summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/librpc/rpc/dcerpc.h4
-rw-r--r--source3/librpc/rpc/dcerpc_helpers.c117
-rw-r--r--source3/rpc_client/cli_pipe.c121
3 files changed, 130 insertions, 112 deletions
diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
index d170daad9f..fd80dbeb04 100644
--- a/source3/librpc/rpc/dcerpc.h
+++ b/source3/librpc/rpc/dcerpc.h
@@ -139,6 +139,10 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
const DATA_BLOB *blob,
struct dcerpc_auth *r,
bool bigendian);
+NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
+ size_t data_left, size_t max_xmit_frag,
+ size_t *data_to_send, size_t *frag_len,
+ size_t *auth_len, size_t *pad_len);
NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
size_t pad_len, DATA_BLOB *rpc_out);
NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 26b44de5ea..161154fe3b 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -241,6 +241,123 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+/**
+* @brief Calculate how much data we can in a packet, including calculating
+* auth token and pad lengths.
+*
+* @param auth The pipe_auth_data structure for this pipe.
+* @param data_left The data left in the send buffer
+* @param data_to_send The max data we will send in the pdu
+* @param frag_len The total length of the fragment
+* @param auth_len The length of the auth trailer
+* @param pad_len The padding to be applied
+*
+* @return A NT Error status code.
+*/
+NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
+ size_t data_left, size_t max_xmit_frag,
+ size_t *data_to_send, size_t *frag_len,
+ size_t *auth_len, size_t *pad_len)
+{
+ size_t data_space;
+ size_t max_len;
+ size_t mod_len;
+ struct gse_context *gse_ctx;
+ enum dcerpc_AuthType auth_type;
+ void *auth_ctx;
+ bool seal = false;
+ NTSTATUS status;
+
+ /* no auth token cases first */
+ switch (auth->auth_level) {
+ case DCERPC_AUTH_LEVEL_NONE:
+ case DCERPC_AUTH_LEVEL_CONNECT:
+ case DCERPC_AUTH_LEVEL_PACKET:
+ data_space = max_xmit_frag - DCERPC_REQUEST_LENGTH;
+ *data_to_send = MIN(data_space, data_left);
+ *pad_len = 0;
+ *auth_len = 0;
+ *frag_len = DCERPC_REQUEST_LENGTH + *data_to_send;
+ return NT_STATUS_OK;
+
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ seal = true;
+ break;
+
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ break;
+
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+
+ /* Sign/seal case, calculate auth and pad lengths */
+
+ max_len = max_xmit_frag
+ - DCERPC_REQUEST_LENGTH
+ - DCERPC_AUTH_TRAILER_LENGTH;
+
+ /* Treat the same for all authenticated rpc requests. */
+ switch (auth->auth_type) {
+ case DCERPC_AUTH_TYPE_SPNEGO:
+ status = spnego_get_negotiated_mech(auth->a_u.spnego_state,
+ &auth_type, &auth_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ switch (auth_type) {
+ case DCERPC_AUTH_TYPE_NTLMSSP:
+ *auth_len = NTLMSSP_SIG_SIZE;
+ break;
+
+ case DCERPC_AUTH_TYPE_KRB5:
+ gse_ctx = talloc_get_type(auth_ctx,
+ struct gse_context);
+ if (!gse_ctx) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ *auth_len = gse_get_signature_length(gse_ctx,
+ seal, max_len);
+ break;
+
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ break;
+
+ case DCERPC_AUTH_TYPE_NTLMSSP:
+ *auth_len = NTLMSSP_SIG_SIZE;
+ break;
+
+ case DCERPC_AUTH_TYPE_SCHANNEL:
+ *auth_len = NL_AUTH_SIGNATURE_SIZE;
+ break;
+
+ case DCERPC_AUTH_TYPE_KRB5:
+ *auth_len = gse_get_signature_length(auth->a_u.gssapi_state,
+ seal, max_len);
+ break;
+
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ data_space = max_len - *auth_len;
+
+ *data_to_send = MIN(data_space, data_left);
+ mod_len = *data_to_send % CLIENT_NDR_PADDING_SIZE;
+ if (mod_len) {
+ *pad_len = CLIENT_NDR_PADDING_SIZE - mod_len;
+ } else {
+ *pad_len = 0;
+ }
+ *frag_len = DCERPC_REQUEST_LENGTH + *data_to_send + *pad_len
+ + DCERPC_AUTH_TRAILER_LENGTH + *auth_len;
+
+ return NT_STATUS_OK;
+}
+
/*******************************************************************
Create and add the NTLMSSP sign/seal auth data.
********************************************************************/
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 02e4ec6ae2..99e856dfd8 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1185,109 +1185,6 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx,
}
/*******************************************************************
- Calculate how much data we're going to send in this packet, also
- work out any sign/seal padding length.
