diff options
| author | Simo Sorce <idra@samba.org> | 2010-07-12 18:57:32 -0400 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2010-07-13 01:35:16 +0200 |
| commit | 25d487bebfdc771b1e0ab510ecbe4a8601f8fc98 (patch) | |
| tree | 5713c2b54293a9a174e120f6e26c6e324d84c0cf /source3 | |
| parent | 6555307aa11741171258541da2c13ce25d9e3f55 (diff) | |
| download | samba-25d487bebfdc771b1e0ab510ecbe4a8601f8fc98.tar.gz samba-25d487bebfdc771b1e0ab510ecbe4a8601f8fc98.tar.bz2 samba-25d487bebfdc771b1e0ab510ecbe4a8601f8fc98.zip | |
s3-dcerpc: Fix ntlmssp sign/seal.
Header calculation was misplaced.
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 44 |
1 files changed, 29 insertions, 15 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index f4e42cc6a1..20f224681c 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2146,6 +2146,29 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, return NT_STATUS_INVALID_PARAMETER; } + /* marshall the dcerpc_auth with an actually empty auth_blob. + * this is needed because the ntmlssp signature includes the + * auth header */ + status = dcerpc_push_dcerpc_auth(prs_get_mem_context(rpc_out), + map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type), + cli->auth->auth_level, + ss_padding_len, + 1 /* context id. */, + &auth_blob, + &auth_info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* append the header */ + if (!prs_copy_data_in(rpc_out, + (char *)auth_info.data, + auth_info.length)) { + DEBUG(0, ("Failed to add %u bytes auth blob.\n", + (unsigned int)auth_info.length)); + return NT_STATUS_NO_MEMORY; + } + switch (cli->auth->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ @@ -2186,21 +2209,12 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, return NT_STATUS_INVALID_PARAMETER; } - /* Finally marshall the blob. */ - status = dcerpc_push_dcerpc_auth(prs_get_mem_context(rpc_out), - map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type), - cli->auth->auth_level, - ss_padding_len, - 1 /* context id. */, - &auth_blob, - &auth_info); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - if (!prs_copy_data_in(rpc_out, (const char *)auth_info.data, auth_info.length)) { - DEBUG(0, ("add_ntlmssp_auth_footer: failed to add %u bytes auth blob.\n", - (unsigned int)auth_info.length)); + /* Finally attach the blob. */ + if (!prs_copy_data_in(rpc_out, + (char *)auth_blob.data, + auth_blob.length)) { + DEBUG(0, ("Failed to add %u bytes auth blob.\n", + (unsigned int)auth_info.length)); return NT_STATUS_NO_MEMORY; } |