diff options
| author | Andrew Tridgell <tridge@samba.org> | 2009-09-16 03:57:09 -0700 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2009-09-16 03:57:09 -0700 |
| commit | 1b3f5cee2e72b8eb3df4836c237255ac7ad57136 (patch) | |
| tree | 56ab0d2ebb34b9c747c1c2606fc2d617f4b77671 | |
| parent | 79082f400e3d0c21b53d54bfb42954c2396110b9 (diff) | |
| parent | 033ced60ac734161686bd3da685f2d7b056e17c8 (diff) | |
| download | samba-1b3f5cee2e72b8eb3df4836c237255ac7ad57136.tar.gz samba-1b3f5cee2e72b8eb3df4836c237255ac7ad57136.tar.bz2 samba-1b3f5cee2e72b8eb3df4836c237255ac7ad57136.zip | |
Merge branch 'master' of ssh://git.samba.org/data/git/samba
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | lib/crypto/crypto.h | 2 | ||||
| -rw-r--r-- | libcli/auth/schannel_proto.h | 21 | ||||
| -rw-r--r-- | libcli/auth/schannel_sign.c | 297 | ||||
| -rw-r--r-- | librpc/gen_ndr/ndr_ntlmssp.c | 4 | ||||
| -rw-r--r-- | librpc/gen_ndr/ndr_ntlmssp.h | 1 | ||||
| -rw-r--r-- | librpc/ndr/ndr_schannel.c | 36 | ||||
| -rw-r--r-- | librpc/ndr/ndr_schannel.h | 3 | ||||
| -rw-r--r-- | source3/include/proto.h | 2 | ||||
| -rw-r--r-- | source3/include/rpc_dce.h | 44 | ||||
| -rw-r--r-- | source3/lib/netapi/user.c | 6 | ||||
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 108 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_rpc.c | 2 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 100 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 58 | ||||
| -rw-r--r-- | source3/rpcclient/cmd_lsarpc.c | 2 | ||||
| -rw-r--r-- | source3/utils/eventlogadm.c | 2 | ||||
| -rw-r--r-- | source4/auth/gensec/schannel.c | 89 |
18 files changed, 386 insertions, 392 deletions
diff --git a/.gitignore b/.gitignore index 8425302f0b..43f7846d1d 100644 --- a/.gitignore +++ b/.gitignore @@ -138,6 +138,7 @@ source4/config.mk source4/coverage source4/data.mk source4/dsdb/common/proto.h +source4/dsdb/kcc/kcc_service_proto.h source4/dsdb/repl/drepl_service_proto.h source4/dsdb/samdb/samdb_proto.h source4/dsdb/schema/proto.h diff --git a/lib/crypto/crypto.h b/lib/crypto/crypto.h index 0a43cbe7d4..b5ea9c78d5 100644 --- a/lib/crypto/crypto.h +++ b/lib/crypto/crypto.h @@ -24,5 +24,5 @@ #include "../lib/crypto/sha256.h" #include "../lib/crypto/hmacsha256.h" #include "../lib/crypto/arcfour.h" - +#include "../lib/crypto/aes.h" diff --git a/libcli/auth/schannel_proto.h b/libcli/auth/schannel_proto.h index d31707d5c2..eee7199576 100644 --- a/libcli/auth/schannel_proto.h +++ b/libcli/auth/schannel_proto.h @@ -23,20 +23,15 @@ #ifndef _LIBCLI_AUTH_SCHANNEL_PROTO_H__ #define _LIBCLI_AUTH_SCHANNEL_PROTO_H__ -NTSTATUS schannel_unseal_packet(struct schannel_state *state, +NTSTATUS netsec_incoming_packet(struct schannel_state *state, TALLOC_CTX *mem_ctx, + bool do_unseal, uint8_t *data, size_t length, const DATA_BLOB *sig); -NTSTATUS schannel_check_packet(struct schannel_state *state, - TALLOC_CTX *mem_ctx, - const uint8_t *data, size_t length, - const DATA_BLOB *sig); -NTSTATUS schannel_seal_packet(struct schannel_state *state, - TALLOC_CTX *mem_ctx, - uint8_t *data, size_t length, - DATA_BLOB *sig); -NTSTATUS schannel_sign_packet(struct schannel_state *state, - TALLOC_CTX *mem_ctx, - const uint8_t *data, size_t length, - DATA_BLOB *sig); +NTSTATUS netsec_outgoing_packet(struct schannel_state *state, + TALLOC_CTX *mem_ctx, + bool do_seal, + uint8_t *data, size_t length, + DATA_BLOB *sig); + #endif diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c index e60b4107bb..0672f67197 100644 --- a/libcli/auth/schannel_sign.c +++ b/libcli/auth/schannel_sign.c @@ -24,58 +24,89 @@ #include "../libcli/auth/schannel.h" #include "../lib/crypto/crypto.h" -#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } -#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } +static void netsec_offset_and_sizes(struct schannel_state *state, + bool do_seal, + uint32_t *_min_sig_size, + uint32_t *_used_sig_size, + uint32_t *_checksum_length, + uint32_t *_confounder_ofs) +{ + uint32_t min_sig_size = 24; + uint32_t used_sig_size = 32; + uint32_t checksum_length = 8; + uint32_t confounder_ofs = 24; + + if (do_seal) { + min_sig_size += 8; + } + + if (_min_sig_size) { + *_min_sig_size = min_sig_size; + } + + if (_used_sig_size) { + *_used_sig_size = used_sig_size; + } + + if (_checksum_length) { + *_checksum_length = checksum_length; + } + + if (_confounder_ofs) { + *_confounder_ofs = confounder_ofs; + } +} /******************************************************************* Encode or Decode the sequence number (which is symmetric) ********************************************************************/ -static void netsec_deal_with_seq_num(struct schannel_state *state, - const uint8_t packet_digest[8], - uint8_t seq_num[8]) +static void netsec_do_seq_num(struct schannel_state *state, + const uint8_t *checksum, + uint32_t checksum_length, + uint8_t seq_num[8]) { static const uint8_t zeros[4]; uint8_t sequence_key[16]; uint8_t digest1[16]; hmac_md5(state->creds->session_key, zeros, sizeof(zeros), digest1); - hmac_md5(digest1, packet_digest, 8, sequence_key); + hmac_md5(digest1, checksum, checksum_length, sequence_key); arcfour_crypt(seq_num, sequence_key, 8); state->seq_num++; } - -/******************************************************************* - Calculate the key with which to encode the data payload - ********************************************************************/ -static void netsec_get_sealing_key(const uint8_t session_key[16], - const uint8_t seq_num[8], - uint8_t sealing_key[16]) +static void netsec_do_seal(struct schannel_state *state, + const uint8_t seq_num[8], + uint8_t confounder[8], + uint8_t *data, uint32_t length) { + uint8_t sealing_key[16]; static const uint8_t zeros[4]; uint8_t digest2[16]; uint8_t sess_kf0[16]; int i; for (i = 0; i < 16; i++) { - sess_kf0[i] = session_key[i] ^ 0xf0; + sess_kf0[i] = state->creds->session_key[i] ^ 0xf0; } hmac_md5(sess_kf0, zeros, 4, digest2); hmac_md5(digest2, seq_num, 8, sealing_key); -} + arcfour_crypt(confounder, sealing_key, 