diff options
| author | Gregor Beck <gbeck@sernet.de> | 2014-01-10 13:56:06 +0100 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2014-02-11 16:02:14 +0100 |
| commit | 34e6d793520b465d4b94d837b2e902651b1a65be (patch) | |
| tree | 894900d1a46f2ab0cee65f5ef950d69938ff00e7 /source3 | |
| parent | 1eef03aa93056f12d2614cfedee60461db3ac4a3 (diff) | |
| download | samba-34e6d793520b465d4b94d837b2e902651b1a65be.tar.gz samba-34e6d793520b465d4b94d837b2e902651b1a65be.tar.xz samba-34e6d793520b465d4b94d837b2e902651b1a65be.zip | |
s3:rpc_server: check verification trailer
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index f58eba49f8b..36864d26045 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -43,6 +43,7 @@ #include "lib/param/param.h" #include "librpc/ndr/ndr_table.h" #include "auth/gensec/gensec.h" +#include "librpc/ndr/ndr_dcerpc.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -1204,6 +1205,41 @@ static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt, const struct api_struct *api_rpc_cmds, int n_cmds, const struct ndr_syntax_id *syntax); +static bool srv_pipe_check_verification_trailer(struct pipes_struct *p, + struct ncacn_packet *pkt, + struct pipe_rpc_fns *pipe_fns) +{ + TALLOC_CTX *frame = talloc_stackframe(); + struct dcerpc_sec_verification_trailer *vt = NULL; + const uint32_t bitmask1 = + p->auth.client_hdr_signing ? DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING : 0; + const struct dcerpc_sec_vt_pcontext pcontext = { + .abstract_syntax = pipe_fns->syntax, + .transfer_syntax = ndr_transfer_syntax_ndr, + }; + const struct dcerpc_sec_vt_header2 header2 = + dcerpc_sec_vt_header2_from_ncacn_packet(pkt); + struct ndr_pull *ndr; + enum ndr_err_code ndr_err; + bool ret = false; + + ndr = ndr_pull_init_blob(&p->in_data.data, frame); + if (ndr == NULL) { + goto done; + } + + ndr_err = ndr_pop_dcerpc_sec_verification_trailer(ndr, frame, &vt); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + goto done; + } + + ret = dcerpc_sec_verification_trailer_check(vt, &bitmask1, + &pcontext, &header2); +done: + TALLOC_FREE(frame); + return ret; +} + /**************************************************************************** Find the correct RPC function to call for this request. If the pipe is authenticated then become the correct UNIX user @@ -1236,6 +1272,14 @@ static bool api_pipe_request(struct pipes_struct *p, return false; } + if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) { + DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n")); + setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED)); + data_blob_free(&p->out_data.rdata); + TALLOC_FREE(frame); + return true; + } + if (!become_authenticated_pipe_user(p->session_info)) { DEBUG(1, ("Failed to become pipe user!\n")); data_blob_free(&p->out_data.rdata); |