diff options
| author | Simo Sorce <idra@samba.org> | 2010-08-31 15:08:31 -0400 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2010-09-23 10:54:23 -0700 |
| commit | 4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e (patch) | |
| tree | e7df2e6918ca916272246c473b2a92382ce86da5 /source3/librpc/crypto/cli_spnego.c | |
| parent | 77c73a5ec92f9294195dfef977f66dfe66182c6d (diff) | |
| download | samba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.tar.gz samba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.tar.bz2 samba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.zip | |
s3-dcerpc: add spnego server helpers
squashed: add michlistMIC signature checks
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/librpc/crypto/cli_spnego.c')
| -rw-r--r-- | source3/librpc/crypto/cli_spnego.c | 88 |
1 files changed, 87 insertions, 1 deletions
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c index 60e9e8012f..bf58e25d9a 100644 --- a/source3/librpc/crypto/cli_spnego.c +++ b/source3/librpc/crypto/cli_spnego.c @@ -1,6 +1,6 @@ /* * SPNEGO Encapsulation - * RPC Pipe client routines + * Client functions * Copyright (C) Simo Sorce 2010. * * This program is free software; you can redistribute it and/or modify @@ -348,3 +348,89 @@ DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx, return data_blob_null; } } + +NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature) +{ + switch(sp_ctx->mech) { + case SPNEGO_KRB5: + return gse_sign(mem_ctx, + sp_ctx->mech_ctx.gssapi_state, + data, signature); + case SPNEGO_NTLMSSP: + return auth_ntlmssp_sign_packet( + sp_ctx->mech_ctx.ntlmssp_state, + mem_ctx, + data->data, data->length, + full_data->data, full_data->length, + signature); + default: + return NT_STATUS_INVALID_PARAMETER; + } +} + +NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature) +{ + switch(sp_ctx->mech) { + case SPNEGO_KRB5: + return gse_sigcheck(mem_ctx, + sp_ctx->mech_ctx.gssapi_state, + data, signature); + case SPNEGO_NTLMSSP: + return auth_ntlmssp_check_packet( + sp_ctx->mech_ctx.ntlmssp_state, + data->data, data->length, + full_data->data, full_data->length, + signature); + default: + return NT_STATUS_INVALID_PARAMETER; + } +} + +NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature) +{ + switch(sp_ctx->mech) { + case SPNEGO_KRB5: + return gse_seal(mem_ctx, + sp_ctx->mech_ctx.gssapi_state, + data, signature); + case SPNEGO_NTLMSSP: + return auth_ntlmssp_seal_packet( + sp_ctx->mech_ctx.ntlmssp_state, + mem_ctx, + data->data, data->length, + full_data->data, full_data->length, + signature); + default: + return NT_STATUS_INVALID_PARAMETER; + } +} + +NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature) +{ + switch(sp_ctx->mech) { + case SPNEGO_KRB5: + return gse_unseal(mem_ctx, + sp_ctx->mech_ctx.gssapi_state, + data, signature); + case SPNEGO_NTLMSSP: + return auth_ntlmssp_unseal_packet( + sp_ctx->mech_ctx.ntlmssp_state, + data->data, data->length, + full_data->data, full_data->length, + signature); + default: + return NT_STATUS_INVALID_PARAMETER; + } +} |