8); + arcfour_crypt(data, sealing_key, length); +} /******************************************************************* Create a digest over the entire packet (including the data), and MD5 it with the session key. ********************************************************************/ -static void schannel_digest(const uint8_t sess_key[16], - const uint8_t netsec_sig[8], - const uint8_t *confounder, - const uint8_t *data, size_t data_len, - uint8_t digest_final[16]) +static void netsec_do_sign(struct schannel_state *state, + const uint8_t *confounder, + const uint8_t *data, size_t data_len, + uint8_t header[8], + uint8_t *checksum) { uint8_t packet_digest[16]; static const uint8_t zeros[4]; @@ -83,187 +114,155 @@ static void schannel_digest(const uint8_t sess_key[16], MD5Init(&ctx); MD5Update(&ctx, zeros, 4); - MD5Update(&ctx, netsec_sig, 8); if (confounder) { + SSVAL(header, 0, NL_SIGN_HMAC_MD5); + SSVAL(header, 2, NL_SEAL_RC4); + SSVAL(header, 4, 0xFFFF); + SSVAL(header, 6, 0x0000); + + MD5Update(&ctx, header, 8); MD5Update(&ctx, confounder, 8); + } else { + SSVAL(header, 0, NL_SIGN_HMAC_MD5); + SSVAL(header, 2, NL_SEAL_NONE); + SSVAL(header, 4, 0xFFFF); + SSVAL(header, 6, 0x0000); + + MD5Update(&ctx, header, 8); } MD5Update(&ctx, data, data_len); MD5Final(packet_digest, &ctx); - hmac_md5(sess_key, packet_digest, sizeof(packet_digest), digest_final); + hmac_md5(state->creds->session_key, + packet_digest, sizeof(packet_digest), + checksum); } - -/* - unseal a packet -*/ -NTSTATUS schannel_unseal_packet(struct schannel_state *state, +NTSTATUS netsec_incoming_packet(struct schannel_state *state, TALLOC_CTX *mem_ctx, + bool do_unseal, uint8_t *data, size_t length, const DATA_BLOB *sig) { - uint8_t digest_final[16]; - uint8_t confounder[8]; + uint32_t min_sig_size = 0; + uint8_t header[8]; + uint8_t checksum[32]; + uint32_t checksum_length = sizeof(checksum_length); + uint8_t _confounder[8]; + uint8_t *confounder = NULL; + uint32_t confounder_ofs = 0; uint8_t seq_num[8]; - uint8_t sealing_key[16]; - static const uint8_t netsec_sig[8] = NETSEC_SEAL_SIGNATURE; + int ret; + + netsec_offset_and_sizes(state, + do_unseal, + &min_sig_size, + NULL, + &checksum_length, + &confounder_ofs); - if (sig->length != 32) { + if (sig->length < min_sig_size) { return NT_STATUS_ACCESS_DENIED; } - memcpy(confounder, sig->data+24, 8); + if (do_unseal) { + confounder = _confounder; + memcpy(confounder, sig->data+confounder_ofs, 8); + } else { + confounder = NULL; + } RSIVAL(seq_num, 0, state->seq_num); SIVAL(seq_num, 4, state->initiator?0:0x80); - netsec_get_sealing_key(state->creds->session_key, seq_num, sealing_key); - arcfour_crypt(confounder, sealing_key, 8); - arcfour_crypt(data, sealing_key, length); - - schannel_digest(state->creds->session_key, - netsec_sig, confounder, - data, length, digest_final); - - if (memcmp(digest_final, sig->data+16, 8) != 0) { - dump_data_pw("calc digest:", digest_final, 8); - dump_data_pw("wire digest:", sig->data+16, 8); - return NT_STATUS_ACCESS_DENIED; + if (do_unseal) { + netsec_do_seal(state, seq_num, + confounder, + data, length); } - netsec_deal_with_seq_num(state, digest_final, seq_num); - - if (memcmp(seq_num, sig->data+8, 8) != 0) { - dump_data_pw("calc seq num:", seq_num, 8); - dump_data_pw("wire seq num:", sig->data+8, 8); - return NT_STATUS_ACCESS_DENIED; - } - - return NT_STATUS_OK; -} - -/* - check the signature on a packet -*/ -NTSTATUS schannel_check_packet(struct schannel_state *state, - TALLOC_CTX *mem_ctx, - const uint8_t *data, size_t length, - const DATA_BLOB *sig) -{ - uint8_t digest_final[16]; - uint8_t seq_num[8]; - static const uint8_t netsec_sig[8] = NETSEC_SIGN_SIGNATURE; + netsec_do_sign(state, confounder, + data, length, + header, checksum); - /* w2k sends just 24 bytes and skip the confounder */ - if (sig->length != 32 && sig->length != 24) { + ret = memcmp(checksum, sig->data+16, checksum_length); + if (ret != 0) { + dump_data_pw("calc digest:", checksum, checksum_length); + dump_data_pw("wire digest:", sig->data+16, checksum_length); return NT_STATUS_ACCESS_DENIED; } - RSIVAL(seq_num, 0, state->seq_num); - SIVAL(seq_num, 4, state->initiator?0:0x80); - - dump_data_pw("seq_num:\n", seq_num, 8); - dump_data_pw("sess_key:\n", state->creds->session_key, 16); + netsec_do_seq_num(state, checksum, checksum_length, seq_num); - schannel_digest(state->creds->session_key, - netsec_sig, NULL, - data, length, digest_final); - - netsec_deal_with_seq_num(state, digest_final, seq_num); - - if (memcmp(seq_num, sig->data+8, 8) != 0) { + ret = memcmp(seq_num, sig->data+8, 8); + if (ret != 0) { dump_data_pw("calc seq num:", seq_num, 8); dump_data_pw("wire seq num:", sig->data+8, 8); return NT_STATUS_ACCESS_DENIED; } - if (memcmp(digest_final, sig->data+16, 8) != 0) { - dump_data_pw("calc digest:", digest_final, 8); - dump_data_pw("wire digest:", sig->data+16, 8); - return NT_STATUS_ACCESS_DENIED; - } - return NT_STATUS_OK; } - -/* - seal a packet -*/ -NTSTATUS schannel_seal_packet(struct schannel_state *state, - TALLOC_CTX *mem_ctx, - uint8_t *data, size_t length, - DATA_BLOB *sig) +NTSTATUS netsec_outgoing_packet(struct schannel_state *state, + TALLOC_CTX *mem_ctx, + bool do_seal, + uint8_t *data, size_t length, + DATA_BLOB *sig) { - uint8_t digest_final[16]; - uint8_t confounder[8]; + uint32_t min_sig_size = 0; + uint32_t used_sig_size = 0; + uint8_t header[8]; + uint8_t checksum[32]; + uint32_t checksum_length = sizeof(checksum_length); + uint8_t _confounder[8]; + uint8_t *confounder = NULL; + uint32_t confounder_ofs = 0; uint8_t seq_num[8]; - uint8_t sealing_key[16]; - static const uint8_t netsec_sig[8] = NETSEC_SEAL_SIGNATURE; - generate_random_buffer(confounder, 8); + netsec_offset_and_sizes(state, + do_seal, + &min_sig_size, + &used_sig_size, + &checksum_length, + &confounder_ofs); RSIVAL(seq_num, 0, state->seq_num); SIVAL(seq_num, 4, state->initiator?0x80:0); - schannel_digest(state->creds->session_key, - netsec_sig, confounder, - data, length, digest_final); - - netsec_get_sealing_key(state->creds->session_key, seq_num, sealing_key); - arcfour_crypt(confounder, sealing_key, 