- ********************************************************************/
-
-static NTSTATUS calculate_data_len_tosend(struct rpc_pipe_client *cli,
- uint32_t data_left,
- uint32_t *data_to_send,
- uint16_t *p_frag_len,
- uint16_t *p_auth_len,
- uint32_t *p_ss_padding)
-{
- uint32_t data_space, data_len;
- size_t max_len;
- struct gse_context *gse_ctx;
- enum dcerpc_AuthType auth_type;
- void *auth_ctx;
- NTSTATUS status;
-
- switch (cli->auth->auth_level) {
- case DCERPC_AUTH_LEVEL_NONE:
- case DCERPC_AUTH_LEVEL_CONNECT:
- case DCERPC_AUTH_LEVEL_PACKET:
- data_space = cli->max_xmit_frag - DCERPC_REQUEST_LENGTH;
- data_len = MIN(data_space, data_left);
- *p_ss_padding = 0;
- *p_auth_len = 0;
- *p_frag_len = DCERPC_REQUEST_LENGTH + data_len;
- *data_to_send = data_len;
- return NT_STATUS_OK;
-
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- case DCERPC_AUTH_LEVEL_PRIVACY:
- max_len = cli->max_xmit_frag
- - DCERPC_REQUEST_LENGTH
- - DCERPC_AUTH_TRAILER_LENGTH;
-
- /* Treat the same for all authenticated rpc requests. */
- switch(cli->auth->auth_type) {
- case DCERPC_AUTH_TYPE_SPNEGO:
- status = spnego_get_negotiated_mech(
- cli->auth->a_u.spnego_state,
- &auth_type, &auth_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- switch (auth_type) {
- case DCERPC_AUTH_TYPE_NTLMSSP:
- *p_auth_len = NTLMSSP_SIG_SIZE;
- break;
- case DCERPC_AUTH_TYPE_KRB5:
- gse_ctx = talloc_get_type(auth_ctx,
- struct gse_context);
- if (!gse_ctx) {
- return NT_STATUS_INVALID_PARAMETER;
- }
- *p_auth_len = gse_get_signature_length(gse_ctx,
- (cli->auth->auth_level ==
- DCERPC_AUTH_LEVEL_PRIVACY),
- max_len);
- break;
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
- break;
- case DCERPC_AUTH_TYPE_NTLMSSP:
- *p_auth_len = NTLMSSP_SIG_SIZE;
- break;
- case DCERPC_AUTH_TYPE_SCHANNEL:
- *p_auth_len = NL_AUTH_SIGNATURE_SIZE;
- break;
- case DCERPC_AUTH_TYPE_KRB5:
- *p_auth_len = gse_get_signature_length(
- cli->auth->a_u.gssapi_state,
- (cli->auth->auth_level ==
- DCERPC_AUTH_LEVEL_PRIVACY),
- max_len);
- break;
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- data_space = max_len - *p_auth_len;
-
- data_len = MIN(data_space, data_left);
- *p_ss_padding = 0;
- if (data_len % CLIENT_NDR_PADDING_SIZE) {
- *p_ss_padding = CLIENT_NDR_PADDING_SIZE - (data_len % CLIENT_NDR_PADDING_SIZE);
- }
- *p_frag_len = DCERPC_REQUEST_LENGTH
- + data_len + *p_ss_padding
- + DCERPC_AUTH_TRAILER_LENGTH
- + *p_auth_len;
- *data_to_send = data_len;
- return NT_STATUS_OK;
-
- default:
- break;
- }
-
- return NT_STATUS_INVALID_PARAMETER;
-}
-
-/*******************************************************************
External interface.
Does an rpc request on a pipe. Incoming data is NDR encoded in in_data.
Reply is NDR encoded in out_data. Splits the data stream into RPC PDU's
@@ -1378,21 +1275,21 @@ struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx,
static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
bool *is_last_frag)
{
- uint32_t data_sent_thistime;
- uint16_t auth_len;
- uint16_t frag_len;
+ size_t data_sent_thistime;
+ size_t auth_len;
+ size_t frag_len;
uint8_t flags = 0;
- uint32_t pad_len;
- uint32_t data_left;
+ size_t pad_len;
+ size_t data_left;
NTSTATUS status;
union dcerpc_payload u;
data_left = state->req_data->length - state->req_data_sent;
- status = calculate_data_len_tosend(state->cli, data_left,
- &data_sent_thistime,
- &frag_len, &auth_len,
- &pad_len);
+ status = dcerpc_guess_sizes(state->cli->auth, data_left,
+ state->cli->max_xmit_frag,
+ &data_sent_thistime,
+ &frag_len, &auth_len, &pad_len);
if (!NT_STATUS_IS_OK(status)) {
return status;
}