*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/* this module apparently provides an implementation of DCE/RPC over a
*/
if(p->fault_state) {
- setup_fault_pdu(p, NT_STATUS(0x1c010002));
+ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
return True;
}
*/
if(p->fault_state) {
- setup_fault_pdu(p, NT_STATUS(0x1c010002));
+ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
return True;
}
*/
if(p->fault_state) {
- setup_fault_pdu(p, NT_STATUS(0x1c010002));
+ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
return True;
}
NTSTATUS status;
AUTH_NTLMSSP_STATE *a = p->auth.a_u.auth_ntlmssp_state;
- DEBUG(5,("pipe_ntlmssp_verify_final: checking user details\n"));
+ DEBUG(5,("pipe_ntlmssp_verify_final: pipe %s checking user details\n", p->name));
ZERO_STRUCT(reply);
memset(p->wks, '\0', sizeof(p->wks));
/* Set up for non-authenticated user. */
- talloc_free(p->pipe_user.nt_user_token);
+ TALLOC_FREE(p->pipe_user.nt_user_token);
p->pipe_user.ut.ngroups = 0;
SAFE_FREE( p->pipe_user.ut.groups);
+ /* this has to be done as root in order to verify the password */
+ become_root();
status = auth_ntlmssp_update(a, *p_resp_blob, &reply);
+ unbecome_root();
/* Don't generate a reply. */
data_blob_free(&reply);
return False;
}
+ /* Finally - if the pipe negotiated integrity (sign) or privacy (seal)
+ ensure the underlying NTLMSSP flags are also set. If not we should
+ refuse the bind. */
+
+ if (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
+ if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
+ DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested "
+ "but client declined signing.\n",
+ p->name ));
+ return False;
+ }
+ }
+ if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
+ DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested "
+ "but client declined sealing.\n",
+ p->name ));
+ return False;
+ }
+ }
+
fstrcpy(p->user_name, a->ntlmssp_state->user);
fstrcpy(p->pipe_user_name, a->server_info->unix_name);
fstrcpy(p->domain, a->ntlmssp_state->domain);
p->pipe_user.ut.ngroups = a->server_info->n_groups;
if (p->pipe_user.ut.ngroups) {
- if (!(p->pipe_user.ut.groups = memdup(a->server_info->groups,
+ if (!(p->pipe_user.ut.groups = (gid_t *)memdup(a->server_info->groups,
sizeof(gid_t) * p->pipe_user.ut.ngroups))) {
DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
return False;
DEBUG(10,("checking %s\n", pipe_names[i].client_pipe));
if ( strequal(pipe_names[i].client_pipe, pname)
&& (abstract->version == pipe_names[i].abstr_syntax.version)
- && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct uuid)) == 0)
+ && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct GUID)) == 0)
&& (transfer->version == pipe_names[i].trans_syntax.version)
- && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(struct uuid)) == 0) ) {
+ && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(struct GUID)) == 0) ) {
struct api_struct *fns = NULL;
int n_fns = 0;
PIPE_RPC_FNS *context_fns;
rpc_lookup will still be valid afterwards. It could then succeed if
called again later */
rpc_lookup_size++;
- rpc_entry = SMB_REALLOC_ARRAY(rpc_lookup, struct rpc_table, rpc_lookup_size);
+ rpc_entry = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(rpc_lookup, struct rpc_table, rpc_lookup_size);
if (NULL == rpc_entry) {
rpc_lookup_size--;
DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n"));
rpc_entry->pipe.clnt = SMB_STRDUP(clnt);
rpc_entry->pipe.srv = SMB_STRDUP(srv);
rpc_entry->cmds = SMB_REALLOC_ARRAY(rpc_entry->cmds, struct api_struct, rpc_entry->n_cmds + size);
+ if (!rpc_entry->cmds) {
+ return NT_STATUS_NO_MEMORY;
+ }
memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds, size * sizeof(struct api_struct));
rpc_entry->n_cmds += size;
return False;
}
+ /*
+ * The neg.myname key here must match the remote computer name
+ * given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe
+ * operations that use credentials.