8); - arcfour_crypt(data, sealing_key, length); - - netsec_deal_with_seq_num(state, digest_final, seq_num); - - (*sig) = data_blob_talloc(mem_ctx, NULL, 32); - - memcpy(sig->data, netsec_sig, 8); - memcpy(sig->data+8, seq_num, 8); - memcpy(sig->data+16, digest_final, 8); - memcpy(sig->data+24, confounder, 8); - - dump_data_pw("signature:", sig->data+ 0, 8); - dump_data_pw("seq_num :", sig->data+ 8, 8); - dump_data_pw("digest :", sig->data+16, 8); - dump_data_pw("confound :", sig->data+24, 8); - - return NT_STATUS_OK; -} - - -/* - sign a packet -*/ -NTSTATUS schannel_sign_packet(struct schannel_state *state, - TALLOC_CTX *mem_ctx, - const uint8_t *data, size_t length, - DATA_BLOB *sig) -{ - uint8_t digest_final[16]; - uint8_t seq_num[8]; - static const uint8_t netsec_sig[8] = NETSEC_SIGN_SIGNATURE; + if (do_seal) { + confounder = _confounder; + generate_random_buffer(confounder, 8); + } else { + confounder = NULL; + } - RSIVAL(seq_num, 0, state->seq_num); - SIVAL(seq_num, 4, state->initiator?0x80:0); + netsec_do_sign(state, confounder, + data, length, + header, checksum); - schannel_digest(state->creds->session_key, - netsec_sig, NULL, - data, length, digest_final); + if (do_seal) { + netsec_do_seal(state, seq_num, + confounder, + data, length); + } - netsec_deal_with_seq_num(state, digest_final, seq_num); + netsec_do_seq_num(state, checksum, checksum_length, seq_num); - (*sig) = data_blob_talloc(mem_ctx, NULL, 32); + (*sig) = data_blob_talloc_zero(mem_ctx, used_sig_size); - memcpy(sig->data, netsec_sig, 8); + memcpy(sig->data, header, 8); memcpy(sig->data+8, seq_num, 8); - memcpy(sig->data+16, digest_final, 8); - memset(sig->data+24, 0, 8); + memcpy(sig->data+16, checksum, checksum_length); + + if (confounder) { + memcpy(sig->data+confounder_ofs, confounder, 8); + } dump_data_pw("signature:", sig->data+ 0, 8); dump_data_pw("seq_num :", sig->data+ 8, 8); - dump_data_pw("digest :", sig->data+16, 8); - dump_data_pw("confound :", sig->data+24, 8); + dump_data_pw("digest :", sig->data+16, checksum_length); + dump_data_pw("confound :", sig->data+confounder_ofs, 8); return NT_STATUS_OK; } diff --git a/librpc/gen_ndr/ndr_ntlmssp.c b/librpc/gen_ndr/ndr_ntlmssp.c index 2b4e70e363..8e379bfff1 100644 --- a/librpc/gen_ndr/ndr_ntlmssp.c +++ b/librpc/gen_ndr/ndr_ntlmssp.c @@ -2279,7 +2279,7 @@ static const struct ndr_interface_call ntlmssp_calls[] = { }; static const char * const ntlmssp_endpoint_strings[] = { - "ncacn_np:[\\pipe\\ntlmssp]", + "ncacn_np:[\\pipe\\ntlmssp]", }; static const struct ndr_interface_string_array ntlmssp_endpoints = { @@ -2288,7 +2288,7 @@ static const struct ndr_interface_string_array ntlmssp_endpoints = { }; static const char * const ntlmssp_authservice_strings[] = { - "host", + "host", }; static const struct ndr_interface_string_array ntlmssp_authservices = { diff --git a/librpc/gen_ndr/ndr_ntlmssp.h b/librpc/gen_ndr/ndr_ntlmssp.h index de31c6c83c..ab095d1cc2 100644 --- a/librpc/gen_ndr/ndr_ntlmssp.h +++ b/librpc/gen_ndr/ndr_ntlmssp.h @@ -50,6 +50,7 @@ void ndr_print_LM_RESPONSE(struct ndr_print *ndr, const char *name, const struct enum ndr_err_code ndr_push_LMv2_RESPONSE(struct ndr_push *ndr, int ndr_flags, const struct LMv2_RESPONSE *r); enum ndr_err_code ndr_pull_LMv2_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct LMv2_RESPONSE *r); void ndr_print_LMv2_RESPONSE(struct ndr_print *ndr, const char *name, const struct LMv2_RESPONSE *r); +void ndr_print_ntlmssp_LM_RESPONSE(struct ndr_print *ndr, const char *name, const union ntlmssp_LM_RESPONSE *r); enum ndr_err_code ndr_push_NTLM_RESPONSE(struct ndr_push *ndr, int ndr_flags, const struct NTLM_RESPONSE *r); enum ndr_err_code ndr_pull_NTLM_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct NTLM_RESPONSE *r); void ndr_print_NTLM_RESPONSE(struct ndr_print *ndr, const char *name, const struct NTLM_RESPONSE *r); diff --git a/librpc/ndr/ndr_schannel.c b/librpc/ndr/ndr_schannel.c index 02796f7d9f..b610429211 100644 --- a/librpc/ndr/ndr_schannel.c +++ b/librpc/ndr/ndr_schannel.c @@ -69,3 +69,39 @@ _PUBLIC_ void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, cons } } + +void dump_NL_AUTH_SIGNATURE(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob) +{ + enum ndr_err_code ndr_err; + uint16_t signature_algorithm; + + if (blob->length < 2) { + return; + } + + signature_algorithm = SVAL(blob->data, 0); + + switch (signature_algorithm) { + case NL_SIGN_HMAC_MD5: { + struct NL_AUTH_SIGNATURE r; + ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &r, + (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &r); + } + break; + } + case NL_SIGN_HMAC_SHA256: { + struct NL_AUTH_SHA2_SIGNATURE r; + ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &r, + (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SHA2_SIGNATURE); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NDR_PRINT_DEBUG(NL_AUTH_SHA2_SIGNATURE, &r); + } + break; + } + default: + break; + } +} diff --git a/librpc/ndr/ndr_schannel.h b/librpc/ndr/ndr_schannel.h index d2dce7911a..d57278cfb2 100644 --- a/librpc/ndr/ndr_schannel.h +++ b/librpc/ndr/ndr_schannel.h @@ -21,4 +21,5 @@ void ndr_print_NL_AUTH_MESSAGE_BUFFER(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER *r); void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER_REPLY *r); - +void dump_NL_AUTH_SIGNATURE(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob); diff --git a/source3/include/proto.h b/source3/include/proto.h index 8af6dba7b0..007ee9f223 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5712,7 +5712,7 @@ bool prs_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx); /* The following definitions come from rpc_parse/parse_rpc.c */ const char *get_pipe_name_from_iface(const struct ndr_syntax_id *interface); -void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags, +void init_rpc_hdr(RPC_HDR *hdr, enum dcerpc_pkt_type pkt_type, uint8 flags, uint32 