 { 10467 p-> rng_fault_state = true;10467 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10468 10468 return WERR_NOT_SUPPORTED; 10469 10469 } … … 10476 10476 struct spoolss_4a *r) 10477 10477 { 10478 p-> rng_fault_state = true;10478 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10479 10479 return WERR_NOT_SUPPORTED; 10480 10480 } … … 10487 10487 struct spoolss_4b *r) 10488 10488 { 10489 p-> rng_fault_state = true;10489 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10490 10490 return WERR_NOT_SUPPORTED; 10491 10491 } … … 10498 10498 struct spoolss_4c *r) 10499 10499 { 10500 p-> rng_fault_state = true;10500 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10501 10501 return WERR_NOT_SUPPORTED; 10502 10502 } … … 10509 10509 struct spoolss_53 *r) 10510 10510 { 10511 p-> rng_fault_state = true;10511 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10512 10512 return WERR_NOT_SUPPORTED; 10513 10513 } … … 10520 10520 struct spoolss_AddPerMachineConnection *r) 10521 10521 { 10522 p-> rng_fault_state = true;10522 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10523 10523 return WERR_NOT_SUPPORTED; 10524 10524 } … … 10531 10531 struct spoolss_DeletePerMachineConnection *r) 10532 10532 { 10533 p-> rng_fault_state = true;10533 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10534 10534 return WERR_NOT_SUPPORTED; 10535 10535 } … … 10542 10542 struct spoolss_EnumPerMachineConnections *r) 10543 10543 { 10544 p-> rng_fault_state = true;10544 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10545 10545 return WERR_NOT_SUPPORTED; 10546 10546 } … … 10553 10553 struct spoolss_5a *r) 10554 10554 { 10555 p-> rng_fault_state = true;10555 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10556 10556 return WERR_NOT_SUPPORTED; 10557 10557 } … … 10564 10564 struct spoolss_5b *r) 10565 10565 { 10566 p-> rng_fault_state = true;10566 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10567 10567 return WERR_NOT_SUPPORTED; 10568 10568 } … … 10575 10575 struct spoolss_5c *r) 10576 10576 { 10577 p-> rng_fault_state = true;10577 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10578 10578 return WERR_NOT_SUPPORTED; 10579 10579 } … … 10586 10586 struct spoolss_5d *r) 10587 10587 { 10588 p-> rng_fault_state = true;10588 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10589 10589 return WERR_NOT_SUPPORTED; 10590 10590 } … … 10597 10597 struct spoolss_5e *r) 10598 10598 { 10599 p-> rng_fault_state = true;10599 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10600 10600 return WERR_NOT_SUPPORTED; 10601 10601 } … … 10608 10608 struct spoolss_5f *r) 10609 10609 { 10610 p-> rng_fault_state = true;10610 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10611 10611 return WERR_NOT_SUPPORTED; 10612 10612 } … … 10619 10619 struct spoolss_60 *r) 10620 10620 { 10621 p-> rng_fault_state = true;10621 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10622 10622 return WERR_NOT_SUPPORTED; 10623 10623 } … … 10630 10630 struct spoolss_61 *r) 10631 10631 { 10632 p-> rng_fault_state = true;10632 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10633 10633 return WERR_NOT_SUPPORTED; 10634 10634 } … … 10641 10641 struct spoolss_62 *r) 10642 10642 { 10643 p-> rng_fault_state = true;10643 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10644 10644 return WERR_NOT_SUPPORTED; 10645 10645 } … … 10652 10652 struct spoolss_63 *r) 10653 10653 { 10654 p-> rng_fault_state = true;10654 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10655 10655 return WERR_NOT_SUPPORTED; 10656 10656 } … … 10663 10663 struct spoolss_64 *r) 10664 10664 { 10665 p-> rng_fault_state = true;10665 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10666 10666 return WERR_NOT_SUPPORTED; 10667 10667 } … … 10674 10674 struct spoolss_65 *r) 10675 10675 { 10676 p-> rng_fault_state = true;10676 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10677 10677 return WERR_NOT_SUPPORTED; 10678 10678 } … … 10685 10685 struct spoolss_GetCorePrinterDrivers *r) 10686 10686 { 10687 p-> rng_fault_state = true;10687 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10688 10688 return WERR_NOT_SUPPORTED; 10689 10689 } … … 10696 10696 struct spoolss_67 *r) 10697 10697 { 10698 p-> rng_fault_state = true;10698 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10699 10699 return WERR_NOT_SUPPORTED; 10700 10700 } … … 10707 10707 struct spoolss_GetPrinterDriverPackagePath *r) 10708 10708 { 10709 p-> rng_fault_state = true;10709 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10710 10710 return WERR_NOT_SUPPORTED; 10711 10711 } … … 10718 10718 struct spoolss_69 *r) 10719 10719 { 10720 p-> rng_fault_state = true;10720 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10721 10721 return WERR_NOT_SUPPORTED; 10722 10722 } … … 10729 10729 struct spoolss_6a *r) 10730 10730 { 10731 p-> rng_fault_state = true;10731 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10732 10732 return WERR_NOT_SUPPORTED; 10733 10733 } … … 10740 10740 struct spoolss_6b *r) 10741 10741 { 10742 p-> rng_fault_state = true;10742 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10743 10743 return WERR_NOT_SUPPORTED; 10744 10744 } … … 10751 10751 struct spoolss_6c *r) 10752 10752 { 10753 p-> rng_fault_state = true;10753 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10754 10754 return WERR_NOT_SUPPORTED; 10755 10755 } … … 10762 10762 struct spoolss_6d *r) 10763 10763 { 10764 p-> rng_fault_state = true;10764 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 10765 10765 return WERR_NOT_SUPPORTED; 10766 10766 } -
trunk/server/source3/rpc_server/srv_pipe.c
r918 r920 43 43 #include "ntdomain.h" 44 44 #include "rpc_server/srv_pipe.h" 45 #include "../librpc/gen_ndr/ndr_dcerpc.h" 46 #include "../librpc/ndr/ndr_dcerpc.h" 47 #include "../librpc/gen_ndr/ndr_samr.h" 48 #include "../librpc/gen_ndr/ndr_lsa.h" 49 #include "../librpc/gen_ndr/ndr_netlogon.h" 50 #include "../librpc/gen_ndr/ndr_epmapper.h" 51 #include "../librpc/gen_ndr/ndr_echo.h" 45 52 46 53 #undef DBGC_CLASS … … 203 210 */ 204 211 if (p->fault_state) { 205 setup_fault_pdu(p, NT_STATUS( DCERPC_FAULT_OP_RNG_ERROR));212 setup_fault_pdu(p, NT_STATUS(p->fault_state)); 206 213 return true; 207 214 } … … 270 277 p->out_data.current_pdu_sent = 0; 271 278 279 set_incoming_fault(p); 272 280 TALLOC_FREE(p->auth.auth_ctx); 273 281 p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; 274 282 p->auth.auth_type = DCERPC_AUTH_TYPE_NONE; 275 283 p->pipe_bound = False; 284 p->allow_bind = false; 285 p->allow_alter = false; 286 p->allow_auth3 = false; 276 287 277 288 return True; … … 335 346 { 336 347 struct pipe_rpc_fns *context_fns; 348 const char *interface_name = NULL; 349 bool ok; 337 350 338 351 DEBUG(3,("check_bind_req for %s\n", 339 get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); 352 get_pipe_name_from_syntax(talloc_tos(), abstract))); 353 354 ok = ndr_syntax_id_equal(transfer, &ndr_transfer_syntax); 355 if (!ok) { 356 DEBUG(1,("check_bind_req unknown transfer syntax for " 357 "%s context_id=%u\n", 358 get_pipe_name_from_syntax(talloc_tos(), abstract), 359 (unsigned)context_id)); 360 return false; 361 } 362 363 for (context_fns = p->contexts; 364 context_fns != NULL; 365 context_fns = context_fns->next) 366 { 367 if (context_fns->context_id != context_id) { 368 continue; 369 } 370 371 ok = ndr_syntax_id_equal(&context_fns->syntax, 372 abstract); 373 if (ok) { 374 return true; 375 } 376 377 DEBUG(1,("check_bind_req: changing abstract syntax for " 378 "%s context_id=%u into %s not supported\n", 379 get_pipe_name_from_syntax(talloc_tos(), &context_fns->syntax), 380 (unsigned)context_id, 381 get_pipe_name_from_syntax(talloc_tos(), abstract))); 382 return false; 383 } 340 384 341 385 /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */ 342 if (rpc_srv_pipe_exists_by_id(abstract) && 343 ndr_syntax_id_equal(transfer, &ndr_transfer_syntax)) { 344 DEBUG(3, ("check_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n", 345 rpc_srv_get_pipe_cli_name(abstract), 346 rpc_srv_get_pipe_srv_name(abstract))); 347 } else { 386 if (!rpc_srv_pipe_exists_by_id(abstract)) { 348 387 return false; 349 388 } 389 390 DEBUG(3, ("check_bind_req: %s -> %s rpc service\n", 391 rpc_srv_get_pipe_cli_name(abstract), 392 rpc_srv_get_pipe_srv_name(abstract))); 350 393 351 394 context_fns = SMB_MALLOC_P(struct pipe_rpc_fns); … … 355 398 } 356 399 400 interface_name = get_pipe_name_from_syntax(talloc_tos(), 401 abstract); 402 403 SMB_ASSERT(interface_name != NULL); 404 357 405 context_fns->next = context_fns->prev = NULL; 358 406 context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(abstract); 359 407 context_fns->cmds = rpc_srv_get_pipe_cmds(abstract); 360 408 context_fns->context_id = context_id; 409 context_fns->syntax = *abstract; 410 411 context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect(); 412 /* 413 * for the samr and the lsarpc interfaces we don't allow "connect" 414 * auth_level by default. 415 */ 416 ok = ndr_syntax_id_equal(abstract, &ndr_table_samr.syntax_id); 417 if (ok) { 418 context_fns->allow_connect = false; 419 } 420 ok = ndr_syntax_id_equal(abstract, &ndr_table_lsarpc.syntax_id); 421 if (ok) { 422 context_fns->allow_connect = false; 423 } 424 ok = ndr_syntax_id_equal(abstract, &ndr_table_netlogon.syntax_id); 425 if (ok) { 426 context_fns->allow_connect = false; 427 } 428 /* 429 * for the epmapper and echo interfaces we allow "connect" 430 * auth_level by default. 