summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/libcli/auth/ntlmssp.c213
-rw-r--r--source4/libcli/auth/ntlmssp_parse.c321
-rw-r--r--source4/libcli/auth/ntlmssp_sign.c32
-rw-r--r--source4/libcli/config.m41
-rw-r--r--source4/libcli/util/smbencrypt.c25
-rw-r--r--source4/librpc/ndr/ndr_basic.c301
6 files changed, 460 insertions, 433 deletions
diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c
index 6830db3f90..f72f98d8a0 100644
--- a/source4/libcli/auth/ntlmssp.c
+++ b/source4/libcli/auth/ntlmssp.c
@@ -1,7 +1,7 @@
/*
Unix SMB/Netbios implementation.
- Version 3.0
- handle NLTMSSP, server side
+
+ NLTMSSP code
Copyright (C) Andrew Tridgell 2001
Copyright (C) Andrew Bartlett 2001-2003
@@ -221,6 +221,7 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
+ NTSTATUS nt_status;
DATA_BLOB input;
uint32_t ntlmssp_command;
int i;
@@ -257,13 +258,15 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
break;
}
} else {
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
- &input, "Cd",
- "NTLMSSP",
- &ntlmssp_command)) {
+ nt_status = ndr_pull_format_blob(&input, ntlmssp_state->mem_ctx,
+ "Cd",
+ "NTLMSSP",
+ &ntlmssp_command);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("Failed to parse NTLMSSP packet, could not extract NTLMSSP command\n"));
dump_data(2, (const char *)input.data, input.length);
- return NT_STATUS_INVALID_PARAMETER;
+ return nt_status;
}
}
@@ -442,6 +445,7 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
+ NTSTATUS nt_status;
DATA_BLOB struct_blob;
fstring dnsname, dnsdomname;
uint32_t neg_flags = 0;
@@ -456,16 +460,18 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
#endif
if (in.length) {
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
- &in, "CddAA",
- "NTLMSSP",
- &ntlmssp_command,
- &neg_flags,
- &cliname,
- &domname)) {
+ nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx,
+ "CddAA",
+ "NTLMSSP",
+ &ntlmssp_command,
+ &neg_flags,
+ &cliname,
+ &domname);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("ntlmssp_server_negotiate: failed to parse NTLMSSP:\n"));
dump_data(2, (const char *)in.data, in.length);
- return NT_STATUS_INVALID_PARAMETER;
+ return nt_status;
}
debug_ntlmssp_flags(neg_flags);
@@ -515,13 +521,14 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
target_name_dns = dnsname;
}
- msrpc_gen(out_mem_ctx,
- &struct_blob, "aaaaa",
- NTLMSSP_NAME_TYPE_DOMAIN, target_name,
- NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(),
- NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname,
- NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname,
- 0, "");
+ /* TODO: do we need to check the result here? --metze */
+ ndr_push_format_blob(&struct_blob, out_mem_ctx,
+ "aaaaa",
+ NTLMSSP_NAME_TYPE_DOMAIN, target_name,
+ NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(),
+ NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname,
+ NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname,
+ 0, "");
} else {
struct_blob = data_blob(NULL, 0);
}
@@ -534,16 +541,17 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
} else {
gen_string = "CdAdbddB";
}
-
- msrpc_gen(out_mem_ctx,
- out, gen_string,
- "NTLMSSP",
- NTLMSSP_CHALLENGE,
- target_name,
- chal_flags,
- cryptkey, 8,
- 0, 0,
- struct_blob.data, struct_blob.length);
+
+ /* TODO: do we need to check the result here? --metze */
+ ndr_push_format_blob(out, out_mem_ctx,
+ gen_string,
+ "NTLMSSP",
+ NTLMSSP_CHALLENGE,
+ target_name,
+ chal_flags,
+ cryptkey, 8,
+ 0, 0,
+ struct_blob.data, struct_blob.length);
}
ntlmssp_state->expected_state = NTLMSSP_AUTH;
@@ -591,18 +599,20 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->workstation = NULL;
/* now the NTLMSSP encoded auth hashes */
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
- &request, parse_string,
- "NTLMSSP",
- &ntlmssp_command,
- &ntlmssp_state->lm_resp,
