diff options
| author | Andrew Tridgell <tridge@samba.org> | 2003-11-26 12:29:08 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2003-11-26 12:29:08 +0000 |
| commit | 1ca1b85c4c0bcf3315ef82316289fe03ecf11737 (patch) | |
| tree | 99dd50a02351dfd97912ab1db28a931db653f648 /source4/librpc/rpc/dcerpc.c | |
| parent | ee67d68f1c6d71d4d3fbe86899d5ea9f271cfbc8 (diff) | |
| download | samba-1ca1b85c4c0bcf3315ef82316289fe03ecf11737.tar.gz samba-1ca1b85c4c0bcf3315ef82316289fe03ecf11737.tar.bz2 samba-1ca1b85c4c0bcf3315ef82316289fe03ecf11737.zip | |
by default sign RPC over TCP but not RPC over SMB. I will add command line control soon
(This used to be commit 215852116c1fb8c0d8ef559155a3dd55346f0c31)
Diffstat (limited to 'source4/librpc/rpc/dcerpc.c')
| -rw-r--r-- | source4/librpc/rpc/dcerpc.c | 59 |
1 files changed, 49 insertions, 10 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index df9c1face4..3868bfdf45 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -135,11 +135,30 @@ static NTSTATUS dcerpc_pull_request_sign(struct dcerpc_pipe *p, return status; } - /* check the signature */ - status = ntlmssp_check_packet(p->ntlmssp_state, - pkt->u.response.stub_and_verifier.data, - pkt->u.response.stub_and_verifier.length, - &auth.credentials); + + /* check signature or unseal the packet */ + switch (p->auth_info->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + status = ntlmssp_unseal_packet(p->ntlmssp_state, + pkt->u.response.stub_and_verifier.data, + pkt->u.response.stub_and_verifier.length, + &auth.credentials); + break; + + case DCERPC_AUTH_LEVEL_INTEGRITY: + status = ntlmssp_check_packet(p->ntlmssp_state, + pkt->u.response.stub_and_verifier.data, + pkt->u.response.stub_and_verifier.length, + &auth.credentials); + break; + + case DCERPC_AUTH_LEVEL_NONE: + break; + + default: + status = NT_STATUS_INVALID_LEVEL; + break; + } /* remove the indicated amount of paddiing */ if (pkt->u.response.stub_and_verifier.length < auth.auth_pad_length) { @@ -221,11 +240,31 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p, p->auth_info->auth_pad_length = NDR_ALIGN(ndr, 8); ndr_push_zero(ndr, p->auth_info->auth_pad_length); - /* sign the packet */ - status = ntlmssp_sign_packet(p->ntlmssp_state, - ndr->data + DCERPC_REQUEST_LENGTH, - ndr->offset - DCERPC_REQUEST_LENGTH, - &p->auth_info->credentials); + /* sign or seal the packet */ + switch (p->auth_info->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + status = ntlmssp_seal_packet(p->ntlmssp_state, + ndr->data + DCERPC_REQUEST_LENGTH, + ndr->offset - DCERPC_REQUEST_LENGTH, + &p->auth_info->credentials); + break; + + case DCERPC_AUTH_LEVEL_INTEGRITY: + status = ntlmssp_sign_packet(p->ntlmssp_state, + ndr->data + DCERPC_REQUEST_LENGTH, + ndr->offset - DCERPC_REQUEST_LENGTH, + &p->auth_info->credentials); + break; + + case DCERPC_AUTH_LEVEL_NONE: + p->auth_info->credentials = data_blob(NULL, 0); + break; + + default: + status = NT_STATUS_INVALID_LEVEL; + break; + } + if (!NT_STATUS_IS_OK(status)) { return status; } |