svn commit: samba r9607 - in trunk/source: include rpc_server
jra at samba.org
jra at samba.org
Thu Aug 25 04:52:12 GMT 2005
Author: jra
Date: 2005-08-25 04:52:11 +0000 (Thu, 25 Aug 2005)
New Revision: 9607
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9607
Log:
Move the ss_padding closer to the return, where I'll remember it.
Add internal type for raw krb5 auth type (not yet supported).
Jeremy.
Modified:
trunk/source/include/ntdomain.h
trunk/source/rpc_server/srv_pipe.c
Changeset:
Modified: trunk/source/include/ntdomain.h
===================================================================
--- trunk/source/include/ntdomain.h 2005-08-25 03:04:27 UTC (rev 9606)
+++ trunk/source/include/ntdomain.h 2005-08-25 04:52:11 UTC (rev 9607)
@@ -166,7 +166,7 @@
/* Different auth types we support. */
enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL,
- PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_SPNEGO_KRB5 };
+ PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 };
/* Possible auth levels. */
enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0,
Modified: trunk/source/rpc_server/srv_pipe.c
===================================================================
--- trunk/source/rpc_server/srv_pipe.c 2005-08-25 03:04:27 UTC (rev 9606)
+++ trunk/source/rpc_server/srv_pipe.c 2005-08-25 04:52:11 UTC (rev 9607)
@@ -1889,13 +1889,6 @@
return False;
}
- /*
- * Remember the padding length. We must remove it from the real data
- * stream once the sign/seal is done.
- */
-
- *p_ss_padding_len = auth_info.auth_pad_len;
-
auth_blob.data = prs_data_p(rpc_in) + prs_offset(rpc_in);
auth_blob.length = auth_len;
@@ -1938,6 +1931,13 @@
return False;
}
+ /*
+ * Remember the padding length. We must remove it from the real data
+ * stream once the sign/seal is done.
+ */
+
+ *p_ss_padding_len = auth_info.auth_pad_len;
+
return True;
}
@@ -1947,11 +1947,8 @@
BOOL api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len)
{
- /*
- * We always negotiate the following two bits....
- */
- int data_len;
- int auth_len;
+ uint32 data_len;
+ uint32 auth_len;
uint32 save_offset = prs_offset(rpc_in);
RPC_HDR_AUTH auth_info;
RPC_AUTH_SCHANNEL_CHK schannel_chk;
@@ -1959,7 +1956,7 @@
auth_len = p->hdr.auth_len;
if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
- DEBUG(0,("Incorrect auth_len %d.\n", auth_len ));
+ DEBUG(0,("Incorrect auth_len %u.\n", (unsigned int)auth_len ));
return False;
}
@@ -1969,6 +1966,13 @@
* preceeding the auth_data.
*/
+ if (p->hdr.frag_len < RPC_HEADER_LEN + RPC_HDR_REQ_LEN + RPC_HDR_AUTH_LEN + auth_len) {
+ DEBUG(0,("Incorrect frag %u, auth %u.\n",
+ (unsigned int)p->hdr.frag_len,
+ (unsigned int)auth_len ));
+ return False;
+ }
+
data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
RPC_HDR_AUTH_LEN - auth_len;
@@ -1996,13 +2000,6 @@
return False;
}
- /*
- * Remember the padding length. We must remove it from the real data
- * stream once the sign/seal is done.
- */
-
- *p_ss_padding_len = auth_info.auth_pad_len;
-
if (!schannel_decode(p->auth.a_u.schannel_auth,
p->auth.auth_level,
SENDER_IS_INITIATOR,
@@ -2025,6 +2022,13 @@
/* The sequence number gets incremented on both send and receive. */
p->auth.a_u.schannel_auth->seq_num++;
+ /*
+ * Remember the padding length. We must remove it from the real data
+ * stream once the sign/seal is done.
+ */
+
+ *p_ss_padding_len = auth_info.auth_pad_len;
+
return True;
}
More information about the samba-cvs
mailing list