diff options
| author | Arvid Requate <requate@univention.de> | 2014-07-07 18:48:41 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2015-02-25 01:08:11 +0100 |
| commit | 879b65710b266fecaca01b9dd40474b2cc35d417 (patch) | |
| tree | f4566b75cf4b10a074a6139da440bad52170598b /source4 | |
| parent | 3bc3bec6d702ef62bf026ff64855edc8fb900088 (diff) | |
| download | samba-879b65710b266fecaca01b9dd40474b2cc35d417.tar.gz samba-879b65710b266fecaca01b9dd40474b2cc35d417.tar.xz samba-879b65710b266fecaca01b9dd40474b2cc35d417.zip | |
s4-backupkey: IDL for ServerWrap subprotocol
This adds some IDL structs for the ServerWrap subprotocol, allowing
parsing of the incoming RPC calls and returning WERR_NOT_SUPPORTED
instead of WERR_INVALID_PARAM.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/rpc_server/backupkey/dcesrv_backupkey.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index 07af1c0adb..9dc795157a 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -1308,6 +1308,18 @@ static WERROR dcesrv_bkrp_BackupKey(struct dcesrv_call_state *dce_call, DEBUG(debuglevel, ("Client %s requested certificate for client wrapped secret\n", addr)); error = bkrp_do_retreive_client_wrap_key(dce_call, mem_ctx, r, ldb_ctx); } + + if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent), + BACKUPKEY_RESTORE_GUID_WIN2K, strlen(BACKUPKEY_RESTORE_GUID_WIN2K)) == 0) { + DEBUG(debuglevel, ("Client %s requested to decrypt a server side wrapped secret, not implemented yet\n", addr)); + return WERR_NOT_SUPPORTED; /* is this appropriate? */ + } + + if (strncasecmp(GUID_string(mem_ctx, r->in.guidActionAgent), + BACKUPKEY_BACKUP_GUID, strlen(BACKUPKEY_BACKUP_GUID)) == 0) { + DEBUG(debuglevel, ("Client %s requested a server wrapped secret, not implemented yet\n", addr)); + return WERR_NOT_SUPPORTED; /* is this appropriate? */ + } } /*else: I am a RODC so I don't handle backup key protocol */ |