- &ntlmssp_state->nt_resp,
- &domain,
- &user,
- &workstation,
- &ntlmssp_state->encrypted_session_key,
- &auth_flags)) {
- DEBUG(10, ("ntlmssp_server_auth: failed to parse NTLMSSP (nonfatal):\n"));
+ nt_status = ndr_pull_format_blob(&request, ntlmssp_state->mem_ctx,
+ parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &ntlmssp_state->lm_resp,
+ &ntlmssp_state->nt_resp,
+ &domain,
+ &user,
+ &workstation,
+ &ntlmssp_state->encrypted_session_key,
+ &auth_flags);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(10, ("ntlmssp_server_preauth: failed to parse NTLMSSP (nonfatal):\n"));
dump_data(10, (const char *)request.data, request.length);
/* zero this out */
@@ -617,19 +627,20 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
}
/* now the NTLMSSP encoded auth hashes */
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
- &request, parse_string,
- "NTLMSSP",
- &ntlmssp_command,
- &ntlmssp_state->lm_resp,
- &ntlmssp_state->nt_resp,
- &domain,
- &user,
- &workstation)) {
- DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP:\n"));
+ nt_status = ndr_pull_format_blob(&request, ntlmssp_state->mem_ctx,
+ parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &ntlmssp_state->lm_resp,
+ &ntlmssp_state->nt_resp,
+ &domain,
+ &user,
+ &workstation);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(1, ("ntlmssp_server_preauth: failed to parse NTLMSSP:\n"));
dump_data(2, (const char *)request.data, request.length);
-
- return NT_STATUS_INVALID_PARAMETER;
+ return nt_status;
}
}
@@ -958,6 +969,8 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx,
DATA_BLOB in, DATA_BLOB *out)
{
+ NTSTATUS nt_status;
+
if (ntlmssp_state->unicode) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
} else {
@@ -969,13 +982,17 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
}
/* generate the ntlmssp negotiate packet */
- msrpc_gen(out_mem_ctx,
- out, "CddAA",
- "NTLMSSP",
- NTLMSSP_NEGOTIATE,
- ntlmssp_state->neg_flags,
- ntlmssp_state->get_domain(),
- ntlmssp_state->get_global_myname());
+ nt_status = ndr_push_format_blob(out, out_mem_ctx,
+ "CddAA",
+ "NTLMSSP",
+ NTLMSSP_NEGOTIATE,
+ ntlmssp_state->neg_flags,
+ ntlmssp_state->get_domain(),
+ ntlmssp_state->get_global_myname());
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
@@ -1010,16 +1027,17 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
NTSTATUS nt_status;
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
- &in, "CdBd",
- "NTLMSSP",
- &ntlmssp_command,
- &server_domain_blob,
- &chal_flags)) {
+ nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx,
+ "CdBd",
+ "NTLMSSP",
+ &ntlmssp_command,
+ &server_domain_blob,
+ &chal_flags);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
dump_data(2, (const char *)in.data, in.length);
-
- return NT_STATUS_INVALID_PARAMETER;
+ return nt_status;
}
data_blob_free(&server_domain_blob);
@@ -1049,18 +1067,20 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
DEBUG(3, ("NTLMSSP: Set final flags:\n"));
debug_ntlmssp_flags(ntlmssp_state->neg_flags);
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
- &in, chal_parse_string,
- "NTLMSSP",
- &ntlmssp_command,
- &server_domain,
- &chal_flags,
- &challenge_blob, 8,
- &unkn1, &unkn2,
- &struct_blob)) {
+ nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx,
+ chal_parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &server_domain,
+ &chal_flags,
+ &challenge_blob, 8,
+ &unkn1, &unkn2,
+ &struct_blob);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
dump_data(2, (const char *)in.data, in.length);
- return NT_STATUS_INVALID_PARAMETER;
+ return nt_status;
}
ntlmssp_state->server_domain = server_domain;
@@ -1216,19 +1236,20 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
}
/* this generates the actual auth packet */
- if (!msrpc_gen(out_mem_ctx,
- out, auth_gen_string,
