summaryrefslogtreecommitdiff
path: root/source4/rpc_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-05-25 14:06:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:14 -0500
commit5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3 (patch)
tree78f843cb6a9ff745f9ac5ef35de53bccbf1ccbd8 /source4/rpc_server
parent579c13da43d5b40ac6d6c1436399fbc1d8dfd054 (diff)
downloadsamba-5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3.tar.gz
samba-5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3.tar.bz2
samba-5b0ab386cb0fb74d78e6c68abe1b047ab515b7b3.zip
r874: This patch is a pile of work on NTLMSSP:
Samba's NTLMSSP code is now fully talloc based, which should go a long way to cleaning up the memory leaks in this code. This also avoids a lot of extra copies of data, as we now allocate the 'return' blobs on a caller-supplied context. I have also been doing a lot of work towards NTLM2 signing and sealing. I have this working for sealing, but not for the verifier (MD5 integrity check on the stream) which is still incorrect. (I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the data arrives intact, but the signature check fails. It does however match the test values I have...). The new torture test is cludged in - when we get a unit test suite back, I'll happliy put it in the 'right' place.... Andrew Bartlett (This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9)
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/dcesrv_auth.c17
1 files changed, 9 insertions, 8 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index a117f08445..48792180c6 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -66,6 +66,7 @@ BOOL dcesrv_auth_bind(struct dcesrv_call_state *call)
status = auth_ntlmssp_start(&dce_conn->auth_state.ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("Failed to start NTLMSSP subsystem!\n"));
return False;
}
@@ -85,10 +86,12 @@ BOOL dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct dcerpc_packet *
}
status = auth_ntlmssp_update(dce_conn->auth_state.ntlmssp_state,
+ call->mem_ctx,
dce_conn->auth_state.auth_info->credentials,
&dce_conn->auth_state.auth_info->credentials);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ DEBUG(2, ("Failed to start NTLMSSP process NTLMSSP negotiate: %s\n", nt_errstr(status)));
return False;
}
@@ -131,20 +134,14 @@ BOOL dcesrv_auth_auth3(struct dcesrv_call_state *call)
}
status = auth_ntlmssp_update(dce_conn->auth_state.ntlmssp_state,
+ call->mem_ctx,
dce_conn->auth_state.auth_info->credentials,
&dce_conn->auth_state.auth_info->credentials);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(4, ("User failed to authenticated with NTLMSSP: %s\n", nt_errstr(status)));
return False;
}
- switch (dce_conn->auth_state.auth_info->auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- /* setup for signing */
- status = ntlmssp_sign_init(dce_conn->auth_state.ntlmssp_state->ntlmssp_state);
- break;
- }
-
return True;
}
@@ -197,6 +194,7 @@ BOOL dcesrv_auth_request(struct dcesrv_call_state *call)
switch (dce_conn->auth_state.auth_info->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
status = ntlmssp_unseal_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state,
+ call->mem_ctx,
pkt->u.request.stub_and_verifier.data,
pkt->u.request.stub_and_verifier.length,
&auth.credentials);
@@ -204,6 +202,7 @@ BOOL dcesrv_auth_request(struct dcesrv_call_state *call)
case DCERPC_AUTH_LEVEL_INTEGRITY:
status = ntlmssp_check_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state,
+ call->mem_ctx,
pkt->u.request.stub_and_verifier.data,
pkt->u.request.stub_and_verifier.length,
&auth.credentials);
@@ -262,6 +261,7 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
switch (dce_conn->auth_state.auth_info->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
status = ntlmssp_seal_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state,
+ call->mem_ctx,
ndr->data + DCERPC_REQUEST_LENGTH,
ndr->offset - DCERPC_REQUEST_LENGTH,
&dce_conn->auth_state.auth_info->credentials);
@@ -269,6 +269,7 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
case DCERPC_AUTH_LEVEL_INTEGRITY:
status = ntlmssp_sign_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state,
+ call->mem_ctx,
ndr->data + DCERPC_REQUEST_LENGTH,
ndr->offset - DCERPC_REQUEST_LENGTH,
&dce_conn->auth_state.auth_info->credentials);