diff options
Diffstat (limited to 'source/rpc_server')
-rw-r--r-- | source/rpc_server/srv_netlog_nt.c | 2 | ||||
-rw-r--r-- | source/rpc_server/srv_pipe.c | 39 | ||||
-rw-r--r-- | source/rpc_server/srv_pipe_hnd.c | 19 | ||||
-rw-r--r-- | source/rpc_server/srv_spoolss_nt.c | 18 |
4 files changed, 55 insertions, 23 deletions
diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index 264b7a74a79..b5871a7e56d 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -276,7 +276,7 @@ NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u /* create a server challenge for the client */ /* Set these to random values. */ - generate_random_buffer(p->dc.srv_chal.data, 8, False); + generate_random_buffer(p->dc.srv_chal.data, 8); memcpy(p->dc.srv_cred.challenge.data, p->dc.srv_chal.data, 8); diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index 36929150e54..bcf5eb533fd 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -52,28 +52,28 @@ struct dcinfo last_dcinfo; static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len) { - unsigned char *hash = p->ntlmssp_hash; - unsigned char index_i = hash[256]; - unsigned char index_j = hash[257]; - int ind; + unsigned char *hash = p->ntlmssp_hash; + unsigned char index_i = hash[256]; + unsigned char index_j = hash[257]; + int ind; - for( ind = 0; ind < len; ind++) { - unsigned char tc; - unsigned char t; + for( ind = 0; ind < len; ind++) { + unsigned char tc; + unsigned char t; - index_i++; - index_j += hash[index_i]; + index_i++; + index_j += hash[index_i]; - tc = hash[index_i]; - hash[index_i] = hash[index_j]; - hash[index_j] = tc; + tc = hash[index_i]; + hash[index_i] = hash[index_j]; + hash[index_j] = tc; - t = hash[index_i] + hash[index_j]; - data[ind] = data[ind] ^ hash[t]; - } + t = hash[index_i] + hash[index_j]; + data[ind] = data[ind] ^ hash[t]; + } - hash[256] = index_i; - hash[257] = index_j; + hash[256] = index_i; + hash[257] = index_j; } /******************************************************************* @@ -501,6 +501,9 @@ succeeded authentication on named pipe %s, but session key was of incorrect leng * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ + if (p->session_key.data) { + data_blob_free(&p->session_key); + } p->session_key = data_blob(server_info->lm_session_key.data, server_info->lm_session_key.length); p->pipe_user.uid = server_info->uid; @@ -1094,7 +1097,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) RPC_AUTH_VERIFIER auth_verifier; RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal; - generate_random_buffer(p->challenge, 8, False); + generate_random_buffer(p->challenge, 8); /*** Authentication info ***/ diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c index 7f7a3025a90..562b55b8f76 100644 --- a/source/rpc_server/srv_pipe_hnd.c +++ b/source/rpc_server/srv_pipe_hnd.c @@ -1092,6 +1092,22 @@ BOOL close_rpc_pipe_hnd(smb_np_struct *p) } /**************************************************************************** + Close all pipes on a connection. +****************************************************************************/ + +void pipe_close_conn(connection_struct *conn) +{ + smb_np_struct *p, *next; + + for (p=Pipes;p;p=next) { + next = p->next; + if (p->conn == conn) { + close_rpc_pipe_hnd(p); + } + } +} + +/**************************************************************************** Close an rpc pipe. ****************************************************************************/ @@ -1114,9 +1130,6 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) /* Free the handles database. */ close_policy_by_pipe(p); - if (p->session_key.data != NULL) - data_blob_free(&p->session_key); - delete_nt_token(&p->pipe_user.nt_user_token); data_blob_free(&p->session_key); SAFE_FREE(p->pipe_user.groups); diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 06ba5435976..e3c9ff08d93 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -671,7 +671,11 @@ static BOOL is_monitoring_event(Printer_entry *p, uint16 notify_type, * might use the flags though instead of the NOTIFY_OPTION_INFO * --jerry */ - + + if (!option) { + return False; + } + if (p->notify.flags) return is_monitoring_event_flags( p->notify.flags, notify_type, notify_field); @@ -3725,6 +3729,12 @@ static WERROR printserver_notify_info(pipes_struct *p, POLICY_HND *hnd, info->data=NULL; info->count=0; + /* a bug in xp sp2 rc2 causes it to send a fnpcn request without + sending a ffpcn() request first */ + + if ( !option ) + return WERR_BADFID; + for (i=0; i<option->count; i++) { option_type=&(option->ctr.type[i]); @@ -3787,6 +3797,12 @@ static WERROR printer_notify_info(pipes_struct *p, POLICY_HND *hnd, SPOOL_NOTIFY info->data=NULL; info->count=0; + /* a bug in xp sp2 rc2 causes it to send a fnpcn request without + sending a ffpcn() request first */ + + if ( !option ) + return WERR_BADFID; + get_printer_snum(p, hnd, &snum); for (i=0; i<option->count; i++) { |