- "NTLMSSP",
- NTLMSSP_AUTH,
- lm_response.data, lm_response.length,
- nt_response.data, nt_response.length,
- ntlmssp_state->domain,
- ntlmssp_state->user,
- ntlmssp_state->get_global_myname(),
- encrypted_session_key.data, encrypted_session_key.length,
- ntlmssp_state->neg_flags)) {
-
- return NT_STATUS_NO_MEMORY;
+ nt_status = ndr_push_format_blob(out, out_mem_ctx,
+ auth_gen_string,
+ "NTLMSSP",
+ NTLMSSP_AUTH,
+ lm_response.data, lm_response.length,
+ nt_response.data, nt_response.length,
+ ntlmssp_state->domain,
+ ntlmssp_state->user,
+ ntlmssp_state->get_global_myname(),
+ encrypted_session_key.data, encrypted_session_key.length,
+ ntlmssp_state->neg_flags);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
}
ntlmssp_state->session_key = session_key;
@@ -1242,7 +1263,9 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->expected_state = NTLMSSP_DONE;
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {
+ nt_status = ntlmssp_sign_init(ntlmssp_state);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n",
nt_errstr(nt_status)));
return nt_status;
diff --git a/source4/libcli/auth/ntlmssp_parse.c b/source4/libcli/auth/ntlmssp_parse.c
deleted file mode 100644
index 251effd7e1..0000000000
--- a/source4/libcli/auth/ntlmssp_parse.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- simple kerberos5/SPNEGO routines
- Copyright (C) Andrew Tridgell 2001
- Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
- Copyright (C) Andrew Bartlett 2002-2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/*
- this is a tiny msrpc packet generator. I am only using this to
- avoid tying this code to a particular varient of our rpc code. This
- generator is not general enough for all our rpc needs, its just
- enough for the spnego/ntlmssp code
-
- format specifiers are:
-
- U = unicode string (input is unix string)
- a = address (input is char *unix_string)
- (1 byte type, 1 byte length, unicode/ASCII string, all inline)
- A = ASCII string (input is unix string)
- B = data blob (pointer + length)
- b = data blob in header (pointer + length)
- D
- d = word (4 bytes)
- C = constant ascii string
- */
-BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
- const char *format, ...)
-{
- int i, n;
- va_list ap;
- char *s;
- uint8_t *b;
- int head_size=0, data_size=0;
- int head_ofs, data_ofs;
-
- /* first scan the format to work out the header and body size */
- va_start(ap, format);
- for (i=0; format[i]; i++) {
- switch (format[i]) {
- case 'U':
- s = va_arg(ap, char *);
- head_size += 8;
- data_size += str_charnum(s) * 2;
- break;
- case 'A':
- s = va_arg(ap, char *);
- head_size += 8;
- data_size += str_ascii_charnum(s);
- break;
- case 'a':
- n = va_arg(ap, int);
- s = va_arg(ap, char *);
- data_size += (str_charnum(s) * 2) + 4;
- break;
- case 'B':
- b = va_arg(ap, uint8_t *);
- head_size += 8;
- data_size += va_arg(ap, int);
- break;
- case 'b':
- b = va_arg(ap, uint8_t *);
- head_size += va_arg(ap, int);
- break;
- case 'd':
- n = va_arg(ap, int);
- head_size += 4;
- break;
- case 'C':
- s = va_arg(ap, char *);
- head_size += str_charnum(s) + 1;
- break;
- }
- }
- va_end(ap);
-
- /* allocate the space, then scan the format again to fill in the values */
- *blob = data_blob_talloc(mem_ctx, NULL, head_size + data_size);
-
- head_ofs = 0;
- data_ofs = head_size;
-
- va_start(ap, format);
- for (i=0; format[i]; i++) {
- switch (format[i]) {
- case 'U':
- s = va_arg(ap, char *);
- n = str_charnum(s);
- SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
- SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
- SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
- push_string(NULL, blob->data+data_ofs, s, n*2, STR_UNICODE|STR_NOALIGN);
- data_ofs += n*2;
- break;
- case 'A':
- s = va_arg(ap, char *);
- n = str_ascii_charnum(s);
