diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-11-17 12:27:16 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:05:55 -0500 |
commit | 91e94014beb145541c051b4df28dde7ad0899da5 (patch) | |
tree | f625c437a537e99697fa28cd30b118123090d35c /source4/libcli | |
parent | 9aec081fd9f8fb46e7d97090f97a75ee5cbebde3 (diff) | |
download | samba-91e94014beb145541c051b4df28dde7ad0899da5.tar.gz samba-91e94014beb145541c051b4df28dde7ad0899da5.tar.bz2 samba-91e94014beb145541c051b4df28dde7ad0899da5.zip |
r3805: Fix the LSA portions of the RPC-SAMSYNC test - I was not using the LSA
secrets interface correctly. (New interface added).
Andrew Bartlett
(This used to be commit 994ac7f031e2b2d528595a4a0a446d92074d6ecf)
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/auth/session.c | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c index 598f2d4f28..fdb6462b00 100644 --- a/source4/libcli/auth/session.c +++ b/source4/libcli/auth/session.c @@ -131,3 +131,80 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key) return ret; } + +/* + a convenient wrapper around sess_crypt_blob() for DATA_BLOBs, using the LSA convention + + note that we round the length to a multiple of 8. This seems to be needed for + compatibility with windows + + caller should free using data_blob_free() +*/ +DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_BLOB *session_key) +{ + DATA_BLOB ret, src; + int dlen = (blob_in->length+7) & ~7; + + src = data_blob_talloc(mem_ctx, NULL, 8+dlen); + if (!src.data) { + return data_blob(NULL, 0); + } + + ret = data_blob(NULL, 8+dlen); + if (!ret.data) { + data_blob_free(&src); + return data_blob(NULL, 0); + } + + SIVAL(src.data, 0, blob_in->length); + SIVAL(src.data, 4, 1); + memset(src.data+8, 0, dlen); + memcpy(src.data+8, blob_in->data, blob_in->length); + + sess_crypt_blob(&ret, &src, session_key, True); + + data_blob_free(&src); + + return ret; +} + +/* + a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention + + caller should free the returned string +*/ +DATA_BLOB sess_decrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const DATA_BLOB *session_key) +{ + DATA_BLOB out; + int slen; + DATA_BLOB ret; + + if (blob->length < 8) { + return data_blob(NULL, 0); + } + + out = data_blob_talloc(mem_ctx, NULL, blob->length); + if (!out.data) { + return data_blob(NULL, 0); + } + + sess_crypt_blob(&out, blob, session_key, False); + + slen = IVAL(out.data, 0); + if (slen > blob->length - 8) { + DEBUG(0,("Invalid crypt length %d\n", slen)); + return data_blob(NULL, 0); + } + + if (IVAL(out.data, 4) != 1) { + DEBUG(0,("Unexpected revision number %d in session crypted string\n", + IVAL(out.data, 4))); + return data_blob(NULL, 0); + } + + ret = data_blob_talloc(mem_ctx, out.data+8, slen); + + data_blob_free(&out); + + return ret; +} |