s3-schannel: add dump_NL_AUTH_SIGNATURE.

Guenther

4 files changed, 44 insertions, 44 deletions

diff --git a/librpc/ndr/ndr_schannel.c b/librpc/ndr/ndr_schannel.c
index 02796f7d9f..b610429211 100644
--- a/librpc/ndr/ndr_schannel.c
+++ b/librpc/ndr/ndr_schannel.c
@@ -69,3 +69,39 @@ _PUBLIC_ void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, cons
 
 	}
 }
+
+void dump_NL_AUTH_SIGNATURE(TALLOC_CTX *mem_ctx,
+			    const DATA_BLOB *blob)
+{
+	enum ndr_err_code ndr_err;
+	uint16_t signature_algorithm;
+
+	if (blob->length < 2) {
+		return;
+	}
+
+	signature_algorithm = SVAL(blob->data, 0);
+
+	switch (signature_algorithm) {
+	case NL_SIGN_HMAC_MD5: {
+		struct NL_AUTH_SIGNATURE r;
+		ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &r,
+		       (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE);
+		if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &r);
+		}
+		break;
+	}
+	case NL_SIGN_HMAC_SHA256: {
+		struct NL_AUTH_SHA2_SIGNATURE r;
+		ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &r,
+		       (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SHA2_SIGNATURE);
+		if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			NDR_PRINT_DEBUG(NL_AUTH_SHA2_SIGNATURE, &r);
+		}
+		break;
+	}
+	default:
+		break;
+	}
+}
diff --git a/librpc/ndr/ndr_schannel.h b/librpc/ndr/ndr_schannel.h
index d2dce7911a..d57278cfb2 100644
--- a/librpc/ndr/ndr_schannel.h
+++ b/librpc/ndr/ndr_schannel.h
@@ -21,4 +21,5 @@
 
 void ndr_print_NL_AUTH_MESSAGE_BUFFER(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER *r);
 void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER_REPLY *r);
-
+void dump_NL_AUTH_SIGNATURE(TALLOC_CTX *mem_ctx,
+			    const DATA_BLOB *blob);
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index febf787815..133334b9b1 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -672,13 +672,11 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
 				uint8 *p_ss_padding_len)
 {
 	RPC_HDR_AUTH auth_info;
-	struct NL_AUTH_SIGNATURE schannel_chk;
 	uint32 auth_len = prhdr->auth_len;
 	uint32 save_offset = prs_offset(current_pdu);
 	struct schannel_state *schannel_auth =
 		cli->auth->a_u.schannel_auth;
 	uint32 data_len;
-	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
 	NTSTATUS status;
 
@@ -725,15 +723,8 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
 
 	blob = data_blob_const(prs_data_p(current_pdu) + prs_offset(current_pdu), auth_len);
 
-	ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk,
-			       (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n"));
-		return ndr_map_error2ntstatus(ndr_err);
-	}
-
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &schannel_chk);
+		dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
 	}
 
 	switch (cli->auth->auth_level) {
@@ -1930,11 +1921,9 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
 					prs_struct *outgoing_pdu)
 {
 	RPC_HDR_AUTH auth_info;
-	struct NL_AUTH_SIGNATURE verf;
 	struct schannel_state *sas = cli->auth->a_u.schannel_auth;
 	char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN;
 	size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
-	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
 	NTSTATUS status;
 
@@ -1982,17 +1971,11 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
 			nt_errstr(status)));
 		return status;
 	}
-#if 0
-	ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &verf,
-			       (ndr_push_flags_fn_t)ndr_push_NL_AUTH_SIGNATURE);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		return ndr_map_error2ntstatus(ndr_err);
-	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &verf);
+		dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
 	}
-#endif
+
 	/* Finally marshall the blob. */
 	if (!prs_copy_data_in(outgoing_pdu, (const char *)blob.data, blob.length)) {
 		return NT_STATUS_NO_MEMORY;
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 576bd85745..040831c98f 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -410,9 +410,7 @@ static bool create_next_pdu_schannel(pipes_struct *p)
 		 * Schannel processing.
 		 */
 		RPC_HDR_AUTH auth_info;
-		struct NL_AUTH_SIGNATURE verf;
 		DATA_BLOB blob;
-		enum ndr_err_code ndr_err;
 
 		/* Check it's the type of reply we were expecting to decode */
 
@@ -458,18 +456,10 @@ static bool create_next_pdu_schannel(pipes_struct *p)
 
 		/* Finally marshall the blob. */
 
-#if 0
-		ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &verf,
-				       (ndr_push_flags_fn_t)ndr_push_NL_AUTH_SIGNATURE);
-		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-			prs_mem_free(&p->out_data.frag);
-			return false;
-		}
-
 		if (DEBUGLEVEL >= 10) {
-			NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &verf);
+			dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
 		}
-#endif
+
 		if (!prs_copy_data_in(&p->out_data.frag, (const char *)blob.data, blob.length)) {
 			prs_mem_free(&p->out_data.frag);
 			return false;
@@ -2170,8 +2160,6 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
 	uint32 auth_len;
 	uint32 save_offset = prs_offset(rpc_in);
 	RPC_HDR_AUTH auth_info;
-	struct NL_AUTH_SIGNATURE schannel_chk;
-	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
 	NTSTATUS status;
 
@@ -2223,16 +2211,8 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
 
 	blob = data_blob_const(prs_data_p(rpc_in) + prs_offset(rpc_in), auth_len);
 
-	ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk,
-			       (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		DEBUG(0,("failed to pull NL_AUTH_SIGNATURE\n"));
-		dump_data(2, blob.data, blob.length);
-		return false;
-	}
-
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &schannel_chk);
+		dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
 	}
 
 	switch (auth_info.auth_level) {