431 */ 432 ok = ndr_syntax_id_equal(abstract, &ndr_table_epmapper.syntax_id); 433 if (ok) { 434 context_fns->allow_connect = true; 435 } 436 ok = ndr_syntax_id_equal(abstract, &ndr_table_rpcecho.syntax_id); 437 if (ok) { 438 context_fns->allow_connect = true; 439 } 440 /* 441 * every interface can be modified to allow "connect" auth_level by 442 * using a parametric option like: 443 * allow dcerpc auth level connect:<interface> 444 * e.g. 445 * allow dcerpc auth level connect:samr = yes 446 */ 447 context_fns->allow_connect = lp_parm_bool(-1, 448 "allow dcerpc auth level connect", 449 interface_name, context_fns->allow_connect); 361 450 362 451 /* add to the list of open contexts */ … … 446 535 p->auth.auth_ctx = spnego_ctx; 447 536 p->auth.auth_type = DCERPC_AUTH_TYPE_SPNEGO; 537 p->auth.auth_context_id = auth_info->auth_context_id; 448 538 449 539 DEBUG(10, ("SPNEGO auth started\n")); … … 556 646 p->auth.auth_ctx = schannel_auth; 557 647 p->auth.auth_type = DCERPC_AUTH_TYPE_SCHANNEL; 648 p->auth.auth_context_id = auth_info->auth_context_id; 558 649 559 650 p->pipe_bound = True; … … 600 691 p->auth.auth_ctx = ntlmssp_state; 601 692 p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP; 693 p->auth.auth_context_id = auth_info->auth_context_id; 602 694 603 695 DEBUG(10, (__location__ ": NTLMSSP auth started\n")); … … 774 866 void *mech_ctx; 775 867 NTSTATUS status; 868 869 if (p->auth.auth_type == DCERPC_AUTH_TYPE_NONE) { 870 p->pipe_bound = true; 871 return NT_STATUS_OK; 872 } 776 873 777 874 switch (p->auth.auth_type) { … … 866 963 DATA_BLOB auth_blob = data_blob_null; 867 964 868 /* No rebinds on a bound pipe - use alter context. */ 869 if (p->pipe_bound) { 870 DEBUG(2,("api_pipe_bind_req: rejecting bind request on bound " 871 "pipe %s.\n", 872 get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); 965 if (!p->allow_bind) { 966 DEBUG(2,("Pipe not in allow bind state\n")); 873 967 return setup_bind_nak(p, pkt); 874 968 } 969 p->allow_bind = false; 970 971 status = dcerpc_verify_ncacn_packet_header(pkt, 972 DCERPC_PKT_BIND, 973 pkt->u.bind.auth_info.length, 974 0, /* required flags */ 975 DCERPC_PFC_FLAG_FIRST | 976 DCERPC_PFC_FLAG_LAST | 977 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | 978 0x08 | /* this is not defined, but should be ignored */ 979 DCERPC_PFC_FLAG_CONC_MPX | 980 DCERPC_PFC_FLAG_DID_NOT_EXECUTE | 981 DCERPC_PFC_FLAG_MAYBE | 982 DCERPC_PFC_FLAG_OBJECT_UUID); 983 if (!NT_STATUS_IS_OK(status)) { 984 DEBUG(1, ("api_pipe_bind_req: invalid pdu: %s\n", 985 nt_errstr(status))); 986 NDR_PRINT_DEBUG(ncacn_packet, pkt); 987 goto err_exit; 988 } 875 989 876 990 if (pkt->u.bind.num_contexts == 0) { 877 DEBUG(0, ("api_pipe_bind_req: no rpc contexts around\n")); 991 DEBUG(1, ("api_pipe_bind_req: no rpc contexts around\n")); 992 goto err_exit; 993 } 994 995 if (pkt->u.bind.ctx_list[0].num_transfer_syntaxes == 0) { 996 DEBUG(1, ("api_pipe_bind_req: no transfer syntaxes around\n")); 878 997 goto err_exit; 879 998 } … … 959 1078 */ 960 1079 if (pkt->auth_length) { 961 /* Quick length check. Won't catch a bad auth footer,962 * prevents overrun. */963 964 if (pkt->frag_length < RPC_HEADER_LEN +965 DCERPC_AUTH_TRAILER_LENGTH +966 pkt->auth_length) {967 DEBUG(0,("api_pipe_bind_req: auth_len (%u) "968 "too long for fragment %u.\n",969 (unsigned int)pkt->auth_length,970 (unsigned int)pkt->frag_length));971 goto err_exit;972 }973 974 1080 /* 975 1081 * Decode the authentication verifier. 976 1082 */ 977 status = dcerpc_pull_ dcerpc_auth(pkt,978 &pkt->u.bind.auth_info,979 &auth_info, p->endian);1083 status = dcerpc_pull_auth_trailer(pkt, pkt, 1084 &pkt->u.bind.auth_info, 1085 &auth_info, NULL, true); 980 1086 if (!NT_STATUS_IS_OK(status)) { 981 1087 DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n")); … … 1071 1177 /* The session key was initialized from the SMB 1072 1178 * session in make_internal_rpc_pipe_p */ 1179 p->auth.auth_context_id = 0; 1073 1180 } 1074 1181 … … 1112 1219 DEBUG(0, ("Failed to marshall bind_ack packet. (%s)\n", 1113 1220 nt_errstr(status))); 1221 goto err_exit; 1114 1222 } 1115 1223 1116 1224 if (auth_resp.length) { 1117 1118 1225 status = dcerpc_push_dcerpc_auth(pkt, 1119 1226 auth_type, 1120 1227 auth_info.auth_level, 1121 0, 1122 1, /* auth_context_id */1228 0, /* pad_len */ 1229 p->auth.auth_context_id, 1123 1230 &auth_resp, 1124 1231 &auth_blob); … … 1151 1258 1152 1259 TALLOC_FREE(auth_blob.data); 1260 1261 if (bind_ack_ctx.result == 0) { 1262 p->allow_alter = true; 1263 p->allow_auth3 = true; 1264 if (p->auth.auth_type == DCERPC_AUTH_TYPE_NONE) { 1265 status = pipe_auth_verify_final(p); 1266 if (!NT_STATUS_IS_OK(status)) { 1267 DEBUG(0, ("pipe_auth_verify_final failed: %s\n", 1268 nt_errstr(status))); 1269 goto err_exit; 1270 } 1271 } 1272 } else { 1273 goto err_exit; 1274 } 1275 1153 1276 return True; 1154 1277 … … 1175 1298 DEBUG(5, ("api_pipe_bind_auth3: decode request. %d\n", __LINE__)); 1176 1299 1300 if (!p->allow_auth3) { 1301 DEBUG(1, ("Pipe not in allow auth3 state.\n")); 1302 goto err; 1303 } 1304 1305 status = dcerpc_verify_ncacn_packet_header(pkt, 1306 DCERPC_PKT_AUTH3, 1307 pkt->u.auth3.auth_info.length, 1308 0, /* required flags */ 1309 DCERPC_PFC_FLAG_FIRST | 1310 DCERPC_PFC_FLAG_LAST | 1311 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | 1312 0x08 | /* this is not defined, but should be ignored */ 1313 DCERPC_PFC_FLAG_CONC_MPX | 1314 DCERPC_PFC_FLAG_DID_NOT_EXECUTE | 1315 DCERPC_PFC_FLAG_MAYBE | 1316 DCERPC_PFC_FLAG_OBJECT_UUID); 1317 if (!NT_STATUS_IS_OK(status)) { 1318 DEBUG(1, ("api_pipe_bind_auth3: invalid pdu: %s\n", 1319 nt_errstr(status))); 1320 NDR_PRINT_DEBUG(ncacn_packet, pkt); 1321 goto err; 1322 } 1323 1324 /* We can only finish if the pipe is unbound for now */ 1325 if (p->pipe_bound) { 1326 DEBUG(0, (__location__ ": Pipe already bound, " 1327 "AUTH3 not supported!\n")); 1328 goto err; 1329 } 1330 1177 1331 if (pkt->auth_length == 0) { 1178 DEBUG( 0, ("No auth field sent for bindrequest!\n"));1332 DEBUG(1, ("No auth field sent for auth3 request!\n")); 1179 1333 goto err; 1180 1334 } 1181 1335 1182 /* Ensure there's enough data for an authenticated request. */1183 if (pkt->frag_length < RPC_HEADER_LEN1184 + DCERPC_AUTH_TRAILER_LENGTH1185 + pkt->auth_length) {1186 DEBUG(0,("api_pipe_ntlmssp_auth_process: auth_len "1187 "%u is too large.\n",1188 (unsigned int)pkt->auth_length));1189 goto err;1190 }1191 1192 1336 /* 1193 1337 * Decode the authentication verifier response. 1194 1338 */ 1195 1339 1196 status = dcerpc_pull_ dcerpc_auth(pkt,1197 &pkt->u.auth3.auth_info,1198 &auth_info, p->endian);1340 status = dcerpc_pull_auth_trailer(pkt, pkt, 1341 &pkt->u.auth3.auth_info, 1342 &auth_info, NULL, true); 1199 1343 if (!NT_STATUS_IS_OK(status)) { 1200 1344 DEBUG(0, ("Failed to unmarshall dcerpc_auth.\n")); … … 1211 1355 "but auth was started as type %d!\n", 1212 1356 auth_info.auth_type, p->auth.auth_type)); 1357 goto err; 1358 } 1359 1360 if (auth_info.auth_level != p->auth.auth_level) { 1361 DEBUG(1, ("Auth level mismatch! Client sent %d, " 1362 "but auth was started as level %d!\n", 1363 auth_info.auth_level, p->auth.auth_level)); 1364 goto err; 1365 } 1366 1367 if (auth_info.auth_context_id != p->auth.auth_context_id) { 1368 DEBUG(0, ("Auth context id mismatch! Client sent %u, " 1369 "but auth was started as level %u!\n", 1370 (unsigned)auth_info.auth_context_id, 1371 (unsigned)p->auth.auth_context_id)); 1213 1372 goto err; 1214 1373 } … … 1266 1425 1267 1426 err: 1427 p->pipe_bound = false; 1428 p->allow_bind = false; 1429 p->allow_alter = false; 1430 p->allow_auth3 = false; 1268 1431 1269 1432 TALLOC_FREE(p->auth.auth_ctx); … … 1283 1446 NTSTATUS status; 1284 1447 union dcerpc_payload u; 1285 struct dcerpc_ack_ctx bind_ack_ctx;1448 struct dcerpc_ack_ctx alter_ack_ctx; 1286 1449 DATA_BLOB auth_resp = data_blob_null; 1287 1450 DATA_BLOB auth_blob = data_blob_null; … … 1293 1456 DEBUG(5,("api_pipe_alter_context: make response. %d\n", __LINE__)); 1294 1457 1295 if (pkt->u.bind.assoc_group_id != 0) { 1296 assoc_gid = pkt->u.bind.assoc_group_id; 1458 if (!p->allow_alter) { 1459 DEBUG(1, ("Pipe not in allow alter state.\n")); 1460 goto err_exit; 1461 } 1462 1463 status = dcerpc_verify_ncacn_packet_header(pkt, 1464 DCERPC_PKT_ALTER, 1465 pkt->u.alter.auth_info.length, 1466 0, /* required flags */ 1467 DCERPC_PFC_FLAG_FIRST | 1468 DCERPC_PFC_FLAG_LAST | 1469 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | 1470 0x08 | /* this is not defined, but should be ignored */ 1471 DCERPC_PFC_FLAG_CONC_MPX | 1472 DCERPC_PFC_FLAG_DID_NOT_EXECUTE | 1473 DCERPC_PFC_FLAG_MAYBE | 1474 DCERPC_PFC_FLAG_OBJECT_UUID); 1475 if (!NT_STATUS_IS_OK(status)) { 1476 DEBUG(1, ("api_pipe_alter_context: invalid pdu: %s\n", 1477 nt_errstr(status))); 1478 NDR_PRINT_DEBUG(ncacn_packet, pkt); 1479 goto err_exit; 1480 } 1481 1482 if (pkt->u.alter.num_contexts == 0) { 1483 DEBUG(1, ("api_pipe_alter_context: no rpc contexts around\n")); 1484 goto err_exit; 1485 } 1486 1487 if (pkt->u.alter.ctx_list[0].num_transfer_syntaxes == 0) { 1488 DEBUG(1, ("api_pipe_alter_context: no transfer syntaxes around\n")); 1489 goto err_exit; 1490 } 1491 1492 if (pkt->u.alter.assoc_group_id != 0) { 1493 assoc_gid = pkt->u.alter.assoc_group_id; 1297 1494 } else { 1298 1495 assoc_gid = 0x53f0; … … 1304 1501 1305 1502 /* If the requested abstract synt uuid doesn't match our client pipe, 1306 reject the bind_ack & set the transfer interface synt to all 0's,1503 reject the alter_ack & set the transfer interface synt to all 0's, 1307 1504 ver 0 (observed when NT5 attempts to bind to abstract interfaces 1308 1505 unknown to NT4) … … 1310 1507 1311 1508 if (check_bind_req(p, 1312 &pkt->u. bind.ctx_list[0].abstract_syntax,1313 &pkt->u. bind.ctx_list[0].transfer_syntaxes[0],1314 pkt->u. bind.ctx_list[0].context_id)) {1315 1316 bind_ack_ctx.result = 0;1317 bind_ack_ctx.reason = 0;1318 bind_ack_ctx.syntax = pkt->u.bind.ctx_list[0].transfer_syntaxes[0];1509 &pkt->u.alter.ctx_list[0].abstract_syntax, 1510 &pkt->u.alter.ctx_list[0].transfer_syntaxes[0], 1511 pkt->u.alter.ctx_list[0].context_id)) { 1512 1513 alter_ack_ctx.result = 0; 1514 alter_ack_ctx.reason = 0; 1515 alter_ack_ctx.syntax = pkt->u.alter.ctx_list[0].transfer_syntaxes[0]; 1319 1516 } else { 1320 p->pipe_bound = False;1321 1517 /* Rejection reason: abstract syntax not supported */ 1322 bind_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT;1323 bind_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX;1324 bind_ack_ctx.syntax = null_ndr_syntax_id;1518 alter_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT; 1519 alter_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX; 1520 alter_ack_ctx.syntax = null_ndr_syntax_id; 1325 1521 } 1326 1522 … … 1329 1525 */ 1330 1526 if (pkt->auth_length) { 1331 /* Quick length check. Won't catch a bad auth footer,1332 * prevents overrun. */1333 1334 if (pkt->frag_length < RPC_HEADER_LEN +1335 DCERPC_AUTH_TRAILER_LENGTH +1336 pkt->auth_length) {1337 DEBUG(0,("api_pipe_alter_context: auth_len (%u) "1338 "too long for fragment %u.