- SSVAL(blob->data, head_ofs, n); head_ofs += 2;
- SSVAL(blob->data, head_ofs, n); head_ofs += 2;
- SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
- push_string(NULL, blob->data+data_ofs, s, n, STR_ASCII|STR_NOALIGN);
- data_ofs += n;
- break;
- case 'a':
- n = va_arg(ap, int);
- SSVAL(blob->data, data_ofs, n); data_ofs += 2;
- s = va_arg(ap, char *);
- n = str_charnum(s);
- SSVAL(blob->data, data_ofs, n*2); data_ofs += 2;
- if (0 < n) {
- push_string(NULL, blob->data+data_ofs, s, n*2,
- STR_UNICODE|STR_NOALIGN);
- }
- data_ofs += n*2;
- break;
-
- case 'B':
- b = va_arg(ap, uint8_t *);
- n = va_arg(ap, int);
- SSVAL(blob->data, head_ofs, n); head_ofs += 2;
- SSVAL(blob->data, head_ofs, n); head_ofs += 2;
- SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
- if (n && b) /* don't follow null pointers... */
- memcpy(blob->data+data_ofs, b, n);
- data_ofs += n;
- break;
- case 'd':
- n = va_arg(ap, int);
- SIVAL(blob->data, head_ofs, n); head_ofs += 4;
- break;
- case 'b':
- b = va_arg(ap, uint8_t *);
- n = va_arg(ap, int);
- memcpy(blob->data + head_ofs, b, n);
- head_ofs += n;
- break;
- case 'C':
- s = va_arg(ap, char *);
- head_ofs += push_string(NULL, blob->data+head_ofs, s, -1,
- STR_ASCII|STR_TERMINATE);
- break;
- }
- }
- va_end(ap);
-
- return True;
-}
-
-
-/* a helpful macro to avoid running over the end of our blob */
-#define NEED_DATA(amount) \
-if ((head_ofs + amount) > blob->length) { \
- return False; \
-}
-
-/*
- this is a tiny msrpc packet parser. This the the partner of msrpc_gen
-
- format specifiers are:
-
- U = unicode string (output is unix string)
- A = ascii string
- B = data blob
- b = data blob in header
- d = word (4 bytes)
- C = constant ascii string
- */
-
-BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
- const char *format, ...)
-{
- int i;
- va_list ap;
- const char **ps, *s;
- DATA_BLOB *b;
- size_t head_ofs = 0;
- uint16_t len1, len2;
- uint32_t ptr;
- uint32_t *v;
- pstring p;
-
- va_start(ap, format);
- for (i=0; format[i]; i++) {
- switch (format[i]) {
- case 'U':
- NEED_DATA(8);
- len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
- len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
- ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
-
- ps = va_arg(ap, char **);
- if (len1 == 0 && len2 == 0) {
- *ps = "";
- } else {
- /* make sure its in the right format - be strict */
- if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return False;
- }
- if (len1 & 1) {
- /* if odd length and unicode */
- return False;
- }
- if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return False;
-
- if (0 < len1) {
- pull_string(NULL, p, blob->data + ptr, sizeof(p),
- len1,
- STR_UNICODE|STR_NOALIGN);
- (*ps) = talloc_strdup(mem_ctx, p);
- if (!(*ps)) {
- return False;
- }
- } else {
- (*ps) = "";
- }
- }
- break;
- case 'A':
- NEED_DATA(8);
- len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
- len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
- ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
-
- ps = va_arg(ap, char **);
- /* make sure its in the right format - be strict */
- if (len1 == 0 && len2 == 0) {
- *ps = "";
- } else {
- if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return False;
- }
-
- if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return False;
-
- if (0 < len1) {
- pull_string(NULL, p, blob->data + ptr, sizeof(p),
- len1,
- STR_ASCII|STR_NOALIGN);
- (*ps) = talloc_strdup(mem_ctx, p);
- if (!(*ps)) {
- return False;
- }
- } else {
- (*ps) = "";
- }
- }
- break;
- case 'B':
- NEED_DATA(8);
- len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
- len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
- ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
-
- b = (DATA_BLOB *)va_arg(ap, void *);
- if (len1 == 0 && len2 == 0) {
- *b = data_blob_talloc(mem_ctx, NULL, 0);
