The branch, master has been updated
via 95d9f16 librpc: inline CHECK_SYNTAX macro logic
via 5ccecec librpc: inline VT CHECK macro logic
via ba2db53 librpc: split type specific VT checks into helpers
via 11054a6 librpc: dump correct ndr_syntax_id on VT check failure
from 74b359c s3:build: remove global CLUSTER_SUPPORT define
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 95d9f163625b99687fc996edd829373034941dd9
Author: David Disseldorp <dd...@samba.org>
Date: Mon Mar 24 16:46:10 2014 +0100
librpc: inline CHECK_SYNTAX macro logic
The CHECK_SYNTAX macro is currently used to compare ndr_syntax_ids and
return false on mismatch. Macros affecting control flow are evil!
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Mon Mar 24 21:46:39 CET 2014 on sn-devel-104
commit 5ccecec3ca5068f39194a1472ae492c06cf3213a
Author: David Disseldorp <dd...@samba.org>
Date: Mon Mar 24 16:46:09 2014 +0100
librpc: inline VT CHECK macro logic
The CHECK macro is currently used to dump error and return false on
VT condition check failure. Macros affecting control flow are evil!
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit ba2db53097a7f6c97d0cb67761459ffd9ceffe85
Author: David Disseldorp <dd...@samba.org>
Date: Mon Mar 24 16:46:08 2014 +0100
librpc: split type specific VT checks into helpers
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 11054a699a666bc35a46c3f0c2df4fb1ae660aa8
Author: David Disseldorp <dd...@samba.org>
Date: Mon Mar 24 16:46:07 2014 +0100
librpc: dump correct ndr_syntax_id on VT check failure
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
librpc/rpc/dcerpc_util.c | 148 +++++++++++++++++++++++++++++++---------------
1 files changed, 101 insertions(+), 47 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 792848f..a4dd569 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -513,26 +513,93 @@ done:
return ret;
}
-#define CHECK(msg, ok) \
-do { \
- if (!ok) { \
- DEBUG(10, ("SEC_VT check %s failed\n", msg)); \
- return false; \
- } \
-} while(0)
-
-#define CHECK_SYNTAX(msg, s1, s2) \
-do { \
- if (!ndr_syntax_id_equal(&s1, &s2)) { \
- TALLOC_CTX *frame = talloc_stackframe(); \
- DEBUG(10, ("SEC_VT check %s failed: %s vs. %s\n", msg, \
- ndr_syntax_id_to_string(frame, &s1), \
- ndr_syntax_id_to_string(frame, &s1))); \
- TALLOC_FREE(frame); \
- return false; \
- } \
-} while(0)
+static bool dcerpc_sec_vt_bitmask_check(const uint32_t *bitmask1,
+ struct dcerpc_sec_vt *c)
+{
+ if (bitmask1 == NULL) {
+ if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
+ DEBUG(10, ("SEC_VT check Bitmask1 must_process_command "
+ "failed\n"));
+ return false;
+ }
+
+ return true;
+ }
+
+ if ((c->u.bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING)
+ && (!(*bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING))) {
+ DEBUG(10, ("SEC_VT check Bitmask1 client_header_signing "
+ "failed\n"));
+ return false;
+ }
+ return true;
+}
+
+static bool dcerpc_sec_vt_pctx_check(const struct dcerpc_sec_vt_pcontext
*pcontext,
+ struct dcerpc_sec_vt *c)
+{
+ TALLOC_CTX *mem_ctx;
+ bool ok;
+
+ if (pcontext == NULL) {
+ if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
