Author: jra Date: 2005-08-25 04:52:11 +0000 (Thu, 25 Aug 2005) New Revision: 9607
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9607 Log: Move the ss_padding closer to the return, where I'll remember it. Add internal type for raw krb5 auth type (not yet supported). Jeremy. Modified: trunk/source/include/ntdomain.h trunk/source/rpc_server/srv_pipe.c Changeset: Modified: trunk/source/include/ntdomain.h =================================================================== --- trunk/source/include/ntdomain.h 2005-08-25 03:04:27 UTC (rev 9606) +++ trunk/source/include/ntdomain.h 2005-08-25 04:52:11 UTC (rev 9607) @@ -166,7 +166,7 @@ /* Different auth types we support. */ enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL, - PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_SPNEGO_KRB5 }; + PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 }; /* Possible auth levels. */ enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0, Modified: trunk/source/rpc_server/srv_pipe.c =================================================================== --- trunk/source/rpc_server/srv_pipe.c 2005-08-25 03:04:27 UTC (rev 9606) +++ trunk/source/rpc_server/srv_pipe.c 2005-08-25 04:52:11 UTC (rev 9607) @@ -1889,13 +1889,6 @@ return False; } - /* - * Remember the padding length. We must remove it from the real data - * stream once the sign/seal is done. - */ - - *p_ss_padding_len = auth_info.auth_pad_len; - auth_blob.data = prs_data_p(rpc_in) + prs_offset(rpc_in); auth_blob.length = auth_len; @@ -1938,6 +1931,13 @@ return False; } + /* + * Remember the padding length. We must remove it from the real data + * stream once the sign/seal is done. + */ + + *p_ss_padding_len = auth_info.auth_pad_len; + return True; } @@ -1947,11 +1947,8 @@ BOOL api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len) { - /* - * We always negotiate the following two bits.... - */ - int data_len; - int auth_len; + uint32 data_len; + uint32 auth_len; uint32 save_offset = prs_offset(rpc_in); RPC_HDR_AUTH auth_info; RPC_AUTH_SCHANNEL_CHK schannel_chk; @@ -1959,7 +1956,7 @@ auth_len = p->hdr.auth_len; if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) { - DEBUG(0,("Incorrect auth_len %d.\n", auth_len )); + DEBUG(0,("Incorrect auth_len %u.\n", (unsigned int)auth_len )); return False; } @@ -1969,6 +1966,13 @@ * preceeding the auth_data. */ + if (p->hdr.frag_len < RPC_HEADER_LEN + RPC_HDR_REQ_LEN + RPC_HDR_AUTH_LEN + auth_len) { + DEBUG(0,("Incorrect frag %u, auth %u.\n", + (unsigned int)p->hdr.frag_len, + (unsigned int)auth_len )); + return False; + } + data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - RPC_HDR_AUTH_LEN - auth_len; @@ -1996,13 +2000,6 @@ return False; } - /* - * Remember the padding length. We must remove it from the real data - * stream once the sign/seal is done. - */ - - *p_ss_padding_len = auth_info.auth_pad_len; - if (!schannel_decode(p->auth.a_u.schannel_auth, p->auth.auth_level, SENDER_IS_INITIATOR, @@ -2025,6 +2022,13 @@ /* The sequence number gets incremented on both send and receive. */ p->auth.a_u.schannel_auth->seq_num++; + /* + * Remember the padding length. We must remove it from the real data + * stream once the sign/seal is done. + */ + + *p_ss_padding_len = auth_info.auth_pad_len; + return True; }