- } else {
- /* make sure its in the right format - be strict */
- if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return False;
- }
-
- if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return False;
-
- *b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
- }
- break;
- case 'b':
- b = (DATA_BLOB *)va_arg(ap, void *);
- len1 = va_arg(ap, uint_t);
- /* make sure its in the right format - be strict */
- NEED_DATA(len1);
- if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
- return False;
-
- *b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
- head_ofs += len1;
- break;
- case 'd':
- v = va_arg(ap, uint32_t *);
- NEED_DATA(4);
- *v = IVAL(blob->data, head_ofs); head_ofs += 4;
- break;
- case 'C':
- s = va_arg(ap, char *);
-
- if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
- return False;
-
- head_ofs += pull_string(NULL, p, blob->data+head_ofs, sizeof(p),
- blob->length - head_ofs,
- STR_ASCII|STR_TERMINATE);
- if (strcmp(s, p) != 0) {
- return False;
- }
- break;
- }
- }
- va_end(ap);
-
- return True;
-}
diff --git a/source4/libcli/auth/ntlmssp_sign.c b/source4/libcli/auth/ntlmssp_sign.c
index d680da9495..385ea18cd2 100644
--- a/source4/libcli/auth/ntlmssp_sign.c
+++ b/source4/libcli/auth/ntlmssp_sign.c
@@ -117,6 +117,8 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
enum ntlmssp_direction direction,
DATA_BLOB *sig)
{
+ NTSTATUS nt_status;
+
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
HMACMD5Context ctx;
@@ -155,9 +157,18 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
} else {
uint32_t crc;
+
crc = crc32_calc_buffer((const char *)data, length);
- if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmssp_seq_num)) {
- return NT_STATUS_NO_MEMORY;
+
+ nt_status = ndr_push_format_blob(sig, sig_mem_ctx,
+ "dddd",
+ NTLMSSP_SIGN_VERSION,
+ 0,
+ crc,
+ ntlmssp_state->ntlmssp_seq_num);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
}
dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmssp_hash,
@@ -264,7 +275,9 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *sig_mem_ctx,
uint8_t *data, size_t length,
DATA_BLOB *sig)
-{
+{
+ NTSTATUS nt_status;
+
if (!ntlmssp_state->session_key.length) {
DEBUG(3, ("NO session key, cannot seal packet\n"));
return NT_STATUS_NO_USER_SESSION_KEY;
@@ -300,9 +313,18 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
memcpy(sig->data + 12, seq_num, 4);
} else {
uint32_t crc;
+
crc = crc32_calc_buffer((const char *)data, length);
- if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmssp_seq_num)) {
- return NT_STATUS_NO_MEMORY;
+
+ nt_status = ndr_push_format_blob(sig, sig_mem_ctx,
+ "dddd",
+ NTLMSSP_SIGN_VERSION,
+ 0,
+ crc,
+ ntlmssp_state->ntlmssp_seq_num);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
}
/* The order of these two operations matters - we must first seal the packet,
diff --git a/source4/libcli/config.m4 b/source4/libcli/config.m4
index 992f84005d..eb23c045af 100644
--- a/source4/libcli/config.m4
+++ b/source4/libcli/config.m4
@@ -44,7 +44,6 @@ SMB_SUBSYSTEM(LIBCLI_AUTH,[],
[libcli/auth/spnego.o
libcli/auth/spnego_parse.o
libcli/auth/ntlmssp.o
- libcli/auth/ntlmssp_parse.o
libcli/auth/ntlmssp_sign.o
libcli/auth/schannel.o
libcli/auth/credentials.o
diff --git a/source4/libcli/util/smbencrypt.c b/source4/libcli/util/smbencrypt.c
index 72c6589097..e2fb033279 100644
--- a/source4/libcli/util/smbencrypt.c
+++ b/source4/libcli/util/smbencrypt.c
@@ -267,10 +267,12 @@ DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
{
DATA_BLOB names_blob = data_blob_talloc(mem_ctx, NULL, 0);
- msrpc_gen(mem_ctx, &names_blob, "aaa",
- NTLMSSP_NAME_TYPE_DOMAIN, domain,
- NTLMSSP_NAME_TYPE_SERVER, hostname,
- 0, "");
+ ndr_push_format_blob(&names_blob ,mem_ctx,
+ "aaa",
+ NTLMSSP_NAME_TYPE_DOMAIN, domain,
+ NTLMSSP_NAME_TYPE_SERVER, hostname,
