svn commit: samba r9606 - in trunk/source/rpc_server: .
jra at samba.org
jra at samba.org
Thu Aug 25 03:04:28 GMT 2005
Author: jra
Date: 2005-08-25 03:04:27 +0000 (Thu, 25 Aug 2005)
New Revision: 9606
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9606
Log:
Remember to remove the sign/seal padding length from the data stream once we've
done the sign/seal calculations.
Jeremy.
Modified:
trunk/source/rpc_server/srv_pipe.c
trunk/source/rpc_server/srv_pipe_hnd.c
Changeset:
Modified: trunk/source/rpc_server/srv_pipe.c
===================================================================
--- trunk/source/rpc_server/srv_pipe.c 2005-08-25 02:55:54 UTC (rev 9605)
+++ trunk/source/rpc_server/srv_pipe.c 2005-08-25 03:04:27 UTC (rev 9606)
@@ -1829,7 +1829,8 @@
Deal with NTLMSSP sign & seal processing on an RPC request.
****************************************************************************/
-BOOL api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, NTSTATUS *pstatus)
+BOOL api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
+ uint32 *p_ss_padding_len, NTSTATUS *pstatus)
{
RPC_HDR_AUTH auth_info;
uint32 auth_len = p->hdr.auth_len;
@@ -1888,6 +1889,13 @@
return False;
}
+ /*
+ * Remember the padding length. We must remove it from the real data
+ * stream once the sign/seal is done.
+ */
+
+ *p_ss_padding_len = auth_info.auth_pad_len;
+
auth_blob.data = prs_data_p(rpc_in) + prs_offset(rpc_in);
auth_blob.length = auth_len;
@@ -1937,7 +1945,7 @@
Deal with schannel processing on an RPC request.
****************************************************************************/
-BOOL api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in)
+BOOL api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len)
{
/*
* We always negotiate the following two bits....
@@ -1988,6 +1996,13 @@
return False;
}
+ /*
+ * Remember the padding length. We must remove it from the real data
+ * stream once the sign/seal is done.
+ */
+
+ *p_ss_padding_len = auth_info.auth_pad_len;
+
if (!schannel_decode(p->auth.a_u.schannel_auth,
p->auth.auth_level,
SENDER_IS_INITIATOR,
Modified: trunk/source/rpc_server/srv_pipe_hnd.c
===================================================================
--- trunk/source/rpc_server/srv_pipe_hnd.c 2005-08-25 02:55:54 UTC (rev 9605)
+++ trunk/source/rpc_server/srv_pipe_hnd.c 2005-08-25 03:04:27 UTC (rev 9606)
@@ -543,6 +543,7 @@
static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
{
+ uint32 ss_padding_len = 0;
size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
(p->hdr.auth_len ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
@@ -573,20 +574,19 @@
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
case PIPE_AUTH_TYPE_NTLMSSP:
- {
- NTSTATUS status;
- if(!api_pipe_ntlmssp_auth_process(p, rpc_in_p,&status)) {
- DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
- DEBUG(0,("process_request_pdu: error was %s.\n", nt_errstr(status) ));
- set_incoming_fault(p);
- return False;
- }
+ {
+ NTSTATUS status;
+ if(!api_pipe_ntlmssp_auth_process(p, rpc_in_p, &ss_padding_len, &status)) {
+ DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
+ DEBUG(0,("process_request_pdu: error was %s.\n", nt_errstr(status) ));
+ set_incoming_fault(p);
+ return False;
}
-
break;
+ }
case PIPE_AUTH_TYPE_SCHANNEL:
- if (!api_pipe_schannel_process(p, rpc_in_p)) {
+ if (!api_pipe_schannel_process(p, rpc_in_p, &ss_padding_len)) {
DEBUG(3,("process_request_pdu: failed to do schannel processing.\n"));
set_incoming_fault(p);
return False;
@@ -599,6 +599,11 @@
return False;
}
+ /* Now we've done the sign/seal we can remove any padding data. */
+ if (data_len > ss_padding_len) {
+ data_len -= ss_padding_len;
+ }
+
/*
* Check the data length doesn't go over the 15Mb limit.
* increased after observing a bug in the Windows NT 4.0 SP6a
More information about the samba-cvs
mailing list