summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-04-28 13:17:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:51:37 -0500
commit3fe884c26c772fca65470c45540d37a58deda403 (patch)
treefc0689041a9f9a2ab0c97d37667fbdb7231c5c9c /source4
parent932b0ff5f5f5ce861a45df4a986b0db73a52e510 (diff)
downloadsamba-3fe884c26c772fca65470c45540d37a58deda403.tar.gz
samba-3fe884c26c772fca65470c45540d37a58deda403.tar.bz2
samba-3fe884c26c772fca65470c45540d37a58deda403.zip
r390: added my best guess for how session keys are supposed to work when you
use NTLMSSP sign or seal at the RPC layer It doesn't work yet, but then again neither does the old code (which just assumed the SMB session key was used, which of course makes no sense on a ncacn_ip_tcp connection) (This used to be commit e8782329269bc78d36d8ca83fb7a4e38b9c6b167)
Diffstat (limited to 'source4')
-rw-r--r--source4/librpc/rpc/dcerpc.h1
-rw-r--r--source4/librpc/rpc/dcerpc_ntlm.c12
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c7
-rw-r--r--source4/librpc/rpc/dcerpc_util.c19
4 files changed, 34 insertions, 5 deletions
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 55c81c374e..c79d14bec0 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -35,6 +35,7 @@ struct dcerpc_security {
uchar *data, size_t length, DATA_BLOB *sig);
NTSTATUS (*sign_packet)(struct dcerpc_security *,
const uchar *data, size_t length, DATA_BLOB *sig);
+ NTSTATUS (*session_key)(struct dcerpc_security *, uint8 session_key[16]);
void (*security_end)(struct dcerpc_security *);
};
diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c
index 81f434cccf..194b1aa865 100644
--- a/source4/librpc/rpc/dcerpc_ntlm.c
+++ b/source4/librpc/rpc/dcerpc_ntlm.c
@@ -56,6 +56,17 @@ static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security,
return ntlmssp_sign_packet(ntlmssp_state, data, length, sig);
}
+static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security,
+ uint8 session_key[16])
+{
+ struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+ if (!ntlmssp_state || ntlmssp_state->session_key.length < 16) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ memcpy(session_key, ntlmssp_state->session_key.data, 16);
+ return NT_STATUS_OK;
+}
+
static void ntlm_security_end(struct dcerpc_security *dcerpc_security)
{
struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
@@ -173,6 +184,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
p->security_state->check_packet = ntlm_check_packet;
p->security_state->seal_packet = ntlm_seal_packet;
p->security_state->sign_packet = ntlm_sign_packet;
+ p->security_state->session_key = ntlm_session_key;
p->security_state->security_end = ntlm_security_end;
switch (p->auth_info->auth_level) {
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 2a4c0a6bb1..504c8dfd6f 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -56,6 +56,12 @@ static NTSTATUS schan_sign_packet(struct dcerpc_security *dcerpc_security,
return schannel_sign_packet(schannel_state, data, length, sig);
}
+static NTSTATUS schan_session_key(struct dcerpc_security *dcerpc_security,
+ uint8 session_key[16])
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
static void schan_security_end(struct dcerpc_security *dcerpc_security)
{
struct schannel_state *schannel_state = dcerpc_security->private;
@@ -232,6 +238,7 @@ NTSTATUS dcerpc_bind_auth_schannel_key(struct dcerpc_pipe *p,
p->security_state->check_packet = schan_check_packet;
p->security_state->seal_packet = schan_seal_packet;
p->security_state->sign_packet = schan_sign_packet;
+ p->security_state->session_key = schan_session_key;
p->security_state->security_end = schan_security_end;
done:
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index b52631670b..0e045e0033 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -677,14 +677,23 @@ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
{
struct cli_tree *tree;
+ memset(session_key, 0, 16);
+
tree = dcerpc_smb_tree(p);
- if (!tree) {
- return NT_STATUS_INVALID_PARAMETER;
+ if (tree) {
+ memcpy(session_key,
+ tree->session->transport->negotiate.user_session_key,
+ 16);
}
- memcpy(session_key,
- tree->session->transport->negotiate.user_session_key,
- 16);
+ if (p->security_state) {
+ NTSTATUS status;
+
+ status = p->security_state->session_key(p->security_state, session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
return NT_STATUS_OK;
}