diff options
author | Günther Deschner <gd@samba.org> | 2009-09-11 02:52:25 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-09-11 03:00:35 +0200 |
commit | d258fb4d0dcd04899dede7f17c8658251c9cd5e7 (patch) | |
tree | c59f5a03297e3d75cf8deeff1dc3435ce55329ad /source3/rpc_client | |
parent | cac5e64c0005549839b4bcf5c62422d4b20eba4f (diff) | |
download | samba-d258fb4d0dcd04899dede7f17c8658251c9cd5e7.tar.gz samba-d258fb4d0dcd04899dede7f17c8658251c9cd5e7.tar.bz2 samba-d258fb4d0dcd04899dede7f17c8658251c9cd5e7.zip |
s3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server).
Guenther
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 16fe9daca1..0c3fc946d4 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -670,12 +670,14 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p uint8 *p_ss_padding_len) { RPC_HDR_AUTH auth_info; - RPC_AUTH_SCHANNEL_CHK schannel_chk; + struct NL_AUTH_SIGNATURE schannel_chk; uint32 auth_len = prhdr->auth_len; uint32 save_offset = prs_offset(current_pdu); struct schannel_auth_struct *schannel_auth = cli->auth->a_u.schannel_auth; uint32 data_len; + enum ndr_err_code ndr_err; + DATA_BLOB blob; if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { @@ -718,10 +720,17 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p return NT_STATUS_BUFFER_TOO_SMALL; } - if(!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, - &schannel_chk, current_pdu, 0)) { + blob = data_blob_const(prs_data_p(current_pdu) + prs_offset(current_pdu), data_len); + + ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk, + (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n")); - return NT_STATUS_BUFFER_TOO_SMALL; + return ndr_map_error2ntstatus(ndr_err); + } + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &schannel_chk); } if (!schannel_decode(schannel_auth, @@ -1905,10 +1914,12 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, prs_struct *outgoing_pdu) { RPC_HDR_AUTH auth_info; - RPC_AUTH_SCHANNEL_CHK verf; + struct NL_AUTH_SIGNATURE verf; struct schannel_auth_struct *sas = cli->auth->a_u.schannel_auth; char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN; size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; + enum ndr_err_code ndr_err; + DATA_BLOB blob; if (!sas) { return NT_STATUS_INVALID_PARAMETER; @@ -1949,12 +1960,20 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, return NT_STATUS_INVALID_PARAMETER; } + ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &verf, + (ndr_push_flags_fn_t)ndr_push_NL_AUTH_SIGNATURE); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return ndr_map_error2ntstatus(ndr_err); + } + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &verf); + } + /* Finally marshall the blob. */ - smb_io_rpc_auth_schannel_chk("", - RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, - &verf, - outgoing_pdu, - 0); + if (!prs_copy_data_in(outgoing_pdu, (const char *)blob.data, blob.length)) { + return NT_STATUS_NO_MEMORY; + } return NT_STATUS_OK; } |