diff options
| author | Luke Leighton <lkcl@samba.org> | 1997-10-29 14:34:17 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1997-10-29 14:34:17 +0000 |
| commit | c2e2197e9d87795bda0198247c7bb132fe586fc1 (patch) | |
| tree | 778a9d746d62dda8cd8c58a473e0e826d1ed121a | |
| parent | 50d7e4d6f6b5d770742ee83523d6146cf51f8259 (diff) | |
| download | samba-c2e2197e9d87795bda0198247c7bb132fe586fc1.tar.gz | |
ipc.c :
bind ack should contain \PIPE\pipename not just pipename.
ntclientpipe.c :
sanity in bind ack: pipe name checks; transfer syntax checks; reason checks.
| -rw-r--r-- | source/ntclientpipe.c | 25 | ||||
| -rw-r--r-- | source/smbd/ipc.c | 13 |
2 files changed, 34 insertions, 4 deletions
diff --git a/source/ntclientpipe.c b/source/ntclientpipe.c index 79b1e1cd9cc..6a4fa59f80d 100644 --- a/source/ntclientpipe.c +++ b/source/ntclientpipe.c @@ -182,15 +182,34 @@ BOOL bind_rpc_pipe(char *pipe_name, uint16 fnum, uint32 call_id, if (p) { /* check the transfer syntax */ - valid_ack = hdr_ba.transfer.version == transfer->version && - memcmp(hdr_ba.transfer.data, transfer->data, - sizeof(transfer->version)); + valid_ack = (hdr_ba.transfer.version == transfer->version) && + (memcmp(hdr_ba.transfer.data, transfer->data, + sizeof(transfer->version)) ==0); if (!valid_ack) { DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n")); p = NULL; } } + + if (p) + { + /* check the results */ + valid_ack = (hdr_ba.res.num_results == 0x1) && + (hdr_ba.res.result == 0); + + if (!valid_ack) + { + DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n", + hdr_ba.res.num_results, + hdr_ba.res.reason)); + p = NULL; + } + else + { + DEBUG(5,("bind_rpc_pipe: accepted!\n")); + } + } } if (rparam) free(rparam); diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index aa1d2d5c4f9..c2cfc15a214 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -2945,20 +2945,31 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, if (api_fd_commands[i].subcommand != -1) { RPC_HDR hdr; + + /* process the rpc header */ char *q = smb_io_rpc_hdr(True, &hdr, data, data, 4, 0); + /* bind request received */ if ((bind_req = ((q != NULL) && (hdr.pkt_type == RPC_BIND)))) { RPC_HDR_RB hdr_rb; + /* decode the bind request */ char *p = smb_io_rpc_hdr_rb(True, &hdr_rb, q, data, 4, 0); if ((bind_req = (p != NULL))) { RPC_HDR_BA hdr_ba; + fstring ack_pipe_name; + + /* name has to be \PIPE\xxxxx */ + strcpy(ack_pipe_name, "\\PIPE\\"); + strcat(ack_pipe_name, api_fd_commands[i].pipename); + + /* make a bind acknowledgement */ make_rpc_hdr_ba(&hdr_ba, hdr_rb.bba.max_tsize, hdr_rb.bba.max_rsize, hdr_rb.bba.assoc_gid, - api_fd_commands[i].pipename, + ack_pipe_name, 0x1, 0x0, 0x0, &(hdr_rb.transfer)); |