diff options
| author | Simo Sorce <idra@samba.org> | 2010-08-31 15:08:31 -0400 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2010-09-23 10:54:23 -0700 |
| commit | 4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e (patch) | |
| tree | e7df2e6918ca916272246c473b2a92382ce86da5 /source3/librpc/crypto | |
| parent | 77c73a5ec92f9294195dfef977f66dfe66182c6d (diff) | |
| download | samba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.tar.gz samba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.tar.bz2 samba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.zip | |
s3-dcerpc: add spnego server helpers
squashed: add michlistMIC signature checks
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/librpc/crypto')
| -rw-r--r-- | source3/librpc/crypto/cli_spnego.c | 88 | ||||
| -rw-r--r-- | source3/librpc/crypto/spnego.h | 23 |
2 files changed, 110 insertions, 1 deletions
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c index 60e9e8012f..bf58e25d9a 100644 --- a/source3/librpc/crypto/cli_spnego.c +++ b/source3/librpc/crypto/cli_spnego.c @@ -1,6 +1,6 @@ /* * SPNEGO Encapsulation - * RPC Pipe client routines + * Client functions * Copyright (C) Simo Sorce 2010. * * This program is free software; you can redistribute it and/or modify @@ -348,3 +348,89 @@ DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx, return data_blob_null; } } + +NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature) +{ + switch(sp_ctx->mech) { + case SPNEGO_KRB5: + return gse_sign(mem_ctx, + sp_ctx->mech_ctx.gssapi_state, + data, signature); + case SPNEGO_NTLMSSP: + return auth_ntlmssp_sign_packet( + sp_ctx->mech_ctx.ntlmssp_state, + mem_ctx, + data->data, data->length, + full_data->data, full_data->length, + signature); + default: + return NT_STATUS_INVALID_PARAMETER; + } +} + +NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature) +{ + switch(sp_ctx->mech) { + case SPNEGO_KRB5: + return gse_sigcheck(mem_ctx, + sp_ctx->mech_ctx.gssapi_state, + data, signature); + case SPNEGO_NTLMSSP: + return auth_ntlmssp_check_packet( + sp_ctx->mech_ctx.ntlmssp_state, + data->data, data->length, + full_data->data, full_data->length, + signature); + default: + return NT_STATUS_INVALID_PARAMETER; + } +} + +NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature) +{ + switch(sp_ctx->mech) { + case SPNEGO_KRB5: + return gse_seal(mem_ctx, + sp_ctx->mech_ctx.gssapi_state, + data, signature); + case SPNEGO_NTLMSSP: + return auth_ntlmssp_seal_packet( + sp_ctx->mech_ctx.ntlmssp_state, + mem_ctx, + data->data, data->length, + full_data->data, full_data->length, + signature); + default: + return NT_STATUS_INVALID_PARAMETER; + } +} + +NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature) +{ + switch(sp_ctx->mech) { + case SPNEGO_KRB5: + return gse_unseal(mem_ctx, + sp_ctx->mech_ctx.gssapi_state, + data, signature); + case SPNEGO_NTLMSSP: + return auth_ntlmssp_unseal_packet( + sp_ctx->mech_ctx.ntlmssp_state, + data->data, data->length, + full_data->data, full_data->length, + signature); + default: + return NT_STATUS_INVALID_PARAMETER; + } +} diff --git a/source3/librpc/crypto/spnego.h b/source3/librpc/crypto/spnego.h index 9512ed6324..68d9243bb0 100644 --- a/source3/librpc/crypto/spnego.h +++ b/source3/librpc/crypto/spnego.h @@ -34,8 +34,12 @@ struct spnego_context { struct gse_context *gssapi_state; } mech_ctx; + char *oid_list[ASN1_MAX_OIDS]; + char *mech_oid; + enum { SPNEGO_CONV_INIT = 0, + SPNEGO_CONV_NEGO, SPNEGO_CONV_AUTH_MORE, SPNEGO_CONV_AUTH_CONFIRM, SPNEGO_CONV_AUTH_DONE @@ -43,6 +47,7 @@ struct spnego_context { bool do_sign; bool do_seal; + bool is_dcerpc; }; NTSTATUS spnego_gssapi_init_client(TALLOC_CTX *mem_ctx, @@ -75,4 +80,22 @@ NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx, DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx, struct spnego_context *sp_ctx); + +NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature); +NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature); +NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature); +NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx, + struct spnego_context *sp_ctx, + DATA_BLOB *data, DATA_BLOB *full_data, + DATA_BLOB *signature); + #endif /* _CLI_SPENGO_H_ */ |