+ */
+
become_root();
- ret = secrets_restore_schannel_session_info(p->mem_ctx, get_remote_machine_name(), &pdcinfo);
+ ret = secrets_restore_schannel_session_info(p->mem_ctx, neg.myname, &pdcinfo);
unbecome_root();
if (!ret) {
p->auth.a_u.schannel_auth = TALLOC_P(p->pipe_state_mem_ctx, struct schannel_auth_struct);
if (!p->auth.a_u.schannel_auth) {
- talloc_free(pdcinfo);
+ TALLOC_FREE(pdcinfo);
return False;
}
memcpy(p->auth.a_u.schannel_auth->sess_key, pdcinfo->sess_key,
sizeof(pdcinfo->sess_key));
- talloc_free(pdcinfo);
+ TALLOC_FREE(pdcinfo);
p->auth.a_u.schannel_auth->seq_num = 0;
case RPC_ANONYMOUS_AUTH_TYPE:
/* Unauthenticated bind request. */
+ /* Get the authenticated pipe user from current_user */
+ if (!copy_current_user(&p->pipe_user, ¤t_user)) {
+ DEBUG(10, ("Could not copy current user\n"));
+ goto err_exit;
+ }
/* We're finished - no more packets. */
p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
/* We must set the pipe auth_level here also. */
p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
p->pipe_bound = True;
+ /* The session key was initialized from the SMB
+ * session in make_internal_rpc_pipe_p */
break;
default:
pipe_fns = find_pipe_fns_by_context(p->contexts, p->hdr_req.context_id);
if ( pipe_fns ) {
- set_current_rpc_talloc(p->mem_ctx);
+ TALLOC_CTX *frame = talloc_stackframe();
ret = api_rpcTNP(p, p->name, pipe_fns->cmds, pipe_fns->n_cmds);
- set_current_rpc_talloc(NULL);
+ TALLOC_FREE(frame);
}
else {
DEBUG(0,("api_pipe_request: No rpc function table associated with context [%d] on pipe [%s]\n",
* and not put the pipe into fault state. JRA.
*/
DEBUG(4, ("unknown\n"));
- setup_fault_pdu(p, NT_STATUS(0x1c010002));
+ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
return True;
}
if (p->bad_handle_fault_state) {
DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
p->bad_handle_fault_state = False;
- setup_fault_pdu(p, NT_STATUS(0x1C00001A));
+ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_CONTEXT_MISMATCH));
+ return True;
+ }
+
+ if (p->rng_fault_state) {
+ DEBUG(4, ("api_rpcTNP: rng fault return\n"));
+ p->rng_fault_state = False;
+ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
return True;
}
if ((DEBUGLEVEL >= 10) &&
(prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
- char *data = SMB_MALLOC(data_len);
+ char *data = (char *)SMB_MALLOC(data_len);
DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
if (data) {
netlog_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_SRVSVC:
- srvsvc_get_pipe_fns( &cmds, &n_cmds );
+ srvsvc2_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_WKSSVC:
wkssvc_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_WINREG:
- reg_get_pipe_fns( &cmds, &n_cmds );
+ winreg_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_SPOOLSS:
spoolss_get_pipe_fns( &cmds, &n_cmds );
netdfs_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_SVCCTL:
- svcctl_get_pipe_fns( &cmds, &n_cmds );
+ svcctl2_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_EVENTLOG:
- eventlog_get_pipe_fns( &cmds, &n_cmds );
+ eventlog2_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_NTSVCS:
ntsvcs_get_pipe_fns( &cmds, &n_cmds );
break;
#ifdef DEVELOPER
- case PI_ECHO:
- echo_get_pipe_fns( &cmds, &n_cmds );
+ case PI_RPCECHO:
+ rpcecho_get_pipe_fns( &cmds, &n_cmds );
break;
#endif
default:
git.samba.org / samba.git / blobdiff