diff options
-rw-r--r-- | source3/librpc/rpc/dcerpc.h | 4 | ||||
-rw-r--r-- | source3/librpc/rpc/dcerpc_helpers.c | 117 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 121 |
3 files changed, 130 insertions, 112 deletions
diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h index d170daad9f..fd80dbeb04 100644 --- a/source3/librpc/rpc/dcerpc.h +++ b/source3/librpc/rpc/dcerpc.h @@ -139,6 +139,10 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, struct dcerpc_auth *r, bool bigendian); +NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, + size_t data_left, size_t max_xmit_frag, + size_t *data_to_send, size_t *frag_len, + size_t *auth_len, size_t *pad_len); NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, size_t pad_len, DATA_BLOB *rpc_out); NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index 26b44de5ea..161154fe3b 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -241,6 +241,123 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +/** +* @brief Calculate how much data we can in a packet, including calculating +* auth token and pad lengths. +* +* @param auth The pipe_auth_data structure for this pipe. +* @param data_left The data left in the send buffer +* @param data_to_send The max data we will send in the pdu +* @param frag_len The total length of the fragment +* @param auth_len The length of the auth trailer +* @param pad_len The padding to be applied +* +* @return A NT Error status code. +*/ +NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, + size_t data_left, size_t max_xmit_frag, + size_t *data_to_send, size_t *frag_len, + size_t *auth_len, size_t *pad_len) +{ + size_t data_space; + size_t max_len; + size_t mod_len; + struct gse_context *gse_ctx; + enum dcerpc_AuthType auth_type; + void *auth_ctx; + bool seal = false; + NTSTATUS status; + + /* no auth token cases first */ + switch (auth->auth_level) { + case DCERPC_AUTH_LEVEL_NONE: + case DCERPC_AUTH_LEVEL_CONNECT: + case DCERPC_AUTH_LEVEL_PACKET: + data_space = max_xmit_frag - DCERPC_REQUEST_LENGTH; + *data_to_send = MIN(data_space, data_left); + *pad_len = 0; + *auth_len = 0; + *frag_len = DCERPC_REQUEST_LENGTH + *data_to_send; + return NT_STATUS_OK; + + case DCERPC_AUTH_LEVEL_PRIVACY: + seal = true; + break; + + case DCERPC_AUTH_LEVEL_INTEGRITY: + break; + + default: + return NT_STATUS_INVALID_PARAMETER; + } + + + /* Sign/seal case, calculate auth and pad lengths */ + + max_len = max_xmit_frag + - DCERPC_REQUEST_LENGTH + - DCERPC_AUTH_TRAILER_LENGTH; + + /* Treat the same for all authenticated rpc requests. */ + switch (auth->auth_type) { + case DCERPC_AUTH_TYPE_SPNEGO: + status = spnego_get_negotiated_mech(auth->a_u.spnego_state, + &auth_type, &auth_ctx); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + switch (auth_type) { + case DCERPC_AUTH_TYPE_NTLMSSP: + *auth_len = NTLMSSP_SIG_SIZE; + break; + + case DCERPC_AUTH_TYPE_KRB5: + gse_ctx = talloc_get_type(auth_ctx, + struct gse_context); + if (!gse_ctx) { + return NT_STATUS_INVALID_PARAMETER; + } + *auth_len = gse_get_signature_length(gse_ctx, + seal, max_len); + break; + + default: + return NT_STATUS_INVALID_PARAMETER; + } + break; + + case DCERPC_AUTH_TYPE_NTLMSSP: + *auth_len = NTLMSSP_SIG_SIZE; + break; + + case DCERPC_AUTH_TYPE_SCHANNEL: + *auth_len = NL_AUTH_SIGNATURE_SIZE; + break; + + case DCERPC_AUTH_TYPE_KRB5: + *auth_len = gse_get_signature_length(auth->a_u.gssapi_state, + seal, max_len); + break; + + default: + return NT_STATUS_INVALID_PARAMETER; + } + + data_space = max_len - *auth_len; + + *data_to_send = MIN(data_space, data_left); + mod_len = *data_to_send % CLIENT_NDR_PADDING_SIZE; + if (mod_len) { + *pad_len = CLIENT_NDR_PADDING_SIZE - mod_len; + } else { + *pad_len = 0; + } + *frag_len = DCERPC_REQUEST_LENGTH + *data_to_send + *pad_len + + DCERPC_AUTH_TRAILER_LENGTH + *auth_len; + + return NT_STATUS_OK; +} + /******************************************************************* Create and add the NTLMSSP sign/seal auth data. ********************************************************************/ diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 02e4ec6ae2..99e856dfd8 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1185,109 +1185,6 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx, } /******************************************************************* - Calculate how much data we're going to send in this packet, also - work out any sign/seal padding length. - ********************************************************************/ - -static NTSTATUS calculate_data_len_tosend(struct rpc_pipe_client *cli, - uint32_t data_left, - uint32_t *data_to_send, - uint16_t *p_frag_len, - uint16_t *p_auth_len, - uint32_t *p_ss_padding) -{ - uint32_t data_space, data_len; - size_t max_len; - struct gse_context *gse_ctx; - enum dcerpc_AuthType auth_type; - void *auth_ctx; - NTSTATUS status; - - switch (cli->auth->auth_level) { - case DCERPC_AUTH_LEVEL_NONE: - case DCERPC_AUTH_LEVEL_CONNECT: - case DCERPC_AUTH_LEVEL_PACKET: - data_space = cli->max_xmit_frag - DCERPC_REQUEST_LENGTH; - data_len = MIN(data_space, data_left); - *p_ss_padding = 0; - *p_auth_len = 0; - *p_frag_len = DCERPC_REQUEST_LENGTH + data_len; - *data_to_send = data_len; - return NT_STATUS_OK; - - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PRIVACY: - max_len = cli->max_xmit_frag - - DCERPC_REQUEST_LENGTH - - DCERPC_AUTH_TRAILER_LENGTH; - - /* Treat the same for all authenticated rpc requests. */ - switch(cli->auth->auth_type) { - case DCERPC_AUTH_TYPE_SPNEGO: - status = spnego_get_negotiated_mech( - cli->auth->a_u.spnego_state, - &auth_type, &auth_ctx); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - switch (auth_type) { - case DCERPC_AUTH_TYPE_NTLMSSP: - *p_auth_len = NTLMSSP_SIG_SIZE; - break; - case DCERPC_AUTH_TYPE_KRB5: - gse_ctx = talloc_get_type(auth_ctx, - struct gse_context); - if (!gse_ctx) { - return NT_STATUS_INVALID_PARAMETER; - } - *p_auth_len = gse_get_signature_length(gse_ctx, - (cli->auth->auth_level == - DCERPC_AUTH_LEVEL_PRIVACY), - max_len); - break; - default: - return NT_STATUS_INVALID_PARAMETER; - } - break; - case DCERPC_AUTH_TYPE_NTLMSSP: - *p_auth_len = NTLMSSP_SIG_SIZE; - break; - case DCERPC_AUTH_TYPE_SCHANNEL: - *p_auth_len = NL_AUTH_SIGNATURE_SIZE; - break; - case DCERPC_AUTH_TYPE_KRB5: - *p_auth_len = gse_get_signature_length( - cli->auth->a_u.gssapi_state, - (cli->auth->auth_level == - DCERPC_AUTH_LEVEL_PRIVACY), - max_len); - break; - default: - return NT_STATUS_INVALID_PARAMETER; - } - - data_space = max_len - *p_auth_len; - - data_len = MIN(data_space, data_left); - *p_ss_padding = 0; - if (data_len % CLIENT_NDR_PADDING_SIZE) { - *p_ss_padding = CLIENT_NDR_PADDING_SIZE - (data_len % CLIENT_NDR_PADDING_SIZE); - } - *p_frag_len = DCERPC_REQUEST_LENGTH - + data_len + *p_ss_padding - + DCERPC_AUTH_TRAILER_LENGTH - + *p_auth_len; - *data_to_send = data_len; - return NT_STATUS_OK; - - default: - break; - } - - return NT_STATUS_INVALID_PARAMETER; -} - -/******************************************************************* External interface. Does an rpc request on a pipe. Incoming data is NDR encoded in in_data. Reply is NDR encoded in out_data. Splits the data stream into RPC PDU's @@ -1378,21 +1275,21 @@ struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx, static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, bool *is_last_frag) { - uint32_t data_sent_thistime; - uint16_t auth_len; - uint16_t frag_len; + size_t data_sent_thistime; + size_t auth_len; + size_t frag_len; uint8_t flags = 0; - uint32_t pad_len; - uint32_t data_left; + size_t pad_len; + size_t data_left; NTSTATUS status; union dcerpc_payload u; data_left = state->req_data->length - state->req_data_sent; - status = calculate_data_len_tosend(state->cli, data_left, - &data_sent_thistime, - &frag_len, &auth_len, - &pad_len); + status = dcerpc_guess_sizes(state->cli->auth, data_left, + state->cli->max_xmit_frag, + &data_sent_thistime, + &frag_len, &auth_len, &pad_len); if (!NT_STATUS_IS_OK(status)) { return status; } |