diff options
| author | Stefan Metzmacher <metze@samba.org> | 2004-06-04 09:46:46 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:25 -0500 |
| commit | 5165fec02e0e489ac63c3cb71bed31dea9fde644 (patch) | |
| tree | f253af775d6151ef9e3eb5d01973f2f177febd19 /source4/rpc_server/dcesrv_crypto_ntlmssp.c | |
| parent | b0d4ed741f9fcb31ef124c1375db13cd6874131e (diff) | |
| download | samba-5165fec02e0e489ac63c3cb71bed31dea9fde644.tar.gz samba-5165fec02e0e489ac63c3cb71bed31dea9fde644.tar.bz2 samba-5165fec02e0e489ac63c3cb71bed31dea9fde644.zip | |
r1004: continue tridge's work on dcerpc server auth/crypto code
I made it much more generic, and we should be able to add a
module interface to this code, so that other DCERPC_AUTH types can be added
via modules...
metze
(This used to be commit d09abeb686c43c62322205689273d1b417113004)
Diffstat (limited to 'source4/rpc_server/dcesrv_crypto_ntlmssp.c')
| -rw-r--r-- | source4/rpc_server/dcesrv_crypto_ntlmssp.c | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/source4/rpc_server/dcesrv_crypto_ntlmssp.c b/source4/rpc_server/dcesrv_crypto_ntlmssp.c new file mode 100644 index 0000000000..b894f0f25d --- /dev/null +++ b/source4/rpc_server/dcesrv_crypto_ntlmssp.c @@ -0,0 +1,139 @@ +/* + Unix SMB/CIFS implementation. + + server side dcerpc authentication code - NTLMSSP auth/crypto code + + Copyright (C) Andrew Tridgell 2004 + Copyright (C) Stefan (metze) Metzmacher 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + this provides a crypto interface to the various backends (such as + NTLMSSP and SCHANNEL) for the rpc server code +*/ + +#include "includes.h" + + +/* + start crypto state +*/ +static NTSTATUS dcesrv_crypto_ntlmssp_start(struct dcesrv_auth *auth) +{ + struct auth_ntlmssp_state *ntlmssp = NULL; + NTSTATUS status; + + status = auth_ntlmssp_start(&ntlmssp); + + auth->crypto_ctx.private_data = ntlmssp; + + return status; +} + +/* + update crypto state +*/ +static NTSTATUS dcesrv_crypto_ntlmssp_update(struct dcesrv_auth *auth, TALLOC_CTX *out_mem_ctx, + const DATA_BLOB in, DATA_BLOB *out) +{ + struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data; + + return ntlmssp_update(auth_ntlmssp_state->ntlmssp_state, out_mem_ctx, in, out); +} + +/* + seal a packet +*/ +static NTSTATUS dcesrv_crypto_ntlmssp_seal(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, + uint8_t *data, size_t length, DATA_BLOB *sig) +{ + struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data; + + return ntlmssp_seal_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, sig); +} + +/* + sign a packet +*/ +static NTSTATUS dcesrv_crypto_ntlmssp_sign(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, + const uint8_t *data, size_t length, DATA_BLOB *sig) +{ + struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data; + + return ntlmssp_sign_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, sig); +} + +/* + check a packet signature +*/ +static NTSTATUS dcesrv_crypto_ntlmssp_check_sig(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, + const uint8_t *data, size_t length, const DATA_BLOB *sig) +{ + struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data; + + return ntlmssp_check_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, sig); +} + +/* + unseal a packet +*/ +static NTSTATUS dcesrv_crypto_ntlmssp_unseal(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, + uint8_t *data, size_t length, DATA_BLOB *sig) +{ + struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data; + + return ntlmssp_unseal_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, sig); +} + +/* + end crypto state +*/ +static void dcesrv_crypto_ntlmssp_end(struct dcesrv_auth *auth) +{ + struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data; + + auth->crypto_ctx.private_data = NULL; + + auth_ntlmssp_end(&auth_ntlmssp_state); + + return; +} + +static const struct dcesrv_cyrpto_ops dcesrv_crypto_ntlmssp_ops = { + .name = "ntlmssp", + .auth_type = DCERPC_AUTH_TYPE_NTLMSSP, + .start = dcesrv_crypto_ntlmssp_start, + .update = dcesrv_crypto_ntlmssp_update, + .seal = dcesrv_crypto_ntlmssp_seal, + .sign = dcesrv_crypto_ntlmssp_sign, + .check_sig = dcesrv_crypto_ntlmssp_check_sig, + .unseal = dcesrv_crypto_ntlmssp_unseal, + .end = dcesrv_crypto_ntlmssp_end +}; + +/* + startup the cryptographic side of an authenticated dcerpc server +*/ +NTSTATUS dcesrv_crypto_ntlmssp_get_ops(struct dcesrv_connection *dce_conn, + struct dcesrv_auth *auth) +{ + NTSTATUS status = NT_STATUS_OK; + + auth->crypto_ctx.ops = &dcesrv_crypto_ntlmssp_ops; + + return status; +} |