call_id, int data_len, int auth_len); bool smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth); void init_rpc_context(RPC_CONTEXT *rpc_ctx, uint16 context_id, diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h index fc2d8809b9..3fd833c0bd 100644 --- a/source3/include/rpc_dce.h +++ b/source3/include/rpc_dce.h @@ -22,49 +22,7 @@ #ifndef _DCE_RPC_H /* _DCE_RPC_H */ #define _DCE_RPC_H -/* DCE/RPC packet types */ - -enum RPC_PKT_TYPE { - RPC_REQUEST = 0x00, /* Ordinary request. */ - RPC_PING = 0x01, /* Connectionless is server alive ? */ - RPC_RESPONSE = 0x02, /* Ordinary reply. */ - RPC_FAULT = 0x03, /* Fault in processing of call. */ - RPC_WORKING = 0x04, /* Connectionless reply to a ping when server busy. */ - RPC_NOCALL = 0x05, /* Connectionless reply to a ping when server has lost part of clients call. */ - RPC_REJECT = 0x06, /* Refuse a request with a code. */ - RPC_ACK = 0x07, /* Connectionless client to server code. */ - RPC_CL_CANCEL= 0x08, /* Connectionless cancel. */ - RPC_FACK = 0x09, /* Connectionless fragment ack. Both client and server send. */ - RPC_CANCEL_ACK = 0x0A, /* Server ACK to client cancel request. */ - RPC_BIND = 0x0B, /* Bind to interface. */ - RPC_BINDACK = 0x0C, /* Server ack of bind. */ - RPC_BINDNACK = 0x0D, /* Server nack of bind. */ - RPC_ALTCONT = 0x0E, /* Alter auth. */ - RPC_ALTCONTRESP = 0x0F, /* Reply to alter auth. */ - RPC_AUTH3 = 0x10, /* not the real name! this is undocumented! */ - RPC_SHUTDOWN = 0x11, /* Server to client request to shutdown. */ - RPC_CO_CANCEL= 0x12, /* Connection-oriented cancel request. */ - RPC_ORPHANED = 0x13 /* Client telling server it's aborting a partially sent request or telling - server to stop sending replies. */ -}; - -/* DCE/RPC flags */ -#define RPC_FLG_FIRST 0x01 -#define RPC_FLG_LAST 0x02 -#define RPC_FLG_NOCALL 0x20 - -/* Netlogon schannel auth type and level */ -#define SCHANNEL_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } -#define SCHANNEL_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } - #define RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN 0x20 -#define RPC_AUTH_SCHANNEL_SIGN_ONLY_CHK_LEN 0x18 - - -enum schannel_direction { - SENDER_IS_INITIATOR, - SENDER_IS_ACCEPTOR -}; /* Maximum size of the signing data in a fragment. */ #define RPC_MAX_SIGN_SIZE 0x38 /* 56 */ @@ -79,7 +37,7 @@ enum schannel_direction { typedef struct rpc_hdr_info { uint8 major; /* 5 - RPC major version */ uint8 minor; /* 0 - RPC minor version */ - uint8 pkt_type; /* RPC_PKT_TYPE - RPC response packet */ + uint8 pkt_type; /* dcerpc_pkt_type - RPC response packet */ uint8 flags; /* DCE/RPC flags */ uint8 pack_type[4]; /* 0x1000 0000 - little-endian packed data representation */ uint16 frag_len; /* fragment length - data size (bytes) inc header and tail. */ diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c index 9fa3ddd9a8..f95750fae7 100644 --- a/source3/lib/netapi/user.c +++ b/source3/lib/netapi/user.c @@ -466,7 +466,7 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx, &user_handle); done: - if (is_valid_policy_hnd(&user_handle)) { + if (is_valid_policy_hnd(&user_handle) && pipe_cli) { rpccli_samr_Close(pipe_cli, ctx, &user_handle); } @@ -1696,7 +1696,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx, } done: - if (is_valid_policy_hnd(&user_handle)) { + if (is_valid_policy_hnd(&user_handle) && pipe_cli) { rpccli_samr_Close(pipe_cli, ctx, &user_handle); } @@ -1864,7 +1864,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx, werr = WERR_OK; done: - if (is_valid_policy_hnd(&user_handle)) { + if (is_valid_policy_hnd(&user_handle) && pipe_cli) { rpccli_samr_Close(pipe_cli, ctx, &user_handle); } diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index febf787815..186696fbbc 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -672,13 +672,12 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p uint8 *p_ss_padding_len) { RPC_HDR_AUTH auth_info; - struct NL_AUTH_SIGNATURE schannel_chk; uint32 auth_len = prhdr->auth_len; uint32 save_offset = prs_offset(current_pdu); struct schannel_state *schannel_auth = cli->auth->a_u.schannel_auth; + uint8_t *data; uint32 data_len; - enum ndr_err_code ndr_err; DATA_BLOB blob; NTSTATUS status; @@ -725,31 +724,28 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p blob = data_blob_const(prs_data_p(current_pdu) + prs_offset(current_pdu), auth_len); - ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk, - (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n")); - return ndr_map_error2ntstatus(ndr_err); - } - if (DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &schannel_chk); + dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } + data = (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN; + switch (cli->auth->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = schannel_unseal_packet(schannel_auth, + status = netsec_incoming_packet(schannel_auth, talloc_tos(), - (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN, + true, + data, data_len, &blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = schannel_check_packet(schannel_auth, - talloc_tos(), - (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN, - data_len, - &blob); + status = netsec_incoming_packet(schannel_auth, + talloc_tos(), + false, + data, + data_len, + &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; @@ -881,14 +877,14 @@ static NTSTATUS cli_pipe_validate_current_pdu(struct rpc_pipe_client *cli, RPC_H /* Ensure we have the correct type. */ switch (prhdr->pkt_type) { - case RPC_ALTCONTRESP: - case RPC_BINDACK: + case DCERPC_PKT_ALTER_RESP: + case DCERPC_PKT_BIND_ACK: /* Alter context and bind ack share the same packet definitions. */ break; - case RPC_RESPONSE: + case DCERPC_PKT_RESPONSE: { RPC_HDR_RESP rhdr_resp; uint8 ss_padding_len = 0; @@ -944,14 +940,14 @@ static NTSTATUS cli_pipe_validate_current_pdu(struct rpc_pipe_client *cli, RPC_H break; } - case RPC_BINDNACK: + case DCERPC_PKT_BIND_NAK: DEBUG(1, ("cli_pipe_validate_current_pdu: Bind NACK " "received from %s!