svn commit: samba r11835 - in branches/SAMBA_4_0/source/librpc/rpc:
.
vlendec at samba.org
vlendec at samba.org
Mon Nov 21 19:43:07 GMT 2005
Author: vlendec
Date: 2005-11-21 19:43:06 +0000 (Mon, 21 Nov 2005)
New Revision: 11835
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11835
Log:
Restore comments
Modified:
branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c
===================================================================
--- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c 2005-11-21 17:16:50 UTC (rev 11834)
+++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c 2005-11-21 19:43:06 UTC (rev 11835)
@@ -73,7 +73,8 @@
struct bind_auth_state {
struct dcerpc_pipe *pipe;
DATA_BLOB credentials;
- BOOL more_processing;
+ BOOL more_processing; /* Is there anything more to do after the
+ * first bind itself received? */
};
static void bind_auth_recv_alter(struct composite_context *creq);
@@ -86,6 +87,16 @@
struct composite_context *creq;
BOOL more_processing = False;
+ /* The status value here, from GENSEC is vital to the security
+ * of the system. Even if the other end accepts, if GENSEC
+ * claims 'MORE_PROCESSING_REQUIRED' then you must keep
+ * feeding it blobs, or else the remote host/attacker might
+ * avoid mutal authentication requirements.
+ *
+ * Likewise, you must not feed GENSEC too much (after the OK),
+ * it doesn't like that either
+ */
+
c->status = gensec_update(sec->generic_state, state,
sec->auth_info->credentials,
&state->credentials);
@@ -112,6 +123,8 @@
return;
}
+ /* We are demanding a reply, so use a request that will get us one */
+
creq = dcerpc_alter_context_send(state->pipe, state,
&state->pipe->syntax,
&state->pipe->transfer_syntax);
@@ -142,6 +155,8 @@
if (!composite_is_ok(c)) return;
if (!state->more_processing) {
+ /* The first gensec_update has not requested a second run, so
+ * we're done here. */
composite_done(c);
return;
}
@@ -240,6 +255,16 @@
sec->auth_info->auth_context_id = random();
sec->auth_info->credentials = data_blob(NULL, 0);
+ /* The status value here, from GENSEC is vital to the security
+ * of the system. Even if the other end accepts, if GENSEC
+ * claims 'MORE_PROCESSING_REQUIRED' then you must keep
+ * feeding it blobs, or else the remote host/attacker might
+ * avoid mutal authentication requirements.
+ *
+ * Likewise, you must not feed GENSEC too much (after the OK),
+ * it doesn't like that either
+ */
+
c->status = gensec_update(sec->generic_state, state,
sec->auth_info->credentials,
&state->credentials);
@@ -258,6 +283,8 @@
sec->auth_info->credentials = state->credentials;
+ /* The first request always is a dcerpc_bind. The subsequent ones
+ * depend on gensec results */
creq = dcerpc_bind_send(p, state, &syntax, &transfer_syntax);
if (creq == NULL) {
c->status = NT_STATUS_NO_MEMORY;
More information about the samba-cvs
mailing list