\n",1339 (unsigned int)pkt->auth_length,1340 (unsigned int)pkt->frag_length ));1341 goto err_exit;1342 }1343 1344 status = dcerpc_pull_dcerpc_auth(pkt,1345 &pkt->u.bind.auth_info,1346 &auth_info, p->endian);1347 if (!NT_STATUS_IS_OK(status)) {1348 DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n"));1349 goto err_exit;1350 }1351 1352 1527 /* We can only finish if the pipe is unbound for now */ 1353 1528 if (p->pipe_bound) { … … 1357 1532 } 1358 1533 1534 status = dcerpc_pull_auth_trailer(pkt, pkt, 1535 &pkt->u.alter.auth_info, 1536 &auth_info, NULL, true); 1537 if (!NT_STATUS_IS_OK(status)) { 1538 DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n")); 1539 goto err_exit; 1540 } 1541 1359 1542 if (auth_info.auth_type != p->auth.auth_type) { 1360 1543 DEBUG(0, ("Auth type mismatch! Client sent %d, " … … 1364 1547 } 1365 1548 1549 if (auth_info.auth_level != p->auth.auth_level) { 1550 DEBUG(0, ("Auth level mismatch! Client sent %d, " 1551 "but auth was started as level %d!\n", 1552 auth_info.auth_level, p->auth.auth_level)); 1553 goto err_exit; 1554 } 1555 1556 if (auth_info.auth_context_id != p->auth.auth_context_id) { 1557 DEBUG(0, ("Auth context id mismatch! Client sent %u, " 1558 "but auth was started as level %u!\n", 1559 (unsigned)auth_info.auth_context_id, 1560 (unsigned)p->auth.auth_context_id)); 1561 goto err_exit; 1562 } 1366 1563 1367 1564 switch (auth_info.auth_type) { … … 1430 1627 1431 1628 u.alter_resp.num_results = 1; 1432 u.alter_resp.ctx_list = & bind_ack_ctx;1629 u.alter_resp.ctx_list = &alter_ack_ctx; 1433 1630 1434 1631 /* NOTE: We leave the auth_info empty so we can calculate the padding … … 1450 1647 &p->out_data.frag); 1451 1648 if (!NT_STATUS_IS_OK(status)) { 1452 DEBUG(0, ("Failed to marshall bind_ackpacket. (%s)\n",1649 DEBUG(0, ("Failed to marshall alter_resp packet. (%s)\n", 1453 1650 nt_errstr(status))); 1651 goto err_exit; 1454 1652 } 1455 1653 … … 1468 1666 auth_info.auth_level, 1469 1667 pad_len, 1470 1, /* auth_context_id */1668 p->auth.auth_context_id, 1471 1669 &auth_resp, 1472 1670 &auth_blob); … … 1542 1740 1543 1741 static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt, 1544 const struct api_struct *api_rpc_cmds, int n_cmds); 1742 const struct api_struct *api_rpc_cmds, int n_cmds, 1743 const struct ndr_syntax_id *syntax); 1744 1745 static bool srv_pipe_check_verification_trailer(struct pipes_struct *p, 1746 struct ncacn_packet *pkt, 1747 struct pipe_rpc_fns *pipe_fns) 1748 { 1749 TALLOC_CTX *frame = talloc_stackframe(); 1750 struct dcerpc_sec_verification_trailer *vt = NULL; 1751 const uint32_t bitmask1 = 0; 1752 const struct dcerpc_sec_vt_pcontext pcontext = { 1753 .abstract_syntax = pipe_fns->syntax, 1754 .transfer_syntax = ndr_transfer_syntax, 1755 }; 1756 const struct dcerpc_sec_vt_header2 header2 = 1757 dcerpc_sec_vt_header2_from_ncacn_packet(pkt); 1758 struct ndr_pull *ndr; 1759 enum ndr_err_code ndr_err; 1760 bool ret = false; 1761 1762 ndr = ndr_pull_init_blob(&p->in_data.data, frame); 1763 if (ndr == NULL) { 1764 goto done; 1765 } 1766 1767 ndr_err = ndr_pop_dcerpc_sec_verification_trailer(ndr, frame, &vt); 1768 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 1769 goto done; 1770 } 1771 1772 ret = dcerpc_sec_verification_trailer_check(vt, &bitmask1, 1773 &pcontext, &header2); 1774 done: 1775 TALLOC_FREE(frame); 1776 return ret; 1777 } 1545 1778 1546 1779 /**************************************************************************** … … 1553 1786 struct ncacn_packet *pkt) 1554 1787 { 1788 TALLOC_CTX *frame = talloc_stackframe(); 1555 1789 bool ret = False; 1556 bool changed_user = False;1557 1790 PIPE_RPC_FNS *pipe_fns; 1558 1559 if (p->pipe_bound && 1560 ((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) || 1561 (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) || 1562 (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) { 1563 if(!become_authenticated_pipe_user(p->session_info)) { 1564 data_blob_free(&p->out_data.rdata); 1565 return False; 1566 } 1567 changed_user = True; 1568 } 1569 1570 DEBUG(5, ("Requested \\PIPE\\%s\n", 1571 get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); 1791 const char *interface_name = NULL; 1792 1793 if (!p->pipe_bound) { 1794 DEBUG(1, ("Pipe not bound!\n")); 1795 data_blob_free(&p->out_data.rdata); 1796 TALLOC_FREE(frame); 1797 return false; 1798 } 1572 1799 1573 1800 /* get the set of RPC functions for this context */ … … 1575 1802 pipe_fns = find_pipe_fns_by_context(p->contexts, 1576 1803 pkt->u.request.context_id); 1577 1578 if ( pipe_fns ) { 1579 TALLOC_CTX *frame = talloc_stackframe(); 1580 ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds); 1804 if (pipe_fns == NULL) { 1805 DEBUG(0, ("No rpc function table associated with context " 1806 "[%d]\n", 1807 pkt->u.request.context_id)); 1808 data_blob_free(&p->out_data.rdata); 1581 1809 TALLOC_FREE(frame); 1582 } 1583 else { 1584 DEBUG(0, ("No rpc function table associated with context " 1585 "[%d] on pipe [%s]\n", 1586 pkt->u.request.context_id, 1587 get_pipe_name_from_syntax(talloc_tos(), 1588 &p->syntax))); 1589 } 1590 1591 if (changed_user) { 1592 unbecome_authenticated_pipe_user(); 1593 } 1594 1810 return false; 1811 } 1812 1813 interface_name = get_pipe_name_from_syntax(talloc_tos(), 1814 &pipe_fns->syntax); 1815 1816 SMB_ASSERT(interface_name != NULL); 1817 1818 DEBUG(5, ("Requested \\PIPE\\%s\n", 1819 interface_name)); 1820 1821 switch (p->auth.auth_level) { 1822 case DCERPC_AUTH_LEVEL_NONE: 1823 case DCERPC_AUTH_LEVEL_INTEGRITY: 1824 case DCERPC_AUTH_LEVEL_PRIVACY: 1825 break; 1826 default: 1827 if (!pipe_fns->allow_connect) { 1828 DEBUG(1, ("%s: restrict auth_level_connect access " 1829 "to [%s] with auth[type=0x%x,level=0x%x] " 1830 "on [%s] from [%s]\n", 1831 __func__, interface_name, 1832 p->auth.auth_type, 1833 p->auth.auth_level, 1834 derpc_transport_string_by_transport(p->transport), 1835 p->client_id->name)); 1836 1837 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED)); 1838 TALLOC_FREE(frame); 1839 return true; 1840 } 1841 break; 1842 } 1843 1844 if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) { 1845 DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n")); 1846 set_incoming_fault(p); 1847 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED)); 1848 data_blob_free(&p->out_data.rdata); 1849 TALLOC_FREE(frame); 1850 return true; 1851 } 1852 1853 if (!become_authenticated_pipe_user(p->session_info)) { 1854 DEBUG(1, ("Failed to become pipe user!\n")); 1855 data_blob_free(&p->out_data.rdata); 1856 TALLOC_FREE(frame); 1857 return false; 1858 } 1859 1860 ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds, 1861 &pipe_fns->syntax); 1862 unbecome_authenticated_pipe_user(); 1863 1864 TALLOC_FREE(frame); 1595 1865 return ret; 1596 1866 } … … 1601 1871 1602 1872 static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt, 1603 const struct api_struct *api_rpc_cmds, int n_cmds) 1873 const struct api_struct *api_rpc_cmds, int n_cmds, 1874 const struct ndr_syntax_id *syntax) 1604 1875 { 1605 1876 int fn_num; … … 1608 1879 /* interpret the command */ 1609 1880 DEBUG(4,("api_rpcTNP: %s op 0x%x - ", 1610 get_pipe_name_from_syntax(talloc_tos(), &p->syntax),1881 get_pipe_name_from_syntax(talloc_tos(), syntax), 1611 1882 pkt->u.request.opnum)); 1612 1883 … … 1614 1885 fstring name; 1615 1886 slprintf(name, sizeof(name)-1, "in_%s", 1616 get_pipe_name_from_syntax(talloc_tos(), &p->syntax));1887 get_pipe_name_from_syntax(talloc_tos(), syntax)); 1617 1888 dump_pdu_region(name, pkt->u.request.opnum, 1618 1889 &p->in_data.data, 0, … … 1647 1918 if(!api_rpc_cmds[fn_num].fn(p)) { 1648 1919 DEBUG(0,("api_rpcTNP: %s: %s failed.\n", 1649 get_pipe_name_from_syntax(talloc_tos(), &p->syntax),1920 get_pipe_name_from_syntax(talloc_tos(), syntax), 1650 1921 api_rpc_cmds[fn_num].name)); 1651 1922 data_blob_free(&p->out_data.rdata); … … 1653 1924 } 1654 1925 1655 if (p->bad_handle_fault_state) { 1656 DEBUG(4,("api_rpcTNP: bad handle fault return.\n")); 1657 p->bad_handle_fault_state = False; 1658 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_CONTEXT_MISMATCH)); 1659 return True; 1660 } 1661 1662 if (p->rng_fault_state) { 1663 DEBUG(4, ("api_rpcTNP: rng fault return\n")); 1664 p->rng_fault_state = False; 1665 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); 1666 return True; 1926 if (p->fault_state) { 1927 DEBUG(4,("api_rpcTNP: fault(%d) return.\n", p->fault_state)); 1928 setup_fault_pdu(p, NT_STATUS(p->fault_state)); 1929 p->fault_state = 0; 1930 return true; 1667 1931 } 1668 1932 … … 1670 1934 fstring name; 1671 1935 slprintf(name, sizeof(name)-1, "out_%s", 1672 get_pipe_name_from_syntax(talloc_tos(), &p->syntax));1936 get_pipe_name_from_syntax(talloc_tos(), syntax)); 1673 1937 dump_pdu_region(name, pkt->u.request.opnum, 1674 1938 &p->out_data.rdata, offset1, … … 1677 1941 1678 1942 DEBUG(5,("api_rpcTNP: called %s successfully\n", 1679 get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));1943 get_pipe_name_from_syntax(talloc_tos(), syntax))); 1680 1944 1681 1945 /* Check for buffer underflow in rpc parsing */ … … 1719 1983 p->in_data.pdu_needed_len = 0; 1720 1984 p->in_data.pdu.length = 0; 1721 p->fault_state = True; 1722 DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n", 1723 get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); 1985 p->fault_state = DCERPC_NCA_S_PROTO_ERROR; 1986 1987 p->allow_alter = false; 1988 p->allow_auth3 = false; 1989 p->pipe_bound = false; 1990 1991 DEBUG(10, ("Setting fault state\n")); 1724 1992 } 1725 1993 … … 1730 1998 NTSTATUS status; 1731 1999 size_t hdr_size = DCERPC_REQUEST_LENGTH; 1732 size_t pad_len;1733 2000 1734 2001 DEBUG(10, ("Checking request auth.