[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-247-g54b873e

Stefan Metzmacher metze at samba.org
Mon Aug 11 16:24:30 GMT 2008 

The branch, v4-0-test has been updated
       via  54b873e49ff363609632fa2862208bf6b4c1b6ed (commit)
       via  20fc0d7bfdaa60d6a8ac939dc64733a91652587e (commit)
       via  50eb0e726405580dc5ca3a8a3b15f3bd674f722a (commit)
       via  ce36448d74b0c6cdf8928e10c088bf0248a95cf7 (commit)
      from  fcabe24f96c9677146ca754a502f336c23050339 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -----------------------------------------------------------------
commit 54b873e49ff363609632fa2862208bf6b4c1b6ed
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Aug 11 18:14:51 2008 +0200

    dcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE
    
    metze

commit 20fc0d7bfdaa60d6a8ac939dc64733a91652587e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Aug 11 18:12:54 2008 +0200

    rpc_server: correct the chunk_size depending on the signature size
    
    metze

commit 50eb0e726405580dc5ca3a8a3b15f3bd674f722a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Aug 11 18:00:11 2008 +0200

    librpc/rpc: correct the chunk_size depending on the signature size
    
    metze

commit ce36448d74b0c6cdf8928e10c088bf0248a95cf7
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Aug 11 17:59:38 2008 +0200

    dcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source/librpc/idl/dcerpc.idl      |    3 ++-
 source/librpc/rpc/dcerpc.c        |   17 +++++++++++++----
 source/rpc_server/dcerpc_server.c |   13 +++++++++++--
 source/rpc_server/dcesrv_auth.c   |    7 +++----
 4 files changed, 29 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/librpc/idl/dcerpc.idl b/source/librpc/idl/dcerpc.idl
index e54bc2c..1c6574b 100644
--- a/source/librpc/idl/dcerpc.idl
+++ b/source/librpc/idl/dcerpc.idl
@@ -30,7 +30,6 @@ interface dcerpc
 	} dcerpc_bind;
 
 	const uint8 DCERPC_REQUEST_LENGTH = 24;
-	const uint8 DCERPC_MAX_SIGN_SIZE  = 64;
 
 	typedef struct {
 	} dcerpc_empty;
@@ -154,6 +153,8 @@ interface dcerpc
 		[flag(NDR_REMAINING)] DATA_BLOB credentials;
 	} dcerpc_auth;
 
+	const uint8 DCERPC_AUTH_TRAILER_LENGTH = 8;
+
 	typedef [public] struct {
 		uint32 _pad;
 		[flag(NDR_REMAINING)] DATA_BLOB auth_info;
diff --git a/source/librpc/rpc/dcerpc.c b/source/librpc/rpc/dcerpc.c
index a6c7e00..28b5cd6 100644
--- a/source/librpc/rpc/dcerpc.c
+++ b/source/librpc/rpc/dcerpc.c
@@ -334,6 +334,7 @@ static NTSTATUS ncacn_pull_request_auth(struct dcerpc_connection *c, TALLOC_CTX
 */
 static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, 
 					 DATA_BLOB *blob, TALLOC_CTX *mem_ctx, 
+					 size_t sig_size,
 					 struct ncacn_packet *pkt)
 {
 	NTSTATUS status;
@@ -384,8 +385,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 		 * GENSEC mech does AEAD signing of the packet
 		 * headers */
 		c->security_state.auth_info->credentials
-			= data_blob_talloc(mem_ctx, NULL, gensec_sig_size(c->security_state.generic_state, 
-									  payload_length));
+			= data_blob_talloc(mem_ctx, NULL, sig_size);
 		data_blob_clear(&c->security_state.auth_info->credentials);
 		break;
 
@@ -1042,6 +1042,7 @@ static void dcerpc_ship_next_request(struct dcerpc_connection *c)
 	DATA_BLOB blob;
 	uint32_t remaining, chunk_size;
 	bool first_packet = true;
+	size_t sig_size = 0;
 
 	req = c->request_queue;
 	if (req == NULL) {
@@ -1065,7 +1066,15 @@ static void dcerpc_ship_next_request(struct dcerpc_connection *c)
 
