diff options
| author | Stefan Metzmacher <metze@samba.org> | 2009-09-16 02:03:46 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2009-09-16 12:29:06 +0200 |
| commit | 033ced60ac734161686bd3da685f2d7b056e17c8 (patch) | |
| tree | 30986b71cee0e153c105ef1fed8b93d3a7322fab /source3/rpc_client | |
| parent | 8f482ae663611ee2109395e4d24418e4c4f57160 (diff) | |
| download | samba-033ced60ac734161686bd3da685f2d7b056e17c8.tar.gz samba-033ced60ac734161686bd3da685f2d7b056e17c8.tar.bz2 samba-033ced60ac734161686bd3da685f2d7b056e17c8.zip | |
libcli/auth: rewrite schannel sign/seal code to be more generic
This prepares support for HMAC-SHA256/AES.
metze
Diffstat (limited to 'source3/rpc_client')
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 393c7260d9..186696fbbc 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -676,6 +676,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p uint32 save_offset = prs_offset(current_pdu); struct schannel_state *schannel_auth = cli->auth->a_u.schannel_auth; + uint8_t *data; uint32 data_len; DATA_BLOB blob; NTSTATUS status; @@ -727,20 +728,24 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } + data = (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN; + switch (cli->auth->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = schannel_unseal_packet(schannel_auth, + status = netsec_incoming_packet(schannel_auth, talloc_tos(), - (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN, + true, + data, data_len, &blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = schannel_check_packet(schannel_auth, - talloc_tos(), - (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN, - data_len, - &blob); + status = netsec_incoming_packet(schannel_auth, + talloc_tos(), + false, + data, + data_len, + &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; @@ -1948,18 +1953,20 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, switch (cli->auth->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = schannel_seal_packet(sas, - talloc_tos(), - (uint8_t *)data_p, - data_and_pad_len, - &blob); + status = netsec_outgoing_packet(sas, + talloc_tos(), + true, + (uint8_t *)data_p, + data_and_pad_len, + &blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = schannel_sign_packet(sas, - talloc_tos(), - (uint8_t *)data_p, - data_and_pad_len, - &blob); + status = netsec_outgoing_packet(sas, + talloc_tos(), + false, + (uint8_t *)data_p, + data_and_pad_len, + &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; |