\n")); … … 1741 2008 status = dcerpc_check_auth(auth, pkt, 1742 2009 &pkt->u.request.stub_and_verifier, 1743 hdr_size, raw_pkt, 1744 &pad_len); 2010 hdr_size, raw_pkt); 1745 2011 if (!NT_STATUS_IS_OK(status)) { 1746 2012 return status; 1747 }1748 1749 1750 /* remove padding and auth trailer,1751 * this way the caller will get just the data */1752 if (pkt->auth_length) {1753 size_t trail_len = pad_len1754 + DCERPC_AUTH_TRAILER_LENGTH1755 + pkt->auth_length;1756 if (pkt->u.request.stub_and_verifier.length < trail_len) {1757 return NT_STATUS_INFO_LENGTH_MISMATCH;1758 }1759 pkt->u.request.stub_and_verifier.length -= trail_len;1760 2013 } 1761 2014 … … 1777 2030 set_incoming_fault(p); 1778 2031 return False; 2032 } 2033 2034 /* 2035 * We don't ignore DCERPC_PFC_FLAG_PENDING_CANCEL. 2036 * TODO: we can reject it with DCERPC_FAULT_NO_CALL_ACTIVE later. 2037 */ 2038 status = dcerpc_verify_ncacn_packet_header(pkt, 2039 DCERPC_PKT_REQUEST, 2040 pkt->u.request.stub_and_verifier.length, 2041 0, /* required_flags */ 2042 DCERPC_PFC_FLAG_FIRST | 2043 DCERPC_PFC_FLAG_LAST | 2044 0x08 | /* this is not defined, but should be ignored */ 2045 DCERPC_PFC_FLAG_CONC_MPX | 2046 DCERPC_PFC_FLAG_DID_NOT_EXECUTE | 2047 DCERPC_PFC_FLAG_MAYBE | 2048 DCERPC_PFC_FLAG_OBJECT_UUID); 2049 if (!NT_STATUS_IS_OK(status)) { 2050 DEBUG(1, ("process_request_pdu: invalid pdu: %s\n", 2051 nt_errstr(status))); 2052 NDR_PRINT_DEBUG(ncacn_packet, pkt); 2053 set_incoming_fault(p); 2054 return false; 1779 2055 } 1780 2056 … … 2028 2304 &p->syntax))); 2029 2305 set_incoming_fault(p); 2030 setup_fault_pdu(p, NT_STATUS(DCERPC_ FAULT_OP_RNG_ERROR));2306 setup_fault_pdu(p, NT_STATUS(DCERPC_NCA_S_PROTO_ERROR)); 2031 2307 TALLOC_FREE(pkt); 2032 2308 } else { -
trunk/server/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
r918 r920 2549 2549 struct srvsvc_NetCharDevEnum *r) 2550 2550 { 2551 p-> rng_fault_state = True;2551 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2552 2552 return WERR_NOT_SUPPORTED; 2553 2553 } … … 2556 2556 struct srvsvc_NetCharDevGetInfo *r) 2557 2557 { 2558 p-> rng_fault_state = True;2558 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2559 2559 return WERR_NOT_SUPPORTED; 2560 2560 } … … 2563 2563 struct srvsvc_NetCharDevControl *r) 2564 2564 { 2565 p-> rng_fault_state = True;2565 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2566 2566 return WERR_NOT_SUPPORTED; 2567 2567 } … … 2570 2570 struct srvsvc_NetCharDevQEnum *r) 2571 2571 { 2572 p-> rng_fault_state = True;2572 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2573 2573 return WERR_NOT_SUPPORTED; 2574 2574 } … … 2577 2577 struct srvsvc_NetCharDevQGetInfo *r) 2578 2578 { 2579 p-> rng_fault_state = True;2579 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2580 2580 return WERR_NOT_SUPPORTED; 2581 2581 } … … 2584 2584 struct srvsvc_NetCharDevQSetInfo *r) 2585 2585 { 2586 p-> rng_fault_state = True;2586 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2587 2587 return WERR_NOT_SUPPORTED; 2588 2588 } … … 2591 2591 struct srvsvc_NetCharDevQPurge *r) 2592 2592 { 2593 p-> rng_fault_state = True;2593 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2594 2594 return WERR_NOT_SUPPORTED; 2595 2595 } … … 2598 2598 struct srvsvc_NetCharDevQPurgeSelf *r) 2599 2599 { 2600 p-> rng_fault_state = True;2600 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2601 2601 return WERR_NOT_SUPPORTED; 2602 2602 } … … 2605 2605 struct srvsvc_NetFileGetInfo *r) 2606 2606 { 2607 p-> rng_fault_state = True;2607 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2608 2608 return WERR_NOT_SUPPORTED; 2609 2609 } … … 2612 2612 struct srvsvc_NetShareCheck *r) 2613 2613 { 2614 p-> rng_fault_state = True;2614 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2615 2615 return WERR_NOT_SUPPORTED; 2616 2616 } … … 2619 2619 struct srvsvc_NetServerStatisticsGet *r) 2620 2620 { 2621 p-> rng_fault_state = True;2621 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2622 2622 return WERR_NOT_SUPPORTED; 2623 2623 } … … 2626 2626 struct srvsvc_NetTransportAdd *r) 2627 2627 { 2628 p-> rng_fault_state = True;2628 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2629 2629 return WERR_NOT_SUPPORTED; 2630 2630 } … … 2633 2633 struct srvsvc_NetTransportEnum *r) 2634 2634 { 2635 p-> rng_fault_state = True;2635 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2636 2636 return WERR_NOT_SUPPORTED; 2637 2637 } … … 2640 2640 struct srvsvc_NetTransportDel *r) 2641 2641 { 2642 p-> rng_fault_state = True;2642 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2643 2643 return WERR_NOT_SUPPORTED; 2644 2644 } … … 2647 2647 struct srvsvc_NetSetServiceBits *r) 2648 2648 { 2649 p-> rng_fault_state = True;2649 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2650 2650 return WERR_NOT_SUPPORTED; 2651 2651 } … … 2654 2654 struct srvsvc_NetPathType *r) 2655 2655 { 2656 p-> rng_fault_state = True;2656 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2657 2657 return WERR_NOT_SUPPORTED; 2658 2658 } … … 2661 2661 struct srvsvc_NetPathCanonicalize *r) 2662 2662 { 2663 p-> rng_fault_state = True;2663 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2664 2664 return WERR_NOT_SUPPORTED; 2665 2665 } … … 2668 2668 struct srvsvc_NetPathCompare *r) 2669 2669 { 2670 p-> rng_fault_state = True;2670 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2671 2671 return WERR_NOT_SUPPORTED; 2672 2672 } … … 2675 2675 struct srvsvc_NETRPRNAMECANONICALIZE *r) 2676 2676 { 2677 p-> rng_fault_state = True;2677 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2678 2678 return WERR_NOT_SUPPORTED; 2679 2679 } … … 2682 2682 struct srvsvc_NetPRNameCompare *r) 2683 2683 { 2684 p-> rng_fault_state = True;2684 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2685 2685 return WERR_NOT_SUPPORTED; 2686 2686 } … … 2689 2689 struct srvsvc_NetShareDelStart *r) 2690 2690 { 2691 p-> rng_fault_state = True;2691 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2692 2692 return WERR_NOT_SUPPORTED; 2693 2693 } … … 2696 2696 struct srvsvc_NetShareDelCommit *r) 2697 2697 { 2698 p-> rng_fault_state = True;2698 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2699 2699 return WERR_NOT_SUPPORTED; 2700 2700 } … … 2703 2703 struct srvsvc_NetServerTransportAddEx *r) 2704 2704 { 2705 p-> rng_fault_state = True;2705 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2706 2706 return WERR_NOT_SUPPORTED; 2707 2707 } … … 2710 2710 struct srvsvc_NetServerSetServiceBitsEx *r) 2711 2711 { 2712 p-> rng_fault_state = True;2712 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2713 2713 return WERR_NOT_SUPPORTED; 2714 2714 } … … 2717 2717 struct srvsvc_NETRDFSGETVERSION *r) 2718 2718 { 2719 p-> rng_fault_state = True;2719 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2720 2720 return WERR_NOT_SUPPORTED; 2721 2721 } … … 2724 2724 struct srvsvc_NETRDFSCREATELOCALPARTITION *r) 2725 2725 { 2726 p-> rng_fault_state = True;2726 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2727 2727 return WERR_NOT_SUPPORTED; 2728 2728 } … … 2731 2731 struct srvsvc_NETRDFSDELETELOCALPARTITION *r) 2732 2732 { 2733 p-> rng_fault_state = True;2733 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2734 2734 return WERR_NOT_SUPPORTED; 2735 2735 } … … 2738 2738 struct srvsvc_NETRDFSSETLOCALVOLUMESTATE *r) 2739 2739 { 2740 p-> rng_fault_state = True;2740 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2741 2741 return WERR_NOT_SUPPORTED; 2742 2742 } … … 2745 2745 struct srvsvc_NETRDFSSETSERVERINFO *r) 2746 2746 { 2747 p-> rng_fault_state = True;2747 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2748 2748 return WERR_NOT_SUPPORTED; 2749 2749 } … … 2752 2752 struct srvsvc_NETRDFSCREATEEXITPOINT *r) 2753 2753 { 2754 p-> rng_fault_state = True;2754 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2755 2755 return WERR_NOT_SUPPORTED; 2756 2756 } … … 2759 2759 struct srvsvc_NETRDFSDELETEEXITPOINT *r) 2760 2760 { 2761 p-> rng_fault_state = True;2761 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2762 2762 return WERR_NOT_SUPPORTED; 2763 2763 } … … 2766 2766 struct srvsvc_NETRDFSMODIFYPREFIX *r) 2767 2767 { 2768 p-> rng_fault_state = True;2768 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2769 2769 return WERR_NOT_SUPPORTED; 2770 2770 } … … 2773 2773 struct srvsvc_NETRDFSFIXLOCALVOLUME *r) 2774 2774 { 2775 p-> rng_fault_state = True;2775 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2776 2776 return WERR_NOT_SUPPORTED; 2777 2777 } … … 2780 2780 struct srvsvc_NETRDFSMANAGERREPORTSITEINFO *r) 2781 2781 { 2782 p-> rng_fault_state = True;2782 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2783 2783 return WERR_NOT_SUPPORTED; 2784 2784 } … … 2787 2787 struct srvsvc_NETRSERVERTRANSPORTDELEX *r) 2788 2788 { 2789 p-> rng_fault_state = True;2790 return WERR_NOT_SUPPORTED; 2791 } 2789 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2790 return WERR_NOT_SUPPORTED; 2791 } -
trunk/server/source3/rpc_server/svcctl/srv_svcctl_nt.c
