diff options
| author | Andrew Tridgell <tridge@samba.org> | 2004-06-06 12:59:14 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:34 -0500 |
| commit | 42eadaf3d94afc7abf8ba2f1a67c55f317215483 (patch) | |
| tree | 17aba1b55e533eece7b1b6a529ac309000549a3f /source4/rpc_server | |
| parent | 7b1e0454ef1a6af65c9e9305b7502ca5294a1793 (diff) | |
| download | samba-42eadaf3d94afc7abf8ba2f1a67c55f317215483.tar.gz samba-42eadaf3d94afc7abf8ba2f1a67c55f317215483.tar.bz2 samba-42eadaf3d94afc7abf8ba2f1a67c55f317215483.zip | |
r1048: - moved the schannel definitions into a separate schannel.idl
- added server side support for schannel type 23. This allows WinXP to establish a schannel connection
to Samba4 as an ADS DC
- added client side support for schannel type 23, but disabled it as currently the client
code has now way of getting the fully qualified domain name (which is needed)
- report dcerpc faults in the server code in the log
(This used to be commit 55e0b014fe14ca8811b55887208a1c3147ddb0d2)
Diffstat (limited to 'source4/rpc_server')
| -rw-r--r-- | source4/rpc_server/dcesrv_crypto_schannel.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/source4/rpc_server/dcesrv_crypto_schannel.c b/source4/rpc_server/dcesrv_crypto_schannel.c index a9256fb664..68eff453de 100644 --- a/source4/rpc_server/dcesrv_crypto_schannel.c +++ b/source4/rpc_server/dcesrv_crypto_schannel.c @@ -24,7 +24,7 @@ struct srv_schannel_state { TALLOC_CTX *mem_ctx; - struct dcerpc_bind_schannel bind_info; + struct schannel_bind bind_info; struct schannel_state *state; }; @@ -37,6 +37,8 @@ static NTSTATUS dcesrv_crypto_schannel_start(struct dcesrv_auth *auth, DATA_BLOB NTSTATUS status; TALLOC_CTX *mem_ctx; uint8_t session_key[16]; + const char *account_name; + struct schannel_bind_ack ack; mem_ctx = talloc_init("schannel_start"); if (!mem_ctx) { @@ -53,14 +55,20 @@ static NTSTATUS dcesrv_crypto_schannel_start(struct dcesrv_auth *auth, DATA_BLOB /* parse the schannel startup blob */ status = ndr_pull_struct_blob(auth_blob, mem_ctx, &schannel->bind_info, - (ndr_pull_flags_fn_t)ndr_pull_dcerpc_bind_schannel); + (ndr_pull_flags_fn_t)ndr_pull_schannel_bind); if (!NT_STATUS_IS_OK(status)) { talloc_destroy(mem_ctx); return NT_STATUS_INVALID_PARAMETER; } + if (schannel->bind_info.bind_type == 23) { + account_name = schannel->bind_info.u.info23.account_name; + } else { + account_name = schannel->bind_info.u.info3.account_name; + } + /* pull the session key for this client */ - status = schannel_fetch_session_key(mem_ctx, schannel->bind_info.hostname, session_key); + status = schannel_fetch_session_key(mem_ctx, account_name, session_key); if (!NT_STATUS_IS_OK(status)) { talloc_destroy(mem_ctx); return NT_STATUS_INVALID_HANDLE; @@ -75,6 +83,17 @@ static NTSTATUS dcesrv_crypto_schannel_start(struct dcesrv_auth *auth, DATA_BLOB auth->crypto_ctx.private_data = schannel; + ack.unknown1 = 1; + ack.unknown2 = 0; + ack.unknown3 = 0x6c0000; + + status = ndr_push_struct_blob(auth_blob, mem_ctx, &ack, + (ndr_push_flags_fn_t)ndr_push_schannel_bind_ack); + if (!NT_STATUS_IS_OK(status)) { + talloc_destroy(mem_ctx); + return NT_STATUS_INVALID_PARAMETER; + } + return status; } @@ -102,7 +121,7 @@ static NTSTATUS dcesrv_crypto_schannel_seal(struct dcesrv_auth *auth, TALLOC_CTX sign a packet */ static NTSTATUS dcesrv_crypto_schannel_sign(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, - const uint8_t *data, size_t length, DATA_BLOB *sig) + const uint8_t *data, size_t length, DATA_BLOB *sig) { struct srv_schannel_state *srv_schannel_state = auth->crypto_ctx.private_data; |