librpc/rpc: add support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN

author Stefan Metzmacher <metze@samba.org>

Wed, 6 Aug 2008 19:35:07 +0000 (21:35 +0200)

committer Stefan Metzmacher <metze@samba.org>

Thu, 7 Aug 2008 13:40:20 +0000 (15:40 +0200)
author Stefan Metzmacher <metze@samba.org>
Wed, 6 Aug 2008 19:35:07 +0000 (21:35 +0200)
committer Stefan Metzmacher <metze@samba.org>
Thu, 7 Aug 2008 13:40:20 +0000 (15:40 +0200)
diff --git a/source/librpc/rpc/binding.c b/source/librpc/rpc/binding.c

index ae88dce1be5b041eb20a2b5becaa46a9145d89f7..bfe62c405418ee734ac07a4533e1003f51dfa339 100644 (file)
--- a/source/librpc/rpc/binding.c
+++ b/source/librpc/rpc/binding.c
@@ -83,7 +83,8 @@ static const struct {
         {"print", DCERPC_DEBUG_PRINT_BOTH},
         {"padcheck", DCERPC_DEBUG_PAD_CHECK},
         {"bigendian", DCERPC_PUSH_BIGENDIAN},
-       {"smb2", DCERPC_SMB2}
+       {"smb2", DCERPC_SMB2},
+       {"hdrsign", DCERPC_HEADER_SIGNING}
  };
  
  const char *epm_floor_string(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor)
diff --git a/source/librpc/rpc/dcerpc.c b/source/librpc/rpc/dcerpc.c

index 33a8ed569a7f158102503e8914ee3cc079ba936f..a6c7e0020d368cffe2e5f8b9ffdf630ae9684cc6 100644 (file)
--- a/source/librpc/rpc/dcerpc.c
+++ b/source/librpc/rpc/dcerpc.c
@@ -658,6 +658,16 @@ static void dcerpc_bind_recv_handler(struct rpc_request *req,
         conn->srv_max_xmit_frag = pkt->u.bind_ack.max_xmit_frag;
         conn->srv_max_recv_frag = pkt->u.bind_ack.max_recv_frag;
  
+       if ((req->p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) &&
+           (pkt->pfc_flags & DCERPC_PFC_FLAG_CONC_MPX)) {
+               conn->flags |= DCERPC_CONCURRENT_MULTIPLEX;
+       }
+
+       if ((req->p->binding->flags & DCERPC_HEADER_SIGNING) &&
+           (pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)) {
+               conn->flags |= DCERPC_HEADER_SIGNING;
+       }
+
         /* the bind_ack might contain a reply set of credentials */
         if (conn->security_state.auth_info &&
             pkt->u.bind_ack.auth_info.length) {
@@ -731,6 +741,10 @@ struct composite_context *dcerpc_bind_send(struct dcerpc_pipe *p,
                 pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
         }
  
+       if (p->binding->flags & DCERPC_HEADER_SIGNING) {
+               pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
+       }
+
         pkt.u.bind.max_xmit_frag = 5840;
         pkt.u.bind.max_recv_frag = 5840;
         pkt.u.bind.assoc_group_id = p->binding->assoc_group_id;
@@ -806,6 +820,14 @@ NTSTATUS dcerpc_auth3(struct dcerpc_pipe *p,
         pkt.u.auth3._pad = 0;
         pkt.u.auth3.auth_info = data_blob(NULL, 0);
  
+       if (p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) {
+               pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
+       }
+
+       if (p->binding->flags & DCERPC_HEADER_SIGNING) {
+               pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
+       }
+
         /* construct the NDR form of the packet */
         status = ncacn_push_auth(&blob, mem_ctx,
                                  p->conn->iconv_convenience,
@@ -1630,6 +1652,10 @@ struct composite_context *dcerpc_alter_context_send(struct dcerpc_pipe *p,
                 pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
         }
  
+       if (p->binding->flags & DCERPC_HEADER_SIGNING) {
+               pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
+       }
+
         pkt.u.alter.max_xmit_frag = 5840;
         pkt.u.alter.max_recv_frag = 5840;
         pkt.u.alter.assoc_group_id = p->binding->assoc_group_id;
diff --git a/source/librpc/rpc/dcerpc.h b/source/librpc/rpc/dcerpc.h

index 487f9f2edabe679ea945644ee09d396d47f69464..1fd56cb052a774de269bdbe2360af351d1af6761 100644 (file)
--- a/source/librpc/rpc/dcerpc.h
+++ b/source/librpc/rpc/dcerpc.h
@@ -163,6 +163,9 @@ struct dcerpc_pipe {
  /* this triggers the DCERPC_PFC_FLAG_CONC_MPX flag in the bind request */
  #define DCERPC_CONCURRENT_MULTIPLEX     (1<<19)
  
+/* this triggers the DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN flag in the bind request */
+#define DCERPC_HEADER_SIGNING          (1<<20)
+
  /* this describes a binding to a particular transport/pipe */
  struct dcerpc_binding {
         enum dcerpc_transport_t transport;
diff --git a/source/librpc/rpc/dcerpc_auth.c b/source/librpc/rpc/dcerpc_auth.c

index 661cd13c5a5054dea1f8fa49317379f2a924df91..49fc3d92941810d527576962726b673ca2c48c2c 100644 (file)
--- a/source/librpc/rpc/dcerpc_auth.c
+++ b/source/librpc/rpc/dcerpc_auth.c
@@ -137,6 +137,10 @@ static void bind_auth_next_step(struct composite_context *c)
  
         if (!composite_is_ok(c)) return;
  
+       if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) {
+               gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER);
+       }
+
         if (state->credentials.length == 0) {
                 composite_done(c);
                 return;
author	Stefan Metzmacher <metze@samba.org>
	Wed, 6 Aug 2008 19:35:07 +0000 (21:35 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Thu, 7 Aug 2008 13:40:20 +0000 (15:40 +0200)
source/librpc/rpc/binding.c		patch \| blob \| history
source/librpc/rpc/dcerpc.c		patch \| blob \| history
source/librpc/rpc/dcerpc.h		patch \| blob \| history
source/librpc/rpc/dcerpc_auth.c		patch \| blob \| history