s4:rpc_server: add DCERPC_AUTH_LEVEL_PACKET support
authorStefan Metzmacher <metze@samba.org>
Wed, 31 Aug 2016 19:43:14 +0000 (21:43 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Wed, 26 Oct 2016 09:20:14 +0000 (11:20 +0200)
This is basically an alias for DCERPC_AUTH_LEVEL_INTEGRITY
in the context of connection oriented DCERPC.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
source4/rpc_server/dcerpc_server.c
source4/rpc_server/dcesrv_auth.c

index 396284eb97662edefd6798eadabe3e5783ea9c85..1f299d650e9483152ef7f08954510272419b221e 100644 (file)
@@ -582,7 +582,11 @@ NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_call_state *dce_c
                return NT_STATUS_INTERNAL_ERROR;
        }
 
-       dce_call->context->min_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
+       /*
+        * For connection oriented DCERPC DCERPC_AUTH_LEVEL_PACKET (4)
+        * has the same behavior as DCERPC_AUTH_LEVEL_INTEGRITY (5).
+        */
+       dce_call->context->min_auth_level = DCERPC_AUTH_LEVEL_PACKET;
        return NT_STATUS_OK;
 }
 
@@ -1259,6 +1263,7 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
 
        switch (call->conn->auth_state.auth_level) {
        case DCERPC_AUTH_LEVEL_NONE:
+       case DCERPC_AUTH_LEVEL_PACKET:
        case DCERPC_AUTH_LEVEL_INTEGRITY:
        case DCERPC_AUTH_LEVEL_PRIVACY:
                break;
index 95b812fb3be0db5edb89c9e81f9b3f064574185a..9bea8539bef585df21913ac4999df77d0d4636f7 100644 (file)
@@ -487,6 +487,7 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
        switch (dce_conn->auth_state.auth_level) {
        case DCERPC_AUTH_LEVEL_PRIVACY:
        case DCERPC_AUTH_LEVEL_INTEGRITY:
+       case DCERPC_AUTH_LEVEL_PACKET:
                break;
 
        case DCERPC_AUTH_LEVEL_CONNECT:
@@ -556,6 +557,7 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
                break;
 
        case DCERPC_AUTH_LEVEL_INTEGRITY:
+       case DCERPC_AUTH_LEVEL_PACKET:
                status = gensec_check_packet(dce_conn->auth_state.gensec_security,
                                             pkt->u.request.stub_and_verifier.data, 
                                             pkt->u.request.stub_and_verifier.length,
@@ -607,6 +609,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
        switch (dce_conn->auth_state.auth_level) {
        case DCERPC_AUTH_LEVEL_PRIVACY:
        case DCERPC_AUTH_LEVEL_INTEGRITY:
+       case DCERPC_AUTH_LEVEL_PACKET:
                if (sig_size == 0) {
                        return false;
                }
@@ -701,6 +704,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
                break;
 
        case DCERPC_AUTH_LEVEL_INTEGRITY:
+       case DCERPC_AUTH_LEVEL_PACKET:
                status = gensec_sign_packet(dce_conn->auth_state.gensec_security, 
                                            call,
                                            ndr->data + DCERPC_REQUEST_LENGTH,