diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-05-25 14:06:28 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:14 -0500 |
commit | 5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3 (patch) | |
tree | 78f843cb6a9ff745f9ac5ef35de53bccbf1ccbd8 /source4/librpc | |
parent | 579c13da43d5b40ac6d6c1436399fbc1d8dfd054 (diff) | |
download | samba-5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3.tar.gz samba-5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3.tar.bz2 samba-5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3.zip |
r874: This patch is a pile of work on NTLMSSP:
Samba's NTLMSSP code is now fully talloc based, which should go a long
way to cleaning up the memory leaks in this code. This also avoids a
lot of extra copies of data, as we now allocate the 'return' blobs on
a caller-supplied context.
I have also been doing a lot of work towards NTLM2 signing and
sealing. I have this working for sealing, but not for the verifier
(MD5 integrity check on the stream) which is still incorrect.
(I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the
data arrives intact, but the signature check fails. It does however
match the test values I have...).
The new torture test is cludged in - when we get a unit test suite
back, I'll happliy put it in the 'right' place....
Andrew Bartlett
(This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9)
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/idl/lsa.idl | 10 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.c | 4 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 6 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_ntlm.c | 39 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 20 |
5 files changed, 45 insertions, 34 deletions
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index 2e3049ac78..6d81a4cb6f 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -499,7 +499,15 @@ /* Function: 0x2d */ - NTSTATUS UNK_GET_CONNUSER (); + NTSTATUS UNK_GET_CONNUSER ( + [in] unistr *system_name, + [in] uint32 unknown1, + [in] uint32 unknown2, + [in] uint32 unknown3, + [out] unistr *username, + [out] unistr *domain_name + ); + /* Function: 0x2e */ NTSTATUS QUERYINFO2 (); } diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 21340e4f63..e4c5174af3 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -183,6 +183,7 @@ static NTSTATUS dcerpc_pull_request_sign(struct dcerpc_pipe *p, switch (p->auth_info->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: status = p->security_state->unseal_packet(p->security_state, + mem_ctx, pkt->u.response.stub_and_verifier.data, pkt->u.response.stub_and_verifier.length, &auth.credentials); @@ -190,6 +191,7 @@ static NTSTATUS dcerpc_pull_request_sign(struct dcerpc_pipe *p, case DCERPC_AUTH_LEVEL_INTEGRITY: status = p->security_state->check_packet(p->security_state, + mem_ctx, pkt->u.response.stub_and_verifier.data, pkt->u.response.stub_and_verifier.length, &auth.credentials); @@ -250,6 +252,7 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p, switch (p->auth_info->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: status = p->security_state->seal_packet(p->security_state, + mem_ctx, ndr->data + DCERPC_REQUEST_LENGTH, ndr->offset - DCERPC_REQUEST_LENGTH, &p->auth_info->credentials); @@ -257,6 +260,7 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p, case DCERPC_AUTH_LEVEL_INTEGRITY: status = p->security_state->sign_packet(p->security_state, + mem_ctx, ndr->data + DCERPC_REQUEST_LENGTH, ndr->offset - DCERPC_REQUEST_LENGTH, &p->auth_info->credentials); diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 5c7f01c658..25c2029f34 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -28,12 +28,16 @@ enum dcerpc_transport_t {NCACN_NP, NCACN_IP_TCP}; struct dcerpc_security { void *private; NTSTATUS (*unseal_packet)(struct dcerpc_security *, + TALLOC_CTX *mem_ctx, uchar *data, size_t length, DATA_BLOB *sig); NTSTATUS (*check_packet)(struct dcerpc_security *, + TALLOC_CTX *mem_ctx, const uchar *data, size_t length, const DATA_BLOB *sig); NTSTATUS (*seal_packet)(struct dcerpc_security *, - uchar *data, size_t length, DATA_BLOB *sig); + TALLOC_CTX *mem_ctx, + uchar *data, size_t length, DATA_BLOB *sig); NTSTATUS (*sign_packet)(struct dcerpc_security *, + TALLOC_CTX *mem_ctx, const uchar *data, size_t length, DATA_BLOB *sig); NTSTATUS (*session_key)(struct dcerpc_security *, DATA_BLOB *session_key); void (*security_end)(struct dcerpc_security *); diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c index fa4232c94a..1a216e9885 100644 --- a/source4/librpc/rpc/dcerpc_ntlm.c +++ b/source4/librpc/rpc/dcerpc_ntlm.c @@ -26,34 +26,38 @@ wrappers for the ntlmssp_*() functions */ static NTSTATUS ntlm_unseal_packet(struct