+ 0, "");
+
return names_blob;
}
@@ -289,13 +291,14 @@ static DATA_BLOB NTLMv2_generate_client_data(TALLOC_CTX *mem_ctx, const DATA_BLO
/* See http://www.ubiqx.org/cifs/SMB.html#SMB.8.5 */
- msrpc_gen(mem_ctx, &response, "ddbbdb",
- 0x00000101, /* Header */
- 0, /* 'Reserved' */
- long_date, 8, /* Timestamp */
- client_chal, 8, /* client challenge */
- 0, /* Unknown */
- names_blob->data, names_blob->length); /* End of name list */
+ ndr_push_format_blob(&response, mem_ctx,
+ "ddbbdb",
+ 0x00000101, /* Header */
+ 0, /* 'Reserved' */
+ long_date, 8, /* Timestamp */
+ client_chal, 8, /* client challenge */
+ 0, /* Unknown */
+ names_blob->data, names_blob->length); /* End of name list */
return response;
}
diff --git a/source4/librpc/ndr/ndr_basic.c b/source4/librpc/ndr/ndr_basic.c
index 5d4ade096f..1adf6ea1d3 100644
--- a/source4/librpc/ndr/ndr_basic.c
+++ b/source4/librpc/ndr/ndr_basic.c
@@ -972,3 +972,304 @@ NTSTATUS ndr_pull_DATA_BLOB(struct ndr_pull *ndr, DATA_BLOB *blob)
ndr->offset += length;
return NT_STATUS_OK;
}
+
+/*
+ this is a tiny ndr packet generator. This
+ generator is not general enough for all our rpc needs, its just
+ enough for the ntlmssp code
+
+ format specifiers are:
+
+ U = unicode string (input is unix string)
+ a = address (input is char *unix_string)
+ (1 byte type, 1 byte length, unicode/ASCII string, all inline)
+ A = ASCII string (input is unix string)
+ B = data blob (pointer + length)
+ b = data blob in header (pointer + length)
+ D
+ d = word (4 bytes)
+ C = constant ascii string
+ */
+NTSTATUS ndr_push_format_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
+ const char *format, ...)
+{
+ int i, n;
+ va_list ap;
+ char *s;
+ uint8_t *b;
+ int head_size=0, data_size=0;
+ int head_ofs, data_ofs;
+
+ /* first scan the format to work out the header and body size */
+ va_start(ap, format);
+ for (i=0; format[i]; i++) {
+ switch (format[i]) {
+ case 'U':
+ s = va_arg(ap, char *);
+ head_size += 8;
+ data_size += str_charnum(s) * 2;
+ break;
+ case 'A':
+ s = va_arg(ap, char *);
+ head_size += 8;
+ data_size += str_ascii_charnum(s);
+ break;
+ case 'a':
+ n = va_arg(ap, int);
+ s = va_arg(ap, char *);
+ data_size += (str_charnum(s) * 2) + 4;
+ break;
+ case 'B':
+ b = va_arg(ap, uint8_t *);
+ head_size += 8;
+ data_size += va_arg(ap, int);
+ break;
+ case 'b':
+ b = va_arg(ap, uint8_t *);
+ head_size += va_arg(ap, int);
+ break;
+ case 'd':
+ n = va_arg(ap, int);
+ head_size += 4;
+ break;
+ case 'C':
+ s = va_arg(ap, char *);
+ head_size += str_charnum(s) + 1;
+ break;
+ }
+ }
+ va_end(ap);
+
+ /* allocate the space, then scan the format again to fill in the values */
+ *blob = data_blob_talloc(mem_ctx, NULL, head_size + data_size);
+
+ if (blob->length != (head_size + data_size)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ head_ofs = 0;
+ data_ofs = head_size;
+
+ va_start(ap, format);
+ for (i=0; format[i]; i++) {
+ switch (format[i]) {
+ case 'U':
+ s = va_arg(ap, char *);
+ n = str_charnum(s);
+ SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
+ SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
+ SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
+ push_string(NULL, blob->data+data_ofs, s, n*2, STR_UNICODE|STR_NOALIGN);
+ data_ofs += n*2;
+ break;
+ case 'A':
+ s = va_arg(ap, char *);
+ n = str_ascii_charnum(s);
+ SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+ SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+ SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
+ push_string(NULL, blob->data+data_ofs, s, n, STR_ASCII|STR_NOALIGN);
+ data_ofs += n;
+ break;
+ case 'a':
+ n = va_arg(ap, int);
+ SSVAL(blob->data, data_ofs, n); data_ofs += 2;
+ s = va_arg(ap, char *);
+ n = str_charnum(s);
+ SSVAL(blob->data, data_ofs, n*2); data_ofs += 2;
+ if (0 < n) {