\n", rpccli_pipe_txt(debug_ctx(), cli))); /* Use this for now... */ return NT_STATUS_NETWORK_ACCESS_DENIED; - case RPC_FAULT: + case DCERPC_PKT_FAULT: { RPC_HDR_RESP rhdr_resp; RPC_HDR_FAULT fault_resp; @@ -998,10 +994,10 @@ static NTSTATUS cli_pipe_validate_current_pdu(struct rpc_pipe_client *cli, RPC_H data before now as we may have needed to do cryptographic actions on it before. */ - if ((prhdr->pkt_type == RPC_BINDACK) && !(prhdr->flags & RPC_FLG_LAST)) { + if ((prhdr->pkt_type == DCERPC_PKT_BIND_ACK) && !(prhdr->flags & DCERPC_PFC_FLAG_LAST)) { DEBUG(5,("cli_pipe_validate_current_pdu: bug in server (AS/U?), " "setting fragment first/last ON.\n")); - prhdr->flags |= RPC_FLG_FIRST|RPC_FLG_LAST; + prhdr->flags |= DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST; } return NT_STATUS_OK; @@ -1401,7 +1397,7 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) return; } - if ((state->rhdr.flags & RPC_FLG_FIRST) + if ((state->rhdr.flags & DCERPC_PFC_FLAG_FIRST) && (state->rhdr.pack_type[0] == 0)) { /* * Set the data type correctly for big-endian data on the @@ -1442,7 +1438,7 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) return; } - if (state->rhdr.flags & RPC_FLG_LAST) { + if (state->rhdr.flags & DCERPC_PFC_FLAG_LAST) { DEBUG(10,("rpc_api_pipe: %s returned %u bytes.\n", rpccli_pipe_txt(debug_ctx(), state->cli), (unsigned)prs_data_size(&state->incoming_pdu))); @@ -1688,7 +1684,7 @@ static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli, Creates the internals of a DCE/RPC bind request or alter context PDU. ********************************************************************/ -static NTSTATUS create_bind_or_alt_ctx_internal(enum RPC_PKT_TYPE pkt_type, +static NTSTATUS create_bind_or_alt_ctx_internal(enum dcerpc_pkt_type pkt_type, prs_struct *rpc_out, uint32 rpc_call_id, const struct ndr_syntax_id *abstract, @@ -1723,7 +1719,7 @@ static NTSTATUS create_bind_or_alt_ctx_internal(enum RPC_PKT_TYPE pkt_type, } /* Create the request RPC_HDR */ - init_rpc_hdr(&hdr, pkt_type, RPC_FLG_FIRST|RPC_FLG_LAST, rpc_call_id, frag_len, auth_len); + init_rpc_hdr(&hdr, pkt_type, DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST, rpc_call_id, frag_len, auth_len); /* Marshall the RPC header */ if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) { @@ -1827,7 +1823,7 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli, return NT_STATUS_INVALID_INFO_CLASS; } - ret = create_bind_or_alt_ctx_internal(RPC_BIND, + ret = create_bind_or_alt_ctx_internal(DCERPC_PKT_BIND, rpc_out, rpc_call_id, abstract, @@ -1930,11 +1926,9 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, prs_struct *outgoing_pdu) { RPC_HDR_AUTH auth_info; - struct NL_AUTH_SIGNATURE verf; struct schannel_state *sas = cli->auth->a_u.schannel_auth; char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN; size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; - enum ndr_err_code ndr_err; DATA_BLOB blob; NTSTATUS status; @@ -1959,18 +1953,20 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, switch (cli->auth->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = schannel_seal_packet(sas, - talloc_tos(), - (uint8_t *)data_p, - data_and_pad_len, - &blob); + status = netsec_outgoing_packet(sas, + talloc_tos(), + true, + (uint8_t *)data_p, + data_and_pad_len, + &blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = schannel_sign_packet(sas, - talloc_tos(), - (uint8_t *)data_p, - data_and_pad_len, - &blob); + status = netsec_outgoing_packet(sas, + talloc_tos(), + false, + (uint8_t *)data_p, + data_and_pad_len, + &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; @@ -1982,17 +1978,11 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, nt_errstr(status))); return status; } -#if 0 - ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &verf, - (ndr_push_flags_fn_t)ndr_push_NL_AUTH_SIGNATURE); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return ndr_map_error2ntstatus(ndr_err); - } if (DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &verf); + dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } -#endif + /* Finally marshall the blob. */ if (!prs_copy_data_in(outgoing_pdu, (const char *)blob.data, blob.length)) { return NT_STATUS_NO_MEMORY; @@ -2143,7 +2133,7 @@ struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx, if (is_last_frag) { subreq = rpc_api_pipe_send(state, ev, state->cli, &state->outgoing_frag, - RPC_RESPONSE); + DCERPC_PKT_RESPONSE); if (subreq == NULL) { goto fail; } @@ -2189,11 +2179,11 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, state->cli, data_left, &frag_len, &auth_len, &ss_padding); if (state->req_data_sent == 0) { - flags = RPC_FLG_FIRST; + flags = DCERPC_PFC_FLAG_FIRST; } if (data_sent_thistime == data_left) { - flags |= RPC_FLG_LAST; + flags |= DCERPC_PFC_FLAG_LAST; } if (!prs_set_offset(&state->outgoing_frag, 0)) { @@ -2201,7 +2191,7 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, } /* Create and marshall the header and request header. */ - init_rpc_hdr(&hdr, RPC_REQUEST, flags, state->call_id, frag_len, + init_rpc_hdr(&hdr, DCERPC_PKT_REQUEST, flags, state->call_id, frag_len, auth_len); if (!smb_io_rpc_hdr("hdr ", &hdr, &state->outgoing_frag, 0)) { @@ -2249,7 +2239,7 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, } state->req_data_sent += data_sent_thistime; - *is_last_frag = ((flags & RPC_FLG_LAST) != 0); + *is_last_frag = ((flags & DCERPC_PFC_FLAG_LAST) != 0); return status; } @@ -2279,7 +2269,7 @@ static void rpc_api_pipe_req_write_done(struct tevent_req *subreq) if (is_last_frag) { subreq = rpc_api_pipe_send(state, state->ev, state->cli, &state->outgoing_frag, - RPC_RESPONSE); + DCERPC_PKT_RESPONSE); if (tevent_req_nomem(subreq, req)) { return; } @@ -2436,7 +2426,7 @@ static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli, uint32 pad = 0; /* Create the request RPC_HDR */ - init_rpc_hdr(&hdr, RPC_AUTH3, RPC_FLG_FIRST|RPC_FLG_LAST, rpc_call_id, + init_rpc_hdr(&hdr, DCERPC_PKT_AUTH3, DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST, rpc_call_id, RPC_HEADER_LEN + 4 /* pad */ + RPC_HDR_AUTH_LEN + pauth_blob->length, pauth_blob->length ); @@ -2509,7 +2499,7 @@ static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id, } } - ret = create_bind_or_alt_ctx_internal(RPC_ALTCONT, + ret = create_bind_or_alt_ctx_internal(DCERPC_PKT_ALTER, rpc_out, rpc_call_id, abstract, @@ -2590,7 +2580,7 @@ struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx, } subreq = rpc_api_pipe_send(state, ev, cli, &state->rpc_out, - RPC_BINDACK); + DCERPC_PKT_BIND_ACK); if (subreq == NULL) { goto fail; } @@ -2858,7 +2848,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind_send(struct tevent_req *req, } subreq = rpc_api_pipe_send(state, state->ev, state->cli, - &state->rpc_out, RPC_ALTCONTRESP); + &state->rpc_out, DCERPC_PKT_ALTER_RESP); if (subreq == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c index eb568b60a3..f720de35a1 100644 --- a/source3/rpc_parse/parse_rpc.c +++ b/source3/rpc_parse/parse_rpc.c @@ -29,7 +29,7 @@ Inits an RPC_HDR structure. ********************************************************************/ -void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags, +void init_rpc_hdr(RPC_HDR *hdr, enum dcerpc_pkt_type pkt_type, uint8 flags, uint32 call_id, int data_len, int auth_len) { hdr->major = 5; /* RPC version 5 */ diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 576bd85745..627dac0f82 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -84,11 +84,11 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) memset((char *)&hdr_resp, '\0', sizeof(hdr_resp)); /* Change the incoming request header to a response. */ - p->hdr.pkt_type = RPC_RESPONSE; + p->hdr.pkt_type = DCERPC_PKT_RESPONSE; /* Set up rpc header flags. */ if (p->out_data.data_sent_length == 0) { - p->hdr.flags = RPC_FLG_FIRST; + p->hdr.flags = DCERPC_PFC_FLAG_FIRST; } else { p->hdr.flags = 0; } @@ -130,7 +130,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) */ if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) { - p->hdr.flags |= RPC_FLG_LAST; + p->hdr.flags |= DCERPC_PFC_FLAG_LAST; if (data_len_left % 8) { ss_padding_len = 8 - (data_len_left % 8); DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n", @@ -302,11 +302,11 @@ static bool create_next_pdu_schannel(pipes_struct *p) memset((char *)&hdr_resp, '\0', sizeof(hdr_resp)); /* Change the incoming request header to a response. */ - p->hdr.pkt_type = RPC_RESPONSE; + p->hdr.pkt_type = DCERPC_PKT_RESPONSE; /* Set up rpc header flags. */ if (p->out_data.data_sent_length == 0) { - p->hdr.flags = RPC_FLG_FIRST; + p->hdr.flags = DCERPC_PFC_FLAG_FIRST; } else { p->hdr.flags = 0; } @@ -349,7 +349,7 @@ static bool create_next_pdu_schannel(pipes_struct *p) */ if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) { - p->hdr.flags |= RPC_FLG_LAST; + p->hdr.flags |= DCERPC_PFC_FLAG_LAST; if (data_len_left % 8) { ss_padding_len = 8 - (data_len_left % 8); DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n", @@ -410,9 +410,8 @@ static bool create_next_pdu_schannel(pipes_struct *p) * Schannel processing. */ RPC_HDR_AUTH auth_info; - struct NL_AUTH_SIGNATURE verf; DATA_BLOB blob; - enum ndr_err_code ndr_err; + uint8_t *data; /* Check it's the type of reply we were expecting to decode */ @@ -429,20 +428,24 @@ static bool create_next_pdu_schannel(pipes_struct *p) return False; } + data = (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos; + switch (p->auth.auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = schannel_seal_packet(p->auth.a_u.schannel_auth, - talloc_tos(), - (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos, - data_len + ss_padding_len, - &blob); + status = netsec_outgoing_packet(p->auth.a_u.schannel_auth, + talloc_tos(), + true, + data, + data_len + ss_padding_len, + &blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = schannel_sign_packet(p->auth.a_u.schannel_auth, - talloc_tos(), - (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos, - data_len + ss_padding_len, - &blob); + status = netsec_outgoing_packet(p->auth.a_u.schannel_auth, + talloc_tos(), + false, + data, + data_len + ss_padding_len, + &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; @@ -458,18 +461,10 @@ static bool create_next_pdu_schannel(pipes_struct *p) /* Finally marshall the blob. */ -#if 0 - ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &verf, - (ndr_push_flags_fn_t)ndr_push_NL_AUTH_SIGNATURE); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - prs_mem_free(&p->out_data.frag); - return false; - } - if (DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &verf); + dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } -#endif + if (!prs_copy_data_in(&p->out_data.frag, (const char *)blob.data, blob.length)) { prs_mem_free(&p->out_data.frag); return false; @@ -511,11 +506,11 @@ static bool create_next_pdu_noauth(pipes_struct *p) memset((char *)&hdr_resp, '\0', sizeof(hdr_resp)); /* Change the incoming request header to a response. */ - p->hdr.pkt_type = RPC_RESPONSE; + p->hdr.pkt_type = DCERPC_PKT_RESPONSE; /* Set up rpc header flags. */ if (p->out_data.data_sent_length == 0) { - p->hdr.flags = RPC_FLG_FIRST; + p->hdr.flags = DCERPC_PFC_FLAG_FIRST; } else { p->hdr.flags = 0; } @@ -557,7 +552,7 @@ static bool create_next_pdu_noauth(pipes_struct *p) */ if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) { - p->hdr.flags |= RPC_FLG_LAST; + p->hdr.flags |= DCERPC_PFC_FLAG_LAST; } /* @@ -836,7 +831,7 @@ static bool setup_bind_nak(pipes_struct *p) * Initialize a bind_nak header. */ - init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST, + init_rpc_hdr(&nak_hdr, DCERPC_PKT_BIND_NAK, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST, p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0); /* @@ -896,7 +891,7 @@ bool setup_fault_pdu(pipes_struct *p, NTSTATUS status) * Initialize a fault header. */ - init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL, + init_rpc_hdr(&fault_hdr, DCERPC_PKT_FAULT, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | DCERPC_PFC_FLAG_DID_NOT_EXECUTE, p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0); /* @@ -963,7 +958,7 @@ bool setup_cancel_ack_reply(pipes_struct *p, prs_struct *rpc_in_p) * Initialize a cancel_ack header. */ - init_rpc_hdr(&ack_reply_hdr, RPC_CANCEL_ACK, RPC_FLG_FIRST | RPC_FLG_LAST, + init_rpc_hdr(&ack_reply_hdr, DCERPC_PKT_CANCEL_ACK, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST, p->hdr.call_id, RPC_HEADER_LEN, 0); /* @@ -1557,7 +1552,7 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, DEBUG(10,("pipe_ntlmssp_auth_bind: NTLMSSP auth started\n")); - /* We can't set pipe_bound True yet - we need an RPC_AUTH3 response packet... */ + /* We can't set pipe_bound True yet - we need an DCERPC_PKT_AUTH3 response packet... */ return True; err: @@ -1808,7 +1803,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN; } - init_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST, + init_rpc_hdr(&p->hdr, DCERPC_PKT_BIND_ACK, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST, p->hdr.call_id, RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth), auth_len); @@ -1996,7 +1991,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p) auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN; } - init_rpc_hdr(&p->hdr, RPC_ALTCONTRESP, RPC_FLG_FIRST | RPC_FLG_LAST, + init_rpc_hdr(&p->hdr, DCERPC_PKT_ALTER_RESP, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST, p->hdr.call_id, RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth), auth_len); @@ -2170,10 +2165,9 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss uint32 auth_len; uint32 save_offset = prs_offset(rpc_in); RPC_HDR_AUTH auth_info; - struct NL_AUTH_SIGNATURE schannel_chk; - enum ndr_err_code ndr_err; DATA_BLOB blob; NTSTATUS status; + uint8_t *data; auth_len = p->hdr.auth_len; @@ -2223,32 +2217,28 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss blob = data_blob_const(prs_data_p(rpc_in) + prs_offset(rpc_in), auth_len); - ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk, - (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(0,("failed to pull NL_AUTH_SIGNATURE\n")); - dump_data(2, blob.data, blob.length); - return false; - } - if (DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &schannel_chk); + dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } + data = (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN; + switch (auth_info.auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = schannel_unseal_packet(p->auth.a_u.schannel_auth, + status = netsec_incoming_packet(p->auth.a_u.schannel_auth, talloc_tos(), - (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN, + true, + data, data_len, &blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = schannel_check_packet(p->auth.a_u.schannel_auth, - talloc_tos(), - (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN, - data_len, - &blob); + status = netsec_incoming_packet(p->auth.a_u.schannel_auth, + talloc_tos(), + false, + data, + data_len, + &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 2f3d7632b0..b13e34be07 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -264,7 +264,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) * AS/U doesn't set FIRST flag in a BIND packet it seems. */ - if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) { + if ((p->hdr.pkt_type == DCERPC_PKT_REQUEST) && !(p->hdr.flags & DCERPC_PFC_FLAG_FIRST)) { /* * Ensure that the FIRST flag is set. If not then we have * a stream missmatch. @@ -444,7 +444,7 @@ static bool process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) return False; } - if(p->hdr.flags & RPC_FLG_LAST) { + if(p->hdr.flags & DCERPC_PFC_FLAG_LAST) { bool ret = False; /* * Ok - we finally have a complete RPC stream. @@ -534,35 +534,35 @@ static void process_complete_pdu(pipes_struct *p) (unsigned int)p->hdr.pkt_type )); switch (p->hdr.pkt_type) { - case RPC_REQUEST: + case DCERPC_PKT_REQUEST: reply = process_request_pdu(p, &rpc_in); break; - case RPC_PING: /* CL request - ignore... */ + case DCERPC_PKT_PING: /* CL request - ignore... */ DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n", (unsigned int)p->hdr.pkt_type, get_pipe_name_from_iface(&p->syntax))); break; - case RPC_RESPONSE: /* No responses here. */ - DEBUG(0,("process_complete_pdu: Error. RPC_RESPONSE received from client on pipe %s.\n", + case DCERPC_PKT_RESPONSE: /* No responses here. */ + DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_RESPONSE received from client on pipe %s.\n", get_pipe_name_from_iface(&p->syntax))); break; - case RPC_FAULT: - case RPC_WORKING: /* CL request - reply to a ping when a call in process. */ - case RPC_NOCALL: /* CL - server reply to a ping call. */ - case RPC_REJECT: - case RPC_ACK: - case RPC_CL_CANCEL: - case RPC_FACK: - case RPC_CANCEL_ACK: + case DCERPC_PKT_FAULT: + case DCERPC_PKT_WORKING: /* CL request - reply to a ping when a call in process. */ + case DCERPC_PKT_NOCALL: /* CL - server reply to a ping call. */ + case DCERPC_PKT_REJECT: + case DCERPC_PKT_ACK: + case DCERPC_PKT_CL_CANCEL: + case DCERPC_PKT_FACK: + case DCERPC_PKT_CANCEL_ACK: DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n", (unsigned int)p->hdr.pkt_type, get_pipe_name_from_iface(&p->syntax))); break; - case RPC_BIND: + case DCERPC_PKT_BIND: /* * We assume that a pipe bind is only in one pdu. */ @@ -571,15 +571,15 @@ static void process_complete_pdu(pipes_struct *p) } break; - case RPC_BINDACK: - case RPC_BINDNACK: - DEBUG(0,("process_complete_pdu: Error. RPC_BINDACK/RPC_BINDNACK packet type %u received on pipe %s.\n", + case DCERPC_PKT_BIND_ACK: + case DCERPC_PKT_BIND_NAK: + DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_BINDACK/DCERPC_PKT_BINDNACK packet type %u received on pipe %s.\n", (unsigned int)p->hdr.pkt_type, get_pipe_name_from_iface(&p->syntax))); break; - case RPC_ALTCONT: + case DCERPC_PKT_ALTER: /* * We assume that a pipe bind is only in one pdu. */ @@ -588,12 +588,12 @@ static void process_complete_pdu(pipes_struct *p) } break; - case RPC_ALTCONTRESP: - DEBUG(0,("process_complete_pdu: Error. RPC_ALTCONTRESP on pipe %s: Should only be server -> client.