 	/* we can write a full max_recv_frag size, minus the dcerpc
 	   request header size */
-	chunk_size = p->conn->srv_max_recv_frag - (DCERPC_MAX_SIGN_SIZE+DCERPC_REQUEST_LENGTH);
+	chunk_size = p->conn->srv_max_recv_frag;
+	chunk_size -= DCERPC_REQUEST_LENGTH;
+	if (c->security_state.generic_state) {
+		chunk_size -= DCERPC_AUTH_TRAILER_LENGTH;
+		sig_size = gensec_sig_size(c->security_state.generic_state,
+					   p->conn->srv_max_recv_frag);
+		chunk_size -= sig_size;
+		chunk_size -= (chunk_size % 16);
+	}
 
 	pkt.ptype = DCERPC_PKT_REQUEST;
 	pkt.call_id = req->call_id;
@@ -1101,7 +1110,7 @@ static void dcerpc_ship_next_request(struct dcerpc_connection *c)
 			(stub_data->length - remaining);
 		pkt.u.request.stub_and_verifier.length = chunk;
 
-		req->status = ncacn_push_request_sign(p->conn, &blob, req, &pkt);
+		req->status = ncacn_push_request_sign(p->conn, &blob, req, sig_size, &pkt);
 		if (!NT_STATUS_IS_OK(req->status)) {
 			req->state = RPC_REQUEST_DONE;
 			DLIST_REMOVE(p->conn->pending, req);
diff --git a/source/rpc_server/dcerpc_server.c b/source/rpc_server/dcerpc_server.c
index a336ddb..fa7b8d2 100644
--- a/source/rpc_server/dcerpc_server.c
+++ b/source/rpc_server/dcerpc_server.c
@@ -917,6 +917,7 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
 	DATA_BLOB stub;
 	uint32_t total_length, chunk_size;
 	struct dcesrv_connection_context *context = call->context;
+	size_t sig_size = 0;
 
 	/* call the reply function */
 	status = context->iface->reply(call, call, call->r);
@@ -948,7 +949,15 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
 
 	/* we can write a full max_recv_frag size, minus the dcerpc
 	   request header size */
-	chunk_size = call->conn->cli_max_recv_frag - (DCERPC_MAX_SIGN_SIZE+DCERPC_REQUEST_LENGTH);
+	chunk_size = call->conn->cli_max_recv_frag;
+	chunk_size -= DCERPC_REQUEST_LENGTH;
+	if (call->conn->auth_state.gensec_security) {
+		chunk_size -= DCERPC_AUTH_TRAILER_LENGTH;
+		sig_size = gensec_sig_size(call->conn->auth_state.gensec_security,
+					   call->conn->cli_max_recv_frag);
+		chunk_size -= sig_size;
+		chunk_size -= (chunk_size % 16);
+	}
 
 	do {
 		uint32_t length;
@@ -978,7 +987,7 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
 		pkt.u.response.stub_and_verifier.data = stub.data;
 		pkt.u.response.stub_and_verifier.length = length;
 
-		if (!dcesrv_auth_response(call, &rep->blob, &pkt)) {
+		if (!dcesrv_auth_response(call, &rep->blob, sig_size, &pkt)) {
 			return dcesrv_fault(call, DCERPC_FAULT_OTHER);		
 		}
 
diff --git a/source/rpc_server/dcesrv_auth.c b/source/rpc_server/dcesrv_auth.c
index 64f42ee..0aad377 100644
--- a/source/rpc_server/dcesrv_auth.c
+++ b/source/rpc_server/dcesrv_auth.c
@@ -398,7 +398,8 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
    push a signed or sealed dcerpc request packet into a blob
 */
 bool dcesrv_auth_response(struct dcesrv_call_state *call,
-			  DATA_BLOB *blob, struct ncacn_packet *pkt)
+			  DATA_BLOB *blob, size_t sig_size,
+			  struct ncacn_packet *pkt)
 {
 	struct dcesrv_connection *dce_conn = call->conn;
 	NTSTATUS status;
@@ -445,9 +446,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
 		 * GENSEC mech does AEAD signing of the packet
 		 * headers */
 		dce_conn->auth_state.auth_info->credentials
-			= data_blob_talloc(call, NULL, 
-					   gensec_sig_size(dce_conn->auth_state.gensec_security, 
-							   payload_length));
+			= data_blob_talloc(call, NULL, sig_size);
 		data_blob_clear(&dce_conn->auth_state.auth_info->credentials);
 	}
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list