diff options
author | Stefan Metzmacher <metze@samba.org> | 2009-09-16 02:03:46 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2009-09-16 12:29:06 +0200 |
commit | 033ced60ac734161686bd3da685f2d7b056e17c8 (patch) | |
tree | 30986b71cee0e153c105ef1fed8b93d3a7322fab /source3 | |
parent | 8f482ae663611ee2109395e4d24418e4c4f57160 (diff) | |
download | samba-033ced60ac734161686bd3da685f2d7b056e17c8.tar.gz samba-033ced60ac734161686bd3da685f2d7b056e17c8.tar.bz2 samba-033ced60ac734161686bd3da685f2d7b056e17c8.zip |
libcli/auth: rewrite schannel sign/seal code to be more generic
This prepares support for HMAC-SHA256/AES.
metze
Diffstat (limited to 'source3')
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 41 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 44 |
2 files changed, 51 insertions, 34 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 393c7260d9..186696fbbc 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -676,6 +676,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p uint32 save_offset = prs_offset(current_pdu); struct schannel_state *schannel_auth = cli->auth->a_u.schannel_auth; + uint8_t *data; uint32 data_len; DATA_BLOB blob; NTSTATUS status; @@ -727,20 +728,24 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } + data = (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN; + switch (cli->auth->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = schannel_unseal_packet(schannel_auth, + status = netsec_incoming_packet(schannel_auth, talloc_tos(), - (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN, + true, + data, data_len, &blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = schannel_check_packet(schannel_auth, - talloc_tos(), - (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN, - data_len, - &blob); + status = netsec_incoming_packet(schannel_auth, + talloc_tos(), + false, + data, + data_len, + &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; @@ -1948,18 +1953,20 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, switch (cli->auth->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = schannel_seal_packet(sas, - talloc_tos(), - (uint8_t *)data_p, - data_and_pad_len, - &blob); + status = netsec_outgoing_packet(sas, + talloc_tos(), + true, + (uint8_t *)data_p, + data_and_pad_len, + &blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = schannel_sign_packet(sas, - talloc_tos(), - (uint8_t *)data_p, - data_and_pad_len, - &blob); + status = netsec_outgoing_packet(sas, + talloc_tos(), + false, + (uint8_t *)data_p, + data_and_pad_len, + &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 1bd170f901..627dac0f82 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -411,6 +411,7 @@ static bool create_next_pdu_schannel(pipes_struct *p) */ RPC_HDR_AUTH auth_info; DATA_BLOB blob; + uint8_t *data; /* Check it's the type of reply we were expecting to decode */ @@ -427,20 +428,24 @@ static bool create_next_pdu_schannel(pipes_struct *p) return False; } + data = (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos; + switch (p->auth.auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = schannel_seal_packet(p->auth.a_u.schannel_auth, - talloc_tos(), - (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos, - data_len + ss_padding_len, - &blob); + status = netsec_outgoing_packet(p->auth.a_u.schannel_auth, + talloc_tos(), + true, + data, + data_len + ss_padding_len, + &blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = schannel_sign_packet(p->auth.a_u.schannel_auth, - talloc_tos(), - (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos, - data_len + ss_padding_len, - &blob); + status = netsec_outgoing_packet(p->auth.a_u.schannel_auth, + talloc_tos(), + false, + data, + data_len + ss_padding_len, + &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; @@ -2162,6 +2167,7 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss RPC_HDR_AUTH auth_info; DATA_BLOB blob; NTSTATUS status; + uint8_t *data; auth_len = p->hdr.auth_len; @@ -2215,20 +2221,24 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } + data = (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN; + switch (auth_info.auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = schannel_unseal_packet(p->auth.a_u.schannel_auth, + status = netsec_incoming_packet(p->auth.a_u.schannel_auth, talloc_tos(), - (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN, + true, + data, data_len, &blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = schannel_check_packet(p->auth.a_u.schannel_auth, - talloc_tos(), - (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN, - data_len, - &blob); + status = netsec_incoming_packet(p->auth.a_u.schannel_auth, + talloc_tos(), + false, + data, + data_len, + &blob); break; default: status = NT_STATUS_INTERNAL_ERROR; |