summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-10-30 11:07:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:05:04 -0500
commitfeff2e9cbdd2e3e8e9db5d9b01b5d5cec42943c0 (patch)
tree2862a5ad7a946a316d8099d875202726ae0790c1
parent557bf8d3e4bfed92645c64ebc06c3e076eb16053 (diff)
downloadsamba-feff2e9cbdd2e3e8e9db5d9b01b5d5cec42943c0.tar.gz
samba-feff2e9cbdd2e3e8e9db5d9b01b5d5cec42943c0.tar.bz2
samba-feff2e9cbdd2e3e8e9db5d9b01b5d5cec42943c0.zip
r3390: fixed schannel server side support. RPC-SCHANNEL now works against Samba4.
(This used to be commit 01f5c1c72d9fc8f21029adc586154b0c54f76c9e)
-rw-r--r--source4/include/includes.h1
-rw-r--r--source4/libcli/auth/gensec.h3
-rw-r--r--source4/libcli/auth/schannel.c27
-rw-r--r--source4/libcli/auth/schannel.h35
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c1
-rw-r--r--source4/param/loadparm.c2
6 files changed, 16 insertions, 53 deletions
diff --git a/source4/include/includes.h b/source4/include/includes.h
index 9438b468f5..9df5e23816 100644
--- a/source4/include/includes.h
+++ b/source4/include/includes.h
@@ -653,7 +653,6 @@ extern int errno;
#include "libcli/auth/ntlmssp.h"
#include "libcli/auth/credentials.h"
-#include "libcli/auth/schannel.h"
#include "libcli/auth/kerberos.h"
#include "libcli/auth/gensec.h"
#include "libcli/auth/spnego.h"
diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h
index 7020435f44..624c7ebe1d 100644
--- a/source4/libcli/auth/gensec.h
+++ b/source4/libcli/auth/gensec.h
@@ -108,4 +108,5 @@ struct gensec_critical_sizes {
};
-
+/* pre-declare schannel structure for schannel backend */
+struct schannel_state;
diff --git a/source4/libcli/auth/schannel.c b/source4/libcli/auth/schannel.c
index 2e752f0172..a99822534b 100644
--- a/source4/libcli/auth/schannel.c
+++ b/source4/libcli/auth/schannel.c
@@ -22,6 +22,16 @@
#include "includes.h"
+struct schannel_state {
+ TALLOC_CTX *mem_ctx;
+ uint8_t session_key[16];
+ uint32_t seq_num;
+ BOOL initiator;
+};
+
+#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
+#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
+
/*******************************************************************
Encode or Decode the sequence number (which is symmetric)
********************************************************************/
@@ -209,13 +219,7 @@ NTSTATUS schannel_seal_packet(struct schannel_state *state,
netsec_deal_with_seq_num(state, digest_final, seq_num);
- if (!state->signature.data) {
- state->signature = data_blob_talloc(state->mem_ctx, NULL, 32);
- if (!state->signature.data) {
- return NT_STATUS_NO_MEMORY;
- }
- }
- (*sig) = state->signature;
+ (*sig) = data_blob_talloc(state->mem_ctx, NULL, 32);
memcpy(sig->data, netsec_sig, 8);
memcpy(sig->data+8, seq_num, 8);
@@ -252,13 +256,7 @@ NTSTATUS schannel_sign_packet(struct schannel_state *state,
netsec_deal_with_seq_num(state, digest_final, seq_num);
- if (!state->signature.data) {
- state->signature = data_blob_talloc(state->mem_ctx, NULL, 32);
- if (!state->signature.data) {
- return NT_STATUS_NO_MEMORY;
- }
- }
- (*sig) = state->signature;
+ (*sig) = data_blob_talloc(state->mem_ctx, NULL, 32);
memcpy(sig->data, netsec_sig, 8);
memcpy(sig->data+8, seq_num, 8);
@@ -307,7 +305,6 @@ NTSTATUS schannel_start(struct schannel_state **state,
(*state)->mem_ctx = mem_ctx;
memcpy((*state)->session_key, session_key, 16);
(*state)->initiator = initiator;
- (*state)->signature = data_blob(NULL, 0);
(*state)->seq_num = 0;
return NT_STATUS_OK;
diff --git a/source4/libcli/auth/schannel.h b/source4/libcli/auth/schannel.h
deleted file mode 100644
index b074b104fb..0000000000
--- a/source4/libcli/auth/schannel.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- schannel library code
-
- Copyright (C) Andrew Tridgell 2004
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-struct schannel_state {
- TALLOC_CTX *mem_ctx;
- uint8_t session_key[16];
- uint32_t seq_num;
- BOOL initiator;
- DATA_BLOB signature;
-};
-
-#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
-#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
-
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 2d2e845837..43f53d72b3 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -316,7 +316,6 @@ static NTSTATUS dcerpc_schannel_client_start(struct gensec_security *gensec_secu
return status;
}
- dump_data_pw("session key:\n", dce_schan_state->schannel_state->session_key, 16);
return NT_STATUS_OK;
}
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index f8b90203e7..cddb85f80e 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -1685,6 +1685,8 @@ static BOOL lp_add_ipc(const char *ipc_name, BOOL guest_ok)
ServicePtrs[i]->bPrint_ok = False;
ServicePtrs[i]->bBrowseable = sDefault.bBrowseable;
+ lp_do_parameter(i, "ntvfs handler", "default");
+
DEBUG(3, ("adding IPC service\n"));
return (True);