diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-04-24 12:33:28 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-08-10 09:18:56 +0200 |
commit | 9f2e81ae02549369db49c05edf7071612a03a8b8 (patch) | |
tree | 09557c70e4ccf6b8bc7388c18c4358807d78e6e6 /libcli/auth | |
parent | 59b09564a7edac8dc241269587146342244ce58b (diff) | |
download | samba-9f2e81ae02549369db49c05edf7071612a03a8b8.tar.gz samba-9f2e81ae02549369db49c05edf7071612a03a8b8.tar.bz2 samba-9f2e81ae02549369db49c05edf7071612a03a8b8.zip |
libcli/auth: maintain the sequence number for the NETLOGON SSP as 64bit
See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli/auth')
-rw-r--r-- | libcli/auth/schannel.h | 2 | ||||
-rw-r--r-- | libcli/auth/schannel_sign.c | 17 |
2 files changed, 14 insertions, 5 deletions
diff --git a/libcli/auth/schannel.h b/libcli/auth/schannel.h index bfccd950b6..271b5bb6ba 100644 --- a/libcli/auth/schannel.h +++ b/libcli/auth/schannel.h @@ -30,7 +30,7 @@ enum schannel_position { struct schannel_state { enum schannel_position state; - uint32_t seq_num; + uint64_t seq_num; bool initiator; struct netlogon_creds_CredentialState *creds; }; diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c index 1871da256b..6e5d4544af 100644 --- a/libcli/auth/schannel_sign.c +++ b/libcli/auth/schannel_sign.c @@ -24,6 +24,17 @@ #include "../libcli/auth/schannel.h" #include "../lib/crypto/crypto.h" +#define SETUP_SEQNUM(state, buf, initiator) do { \ + uint8_t *_buf = buf; \ + uint32_t _seq_num_low = (state)->seq_num & UINT32_MAX; \ + uint32_t _seq_num_high = (state)->seq_num >> 32; \ + if (initiator) { \ + _seq_num_high |= 0x80000000; \ + } \ + RSIVAL(_buf, 0, _seq_num_low); \ + RSIVAL(_buf, 4, _seq_num_high); \ +} while(0) + static void netsec_offset_and_sizes(struct schannel_state *state, bool do_seal, uint32_t *_min_sig_size, @@ -255,8 +266,7 @@ NTSTATUS netsec_incoming_packet(struct schannel_state *state, confounder = NULL; } - RSIVAL(seq_num, 0, state->seq_num); - SIVAL(seq_num, 4, state->initiator?0:0x80); + SETUP_SEQNUM(state, seq_num, !state->initiator); if (do_unseal) { netsec_do_seal(state, seq_num, @@ -325,8 +335,7 @@ NTSTATUS netsec_outgoing_packet(struct schannel_state *state, &checksum_length, &confounder_ofs); - RSIVAL(seq_num, 0, state->seq_num); - SIVAL(seq_num, 4, state->initiator?0x80:0); + SETUP_SEQNUM(state, seq_num, state->initiator); if (do_seal) { confounder = _confounder; |