diff options
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 98 |
1 files changed, 50 insertions, 48 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 6de2e80b45..e725181807 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1588,38 +1588,16 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, uint32 ss_padding_len, DATA_BLOB *rpc_out) { - DATA_BLOB auth_info; + uint16_t data_and_pad_len = rpc_out->length + - DCERPC_RESPONSE_LENGTH + - DCERPC_AUTH_TRAILER_LENGTH; + DATA_BLOB auth_blob; NTSTATUS status; - DATA_BLOB auth_blob = data_blob_null; - uint16_t data_and_pad_len = rpc_out->length - DCERPC_RESPONSE_LENGTH; if (!cli->auth->a_u.auth_ntlmssp_state) { return NT_STATUS_INVALID_PARAMETER; } - /* marshall the dcerpc_auth with an actually empty auth_blob. - * this is needed because the ntmlssp signature includes the - * auth header */ - status = dcerpc_push_dcerpc_auth(rpc_out->data, - map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type), - cli->auth->auth_level, - ss_padding_len, - 1 /* context id. */, - &auth_blob, - &auth_info); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - /* append the header */ - if (!data_blob_append(NULL, rpc_out, - auth_info.data, auth_info.length)) { - DEBUG(0, ("Failed to add %u bytes auth blob.\n", - (unsigned int)auth_info.length)); - return NT_STATUS_NO_MEMORY; - } - data_blob_free(&auth_info); - switch (cli->auth->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ @@ -1662,7 +1640,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, if (!data_blob_append(NULL, rpc_out, auth_blob.data, auth_blob.length)) { DEBUG(0, ("Failed to add %u bytes auth blob.\n", - (unsigned int)auth_info.length)); + (unsigned int)auth_blob.length)); return NT_STATUS_NO_MEMORY; } data_blob_free(&auth_blob); @@ -1678,12 +1656,12 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, uint32 ss_padding_len, DATA_BLOB *rpc_out) { - DATA_BLOB auth_info; struct schannel_state *sas = cli->auth->a_u.schannel_auth; uint8_t *data_p = rpc_out->data + DCERPC_RESPONSE_LENGTH; size_t data_and_pad_len = rpc_out->length - - DCERPC_RESPONSE_LENGTH; - DATA_BLOB blob; + - DCERPC_RESPONSE_LENGTH + - DCERPC_AUTH_TRAILER_LENGTH; + DATA_BLOB auth_blob; NTSTATUS status; if (!sas) { @@ -1700,7 +1678,7 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, true, data_p, data_and_pad_len, - &blob); + &auth_blob); break; case DCERPC_AUTH_LEVEL_INTEGRITY: status = netsec_outgoing_packet(sas, @@ -1708,7 +1686,7 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, false, data_p, data_and_pad_len, - &blob); + &auth_blob); break; default: status = NT_STATUS_INTERNAL_ERROR; @@ -1722,27 +1700,15 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, } if (DEBUGLEVEL >= 10) { - dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); + dump_NL_AUTH_SIGNATURE(talloc_tos(), &auth_blob); } - /* Finally marshall the blob. */ - status = dcerpc_push_dcerpc_auth(rpc_out->data, - map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type), - cli->auth->auth_level, - ss_padding_len, - 1 /* context id. */, - &blob, - &auth_info); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - data_blob_free(&blob); - + /* Finally attach the blob. */ if (!data_blob_append(NULL, rpc_out, - auth_info.data, auth_info.length)) { + auth_blob.data, auth_blob.length)) { return NT_STATUS_NO_MEMORY; } - data_blob_free(&auth_info); + data_blob_free(&auth_blob); return NT_STATUS_OK; } @@ -1915,6 +1881,8 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, char pad[8] = { 0, }; NTSTATUS status; union dcerpc_payload u; + DATA_BLOB auth_info; + DATA_BLOB auth_blob = data_blob_null; data_left = state->req_data->length - state->req_data_sent; @@ -1967,6 +1935,40 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, } } + switch (state->cli->auth->auth_type) { + case PIPE_AUTH_TYPE_NONE: + break; + case PIPE_AUTH_TYPE_NTLMSSP: + case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + case PIPE_AUTH_TYPE_SCHANNEL: + /* marshall the dcerpc_auth with an actually empty auth_blob. + * This is needed because the ntmlssp signature includes the + * auth header */ + status = dcerpc_push_dcerpc_auth(state->rpc_out.data, + map_pipe_auth_type_to_rpc_auth_type(state->cli->auth->auth_type), + state->cli->auth->auth_level, + ss_padding, + 1 /* context id. */, + &auth_blob, + &auth_info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* append the header */ + if (!data_blob_append(NULL, &state->rpc_out, + auth_info.data, auth_info.length)) { + DEBUG(0, ("Failed to add %u bytes auth blob.\n", + (unsigned int)auth_info.length)); + return NT_STATUS_NO_MEMORY; + } + data_blob_free(&auth_info); + break; + + default: + break; + } + /* Generate any auth sign/seal and add the auth footer. */ switch (state->cli->auth->auth_type) { case PIPE_AUTH_TYPE_NONE: |