dcerpc_security *dcerpc_security, - uchar *data, size_t length, DATA_BLOB *sig) + TALLOC_CTX *mem_ctx, + uchar *data, size_t length, DATA_BLOB *sig) { struct ntlmssp_state *ntlmssp_state = dcerpc_security->private; - return ntlmssp_unseal_packet(ntlmssp_state, data, length, sig); + return ntlmssp_unseal_packet(ntlmssp_state, mem_ctx, data, length, sig); } static NTSTATUS ntlm_check_packet(struct dcerpc_security *dcerpc_security, + TALLOC_CTX *mem_ctx, const uchar *data, size_t length, const DATA_BLOB *sig) { struct ntlmssp_state *ntlmssp_state = dcerpc_security->private; - return ntlmssp_check_packet(ntlmssp_state, data, length, sig); + return ntlmssp_check_packet(ntlmssp_state, mem_ctx, data, length, sig); } static NTSTATUS ntlm_seal_packet(struct dcerpc_security *dcerpc_security, + TALLOC_CTX *mem_ctx, uchar *data, size_t length, DATA_BLOB *sig) { struct ntlmssp_state *ntlmssp_state = dcerpc_security->private; - return ntlmssp_seal_packet(ntlmssp_state, data, length, sig); + return ntlmssp_seal_packet(ntlmssp_state, mem_ctx, data, length, sig); } static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security, + TALLOC_CTX *mem_ctx, const uchar *data, size_t length, DATA_BLOB *sig) { struct ntlmssp_state *ntlmssp_state = dcerpc_security->private; - return ntlmssp_sign_packet(ntlmssp_state, data, length, sig); + return ntlmssp_sign_packet(ntlmssp_state, mem_ctx, data, length, sig); } static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security, @@ -137,35 +141,30 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p, p->auth_info->credentials = data_blob(NULL, 0); p->security_state = NULL; - status = ntlmssp_update(state, + status = ntlmssp_update(state, mem_ctx, p->auth_info->credentials, &credentials); + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { goto done; } - p->auth_info->credentials = data_blob_talloc(mem_ctx, - credentials.data, - credentials.length); - data_blob_free(&credentials); + p->auth_info->credentials = credentials; status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version); if (!NT_STATUS_IS_OK(status)) { goto done; } - - status = ntlmssp_update(state, + status = ntlmssp_update(state, mem_ctx, p->auth_info->credentials, &credentials); + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { goto done; } - p->auth_info->credentials = data_blob_talloc(mem_ctx, - credentials.data, - credentials.length); - data_blob_free(&credentials); + p->auth_info->credentials = credentials; status = dcerpc_auth3(p, mem_ctx); @@ -187,14 +186,6 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p, p->security_state->session_key = ntlm_session_key; p->security_state->security_end = ntlm_security_end; - switch (p->auth_info->auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - case DCERPC_AUTH_LEVEL_INTEGRITY: - /* setup for signing */ - status = ntlmssp_sign_init(state); - break; - } - done: talloc_destroy(mem_ctx); diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index a88d3c1b3e..f368ce30b3 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -26,34 +26,38 @@ wrappers for the schannel_*() functions */ static NTSTATUS schan_unseal_packet(struct dcerpc_security *dcerpc_security, - uchar *data, size_t length, DATA_BLOB *sig) + TALLOC_CTX *mem_ctx, + uchar *data, size_t length, DATA_BLOB *sig) { struct schannel_state *schannel_state = dcerpc_security->private; - return schannel_unseal_packet(schannel_state, data, length, sig); + return schannel_unseal_packet(schannel_state, mem_ctx, data, length, sig); } static NTSTATUS schan_check_packet(struct dcerpc_security *dcerpc_security, - const uchar *data, size_t length, - const DATA_BLOB *sig) + TALLOC_CTX *mem_ctx, + const uchar *data, size_t length, + const DATA_BLOB *sig) { struct schannel_state *schannel_state = dcerpc_security->private; return schannel_check_packet(schannel_state, data, length, sig); } static NTSTATUS schan_seal_packet(struct dcerpc_security *dcerpc_security, - uchar *data, size_t length, - DATA_BLOB *sig) + TALLOC_CTX *mem_ctx, + uchar *data, size_t length, + DATA_BLOB *sig) { struct schannel_state *schannel_state = dcerpc_security->private; - return schannel_seal_packet(schannel_state, data, length, sig); + return schannel_seal_packet(schannel_state, mem_ctx, data, length, sig); } static NTSTATUS schan_sign_packet(struct dcerpc_security *dcerpc_security, + TALLOC_CTX *mem_ctx, const uchar *data, size_t length, DATA_BLOB *sig) { struct schannel_state *schannel_state = dcerpc_security->private; - return schannel_sign_packet(schannel_state, data, length, sig); + return schannel_sign_packet(schannel_state, mem_ctx, data, length, sig); } static NTSTATUS schan_session_key(struct dcerpc_security *dcerpc_security, |