diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-04-24 12:33:28 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-08-10 09:18:56 +0200 |
commit | 9f2e81ae02549369db49c05edf7071612a03a8b8 (patch) | |
tree | 09557c70e4ccf6b8bc7388c18c4358807d78e6e6 /libcli/auth/schannel_sign.c | |
parent | 59b09564a7edac8dc241269587146342244ce58b (diff) | |
download | samba-9f2e81ae02549369db49c05edf7071612a03a8b8.tar.gz samba-9f2e81ae02549369db49c05edf7071612a03a8b8.tar.bz2 samba-9f2e81ae02549369db49c05edf7071612a03a8b8.zip |
libcli/auth: maintain the sequence number for the NETLOGON SSP as 64bit
See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli/auth/schannel_sign.c')
-rw-r--r-- | libcli/auth/schannel_sign.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c index 1871da256b..6e5d4544af 100644 --- a/libcli/auth/schannel_sign.c +++ b/libcli/auth/schannel_sign.c @@ -24,6 +24,17 @@ #include "../libcli/auth/schannel.h" #include "../lib/crypto/crypto.h" +#define SETUP_SEQNUM(state, buf, initiator) do { \ + uint8_t *_buf = buf; \ + uint32_t _seq_num_low = (state)->seq_num & UINT32_MAX; \ + uint32_t _seq_num_high = (state)->seq_num >> 32; \ + if (initiator) { \ + _seq_num_high |= 0x80000000; \ + } \ + RSIVAL(_buf, 0, _seq_num_low); \ + RSIVAL(_buf, 4, _seq_num_high); \ +} while(0) + static void netsec_offset_and_sizes(struct schannel_state *state, bool do_seal, uint32_t *_min_sig_size, @@ -255,8 +266,7 @@ NTSTATUS netsec_incoming_packet(struct schannel_state *state, confounder = NULL; } - RSIVAL(seq_num, 0, state->seq_num); - SIVAL(seq_num, 4, state->initiator?0:0x80); + SETUP_SEQNUM(state, seq_num, !state->initiator); if (do_unseal) { netsec_do_seal(state, seq_num, @@ -325,8 +335,7 @@ NTSTATUS netsec_outgoing_packet(struct schannel_state *state, &checksum_length, &confounder_ofs); - RSIVAL(seq_num, 0, state->seq_num); - SIVAL(seq_num, 4, state->initiator?0x80:0); + SETUP_SEQNUM(state, seq_num, state->initiator); if (do_seal) { confounder = _confounder; |