summaryrefslogtreecommitdiffstats
path: root/source4/rpc_server/dcerpc_server.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-07-25 11:58:51 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-07-25 11:58:51 +1000
commit1f285560bc66ab703b8feacd5e110e79eae619de (patch)
treec3f8b7921fcef240737a9d06714ca758b81305ff /source4/rpc_server/dcerpc_server.c
parent404846d8871d3d420e83a3e48625bb051faf893e (diff)
parent79657f78e87b76be1579c488249bf253093aa620 (diff)
downloadsamba-1f285560bc66ab703b8feacd5e110e79eae619de.tar.gz
samba-1f285560bc66ab703b8feacd5e110e79eae619de.tar.xz
samba-1f285560bc66ab703b8feacd5e110e79eae619de.zip
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit b12dd8ee5443ebfc204d1684f541d68ffb351197)
Diffstat (limited to 'source4/rpc_server/dcerpc_server.c')
-rw-r--r--source4/rpc_server/dcerpc_server.c35
1 files changed, 22 insertions, 13 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 91ae5fcd94a..ac36825acde 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -270,11 +270,20 @@ NTSTATUS dcesrv_generic_session_key(struct dcesrv_connection *p,
/*
fetch the user session key - may be default (above) or the SMB session key
+
+ The key is always truncated to 16 bytes
*/
_PUBLIC_ NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p,
DATA_BLOB *session_key)
{
- return p->auth_state.session_key(p, session_key);
+ NTSTATUS status = p->auth_state.session_key(p, session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ session_key->length = MIN(session_key->length, 16);
+
+ return NT_STATUS_OK;
}
@@ -534,20 +543,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
uint32_t context_id;
const struct dcesrv_interface *iface;
-#if 0
- /* It is not safe to enable this check - windows clients
- * (WinXP in particular) will use it for NETLOGON calls, for
- * the subsequent SCHANNEL bind. It turns out that NETLOGON
- * calls include no policy handles, so it is safe there. Let
- * the failure occour on the attempt to reuse a poilcy handle,
- * rather than here */
-
- /* Association groups allow policy handles to be shared across
- * multiple client connections. We don't implement this yet. */
- if (call->pkt.u.bind.assoc_group_id != 0) {
+ /*
+ * Association groups allow policy handles to be shared across
+ * multiple client connections. We don't implement this yet.
+ *
+ * So we just allow 0 if the client wants to create a new
+ * association group.
+ *
+ * And we allow the 0x12345678 value, we give away as
+ * assoc_group_id back to the clients
+ */
+ if (call->pkt.u.bind.assoc_group_id != 0 &&
+ call->pkt.u.bind.assoc_group_id != 0x12345678) {
return dcesrv_bind_nak(call, 0);
}
-#endif
if (call->pkt.u.bind.num_contexts < 1 ||
call->pkt.u.bind.ctx_list[0].num_transfer_syntaxes < 1) {