r918 r920 1005 1005 struct svcctl_DeleteService *r) 1006 1006 { 1007 p-> rng_fault_state = True;1007 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1008 1008 return WERR_NOT_SUPPORTED; 1009 1009 } … … 1012 1012 struct svcctl_SetServiceStatus *r) 1013 1013 { 1014 p-> rng_fault_state = True;1014 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1015 1015 return WERR_NOT_SUPPORTED; 1016 1016 } … … 1019 1019 struct svcctl_NotifyBootConfigStatus *r) 1020 1020 { 1021 p-> rng_fault_state = True;1021 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1022 1022 return WERR_NOT_SUPPORTED; 1023 1023 } … … 1026 1026 struct svcctl_SCSetServiceBitsW *r) 1027 1027 { 1028 p-> rng_fault_state = True;1028 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1029 1029 return WERR_NOT_SUPPORTED; 1030 1030 } … … 1033 1033 struct svcctl_ChangeServiceConfigW *r) 1034 1034 { 1035 p-> rng_fault_state = True;1035 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1036 1036 return WERR_NOT_SUPPORTED; 1037 1037 } … … 1040 1040 struct svcctl_CreateServiceW *r) 1041 1041 { 1042 p-> rng_fault_state = True;1042 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1043 1043 return WERR_NOT_SUPPORTED; 1044 1044 } … … 1047 1047 struct svcctl_QueryServiceLockStatusW *r) 1048 1048 { 1049 p-> rng_fault_state = True;1049 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1050 1050 return WERR_NOT_SUPPORTED; 1051 1051 } … … 1054 1054 struct svcctl_GetServiceKeyNameW *r) 1055 1055 { 1056 p-> rng_fault_state = True;1056 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1057 1057 return WERR_NOT_SUPPORTED; 1058 1058 } … … 1061 1061 struct svcctl_SCSetServiceBitsA *r) 1062 1062 { 1063 p-> rng_fault_state = True;1063 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1064 1064 return WERR_NOT_SUPPORTED; 1065 1065 } … … 1068 1068 struct svcctl_ChangeServiceConfigA *r) 1069 1069 { 1070 p-> rng_fault_state = True;1070 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1071 1071 return WERR_NOT_SUPPORTED; 1072 1072 } … … 1075 1075 struct svcctl_CreateServiceA *r) 1076 1076 { 1077 p-> rng_fault_state = True;1077 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1078 1078 return WERR_NOT_SUPPORTED; 1079 1079 } … … 1082 1082 struct svcctl_EnumDependentServicesA *r) 1083 1083 { 1084 p-> rng_fault_state = True;1084 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1085 1085 return WERR_NOT_SUPPORTED; 1086 1086 } … … 1089 1089 struct svcctl_EnumServicesStatusA *r) 1090 1090 { 1091 p-> rng_fault_state = True;1091 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1092 1092 return WERR_NOT_SUPPORTED; 1093 1093 } … … 1096 1096 struct svcctl_OpenSCManagerA *r) 1097 1097 { 1098 p-> rng_fault_state = True;1098 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1099 1099 return WERR_NOT_SUPPORTED; 1100 1100 } … … 1103 1103 struct svcctl_OpenServiceA *r) 1104 1104 { 1105 p-> rng_fault_state = True;1105 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1106 1106 return WERR_NOT_SUPPORTED; 1107 1107 } … … 1110 1110 struct svcctl_QueryServiceConfigA *r) 1111 1111 { 1112 p-> rng_fault_state = True;1112 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1113 1113 return WERR_NOT_SUPPORTED; 1114 1114 } … … 1117 1117 struct svcctl_QueryServiceLockStatusA *r) 1118 1118 { 1119 p-> rng_fault_state = True;1119 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1120 1120 return WERR_NOT_SUPPORTED; 1121 1121 } … … 1124 1124 struct svcctl_StartServiceA *r) 1125 1125 { 1126 p-> rng_fault_state = True;1126 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1127 1127 return WERR_NOT_SUPPORTED; 1128 1128 } … … 1131 1131 struct svcctl_GetServiceDisplayNameA *r) 1132 1132 { 1133 p-> rng_fault_state = True;1133 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1134 1134 return WERR_NOT_SUPPORTED; 1135 1135 } … … 1138 1138 struct svcctl_GetServiceKeyNameA *r) 1139 1139 { 1140 p-> rng_fault_state = True;1140 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1141 1141 return WERR_NOT_SUPPORTED; 1142 1142 } … … 1145 1145 struct svcctl_GetCurrentGroupeStateW *r) 1146 1146 { 1147 p-> rng_fault_state = True;1147 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1148 1148 return WERR_NOT_SUPPORTED; 1149 1149 } … … 1152 1152 struct svcctl_EnumServiceGroupW *r) 1153 1153 { 1154 p-> rng_fault_state = True;1154 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1155 1155 return WERR_NOT_SUPPORTED; 1156 1156 } … … 1159 1159 struct svcctl_ChangeServiceConfig2A *r) 1160 1160 { 1161 p-> rng_fault_state = True;1161 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1162 1162 return WERR_NOT_SUPPORTED; 1163 1163 } … … 1166 1166 struct svcctl_ChangeServiceConfig2W *r) 1167 1167 { 1168 p-> rng_fault_state = True;1168 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1169 1169 return WERR_NOT_SUPPORTED; 1170 1170 } … … 1173 1173 struct svcctl_QueryServiceConfig2A *r) 1174 1174 { 1175 p-> rng_fault_state = True;1175 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1176 1176 return WERR_NOT_SUPPORTED; 1177 1177 } … … 1180 1180 struct EnumServicesStatusExA *r) 1181 1181 { 1182 p-> rng_fault_state = True;1182 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1183 1183 return WERR_NOT_SUPPORTED; 1184 1184 } … … 1187 1187 struct EnumServicesStatusExW *r) 1188 1188 { 1189 p-> rng_fault_state = True;1189 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1190 1190 return WERR_NOT_SUPPORTED; 1191 1191 } … … 1194 1194 struct svcctl_SCSendTSMessage *r) 1195 1195 { 1196 p-> rng_fault_state = True;1197 return WERR_NOT_SUPPORTED; 1198 } 1196 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1197 return WERR_NOT_SUPPORTED; 1198 } -
trunk/server/source3/rpc_server/winreg/srv_winreg_nt.c
r918 r920 761 761 do anything */ 762 762 763 p-> rng_fault_state = True;763 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 764 764 return WERR_NOT_SUPPORTED; 765 765 } … … 949 949 do anything */ 950 950 951 p-> rng_fault_state = True;951 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 952 952 return WERR_NOT_SUPPORTED; 953 953 } … … 963 963 do anything */ 964 964 965 p-> rng_fault_state = True;965 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 966 966 return WERR_NOT_SUPPORTED; 967 967 } … … 977 977 do anything */ 978 978 979 p-> rng_fault_state = True;979 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 980 980 return WERR_NOT_SUPPORTED; 981 981 } … … 1140 1140 do anything */ 1141 1141 1142 p-> rng_fault_state = True;1142 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1143 1143 return WERR_NOT_SUPPORTED; 1144 1144 } -
trunk/server/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
r862 r920 406 406 { 407 407 /* FIXME: Add implementation code here */ 408 p-> rng_fault_state = True;408 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 409 409 return WERR_NOT_SUPPORTED; 410 410 } … … 609 609 { 610 610 /* FIXME: Add implementation code here */ 611 p-> rng_fault_state = True;611 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 612 612 return WERR_NOT_SUPPORTED; 613 613 } … … 620 620 { 621 621 /* FIXME: Add implementation code here */ 622 p-> rng_fault_state = True;622 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 623 623 return WERR_NOT_SUPPORTED; 624 624 } … … 631 631 { 632 632 /* FIXME: Add implementation code here */ 633 p-> rng_fault_state = True;633 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 634 634 return WERR_NOT_SUPPORTED; 635 635 } … … 642 642 { 643 643 /* FIXME: Add implementation code here */ 644 p-> rng_fault_state = True;644 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 645 645 return WERR_NOT_SUPPORTED; 646 646 } … … 653 653 { 654 654 /* FIXME: Add implementation code here */ 655 p-> rng_fault_state = True;655 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 656 656 return WERR_NOT_SUPPORTED; 657 657 } … … 664 664 { 665 665 /* FIXME: Add implementation code here */ 666 p-> rng_fault_state = True;666 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 667 667 return WERR_NOT_SUPPORTED; 668 668 } … … 675 675 { 676 676 /* FIXME: Add implementation code here */ 677 p-> rng_fault_state = True;677 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 678 678 return WERR_NOT_SUPPORTED; 679 679 } … … 686 686 { 687 687 /* FIXME: Add implementation code here */ 688 p-> rng_fault_state = True;688 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 689 689 return WERR_NOT_SUPPORTED; 690 690 } … … 697 697 { 698 698 /* FIXME: Add implementation code here */ 699 p-> rng_fault_state = True;699 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 700 700 return WERR_NOT_SUPPORTED; 701 701 } … … 708 708 { 709 709 /* FIXME: Add implementation code here */ 710 p-> rng_fault_state = True;710 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 711 711 return WERR_NOT_SUPPORTED; 712 712 } … … 719 719 { 720 720 /* FIXME: Add implementation code here */ 721 p-> rng_fault_state = True;721 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 722 722 return WERR_NOT_SUPPORTED; 723 723 } … … 730 730 { 731 731 /* FIXME: Add implementation code here */ 732 p-> rng_fault_state = True;732 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 733 733 return WERR_NOT_SUPPORTED; 734 734 } … … 741 741 { 742 742 /* FIXME: Add implementation code here */ 743 p-> rng_fault_state = True;743 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 744 744 return WERR_NOT_SUPPORTED; 745 745 } … … 752 752 { 753 753 /* FIXME: Add implementation code here */ 754 p-> rng_fault_state = True;754 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 755 755 return WERR_NOT_SUPPORTED; 756 756 } … … 763 763 { 764 764 /* FIXME: Add implementation code here */ 765 p-> rng_fault_state = True;765 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 766 766 return WERR_NOT_SUPPORTED; 767 767 } … … 774 774 { 775 775 /* FIXME: Add implementation code here */ 776 p-> rng_fault_state = True;776 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 777 777 return WERR_NOT_SUPPORTED; 778 778 } … … 785 785 { 786 786 /* FIXME: Add implementation code here */ 787 p-> rng_fault_state = True;787 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 788 788 return WERR_NOT_SUPPORTED; 789 789 } … … 796 796 { 797 797 /* FIXME: Add implementation code here */ 798 p-> rng_fault_state = True;798 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 