[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-116-gc123e59

Wed, 23 Jul 2008 05:49:06 -0700 

The branch, v4-0-test has been updated
       via  c123e597cc84685abf2b0d3564e1a26d80bbef2f (commit)
      from  7ee99105ea3a50d8ee2c83ecd39e834ed9efb98c (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -----------------------------------------------------------------
commit c123e597cc84685abf2b0d3564e1a26d80bbef2f
Author: Stefan Metzmacher <[EMAIL PROTECTED]>
Date:   Wed Jul 23 14:41:16 2008 +0200

    rpc_server: be more strict with the incoming assoc_group_id
    
    Allow 0 and 0x12345678 only.
    This fixes the RPC-HANDLES test.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source/rpc_server/dcerpc_server.c |   24 ++++++++++++------------
 1 files changed, 12 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/rpc_server/dcerpc_server.c 
b/source/rpc_server/dcerpc_server.c
index a2ca897..ac36825 100644
--- a/source/rpc_server/dcerpc_server.c
+++ b/source/rpc_server/dcerpc_server.c
@@ -543,20 +543,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state 
*call)
        uint32_t context_id;
        const struct dcesrv_interface *iface;
 
-#if 0
-       /* It is not safe to enable this check - windows clients
-        * (WinXP in particular) will use it for NETLOGON calls, for
-        * the subsequent SCHANNEL bind.  It turns out that NETLOGON
-        * calls include no policy handles, so it is safe there.  Let
-        * the failure occour on the attempt to reuse a poilcy handle,
-        * rather than here */
-
-       /* Association groups allow policy handles to be shared across
-        * multiple client connections.  We don't implement this yet. */
-       if (call->pkt.u.bind.assoc_group_id != 0) {
+       /*
+        * Association groups allow policy handles to be shared across
+        * multiple client connections.  We don't implement this yet.
+        *
+        * So we just allow 0 if the client wants to create a new
+        * association group.
+        *
+        * And we allow the 0x12345678 value, we give away as
+        * assoc_group_id back to the clients
+        */
+       if (call->pkt.u.bind.assoc_group_id != 0 &&
+           call->pkt.u.bind.assoc_group_id != 0x12345678) {
                return dcesrv_bind_nak(call, 0);        
        }
-#endif
 
        if (call->pkt.u.bind.num_contexts < 1 ||
            call->pkt.u.bind.ctx_list[0].num_transfer_syntaxes < 1) {


-- 
Samba Shared Repository

Reply via email to