summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-09-12 06:38:00 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:58:40 -0500
commitf8f2630c0d65460435598f3b1db5672091df99e7 (patch)
treed38ec5117a7b02c5e48e95ab15f1c98d666451b1 /source4/librpc
parent350c12e5c98e13426710c16a2787dd1580e0a060 (diff)
downloadsamba-f8f2630c0d65460435598f3b1db5672091df99e7.tar.gz
samba-f8f2630c0d65460435598f3b1db5672091df99e7.tar.bz2
samba-f8f2630c0d65460435598f3b1db5672091df99e7.zip
r2294: this fixes the NTLM2 sign+seal combination. I have now tested:
NTLM sign NTLM sign+seal NTLM2 sign NTLM2 sign+seal and all of the above both with and without key exchange the NTLM2 seal case is ugly and involves an extra data copy, which some API changes in gensec or the ndr layer might avoid in future. (This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/rpc/dcerpc.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index c2f691aa09..629edd16d4 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -214,11 +214,14 @@ static NTSTATUS dcerpc_pull_request_sign(struct dcerpc_pipe *p,
case DCERPC_AUTH_LEVEL_PRIVACY:
status = gensec_unseal_packet(p->security_state.generic_state,
mem_ctx,
- pkt->u.response.stub_and_verifier.data,
+ blob->data + DCERPC_REQUEST_LENGTH,
pkt->u.response.stub_and_verifier.length,
blob->data,
blob->length - auth.credentials.length,
&auth.credentials);
+ memcpy(pkt->u.response.stub_and_verifier.data,
+ blob->data + DCERPC_REQUEST_LENGTH,
+ pkt->u.response.stub_and_verifier.length);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
@@ -327,8 +330,8 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p,
case DCERPC_AUTH_LEVEL_PRIVACY:
status = gensec_seal_packet(p->security_state.generic_state,
mem_ctx,
- ndr->data + DCERPC_REQUEST_LENGTH,
- ndr->offset - DCERPC_REQUEST_LENGTH,
+ blob->data + DCERPC_REQUEST_LENGTH,
+ pkt->u.request.stub_and_verifier.length+p->security_state.auth_info->auth_pad_length,
blob->data,
blob->length -
p->security_state.auth_info->credentials.length,
@@ -339,8 +342,8 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p,
case DCERPC_AUTH_LEVEL_INTEGRITY:
status = gensec_sign_packet(p->security_state.generic_state,
mem_ctx,
- ndr->data + DCERPC_REQUEST_LENGTH,
- ndr->offset - DCERPC_REQUEST_LENGTH,
+ blob->data + DCERPC_REQUEST_LENGTH,
+ pkt->u.request.stub_and_verifier.length,
blob->data,
blob->length -
p->security_state.auth_info->credentials.length,