+ push_string(NULL, blob->data+data_ofs, s, n*2,
+ STR_UNICODE|STR_NOALIGN);
+ }
+ data_ofs += n*2;
+ break;
+
+ case 'B':
+ b = va_arg(ap, uint8_t *);
+ n = va_arg(ap, int);
+ SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+ SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+ SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
+ if (n && b) /* don't follow null pointers... */
+ memcpy(blob->data+data_ofs, b, n);
+ data_ofs += n;
+ break;
+ case 'd':
+ n = va_arg(ap, int);
+ SIVAL(blob->data, head_ofs, n); head_ofs += 4;
+ break;
+ case 'b':
+ b = va_arg(ap, uint8_t *);
+ n = va_arg(ap, int);
+ memcpy(blob->data + head_ofs, b, n);
+ head_ofs += n;
+ break;
+ case 'C':
+ s = va_arg(ap, char *);
+ head_ofs += push_string(NULL, blob->data+head_ofs, s, -1,
+ STR_ASCII|STR_TERMINATE);
+ break;
+ }
+ }
+ va_end(ap);
+
+ return NT_STATUS_OK;
+}
+
+
+/* a helpful macro to avoid running over the end of our blob */
+#define NEED_DATA(amount) \
+if ((head_ofs + amount) > blob->length) { \
+ return NT_STATUS_INVALID_PARAMETER; \
+}
+
+/*
+ this is a tiny msrpc packet parser. This the the partner of msrpc_gen
+
+ format specifiers are:
+
+ U = unicode string (output is unix string)
+ A = ascii string
+ B = data blob
+ b = data blob in header
+ d = word (4 bytes)
+ C = constant ascii string
+ */
+
+NTSTATUS ndr_pull_format_blob(const DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
+ const char *format, ...)
+{
+ int i;
+ va_list ap;
+ const char **ps, *s;
+ DATA_BLOB *b;
+ size_t head_ofs = 0;
+ uint16_t len1, len2;
+ uint32_t ptr;
+ uint32_t *v;
+ pstring p;
+
+ va_start(ap, format);
+ for (i=0; format[i]; i++) {
+ switch (format[i]) {
+ case 'U':
+ NEED_DATA(8);
+ len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
+
+ ps = va_arg(ap, char **);
+ if (len1 == 0 && len2 == 0) {
+ *ps = "";
+ } else {
+ /* make sure its in the right format - be strict */
+ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ if (len1 & 1) {
+ /* if odd length and unicode */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (0 < len1) {
+ pull_string(NULL, p, blob->data + ptr, sizeof(p),
+ len1,
+ STR_UNICODE|STR_NOALIGN);
+ (*ps) = talloc_strdup(mem_ctx, p);
+ if (!(*ps)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ (*ps) = "";
+ }
+ }
+ break;
+ case 'A':
+ NEED_DATA(8);
+ len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
+
+ ps = va_arg(ap, char **);
+ /* make sure its in the right format - be strict */
+ if (len1 == 0 && len2 == 0) {
+ *ps = "";
+ } else {
+ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (0 < len1) {
+ pull_string(NULL, p, blob->data + ptr, sizeof(p),
+ len1,
+ STR_ASCII|STR_NOALIGN);
+ (*ps) = talloc_strdup(mem_ctx, p);
+ if (!(*ps)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ (*ps) = "";
+ }
+ }
+ break;
+ case 'B':
+ NEED_DATA(8);
+ len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
+
+ b = (DATA_BLOB *)va_arg(ap, void *);
+ if (len1 == 0 && len2 == 0) {
+ *b = data_blob_talloc(mem_ctx, NULL, 0);
+ } else {
+ /* make sure its in the right format - be strict */
+ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
+ }
+ break;
+ case 'b':
+ b = (DATA_BLOB *)va_arg(ap, void *);
+ len1 = va_arg(ap, uint_t);
+ /* make sure its in the right format - be strict */
+ NEED_DATA(len1);
+ if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
+ head_ofs += len1;
+ break;
+ case 'd':
+ v = va_arg(ap, uint32_t *);
+ NEED_DATA(4);
+ *v = IVAL(blob->data, head_ofs); head_ofs += 4;
+ break;
+ case 'C':
+ s = va_arg(ap, char *);
+
+ if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ head_ofs += pull_string(NULL, p, blob->data+head_ofs, sizeof(p),
+ blob->length - head_ofs,
+ STR_ASCII|STR_TERMINATE);
+ if (strcmp(s, p) != 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ break;
+ }
+ }
+ va_end(ap);
+
+ return NT_STATUS_OK;
+}