diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-10-23 06:08:25 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:21:37 -0500 |
| commit | 3c203ab927b0ec793ec431199526bb218cc6e2bc (patch) | |
| tree | c837c57793cbbc9b1a417ddba6ff915c4f25378d /source4/rpc_server/dcesrv_auth.c | |
| parent | 95424817274295c56da3d3a5dc1ba3b2d75b0f8d (diff) | |
| download | samba-3c203ab927b0ec793ec431199526bb218cc6e2bc.tar.gz samba-3c203ab927b0ec793ec431199526bb218cc6e2bc.tar.bz2 samba-3c203ab927b0ec793ec431199526bb218cc6e2bc.zip | |
r19465: Rather than use the non-standard API for determining the signature
length, use the amount the wapped message expanded by.
This works, because GSSAPI doesn't do AEAD (signing of headers), and
so changing the signature length after the fact is valid.
Andrew Bartlett
(This used to be commit bd1e0f679c8f2b9755051b8d34114fa127a7cf26)
Diffstat (limited to 'source4/rpc_server/dcesrv_auth.c')
| -rw-r--r-- | source4/rpc_server/dcesrv_auth.c | 54 |
1 files changed, 46 insertions, 8 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 3f848ca381..e6e9bb7fc5 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -393,6 +393,7 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, NTSTATUS status; struct ndr_push *ndr; uint32_t payload_length; + DATA_BLOB creds2; /* non-signed packets are simple */ if (!dce_conn->auth_state.auth_info || !dce_conn->auth_state.gensec_security) { @@ -427,14 +428,20 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, return False; } } else { + + /* We hope this length is accruate. If must be if the + * GENSEC mech does AEAD signing of the packet + * headers */ dce_conn->auth_state.auth_info->credentials = data_blob_talloc(call, NULL, gensec_sig_size(dce_conn->auth_state.gensec_security, payload_length)); + data_blob_clear(&dce_conn->auth_state.auth_info->credentials); } /* add the auth verifier */ - status = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, dce_conn->auth_state.auth_info); + status = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, + dce_conn->auth_state.auth_info); if (!NT_STATUS_IS_OK(status)) { return False; } @@ -446,6 +453,9 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, in these earlier as we don't know the signature length (it could be variable length) */ dcerpc_set_frag_length(blob, blob->length); + + /* We hope this value is accruate. If must be if the GENSEC + * mech does AEAD signing of the packet headers */ dcerpc_set_auth_length(blob, dce_conn->auth_state.auth_info->credentials.length); /* sign or seal the packet */ @@ -457,7 +467,23 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, payload_length, blob->data, blob->length - dce_conn->auth_state.auth_info->credentials.length, - &dce_conn->auth_state.auth_info->credentials); + &creds2); + + if (NT_STATUS_IS_OK(status)) { + status = data_blob_realloc(call, blob, + blob->length - dce_conn->auth_state.auth_info->credentials.length + + creds2.length); + } + + if (NT_STATUS_IS_OK(status)) { + memcpy(blob->data + blob->length - dce_conn->auth_state.auth_info->credentials.length, + creds2.data, creds2.length); + } + + /* If we did AEAD signing of the packet headers, then we hope + * this value didn't change... */ + dcerpc_set_auth_length(blob, creds2.length); + data_blob_free(&creds2); break; case DCERPC_AUTH_LEVEL_INTEGRITY: @@ -467,8 +493,23 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, payload_length, blob->data, blob->length - dce_conn->auth_state.auth_info->credentials.length, - &dce_conn->auth_state.auth_info->credentials); + &creds2); + if (NT_STATUS_IS_OK(status)) { + status = data_blob_realloc(call, blob, + blob->length - dce_conn->auth_state.auth_info->credentials.length + + creds2.length); + } + if (NT_STATUS_IS_OK(status)) { + memcpy(blob->data + blob->length - dce_conn->auth_state.auth_info->credentials.length, + creds2.data, creds2.length); + } + + /* If we did AEAD signing of the packet headers, then we hope + * this value didn't change... */ + dcerpc_set_auth_length(blob, creds2.length); + + data_blob_free(&creds2); break; case DCERPC_AUTH_LEVEL_CONNECT: @@ -479,14 +520,11 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, break; } + data_blob_free(&dce_conn->auth_state.auth_info->credentials); + if (!NT_STATUS_IS_OK(status)) { return False; } - memcpy(blob->data + blob->length - dce_conn->auth_state.auth_info->credentials.length, - dce_conn->auth_state.auth_info->credentials.data, dce_conn->auth_state.auth_info->credentials.length); - - data_blob_free(&dce_conn->auth_state.auth_info->credentials); - return True; } |