[Patches] fix client side ncacn_np:server[packet] handling
Stefan Metzmacher
metze at samba.org
Thu Dec 29 21:18:36 UTC 2016
Hi,
here're some patches to fix the problems with DCERPC_AUTH_LEVEL_PACKET,
it's important that we handle this in the same way as
DCERPC_AUTH_LEVEL_INTEGRITY.
Please review and push:-)
Thanks!
metze
-------------- next part --------------
From 8c54dbfc80631d50dfad983a8b0fe37f04431075 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Thu, 29 Dec 2016 11:11:50 +0100
Subject: [PATCH 1/2] s4:librpc/rpc: don't do an anonymous bind over
ncacn_np:server[packet]
DCERPC_AUTH_LEVEL_PACKET is basically the same as
DCERPC_AUTH_LEVEL_INTEGRITY.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source4/librpc/rpc/dcerpc_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 85356cf..39f7d87 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -661,7 +661,7 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
* if not doing sign or seal
*/
if (conn->transport.transport == NCACN_NP &&
- !(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
+ !(conn->flags & (DCERPC_PACKET|DCERPC_SIGN|DCERPC_SEAL))) {
auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
composite_continue(c, auth_none_req, continue_auth_none, c);
return c;
--
1.9.1
From afebaf6a9daa32b8a34a5e02dc796491ea8ae617 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Thu, 29 Dec 2016 11:13:55 +0100
Subject: [PATCH 2/2] s4:librpc/rpc: make sure we handle DCERPC_PACKET before
DCERPC_CONNECT
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source4/librpc/rpc/dcerpc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index bdebf79..a0b00af 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -2051,10 +2051,10 @@ uint32_t dcerpc_auth_level(struct dcecli_connection *c)
auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
} else if (c->flags & DCERPC_SIGN) {
auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
- } else if (c->flags & DCERPC_CONNECT) {
- auth_level = DCERPC_AUTH_LEVEL_CONNECT;
} else if (c->flags & DCERPC_PACKET) {
auth_level = DCERPC_AUTH_LEVEL_PACKET;
+ } else if (c->flags & DCERPC_CONNECT) {
+ auth_level = DCERPC_AUTH_LEVEL_CONNECT;
} else {
auth_level = DCERPC_AUTH_LEVEL_NONE;
}
--
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161229/d72e066c/signature.sig>
More information about the samba-technical
mailing list