799 799 return WERR_NOT_SUPPORTED; 800 800 } … … 807 807 { 808 808 /* FIXME: Add implementation code here */ 809 p-> rng_fault_state = True;809 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 810 810 return WERR_NOT_SUPPORTED; 811 811 } … … 963 963 { 964 964 /* for now just return not supported */ 965 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 965 966 return WERR_NOT_SUPPORTED; 966 967 } … … 973 974 { 974 975 /* FIXME: Add implementation code here */ 975 p-> rng_fault_state = True;976 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 976 977 return WERR_NOT_SUPPORTED; 977 978 } … … 984 985 { 985 986 /* FIXME: Add implementation code here */ 986 p-> rng_fault_state = True;987 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 987 988 return WERR_NOT_SUPPORTED; 988 989 } … … 995 996 { 996 997 /* FIXME: Add implementation code here */ 997 p-> rng_fault_state = True;998 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 998 999 return WERR_NOT_SUPPORTED; 999 1000 } … … 1006 1007 { 1007 1008 /* FIXME: Add implementation code here */ 1008 p-> rng_fault_state = True;1009 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1009 1010 return WERR_NOT_SUPPORTED; 1010 1011 } … … 1017 1018 { 1018 1019 /* FIXME: Add implementation code here */ 1019 p-> rng_fault_state = True;1020 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1020 1021 return WERR_NOT_SUPPORTED; 1021 1022 } … … 1028 1029 { 1029 1030 /* FIXME: Add implementation code here */ 1030 p-> rng_fault_state = True;1031 return WERR_NOT_SUPPORTED; 1032 } 1031 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 1032 return WERR_NOT_SUPPORTED; 1033 } -
trunk/server/source3/rpcclient/rpcclient.c
r918 r920 1032 1032 } 1033 1033 1034 if (binding->flags & DCERPC_CONNECT) { 1035 pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; 1036 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; 1037 } 1034 1038 if (binding->flags & DCERPC_SIGN) { 1035 1039 pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; … … 1045 1049 } 1046 1050 if (binding->flags & DCERPC_AUTH_NTLM) { 1047 /* If neither Integrity or Privacy are requested then1048 * Use just Connect level */1049 if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {1050 pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;1051 }1052 1053 1051 if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) { 1054 1052 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; … … 1058 1056 } 1059 1057 if (binding->flags & DCERPC_AUTH_KRB5) { 1060 /* If neither Integrity or Privacy are requested then1061 * Use just Connect level */1062 if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {1063 pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;1064 }1065 1066 1058 if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) { 1067 1059 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5; 1068 1060 } else { 1069 1061 pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5; 1062 } 1063 } 1064 if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) { 1065 /* If nothing is requested then default to integrity */ 1066 if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { 1067 pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; 1070 1068 } 1071 1069 } -
trunk/server/source3/selftest/knownfail
r918 r920 19 19 samba3.*rap.sam.*.userdelete # Not provided by Samba 3 20 20 samba3.*rap.basic.*.netsessiongetinfo # Not provided by Samba 3 21 samba3.blackbox.rpcclient.over.ncacn_np.with.*connect.* # we don't allow auth_level_connect anymore 22 samba3.posix_s3.rpc.lsa.lookupsids.*ncacn_ip_tcp.*connect.* # we don't allow auth_level_connect anymore -
trunk/server/source3/selftest/skip
r862 r920 23 23 samba3.*raw.qfsinfo 24 24 samba3.*raw.sfileinfo.base 25 # skip, don't work for badlock backports 26 samba3.posix_s3.raw.eas 27 samba3.posix_s3.raw.rename 28 samba3.posix_s3.raw.search 29 samba3.posix_s3.raw.streams -
trunk/server/source3/selftest/tests.py
r918 r920 202 202 elif t == "raw.samba3posixtimedlock": 203 203 plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/dc/share') 204 elif t == "rpc.samr.passwords.validate": 205 plansmbtorturetestsuite(t, "s3dc", 'ncacn_np:$SERVER_IP[seal] -U$USERNAME%$PASSWORD', 'over ncacn_np ') 204 206 else: 205 207 plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') … … 209 211 210 212 test = 'rpc.lsa.lookupsids' 211 auth_options = ["", "ntlm", "spnego" ]213 auth_options = ["", "ntlm", "spnego", "spnego,ntlm" ] 212 214 signseal_options = ["", ",connect", ",sign", ",seal"] 213 215 smb_options = ["", ",smb2"] … … 220 222 options = binding_string + " -U$USERNAME%$PASSWORD" 221 223 plansmbtorturetestsuite(test, "s3dc", options, 'over ncacn_np with [%s%s%s%s] ' % (a, s, z, e)) 224 plantestsuite("samba3.blackbox.rpcclient over ncacn_np with [%s%s%s%s] " % (a, s, z, e), "s3dc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient.sh"), 225 "none", options, configuration]) 226 222 227 for e in endianness_options: 223 228 for a in auth_options: -
trunk/server/source3/smbd/conn.c
r862 r920 24 24 #include "smbd/globals.h" 25 25 #include "rpc_server/rpc_ncacn_np.h" 26 #include "lib/util/bitmap.h" 26 27 27 28 /* The connections bitmap is expanded in increments of BITMAP_BLOCK_SZ. The -
trunk/server/source3/smbd/dir.c
r862 r920 24 24 #include "smbd/globals.h" 25 25 #include "libcli/security/security.h" 26 #include "lib/util/bitmap.h" 26 27 27 28 /* -
trunk/server/source3/smbd/files.c
r918 r920 23 23 #include "libcli/security/security.h" 24 24 #include "util_tdb.h" 25 #include "lib/util/bitmap.h" 25 26 26 27 #define VALID_FNUM(fnum) (((fnum) >= 0) && ((fnum) < real_max_open_files)) -
trunk/server/source3/smbd/smb2_server.c
r862 r920 27 27 #include "../lib/util/tevent_ntstatus.h" 28 28 #include "smbprofile.h" 29 #include "../lib/util/bitmap.h" 29 30 30 31 #define OUTVEC_ALLOC_SIZE (SMB2_HDR_BODY + 9) -
trunk/server/source3/smbd/vfs.c
r918 r920 991 991 const char *conn_rootdir; 992 992 size_t rootdir_len; 993 bool matched; 993 994 994 995 conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname); … … 1001 1002 1002 1003 rootdir_len = strlen(conn_rootdir); 1003 if (strncmp(conn_rootdir, resolved_name, 1004 rootdir_len) != 0) { 1004 matched = (strncmp(conn_rootdir, resolved_name, 1005 rootdir_len) == 0); 1006 if (!matched || (resolved_name[rootdir_len] != '/' && 1007 resolved_name[rootdir_len] != '\0')) { 1005 1008 DEBUG(2, ("check_reduced_name: Bad access " 1006 1009 "attempt: %s is a symlink outside the " -
trunk/server/source3/winbindd/winbindd_cm.c
r862 r920 2385 2385 2386 2386 anonymous: 2387 if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) { 2388 status = NT_STATUS_DOWNGRADE_DETECTED; 2389 DEBUG(1, ("Unwilling to make SAMR connection to domain %s " 2390 "without connection level security, " 2391 "must set 'winbind sealed pipes = false' " 2392 "to proceed: %s\n", 2393 domain->name, nt_errstr(status))); 2394 goto done; 2395 } 2387 2396 2388 2397 /* Finally fall back to anonymous. */ … … 2611 2620 anonymous: 2612 2621 2622 if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) { 2623 result = NT_STATUS_DOWNGRADE_DETECTED; 2624 DEBUG(1, ("Unwilling to make LSA connection to domain %s " 2625 "without connection level security, " 2626 "must set 'winbind sealed pipes = false' " 2627 "to proceed: %s\n", 2628 domain->name, nt_errstr(result))); 2629 goto done; 2630 } 2631 2613 2632 result = cli_rpc_pipe_open_noauth(conn->cli, 2614 2633 &ndr_table_lsarpc.syntax_id, … … 2750 2769 no_schannel: 2751 2770 if ((lp_client_schannel() == False) || 2752 ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) { 2771 ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) { 2772 if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) { 2773 result = NT_STATUS_DOWNGRADE_DETECTED; 2774 DEBUG(1, ("Unwilling to make connection to domain %s " 2775 "without connection level security, " 2776 "must set 'winbind sealed pipes = false' " 2777 "to proceed: %s\n", 2778 domain->name, nt_errstr(result))); 2779 TALLOC_FREE(netlogon_pipe); 2780 invalidate_cm_connection(conn); 2781 return result; 2782 } 2753 2783 /* 2754 2784 * NetSamLogonEx only works for schannel -
trunk/server/source4/heimdal/cf/make-proto.pl
r918 r920 2 2 # $Id$ 3 3 4 ##use Getopt::Std;5 require 'getopts.pl';4 use Getopt::Std; 5 #require 'getopts.pl'; 6 6 7 7 my $comment = 0; … … 13 13 my $private_func_re = "^_"; 14 14 15 Getopts('x:m:o:p:dqE:R:P:') || die "foo";15 getopts('x:m:o:p:dqE:R:P:') || die "foo"; 16 16 17 17 if($opt_d) { -
trunk/server/source4/lib/ldb/wscript
r918 r920 136 136 vnum=VERSION, 137 137 private_library=private_library, 138 manpages='man/ldb.3', 139 abi_directory = 'ABI', 140 abi_match = abi_match) 138 manpages='man/ldb.3') 141 139 142 140 # generate a include/ldb_version.h -
trunk/server/source4/librpc/rpc/dcerpc.c
r862 r920 700 700 default: 701 701 return NT_STATUS_INVALID_LEVEL; 702 } 703 704 if (pkt->auth_length == 0) { 705 return NT_STATUS_INVALID_NETWORK_RESPONSE; 706 } 707 708 if (c->security_state.generic_state == NULL) { 709 return NT_STATUS_INTERNAL_ERROR; 702 710 } 703 711 … … 1075 1083 1076 1084 /* the bind_ack might contain a reply set of credentials */ 1077 if (conn->security_state.auth_info && pkt-> u.bind_ack.auth_info.length) {1085 if (conn->security_state.auth_info && pkt->auth_length) { 1078 1086 NTSTATUS status; 1079 1087 uint32_t auth_length; … … 1848 1856 1849 1857 /* the alter_resp might contain a reply set of credentials */ 1850 if (recv_pipe->conn->security_state.auth_info && 1851 pkt->u.alter_resp.auth_info.length) { 1858 if (recv_pipe->conn->security_state.auth_info && pkt->auth_length) { 1852 1859 struct dcecli_connection *conn = recv_pipe->conn; 1853 1860 NTSTATUS status; -
trunk/server/source4/librpc/rpc/dcerpc_util.c
