Author: vlendec Date: 2006-05-27 21:38:54 +0000 (Sat, 27 May 2006) New Revision: 15911
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15911 Log: Make us survive rpc-authcontext committed next Modified: branches/SAMBA_3_0/source/smbd/ipc.c branches/SAMBA_3_0/source/smbd/pipes.c trunk/source/smbd/ipc.c trunk/source/smbd/pipes.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/ipc.c =================================================================== --- branches/SAMBA_3_0/source/smbd/ipc.c 2006-05-27 16:58:36 UTC (rev 15910) +++ branches/SAMBA_3_0/source/smbd/ipc.c 2006-05-27 21:38:54 UTC (rev 15911) @@ -291,6 +291,12 @@ return ERROR_NT(NT_STATUS_INVALID_HANDLE); } + if (vuid != p->vuid) { + DEBUG(1, ("Got pipe request (pnum %x) using invalid VUID %d, " + "expected %d\n", pnum, vuid, p->vuid)); + return ERROR_NT(NT_STATUS_INVALID_HANDLE); + } + DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n", subcommand, p->name, pnum)); /* record maximum data length that can be transmitted in an SMBtrans */ Modified: branches/SAMBA_3_0/source/smbd/pipes.c =================================================================== --- branches/SAMBA_3_0/source/smbd/pipes.c 2006-05-27 16:58:36 UTC (rev 15910) +++ branches/SAMBA_3_0/source/smbd/pipes.c 2006-05-27 21:38:54 UTC (rev 15911) @@ -121,6 +121,7 @@ int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize) { smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0); + uint16 vuid = SVAL(inbuf,smb_uid); size_t numtowrite = SVAL(inbuf,smb_vwv1); int nwritten; int outsize; @@ -130,6 +131,10 @@ return(ERROR_DOS(ERRDOS,ERRbadfid)); } + if (p->vuid != vuid) { + return ERROR_NT(NT_STATUS_INVALID_HANDLE); + } + data = smb_buf(inbuf) + 3; if (numtowrite == 0) { @@ -161,6 +166,7 @@ int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize) { smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2); + uint16 vuid = SVAL(inbuf,smb_uid); size_t numtowrite = SVAL(inbuf,smb_vwv10); int nwritten = -1; int smb_doff = SVAL(inbuf, smb_vwv11); @@ -172,6 +178,10 @@ return(ERROR_DOS(ERRDOS,ERRbadfid)); } + if (p->vuid != vuid) { + return ERROR_NT(NT_STATUS_INVALID_HANDLE); + } + data = smb_base(inbuf) + smb_doff; if (numtowrite == 0) { Modified: trunk/source/smbd/ipc.c =================================================================== --- trunk/source/smbd/ipc.c 2006-05-27 16:58:36 UTC (rev 15910) +++ trunk/source/smbd/ipc.c 2006-05-27 21:38:54 UTC (rev 15911) @@ -291,6 +291,12 @@ return ERROR_NT(NT_STATUS_INVALID_HANDLE); } + if (vuid != p->vuid) { + DEBUG(1, ("Got pipe request (pnum %x) using invalid VUID %d, " + "expected %d\n", pnum, vuid, p->vuid)); + return ERROR_NT(NT_STATUS_INVALID_HANDLE); + } + DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n", subcommand, p->name, pnum)); /* record maximum data length that can be transmitted in an SMBtrans */ Modified: trunk/source/smbd/pipes.c =================================================================== --- trunk/source/smbd/pipes.c 2006-05-27 16:58:36 UTC (rev 15910) +++ trunk/source/smbd/pipes.c 2006-05-27 21:38:54 UTC (rev 15911) @@ -121,6 +121,7 @@ int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize) { smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0); + uint16 vuid = SVAL(inbuf,smb_uid); size_t numtowrite = SVAL(inbuf,smb_vwv1); int nwritten; int outsize; @@ -130,6 +131,10 @@ return(ERROR_DOS(ERRDOS,ERRbadfid)); } + if (p->vuid != vuid) { + return ERROR_NT(NT_STATUS_INVALID_HANDLE); + } + data = smb_buf(inbuf) + 3; if (numtowrite == 0) { @@ -161,6 +166,7 @@ int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize) { smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2); + uint16 vuid = SVAL(inbuf,smb_uid); size_t numtowrite = SVAL(inbuf,smb_vwv10); int nwritten = -1; int smb_doff = SVAL(inbuf, smb_vwv11); @@ -172,6 +178,10 @@ return(ERROR_DOS(ERRDOS,ERRbadfid)); } + if (p->vuid != vuid) { + return ERROR_NT(NT_STATUS_INVALID_HANDLE); + } + data = smb_base(inbuf) + smb_doff; if (numtowrite == 0) {