+ DEBUG(10, ("SEC_VT check Pcontext must_process_command "
+ "failed\n"));
+ return false;
+ }
+
+ return true;
+ }
+
+ mem_ctx = talloc_stackframe();
+ ok = ndr_syntax_id_equal(&pcontext->abstract_syntax,
+ &c->u.pcontext.abstract_syntax);
+ if (!ok) {
+ DEBUG(10, ("SEC_VT check pcontext abstract_syntax failed: "
+ "%s vs. %s\n",
+ ndr_syntax_id_to_string(mem_ctx,
+ &pcontext->abstract_syntax),
+ ndr_syntax_id_to_string(mem_ctx,
+ &c->u.pcontext.abstract_syntax)));
+ goto err_ctx_free;
+ }
+ ok = ndr_syntax_id_equal(&pcontext->transfer_syntax,
+ &c->u.pcontext.transfer_syntax);
+ if (!ok) {
+ DEBUG(10, ("SEC_VT check pcontext transfer_syntax failed: "
+ "%s vs. %s\n",
+ ndr_syntax_id_to_string(mem_ctx,
+ &pcontext->transfer_syntax),
+ ndr_syntax_id_to_string(mem_ctx,
+ &c->u.pcontext.transfer_syntax)));
+ goto err_ctx_free;
+ }
+
+ ok = true;
+err_ctx_free:
+ talloc_free(mem_ctx);
+ return ok;
+}
+
+static bool dcerpc_sec_vt_hdr2_check(const struct dcerpc_sec_vt_header2
*header2,
+ struct dcerpc_sec_vt *c)
+{
+ if (header2 == NULL) {
+ if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
+ DEBUG(10, ("SEC_VT check Header2 must_process_command
failed\n"));
+ return false;
+ }
+
+ return true;
+ }
+ if (!dcerpc_sec_vt_header2_equal(header2, &c->u.header2)) {
+ DEBUG(10, ("SEC_VT check Header2 failed\n"));
+ return false;
+ }
+
+ return true;
+}
bool dcerpc_sec_verification_trailer_check(
const struct dcerpc_sec_verification_trailer *vt,
@@ -547,51 +614,38 @@ bool dcerpc_sec_verification_trailer_check(
}
for (i=0; i < vt->count.count; i++) {
+ bool ok;
struct dcerpc_sec_vt *c = &vt->commands[i];
switch (c->command & DCERPC_SEC_VT_COMMAND_ENUM) {
case DCERPC_SEC_VT_COMMAND_BITMASK1:
- if (bitmask1 == NULL) {
- CHECK("Bitmask1 must_process_command",
- !(c->command &
DCERPC_SEC_VT_MUST_PROCESS));
- break;
- }
-
- if (c->u.bitmask1 &
DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING) {
- CHECK("Bitmask1 client_header_signing",
- *bitmask1 &
DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING);
+ ok = dcerpc_sec_vt_bitmask_check(bitmask1, c);
+ if (!ok) {
+ return false;
}
break;
case DCERPC_SEC_VT_COMMAND_PCONTEXT:
- if (pcontext == NULL) {
- CHECK("Pcontext must_process_command",
- !(c->command &
DCERPC_SEC_VT_MUST_PROCESS));
- break;
+ ok = dcerpc_sec_vt_pctx_check(pcontext, c);
+ if (!ok) {
+ return false;
}
-
- CHECK_SYNTAX("Pcontect abstract_syntax",
- pcontext->abstract_syntax,
- c->u.pcontext.abstract_syntax);
- CHECK_SYNTAX("Pcontext transfer_syntax",
- pcontext->transfer_syntax,
- c->u.pcontext.transfer_syntax);
break;
case DCERPC_SEC_VT_COMMAND_HEADER2: {
- if (header2 == NULL) {
- CHECK("Header2 must_process_command",
- !(c->command &
DCERPC_SEC_VT_MUST_PROCESS));
- break;
+ ok = dcerpc_sec_vt_hdr2_check(header2, c);
+ if (!ok) {
+ return false;
}
-
- CHECK("Header2", dcerpc_sec_vt_header2_equal(header2,
&c->u.header2));
break;
}
default:
- CHECK("Unknown must_process_command",
- !(c->command & DCERPC_SEC_VT_MUST_PROCESS));
+ if (c->command & DCERPC_SEC_VT_MUST_PROCESS) {
+ DEBUG(10, ("SEC_VT check Unknown
must_process_command failed\n"));
+ return false;
+ }
+
break;
}
}
--
Samba Shared Repository
