DATA_BLOB *reply_pdu)
{
const struct dcerpc_response *r = NULL;
+ const struct dcerpc_fault *f = NULL;
DATA_BLOB tmp_stub = { .data = NULL };
NTSTATUS ret;
case DCERPC_PKT_FAULT:
+ f = &pkt->u.fault;
+
ret = dcerpc_verify_ncacn_packet_header(pkt,
DCERPC_PKT_FAULT,
- 0, /* max_auth_info */
+ f->error_and_verifier.length,
DCERPC_PFC_FLAG_FIRST |
DCERPC_PFC_FLAG_LAST,
DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
return ret;
}
+ if (cli->bind_time_features & DCERPC_BIND_TIME_PROTECT_ALL_PDUS) {
+ tmp_stub.data = f->error_and_verifier.data;
+ tmp_stub.length = f->error_and_verifier.length;
+
+ /* Here's where we deal with incoming sign/seal. */
+ ret = dcerpc_check_auth(cli->auth, pkt,
+ &tmp_stub,
+ DCERPC_FAULT_LENGTH,
+ pdu);
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(1, (__location__ ": Connection to %s got "
+ "an unprotected FAULT: %s\n",
+ rpccli_pipe_txt(talloc_tos(), cli),
+ nt_errstr(ret)));
+ NDR_PRINT_DEBUG(ncacn_packet, pkt);
+ return ret;
+ }
+ }
+
DEBUG(1, (__location__ ": RPC fault code %s received "
"from %s!\n",
dcerpc_errstr(talloc_tos(),
struct ndr_syntax_id bind_time_features = dcerpc_construct_bind_time_features(
DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING |
DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN |
- DCERPC_BIND_TIME_SUPPORT_PREAUTH);
+ DCERPC_BIND_TIME_SUPPORT_PREAUTH |
+ DCERPC_BIND_TIME_PROTECT_ALL_PDUS);
struct dcerpc_ctx_list ctx_list[2] = {
[0] = {
.context_id = 0,