summaryrefslogtreecommitdiff
path: root/source3/librpc
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2010-08-31 15:08:31 -0400
committerGünther Deschner <gd@samba.org>2010-09-23 10:54:23 -0700
commit4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e (patch)
treee7df2e6918ca916272246c473b2a92382ce86da5 /source3/librpc
parent77c73a5ec92f9294195dfef977f66dfe66182c6d (diff)
downloadsamba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.tar.gz
samba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.tar.bz2
samba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.zip
s3-dcerpc: add spnego server helpers
squashed: add michlistMIC signature checks Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/librpc')
-rw-r--r--source3/librpc/crypto/cli_spnego.c88
-rw-r--r--source3/librpc/crypto/spnego.h23
2 files changed, 110 insertions, 1 deletions
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index 60e9e8012f..bf58e25d9a 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -1,6 +1,6 @@
/*
* SPNEGO Encapsulation
- * RPC Pipe client routines
+ * Client functions
* Copyright (C) Simo Sorce 2010.
*
* This program is free software; you can redistribute it and/or modify
@@ -348,3 +348,89 @@ DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx,
return data_blob_null;
}
}
+
+NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
+ struct spnego_context *sp_ctx,
+ DATA_BLOB *data, DATA_BLOB *full_data,
+ DATA_BLOB *signature)
+{
+ switch(sp_ctx->mech) {
+ case SPNEGO_KRB5:
+ return gse_sign(mem_ctx,
+ sp_ctx->mech_ctx.gssapi_state,
+ data, signature);
+ case SPNEGO_NTLMSSP:
+ return auth_ntlmssp_sign_packet(
+ sp_ctx->mech_ctx.ntlmssp_state,
+ mem_ctx,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+}
+
+NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
+ struct spnego_context *sp_ctx,
+ DATA_BLOB *data, DATA_BLOB *full_data,
+ DATA_BLOB *signature)
+{
+ switch(sp_ctx->mech) {
+ case SPNEGO_KRB5:
+ return gse_sigcheck(mem_ctx,
+ sp_ctx->mech_ctx.gssapi_state,
+ data, signature);
+ case SPNEGO_NTLMSSP:
+ return auth_ntlmssp_check_packet(
+ sp_ctx->mech_ctx.ntlmssp_state,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+}
+
+NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
+ struct spnego_context *sp_ctx,
+ DATA_BLOB *data, DATA_BLOB *full_data,
+ DATA_BLOB *signature)
+{
+ switch(sp_ctx->mech) {
+ case SPNEGO_KRB5:
+ return gse_seal(mem_ctx,
+ sp_ctx->mech_ctx.gssapi_state,
+ data, signature);
+ case SPNEGO_NTLMSSP:
+ return auth_ntlmssp_seal_packet(
+ sp_ctx->mech_ctx.ntlmssp_state,
+ mem_ctx,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+}
+
+NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
+ struct spnego_context *sp_ctx,
+ DATA_BLOB *data, DATA_BLOB *full_data,
+ DATA_BLOB *signature)
+{
+ switch(sp_ctx->mech) {
+ case SPNEGO_KRB5:
+ return gse_unseal(mem_ctx,
+ sp_ctx->mech_ctx.gssapi_state,
+ data, signature);
+ case SPNEGO_NTLMSSP:
+ return auth_ntlmssp_unseal_packet(
+ sp_ctx->mech_ctx.ntlmssp_state,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+}
diff --git a/source3/librpc/crypto/spnego.h b/source3/librpc/crypto/spnego.h
index 9512ed6324..68d9243bb0 100644
--- a/source3/librpc/crypto/spnego.h
+++ b/source3/librpc/crypto/spnego.h
@@ -34,8 +34,12 @@ struct spnego_context {
struct gse_context *gssapi_state;
} mech_ctx;
+ char *oid_list[ASN1_MAX_OIDS];
+ char *mech_oid;
+
enum {
SPNEGO_CONV_INIT = 0,
+ SPNEGO_CONV_NEGO,
SPNEGO_CONV_AUTH_MORE,
SPNEGO_CONV_AUTH_CONFIRM,
SPNEGO_CONV_AUTH_DONE
@@ -43,6 +47,7 @@ struct spnego_context {
bool do_sign;
bool do_seal;
+ bool is_dcerpc;
};
NTSTATUS spnego_gssapi_init_client(TALLOC_CTX *mem_ctx,
@@ -75,4 +80,22 @@ NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx,
DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx,
struct spnego_context *sp_ctx);
+
+NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
+ struct spnego_context *sp_ctx,
+ DATA_BLOB *data, DATA_BLOB *full_data,
+ DATA_BLOB *signature);
+NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
+ struct spnego_context *sp_ctx,
+ DATA_BLOB *data, DATA_BLOB *full_data,
+ DATA_BLOB *signature);
+NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
+ struct spnego_context *sp_ctx,
+ DATA_BLOB *data, DATA_BLOB *full_data,
+ DATA_BLOB *signature);
+NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
+ struct spnego_context *sp_ctx,
+ DATA_BLOB *data, DATA_BLOB *full_data,
+ DATA_BLOB *signature);
+
#endif /* _CLI_SPENGO_H_ */