r918 r920 594 594 /* Perform an authenticated DCE-RPC bind 595 595 */ 596 if (!(conn->flags & (DCERPC_ SIGN|DCERPC_SEAL))) {596 if (!(conn->flags & (DCERPC_CONNECT|DCERPC_SEAL))) { 597 597 /* 598 598 we are doing an authenticated connection, 599 but not using sign or seal. We must force600 the CONNECT dcerpc auth type as a NONE auth601 type doesn't allow authentication602 information to be passed.599 which needs to use [connect], [sign] or [seal]. 600 If nothing is specified, we default to [sign] now. 601 This give roughly the same protection as 602 ncacn_np with smb signing. 603 603 */ 604 conn->flags |= DCERPC_ CONNECT;604 conn->flags |= DCERPC_SIGN; 605 605 } 606 606 -
trunk/server/source4/rpc_server/dcesrv_auth.c
r745 r920 47 47 uint32_t auth_length; 48 48 49 if (pkt-> u.bind.auth_info.length == 0) {49 if (pkt->auth_length == 0) { 50 50 dce_conn->auth_state.auth_info = NULL; 51 51 return true; … … 109 109 NTSTATUS status; 110 110 111 if ( !call->conn->auth_state.gensec_security) {111 if (call->pkt.auth_length == 0) { 112 112 return NT_STATUS_OK; 113 113 } … … 156 156 uint32_t auth_length; 157 157 158 /* We can't work without an existing gensec state, and an new blob to feed it */ 159 if (!dce_conn->auth_state.auth_info || 160 !dce_conn->auth_state.gensec_security || 161 pkt->u.auth3.auth_info.length == 0) { 158 if (pkt->auth_length == 0) { 159 return false; 160 } 161 162 if (!dce_conn->auth_state.auth_info) { 163 return false; 164 } 165 166 /* We can't work without an existing gensec state */ 167 if (!dce_conn->auth_state.gensec_security) { 162 168 return false; 163 169 } … … 204 210 205 211 /* on a pure interface change there is no auth blob */ 206 if (pkt-> u.alter.auth_info.length == 0) {212 if (pkt->auth_length == 0) { 207 213 return true; 208 214 } … … 239 245 /* on a pure interface change there is no auth_info structure 240 246 setup */ 241 if (!call->conn->auth_state.auth_info || 242 dce_conn->auth_state.auth_info->credentials.length == 0) { 247 if (call->pkt.auth_length == 0) { 243 248 return NT_STATUS_OK; 244 249 } … … 313 318 314 319 default: 320 return false; 321 } 322 323 if (pkt->auth_length == 0) { 324 DEBUG(1,("dcesrv_auth_request: unexpected auth_length of 0\n")); 315 325 return false; 316 326 } -
trunk/server/source4/torture/basic/base.c
r918 r920 1477 1477 { 1478 1478 bool nt_status_support; 1479 bool client_ntlmv2_auth; 1479 1480 struct smbcli_state *cli_nt = NULL, *cli_dos = NULL; 1480 1481 bool result = false; … … 1486 1487 1487 1488 nt_status_support = lpcfg_nt_status_support(tctx->lp_ctx); 1489 client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(tctx->lp_ctx); 1488 1490 1489 1491 if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "yes")) { … … 1491 1493 goto fail; 1492 1494 } 1495 if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "yes")) { 1496 torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = yes'\n"); 1497 goto fail; 1498 } 1493 1499 1494 1500 if (!torture_open_connection(&cli_nt, tctx, 0)) { … … 1497 1503 1498 1504 if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "no")) { 1499 torture_comment(tctx, "Could not set 'nt status support = yes'\n"); 1505 torture_result(tctx, TORTURE_FAIL, "Could not set 'nt status support = no'\n"); 1506 goto fail; 1507 } 1508 if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "no")) { 1509 torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = no'\n"); 1500 1510 goto fail; 1501 1511 } … … 1507 1517 if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", 1508 1518 nt_status_support ? "yes":"no")) { 1509 torture_comment(tctx, "Could not reset 'nt status support = yes'"); 1519 torture_result(tctx, TORTURE_FAIL, "Could not reset 'nt status support'"); 1520 goto fail; 1521 } 1522 if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", 1523 client_ntlmv2_auth ? "yes":"no")) { 1524 torture_result(tctx, TORTURE_FAIL, "Could not reset 'client ntlmv2 auth'"); 1510 1525 goto fail; 1511 1526 } -
trunk/server/source4/torture/ndr/dfsblob.c
r918 r920 75 75 struct torture_suite *suite = torture_suite_create(ctx, "dfsblob"); 76 76 77 torture_suite_add_ndr_pull_ fn_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NDR_IN, NULL);77 torture_suite_add_ndr_pull_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NULL); 78 78 79 torture_suite_add_ndr_pull_ fn_test(suite, dfs_referral_resp, dfs_get_ref_out2, NDR_BUFFERS|NDR_SCALARS, NULL);79 torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out2, NULL); 80 80 81 torture_suite_add_ndr_pull_ fn_test(suite, dfs_referral_resp, dfs_get_ref_out, NDR_BUFFERS|NDR_SCALARS,dfs_referral_out_check);81 torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out,dfs_referral_out_check); 82 82 83 83 return suite; -
trunk/server/source4/torture/ndr/drsblobs.c
r918 r920 116 116 }; 117 117 118 /* these are taken from the trust objects of a w2k8r2 forest, with a 119 * trust relationship between the forest parent and a child domain 120 */ 121 static const char *trustAuthIncoming = 122 "AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H" 123 "jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+" 124 "jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ" 125 "hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/" 126 "JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3" 127 "PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu" 128 "J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF" 129 "t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ" 130 "wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7" 131 "CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA=="; 132 133 static const char *trustAuthOutgoing = 134 "AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H" 135 "jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+" 136 "jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ" 137 "hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/" 138 "JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3" 139 "PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu" 140 "J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF" 141 "t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ" 142 "wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7" 143 "CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA=="; 144 145 118 146 static bool trust_domain_passwords_check_in(struct torture_context *tctx, 119 147 struct trustDomainPasswords *r) … … 155 183 struct torture_suite *suite = torture_suite_create(ctx, "drsblobs"); 156 184 157 torture_suite_add_ndr_pull_fn_test(suite, ForestTrustInfo, forest_trust_info_data_out, NDR_IN, forest_trust_info_check_out); 158 torture_suite_add_ndr_pull_fn_test(suite, trustDomainPasswords, trust_domain_passwords_in, NDR_IN, trust_domain_passwords_check_in); 185 torture_suite_add_ndr_pull_test(suite, ForestTrustInfo, forest_trust_info_data_out, forest_trust_info_check_out); 186 torture_suite_add_ndr_pull_test(suite, trustDomainPasswords, trust_domain_passwords_in, trust_domain_passwords_check_in); 187 188 #if 0 189 torture_suite_add_ndr_pullpush_test(suite, 190 trustAuthInOutBlob, 191 base64_decode_data_blob_talloc(suite, trustAuthIncoming), 192 NULL); 193 194 torture_suite_add_ndr_pullpush_test(suite, 195 trustAuthInOutBlob, 196 base64_decode_data_blob_talloc(suite, trustAuthOutgoing), 197 NULL); 198 #endif 159 199 160 200 return suite; -
trunk/server/source4/torture/ndr/nbt.c
r918 r920 63 63 struct torture_suite *suite = torture_suite_create(ctx, "nbt"); 64 64 65 torture_suite_add_ndr_pull_ fn_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, NDR_IN, netlogon_logon_request_req_check);65 torture_suite_add_ndr_pull_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, netlogon_logon_request_req_check); 66 66 67 torture_suite_add_ndr_pull_ fn_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, NDR_IN, netlogon_logon_request_resp_check);67 torture_suite_add_ndr_pull_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, netlogon_logon_request_resp_check); 68 68 69 69 return suite; -
trunk/server/source4/torture/ndr/ndr.c
r918 r920 30 30 size_t struct_size; 31 31 ndr_pull_flags_fn_t pull_fn; 32 ndr_push_flags_fn_t push_fn; 32 33 int ndr_flags; 34 int flags; 33 35 }; 34 36 35 static bool wrap_ndr_pull _test(struct torture_context *tctx,36 37 37 static bool wrap_ndr_pullpush_test(struct torture_context *tctx, 38 struct torture_tcase *tcase, 39 struct torture_test *test) 38 40 { 39 41 bool (*check_fn) (struct torture_context *ctx, void *data) = test->fn; 40 42 const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data; 41 void *ds = talloc_zero_size(tctx, data->struct_size);42 43 struct ndr_pull *ndr = ndr_pull_init_blob(&(data->data), tctx); 44 void *ds = talloc_zero_size(ndr, data->struct_size); 45 bool ret; 46 uint32_t highest_ofs; 47 48 ndr->flags |= data->flags; 43 49 44 50 ndr->flags |= LIBNDR_FLAG_REF_ALLOC; … … 47 53 "pulling"); 48 54 49 torture_assert(tctx, ndr->offset == ndr->data_size, 55 if (ndr->offset > ndr->relative_highest_offset) { 56 highest_ofs = ndr->offset; 57 } else { 58 highest_ofs = ndr->relative_highest_offset; 59 } 60 61 torture_assert(tctx, highest_ofs == ndr->data_size, 50 62 talloc_asprintf(tctx, 51 "%d unread bytes", ndr->data_size - ndr->offset)); 52 53 if (check_fn != NULL) 54 return check_fn(tctx, ds); 55 else 56 return true; 57 } 58 59 _PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_test( 60 struct torture_suite *suite, 61 const char *name, ndr_pull_flags_fn_t pull_fn, 62 DATA_BLOB db, 63 size_t struct_size, 64 int ndr_flags, 65 bool (*check_fn) (struct torture_context *ctx, void *data)) 63 "%d unread bytes", ndr->data_size - highest_ofs)); 64 65 if (check_fn != NULL) { 66 ret = check_fn(tctx, ds); 67 } else { 68 ret = true; 69 } 70 71 if (data->push_fn != NULL) { 72 DATA_BLOB outblob; 73 torture_assert_ndr_success(tctx, ndr_push_struct_blob(&outblob, ndr, ds, data->push_fn), "pushing"); 74 torture_assert_data_blob_equal(tctx, outblob, data->data, "ndr push compare"); 75 } 76 77 talloc_free(ndr); 78 return ret; 79 } 80 81 _PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test( 