diff options
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 157 |
1 files changed, 52 insertions, 105 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 16e1a540aa..551041149f 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -1046,9 +1046,10 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax) *******************************************************************/ static bool pipe_spnego_auth_bind_kerberos(pipes_struct *p, + TALLOC_CTX *mem_ctx, struct dcerpc_auth *pauth_info, DATA_BLOB *psecblob, - prs_struct *pout_auth) + DATA_BLOB *response) { return False; } @@ -1058,13 +1059,11 @@ static bool pipe_spnego_auth_bind_kerberos(pipes_struct *p, *******************************************************************/ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, - uint32_t ss_padding_len, + TALLOC_CTX *mem_ctx, struct dcerpc_auth *pauth_info, - prs_struct *pout_auth) + DATA_BLOB *response) { - DATA_BLOB blob; DATA_BLOB secblob; - DATA_BLOB response; DATA_BLOB chal; char *OIDs[ASN1_MAX_OIDS]; int i; @@ -1074,7 +1073,6 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, ZERO_STRUCT(secblob); ZERO_STRUCT(chal); - ZERO_STRUCT(response); if (pauth_info->credentials.data[0] != ASN1_APPLICATION(0)) { goto err; @@ -1098,8 +1096,8 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, if ( got_kerberos_mechanism && ((lp_security()==SEC_ADS) || USE_KERBEROS_KEYTAB) ) { bool ret; - ret = pipe_spnego_auth_bind_kerberos(p, pauth_info, - &secblob, pout_auth); + ret = pipe_spnego_auth_bind_kerberos(p, mem_ctx, pauth_info, + &secblob, response); data_blob_free(&secblob); return ret; } @@ -1140,37 +1138,22 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, } /* Generate the response blob we need for step 2 of the bind. */ - response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP); + *response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP); } else { /* * SPNEGO negotiate down to NTLMSSP. The subsequent * code to process follow-up packets is not complete * yet. JRA. */ - response = spnego_gen_auth_response(NULL, + *response = spnego_gen_auth_response(NULL, NT_STATUS_MORE_PROCESSING_REQUIRED, OID_NTLMSSP); } - /* auth_pad_len will be handled by the caller */ + /* Make sure data is bound to the memctx, to be freed the caller */ + talloc_steal(mem_ctx, response->data); - status = dcerpc_push_dcerpc_auth(prs_get_mem_context(pout_auth), - DCERPC_AUTH_TYPE_SPNEGO, - pauth_info->auth_level, - ss_padding_len, - 1, /* auth_context_id */ - &response, - &blob); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Marshalling of dcerpc_auth failed.\n")); - goto err; - } - - /* Copy the blob into the pout_auth parse struct */ - if (!prs_copy_data_in(pout_auth, (char *)blob.data, blob.length)) { - DEBUG(0,("pipe_spnego_auth_bind_negotiate: marshalling of data blob failed.\n")); - goto err; - } + /* auth_pad_len will be handled by the caller */ p->auth.a_u.auth_ntlmssp_state = a; p->auth.auth_data_free_func = &free_pipe_ntlmssp_auth_data; @@ -1178,7 +1161,6 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, data_blob_free(&secblob); data_blob_free(&chal); - data_blob_free(&response); /* We can't set pipe_bound True yet - we need an RPC_ALTER_CONTEXT response packet... */ return True; @@ -1187,7 +1169,6 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, data_blob_free(&secblob); data_blob_free(&chal); - data_blob_free(&response); p->auth.a_u.auth_ntlmssp_state = NULL; @@ -1285,11 +1266,10 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, *******************************************************************/ static bool pipe_schannel_auth_bind(pipes_struct *p, - uint32_t ss_padding_len, - struct dcerpc_auth *auth_info, - prs_struct *pout_auth) + TALLOC_CTX *mem_ctx, + struct dcerpc_auth *auth_info, + DATA_BLOB *response) { - DATA_BLOB auth_blob; struct NL_AUTH_MESSAGE neg; struct NL_AUTH_MESSAGE reply; bool ret; @@ -1297,11 +1277,9 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, struct netlogon_creds_CredentialState *creds; DATA_BLOB session_key; enum ndr_err_code ndr_err; - DATA_BLOB blob; ndr_err = ndr_pull_struct_blob( - &auth_info->credentials, - prs_get_mem_context(pout_auth), &neg, + &auth_info->credentials, mem_ctx, &neg, (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n")); @@ -1379,7 +1357,7 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, * this has any meaning * here - gd */ - ndr_err = ndr_push_struct_blob(&auth_blob, talloc_tos(), &reply, + ndr_err = ndr_push_struct_blob(response, mem_ctx, &reply, (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n")); @@ -1390,22 +1368,6 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &reply); } - status = dcerpc_push_dcerpc_auth(prs_get_mem_context(pout_auth), - DCERPC_AUTH_TYPE_SCHANNEL, - auth_info->auth_level, - ss_padding_len, - 1, /* auth_context_id */ - &auth_blob, - &blob); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Marshalling of dcerpc_auth failed.