[PATCH 4/5] s3-rpc: add server support for mgmt_inq_princ_name
Stefan (metze) Metzmacher
metze at samba.org
Mon Jan 6 06:51:10 MST 2014
Am 06.01.2014 06:20, schrieb David Disseldorp:
> Return the servers service principle name, as defined in MS-RPCE
> 2.2.1.3.4. This method is called by the diskshadow.exe FSRVP client.
>
> Signed-off-by: David Disseldorp <ddiss at samba.org>
> ---
> librpc/idl/mgmt.idl | 11 ++++++++++-
> source3/rpc_server/mgmt/srv_mgmt_nt.c | 20 ++++++++++++++++++--
> 2 files changed, 28 insertions(+), 3 deletions(-)
>
> diff --git a/librpc/idl/mgmt.idl b/librpc/idl/mgmt.idl
> index 17c8cc4..d64e0c0 100644
> --- a/librpc/idl/mgmt.idl
> +++ b/librpc/idl/mgmt.idl
> @@ -9,9 +9,18 @@ import "misc.idl";
> version(1.0),
> pointer_default(unique),
> helpstring("DCE/RPC Remote Management")
> -]
> +]
> interface mgmt
> {
> + /* MS-RPCE 2.2.1.1.7 Security Providers */
> + const uint32 MGMT_AUTHN_NONE = 0x00;
> + const uint32 MGMT_AUTHN_GSS_NEG = 0x09;
> + const uint32 MGMT_AUTHN_WINNT = 0x0A;
> + const uint32 MGMT_AUTHN_GSS_SCHANNEL = 0x0E;
> + const uint32 MGMT_AUTHN_GSS_KERBEROS = 0x10;
> + const uint32 MGMT_AUTHN_NETLOGON = 0x44;
> + const uint32 MGMT_AUTHN_DEFAULT = 0xFF;
> +
> typedef struct {
> ndr_syntax_id *id;
> } ndr_syntax_id_p;
> diff --git a/source3/rpc_server/mgmt/srv_mgmt_nt.c b/source3/rpc_server/mgmt/srv_mgmt_nt.c
> index c0a4122..cf4563e 100644
> --- a/source3/rpc_server/mgmt/srv_mgmt_nt.c
> +++ b/source3/rpc_server/mgmt/srv_mgmt_nt.c
> @@ -65,6 +65,22 @@ WERROR _mgmt_stop_server_listening(struct pipes_struct *p,
> WERROR _mgmt_inq_princ_name(struct pipes_struct *p,
> struct mgmt_inq_princ_name *r)
> {
> - p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
> - return WERR_NOT_SUPPORTED;
> + int ret;
> +
> + if (r->in.authn_proto != MGMT_AUTHN_GSS_NEG) {
> + DEBUG(0, ("unsupported authn_proto %u\n",
> + (unsigned)r->in.authn_proto));
> + return WERR_INVALID_PARAM;
> + }
> +
> + ret = snprintf(r->out.princ_name, r->in.princ_name_size, "%s$@%s",
> + lp_netbios_name(), lp_realm());
> + if ((ret < 0) || (ret >= r->in.princ_name_size)) {
> + return WERR_BUFFER_OVERFLOW;
> + }
> +
> + DEBUG(6, ("returning principle name: %s\n",
> + r->out.princ_name));
Shouldn't we only return a principal with security = ads?
metze
More information about the samba-technical
mailing list