82 struct torture_suite *suite, 83 const char *name, 84 ndr_pull_flags_fn_t pull_fn, 85 ndr_push_flags_fn_t push_fn, 86 DATA_BLOB db, 87 size_t struct_size, 88 int ndr_flags, 89 int flags, 90 bool (*check_fn) (struct torture_context *ctx, void *data)) 66 91 { 67 92 struct torture_test *test; … … 75 100 test->name = talloc_strdup(test, name); 76 101 test->description = NULL; 77 test->run = wrap_ndr_pull_test; 102 test->run = wrap_ndr_pullpush_test; 103 78 104 data = talloc(test, struct ndr_pull_test_data); 79 105 data->data = db; 80 106 data->ndr_flags = ndr_flags; 107 data->flags = flags; 81 108 data->struct_size = struct_size; 82 109 data->pull_fn = pull_fn; 110 data->push_fn = push_fn; 111 83 112 test->data = data; 84 113 test->fn = check_fn; … … 89 118 return test; 90 119 } 120 91 121 92 122 static bool wrap_ndr_inout_pull_test(struct torture_context *tctx, … … 98 128 void *ds = talloc_zero_size(tctx, data->struct_size); 99 129 struct ndr_pull *ndr; 130 uint32_t highest_ofs; 100 131 101 132 /* handle NDR_IN context */ … … 110 141 "ndr pull of context failed"); 111 142 112 torture_assert(tctx, ndr->offset == ndr->data_size, 113 talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - ndr->offset)); 143 if (ndr->offset > ndr->relative_highest_offset) { 144 highest_ofs = ndr->offset; 145 } else { 146 highest_ofs = ndr->relative_highest_offset; 147 } 148 149 torture_assert(tctx, highest_ofs == ndr->data_size, 150 talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs)); 114 151 115 152 talloc_free(ndr); … … 126 163 "ndr pull failed"); 127 164 128 torture_assert(tctx, ndr->offset == ndr->data_size, 129 talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - ndr->offset)); 165 if (ndr->offset > ndr->relative_highest_offset) { 166 highest_ofs = ndr->offset; 167 } else { 168 highest_ofs = ndr->relative_highest_offset; 169 } 170 171 torture_assert(tctx, highest_ofs == ndr->data_size, 172 talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs)); 130 173 131 174 talloc_free(ndr); -
trunk/server/source4/torture/ndr/ndr.h
r918 r920 25 25 #include "libcli/security/security.h" 26 26 27 _PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull _test(27 _PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test( 28 28 struct torture_suite *suite, 29 const char *name, ndr_pull_flags_fn_t fn, 29 const char *name, 30 ndr_pull_flags_fn_t pull_fn, 31 ndr_push_flags_fn_t push_fn, 30 32 DATA_BLOB db, 31 33 size_t struct_size, 32 34 int ndr_flags, 35 int flags, 33 36 bool (*check_fn) (struct torture_context *, void *data)); 34 37 … … 42 45 43 46 #define torture_suite_add_ndr_pull_test(suite,name,data,check_fn) \ 44 _torture_suite_add_ndr_pull _test(suite, #name, \45 (ndr_pull_flags_fn_t)ndr_pull_ ## name, data_blob_talloc(suite,data, sizeof(data)), \46 sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, (bool (*) (struct torture_context *, void *)) check_fn);47 _torture_suite_add_ndr_pullpush_test(suite, #name, \ 48 (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \ 49 sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, 0, (bool (*) (struct torture_context *, void *)) check_fn); 47 50 48 51 #define torture_suite_add_ndr_pull_fn_test(suite,name,data,flags,check_fn) \ 49 _torture_suite_add_ndr_pull_test(suite, #name "_" #flags, \ 50 (ndr_pull_flags_fn_t)ndr_pull_ ## name, data_blob_talloc(suite, data, sizeof(data)), \ 51 sizeof(struct name), flags, (bool (*) (struct torture_context *, void *)) check_fn); 52 _torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags, \ 53 (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \ 54 sizeof(struct name), flags, 0, (bool (*) (struct torture_context *, void *)) check_fn); 55 56 #define torture_suite_add_ndr_pull_fn_test_flags(suite,name,data,flags,flags2,check_fn) \ 57 _torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags "_" #flags2, \ 58 (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \ 59 sizeof(struct name), flags, flags2, (bool (*) (struct torture_context *, void *)) check_fn); 60 61 #define torture_suite_add_ndr_pullpush_test(suite,name,data_blob,check_fn) \ 62 _torture_suite_add_ndr_pullpush_test(suite, #name, \ 63 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \ 64 (ndr_push_flags_fn_t)ndr_push_ ## name, \ 65 data_blob, \ 66 sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, 0, (bool (*) (struct torture_context *, void *)) check_fn); 52 67 53 68 #define torture_suite_add_ndr_pull_io_test(suite,name,data_in,data_out,check_fn_out) \ 54 69 _torture_suite_add_ndr_pull_inout_test(suite, #name "_INOUT", \ 55 70 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \ 56 data_blob_ talloc(suite,data_in, sizeof(data_in)), \57 data_blob_ talloc(suite,data_out, sizeof(data_out)), \71 data_blob_const(data_in, sizeof(data_in)), \ 72 data_blob_const(data_out, sizeof(data_out)), \ 58 73 sizeof(struct name), \ 59 74 (bool (*) (struct torture_context *, void *)) check_fn_out); -
trunk/server/source4/torture/ndr/ntlmssp.c
r918 r920 112 112 struct torture_suite *suite = torture_suite_create(ctx, "ntlmssp"); 113 113 114 torture_suite_add_ndr_pull_fn_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, NDR_IN, ntlmssp_NEGOTIATE_MESSAGE_check); 115 /* torture_suite_add_ndr_pull_fn_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, NDR_IN, ntlmssp_CHALLENGE_MESSAGE_check); 116 torture_suite_add_ndr_pull_fn_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, NDR_IN, ntlmssp_AUTHENTICATE_MESSAGE_check); */ 117 114 torture_suite_add_ndr_pull_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, ntlmssp_NEGOTIATE_MESSAGE_check); 115 #if 0 116 torture_suite_add_ndr_pull_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, ntlmssp_CHALLENGE_MESSAGE_check); 117 torture_suite_add_ndr_pull_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, ntlmssp_AUTHENTICATE_MESSAGE_check); 118 #endif 118 119 return suite; 119 120 } -
trunk/server/source4/torture/raw/samba3misc.c
r918 r920 341 341 TALLOC_CTX *mem_ctx; 342 342 bool nt_status_support; 343 bool client_ntlmv2_auth; 343 344 344 345 if (!(mem_ctx = talloc_init("torture_samba3_badpath"))) { … … 348 349 349 350 nt_status_support = lpcfg_nt_status_support(torture->lp_ctx); 350 351 if (!lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes")) { 352 printf("Could not set 'nt status support = yes'\n"); 353 goto fail; 354 } 351 client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(torture->lp_ctx); 352 353 torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes"), ret, fail, "Could not set 'nt status support = yes'\n"); 354 torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "yes"), ret, fail, "Could not set 'client ntlmv2 auth = yes'\n"); 355 355 356 356 if (!torture_open_connection(&cli_nt, torture, 0)) { … … 358 358 } 359 359 360 if (!lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no")) { 361 printf("Could not set 'nt status support = yes'\n"); 362 goto fail; 363 } 360 torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no"), ret, fail, "Could not set 'nt status support = no'\n"); 361 torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "no"), ret, fail, "Could not set 'client ntlmv2 auth = no'\n"); 364 362 365 363 if (!torture_open_connection(&cli_dos, torture, 1)) { … … 374 372 375 373 smbcli_deltree(cli_nt->tree, dirname); 374 torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", 375 nt_status_support ? "yes":"no"), 376 ret, fail, "Could not set 'nt status support' back to where it was\n"); 377 torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", 378 client_ntlmv2_auth ? "yes":"no"), 379 ret, fail, "Could not set 'client ntlmv2 auth' back to where it was\n"); 376 380 377 381 status = smbcli_mkdir(cli_nt->tree, dirname); -
trunk/server/source4/torture/rpc/rpc.c
r918 r920 502 502 torture_suite_add_suite(suite, torture_rpc_samr_passwords_badpwdcount(suite)); 503 503 torture_suite_add_suite(suite, torture_rpc_samr_passwords_lockout(suite)); 504 torture_suite_add_suite(suite, torture_rpc_samr_passwords_validate(suite)); 504 505 torture_suite_add_suite(suite, torture_rpc_samr_user_privileges(suite)); 505 506 torture_suite_add_suite(suite, torture_rpc_samr_large_dc(suite)); -
trunk/server/source4/torture/rpc/samba3rpc.c
r918 r920 1123 1123 names_blob = NTLMv2_generate_names_blob( 1124 1124 mem_ctx, 1125 cli_credentials_get_workstation( user_creds),1126 cli_credentials_get_domain( user_creds));1125 cli_credentials_get_workstation(wks_creds), 1126 cli_credentials_get_domain(wks_creds)); 1127 1127 status = cli_credentials_get_ntlm_response( 1128 1128 user_creds, mem_ctx, &flags, chal, names_blob, -
trunk/server/source4/torture/rpc/samr.c
r862 r920 7939 7939 7940 7940 7941 static bool test_samr_ValidatePassword(struct dcerpc_pipe *p,7942 struct torture_context *tctx)7941 static bool test_samr_ValidatePassword(struct torture_context *tctx, 7942 struct dcerpc_pipe *p) 7943 7943 { 7944 7944 struct samr_ValidatePassword r; … … 7952 7952 torture_comment(tctx, "Testing samr_ValidatePassword\n"); 7953 7953 7954 if (p->conn->transport.transport != NCACN_IP_TCP) { 7955 torture_comment(tctx, "samr_ValidatePassword only should succeed over NCACN_IP_TCP!\n"); 7956 } 7957 7954 7958 ZERO_STRUCT(r); 7955 7959 r.in.level = NetValidatePasswordReset; … … 8075 8079 ret &= test_samr_handle_Close(b, torture, &ctx->handle); 8076 8080 8077 ret &= test_samr_ValidatePassword(p, torture);8078 8079 8081 return ret; 8080 8082 } … … 8371 8373 } 8372 8374 8373 8375 struct torture_suite *torture_rpc_samr_passwords_validate(TALLOC_CTX *mem_ctx) 8376 { 8377 struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.validate"); 8378 struct torture_rpc_tcase *tcase; 8379 8380 tcase = torture_suite_add_rpc_iface_tcase(suite, "samr", 8381 &ndr_table_samr); 8382 torture_rpc_tcase_add_test(tcase, "validate", 8383 test_samr_ValidatePassword); 8384 8385 return suite; 8386 }
Note:
See TracChangeset
for help on using the changeset viewer.