\n")); - return False; - } - - if (!prs_copy_data_in(pout_auth, (const char *)blob.data, blob.length)) { - return false; - } - DEBUG(10,("pipe_schannel_auth_bind: schannel auth: domain [%s] myname [%s]\n", neg.oem_netbios_domain.a, neg.oem_netbios_computer.a)); @@ -1423,17 +1385,13 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, *******************************************************************/ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, - uint32_t ss_padding_len, - struct dcerpc_auth *auth_info, - prs_struct *pout_auth) + TALLOC_CTX *mem_ctx, + struct dcerpc_auth *auth_info, + DATA_BLOB *response) { - DATA_BLOB blob; - DATA_BLOB response; NTSTATUS status; struct auth_ntlmssp_state *a = NULL; - ZERO_STRUCT(response); - if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) { DEBUG(0, ("Failed to read NTLMSSP in blob\n")); goto err; @@ -1458,37 +1416,20 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, break; } - status = auth_ntlmssp_update(a, auth_info->credentials, &response); + status = auth_ntlmssp_update(a, auth_info->credentials, response); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { DEBUG(0,("pipe_ntlmssp_auth_bind: auth_ntlmssp_update failed: %s\n", nt_errstr(status) )); goto err; } - status = dcerpc_push_dcerpc_auth(prs_get_mem_context(pout_auth), - DCERPC_AUTH_TYPE_NTLMSSP, - auth_info->auth_level, - ss_padding_len, - 1, /* auth_context_id */ - &response, - &blob); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Marshalling of dcerpc_auth failed.\n")); - goto err; - } - - /* Copy the blob into the pout_auth parse struct */ - if (!prs_copy_data_in(pout_auth, (char *)blob.data, blob.length)) { - DEBUG(0,("pipe_ntlmssp_auth_bind: marshalling of data blob failed.\n")); - goto err; - } + /* Make sure data is bound to the memctx, to be freed the caller */ + talloc_steal(mem_ctx, response->data); p->auth.a_u.auth_ntlmssp_state = a; p->auth.auth_data_free_func = &free_pipe_ntlmssp_auth_data; p->auth.auth_type = PIPE_AUTH_TYPE_NTLMSSP; - data_blob_free(&response); - DEBUG(10,("pipe_ntlmssp_auth_bind: NTLMSSP auth started\n")); /* We can't set pipe_bound True yet - we need an DCERPC_PKT_AUTH3 response packet... */ @@ -1496,8 +1437,6 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, err: - data_blob_free(&response); - free_pipe_ntlmssp_auth_data(&p->auth); p->auth.a_u.auth_ntlmssp_state = NULL; return False; @@ -1515,12 +1454,13 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt) uint16 assoc_gid; fstring ack_pipe_name; prs_struct out_hdr_ba; - prs_struct out_auth; int auth_len = 0; unsigned int auth_type = DCERPC_AUTH_TYPE_NONE; uint32_t ss_padding_len = 0; NTSTATUS status; struct ndr_syntax_id id; + DATA_BLOB auth_resp = data_blob_null; + DATA_BLOB auth_blob = data_blob_null; /* No rebinds on a bound pipe - use alter context. */ if (p->pipe_bound) { @@ -1608,14 +1548,6 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt) return False; } - if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) { - DEBUG(0,("api_pipe_bind_req: malloc out_auth failed.\n")); - prs_mem_free(&p->out_data.frag); - prs_mem_free(&out_hdr_ba); - return False; - } - - /* * Create the bind response struct. */ @@ -1714,24 +1646,23 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt) switch(auth_type) { case DCERPC_AUTH_TYPE_NTLMSSP: - if (!pipe_ntlmssp_auth_bind(p, ss_padding_len, - &auth_info, &out_auth)) { + if (!pipe_ntlmssp_auth_bind(p, pkt, + &auth_info, &auth_resp)) { goto err_exit; } assoc_gid = 0x7a77; break; case DCERPC_AUTH_TYPE_SCHANNEL: - if (!pipe_schannel_auth_bind(p, ss_padding_len, - &auth_info, &out_auth)) { + if (!pipe_schannel_auth_bind(p, pkt, + &auth_info, &auth_resp)) { goto err_exit; } break; case DCERPC_AUTH_TYPE_SPNEGO: - if (!pipe_spnego_auth_bind_negotiate(p, - ss_padding_len, - &auth_info, &out_auth)) { + if (!pipe_spnego_auth_bind_negotiate(p, pkt, + &auth_info, &auth_resp)) { goto err_exit; } break; @@ -1752,12 +1683,26 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt) DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n", auth_type )); goto err_exit; } + if (auth_resp.length) { + status = dcerpc_push_dcerpc_auth(pkt, + auth_type, + auth_info.auth_level, + ss_padding_len, + 1, /* auth_context_id */ + &auth_resp, + &auth_blob); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Marshalling of dcerpc_auth failed.\n")); + goto err_exit; + } + } + /* * Create the header, now we know the length. */ - if (prs_offset(&out_auth)) { - auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN; + if (auth_blob.length) { + auth_len = auth_blob.length - RPC_HDR_AUTH_LEN; } init_rpc_hdr(&hdr, @@ -1765,7 +1710,7 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt) DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST, pkt->call_id, RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + - ss_padding_len + prs_offset(&out_auth), + ss_padding_len + auth_blob.length, auth_len); /* @@ -1799,7 +1744,9 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt) } } - if (!prs_append_prs_data( &p->out_data.frag, &out_auth)) { + if (!prs_copy_data_in(&p->out_data.frag, + (char *)auth_blob.data, + auth_blob.length)) { DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n")); goto err_exit; } @@ -1813,7 +1760,7 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt) p->out_data.current_pdu_sent = 0; prs_mem_free(&out_hdr_ba); - prs_mem_free(&out_auth); + TALLOC_FREE(auth_blob.data); return True; @@ -1821,7 +1768,7 @@ bool api_pipe_bind_req(pipes_struct *p, struct ncacn_packet *pkt) prs_mem_free(&p->out_data.frag); prs_mem_free(&out_hdr_ba); - prs_mem_free(&out_auth); + TALLOC_FREE(auth_blob.data); return setup_bind_nak(p, pkt); } |