\n", + case DCERPC_PKT_ALTER_RESP: + DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_ALTER_RESP on pipe %s: Should only be server -> client.\n", get_pipe_name_from_iface(&p->syntax))); break; - case RPC_AUTH3: + case DCERPC_PKT_AUTH3: /* * The third packet in an NTLMSSP auth exchange. */ @@ -602,14 +602,14 @@ static void process_complete_pdu(pipes_struct *p) } break; - case RPC_SHUTDOWN: - DEBUG(0,("process_complete_pdu: Error. RPC_SHUTDOWN on pipe %s: Should only be server -> client.\n", + case DCERPC_PKT_SHUTDOWN: + DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_SHUTDOWN on pipe %s: Should only be server -> client.\n", get_pipe_name_from_iface(&p->syntax))); break; - case RPC_CO_CANCEL: + case DCERPC_PKT_CO_CANCEL: /* For now just free all client data and continue processing. */ - DEBUG(3,("process_complete_pdu: RPC_ORPHANED. Abandoning rpc call.\n")); + DEBUG(3,("process_complete_pdu: DCERPC_PKT_CO_CANCEL. Abandoning rpc call.\n")); /* As we never do asynchronous RPC serving, we can never cancel a call (as far as I know). If we ever did we'd have to send a cancel_ack reply. For now, just free all client data and continue processing. */ @@ -626,10 +626,10 @@ static void process_complete_pdu(pipes_struct *p) break; #endif - case RPC_ORPHANED: + case DCERPC_PKT_ORPHANED: /* We should probably check the auth-verifier here. For now just free all client data and continue processing. */ - DEBUG(3,("process_complete_pdu: RPC_ORPHANED. Abandoning rpc call.\n")); + DEBUG(3,("process_complete_pdu: DCERPC_PKT_ORPHANED. Abandoning rpc call.\n")); reply = True; break; @@ -712,7 +712,7 @@ incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned return rret; } /* If rret == 0 and pdu_needed_len == 0 here we have a PDU that consists - of an RPC_HEADER only. This is a RPC_SHUTDOWN, RPC_CO_CANCEL or RPC_ORPHANED + of an RPC_HEADER only. This is a DCERPC_PKT_SHUTDOWN, DCERPC_PKT_CO_CANCEL or DCERPC_PKT_ORPHANED pdu type. Deal with this in process_complete_pdu(). */ } diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index b660cfad25..752881c221 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -1731,7 +1731,7 @@ static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli, struct lsa_String name; struct lsa_DATA_BUF *val; DATA_BLOB session_key; - DATA_BLOB blob; + DATA_BLOB blob = data_blob_null; char *secret; if (argc < 2) { diff --git a/source3/utils/eventlogadm.c b/source3/utils/eventlogadm.c index d134ea8fea..7fc04b008e 100644 --- a/source3/utils/eventlogadm.c +++ b/source3/utils/eventlogadm.c @@ -91,7 +91,7 @@ static int DoWriteCommand( int argc, char **argv, bool debugflag, char *exename char linein[1024]; bool is_eor; struct eventlog_Record_tdb ee; - uint32_t record_number; + uint32_t record_number = 0; TALLOC_CTX *mem_ctx = talloc_tos(); f1 = stdin; diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 3efaf9bcca..0233f5e57c 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -282,48 +282,71 @@ static bool schannel_have_feature(struct gensec_security *gensec_security, return false; } -static NTSTATUS schannel_seal_packet_wrap(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig) +/* + unseal a packet +*/ +static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig) { - struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); + struct schannel_state *state = + talloc_get_type(gensec_security->private_data, + struct schannel_state); - return schannel_seal_packet(state, mem_ctx, data, length, sig); + return netsec_incoming_packet(state, mem_ctx, true, + data, length, sig); } -static NTSTATUS schannel_sign_packet_wrap(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig) +/* + check the signature on a packet +*/ +static NTSTATUS schannel_check_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig) { - struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); + struct schannel_state *state = + talloc_get_type(gensec_security->private_data, + struct schannel_state); - return schannel_sign_packet(state, mem_ctx, data, length, sig); + return netsec_incoming_packet(state, mem_ctx, false, + data, length, sig); } - -static NTSTATUS schannel_check_packet_wrap(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig) +/* + seal a packet +*/ +static NTSTATUS schannel_seal_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig) { - struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); + struct schannel_state *state = + talloc_get_type(gensec_security->private_data, + struct schannel_state); - return schannel_check_packet(state, mem_ctx, data, length, sig); + return netsec_outgoing_packet(state, mem_ctx, true, + data, length, sig); } -static NTSTATUS schannel_unseal_packet_wrap(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig) +/* + sign a packet +*/ +static NTSTATUS schannel_sign_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig) { - struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); + struct schannel_state *state = + talloc_get_type(gensec_security->private_data, + struct schannel_state); - return schannel_unseal_packet(state, mem_ctx, data, length, sig); + return netsec_outgoing_packet(state, mem_ctx, false, + data, length, sig); } static const struct gensec_security_ops gensec_schannel_security_ops = { @@ -332,10 +355,10 @@ static const struct gensec_security_ops gensec_schannel_security_ops = { .client_start = schannel_client_start, .server_start = schannel_server_start, .update = schannel_update, - .seal_packet = schannel_seal_packet_wrap, - .sign_packet = schannel_sign_packet_wrap, - .check_packet = schannel_check_packet_wrap, - .unseal_packet = schannel_unseal_packet_wrap, + .seal_packet = schannel_seal_packet, + .sign_packet = schannel_sign_packet, + .check_packet = schannel_check_packet, + .unseal_packet = schannel_unseal_packet, .session_key = schannel_session_key, .session_info = schannel_session_info, .sig_size = schannel_sig_size, |