summaryrefslogtreecommitdiffstats
path: root/source/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source/rpc_server')
-rw-r--r--source/rpc_server/srv_netlog_nt.c2
-rw-r--r--source/rpc_server/srv_pipe.c39
-rw-r--r--source/rpc_server/srv_pipe_hnd.c19
-rw-r--r--source/rpc_server/srv_spoolss_nt.c18
4 files changed, 55 insertions, 23 deletions
diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index 264b7a74a79..b5871a7e56d 100644
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -276,7 +276,7 @@ NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u
/* create a server challenge for the client */
/* Set these to random values. */
- generate_random_buffer(p->dc.srv_chal.data, 8, False);
+ generate_random_buffer(p->dc.srv_chal.data, 8);
memcpy(p->dc.srv_cred.challenge.data, p->dc.srv_chal.data, 8);
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index 36929150e54..bcf5eb533fd 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -52,28 +52,28 @@ struct dcinfo last_dcinfo;
static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
{
- unsigned char *hash = p->ntlmssp_hash;
- unsigned char index_i = hash[256];
- unsigned char index_j = hash[257];
- int ind;
+ unsigned char *hash = p->ntlmssp_hash;
+ unsigned char index_i = hash[256];
+ unsigned char index_j = hash[257];
+ int ind;
- for( ind = 0; ind < len; ind++) {
- unsigned char tc;
- unsigned char t;
+ for( ind = 0; ind < len; ind++) {
+ unsigned char tc;
+ unsigned char t;
- index_i++;
- index_j += hash[index_i];
+ index_i++;
+ index_j += hash[index_i];
- tc = hash[index_i];
- hash[index_i] = hash[index_j];
- hash[index_j] = tc;
+ tc = hash[index_i];
+ hash[index_i] = hash[index_j];
+ hash[index_j] = tc;
- t = hash[index_i] + hash[index_j];
- data[ind] = data[ind] ^ hash[t];
- }
+ t = hash[index_i] + hash[index_j];
+ data[ind] = data[ind] ^ hash[t];
+ }
- hash[256] = index_i;
- hash[257] = index_j;
+ hash[256] = index_i;
+ hash[257] = index_j;
}
/*******************************************************************
@@ -501,6 +501,9 @@ succeeded authentication on named pipe %s, but session key was of incorrect leng
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
*/
+ if (p->session_key.data) {
+ data_blob_free(&p->session_key);
+ }
p->session_key = data_blob(server_info->lm_session_key.data, server_info->lm_session_key.length);
p->pipe_user.uid = server_info->uid;
@@ -1094,7 +1097,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
RPC_AUTH_VERIFIER auth_verifier;
RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal;
- generate_random_buffer(p->challenge, 8, False);
+ generate_random_buffer(p->challenge, 8);
/*** Authentication info ***/
diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c
index 7f7a3025a90..562b55b8f76 100644
--- a/source/rpc_server/srv_pipe_hnd.c
+++ b/source/rpc_server/srv_pipe_hnd.c
@@ -1092,6 +1092,22 @@ BOOL close_rpc_pipe_hnd(smb_np_struct *p)
}
/****************************************************************************
+ Close all pipes on a connection.
+****************************************************************************/
+
+void pipe_close_conn(connection_struct *conn)
+{
+ smb_np_struct *p, *next;
+
+ for (p=Pipes;p;p=next) {
+ next = p->next;
+ if (p->conn == conn) {
+ close_rpc_pipe_hnd(p);
+ }
+ }
+}
+
+/****************************************************************************
Close an rpc pipe.
****************************************************************************/
@@ -1114,9 +1130,6 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn)
/* Free the handles database. */
close_policy_by_pipe(p);
- if (p->session_key.data != NULL)
- data_blob_free(&p->session_key);
-
delete_nt_token(&p->pipe_user.nt_user_token);
data_blob_free(&p->session_key);
SAFE_FREE(p->pipe_user.groups);
diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c
index 06ba5435976..e3c9ff08d93 100644
--- a/source/rpc_server/srv_spoolss_nt.c
+++ b/source/rpc_server/srv_spoolss_nt.c
@@ -671,7 +671,11 @@ static BOOL is_monitoring_event(Printer_entry *p, uint16 notify_type,
* might use the flags though instead of the NOTIFY_OPTION_INFO
* --jerry
*/
-
+
+ if (!option) {
+ return False;
+ }
+
if (p->notify.flags)
return is_monitoring_event_flags(
p->notify.flags, notify_type, notify_field);
@@ -3725,6 +3729,12 @@ static WERROR printserver_notify_info(pipes_struct *p, POLICY_HND *hnd,
info->data=NULL;
info->count=0;
+ /* a bug in xp sp2 rc2 causes it to send a fnpcn request without
+ sending a ffpcn() request first */
+
+ if ( !option )
+ return WERR_BADFID;
+
for (i=0; i<option->count; i++) {
option_type=&(option->ctr.type[i]);
@@ -3787,6 +3797,12 @@ static WERROR printer_notify_info(pipes_struct *p, POLICY_HND *hnd, SPOOL_NOTIFY
info->data=NULL;
info->count=0;
+ /* a bug in xp sp2 rc2 causes it to send a fnpcn request without
+ sending a ffpcn() request first */
+
+ if ( !option )
+ return WERR_BADFID;
+
get_printer_snum(p, hnd, &snum);
for (i=0; i<option->count; i++) {
generated by cgit (git 2.34.1) at 2024-06-12 01:06:27 +0000