summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/libcli/auth/ntlmssp.c213
-rw-r--r--source4/libcli/auth/ntlmssp_parse.c321
-rw-r--r--source4/libcli/auth/ntlmssp_sign.c32
-rw-r--r--source4/libcli/config.m41
-rw-r--r--source4/libcli/util/smbencrypt.c25
-rw-r--r--source4/librpc/ndr/ndr_basic.c301
6 files changed, 433 insertions, 460 deletions
diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c
index f72f98d8a0..6830db3f90 100644
--- a/source4/libcli/auth/ntlmssp.c
+++ b/source4/libcli/auth/ntlmssp.c
@@ -1,7 +1,7 @@
/*
Unix SMB/Netbios implementation.
-
- NLTMSSP code
+ Version 3.0
+ handle NLTMSSP, server side
Copyright (C) Andrew Tridgell 2001
Copyright (C) Andrew Bartlett 2001-2003
@@ -221,7 +221,6 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
- NTSTATUS nt_status;
DATA_BLOB input;
uint32_t ntlmssp_command;
int i;
@@ -258,15 +257,13 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
break;
}
} else {
- nt_status = ndr_pull_format_blob(&input, ntlmssp_state->mem_ctx,
- "Cd",
- "NTLMSSP",
- &ntlmssp_command);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &input, "Cd",
+ "NTLMSSP",
+ &ntlmssp_command)) {
DEBUG(1, ("Failed to parse NTLMSSP packet, could not extract NTLMSSP command\n"));
dump_data(2, (const char *)input.data, input.length);
- return nt_status;
+ return NT_STATUS_INVALID_PARAMETER;
}
}
@@ -445,7 +442,6 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
- NTSTATUS nt_status;
DATA_BLOB struct_blob;
fstring dnsname, dnsdomname;
uint32_t neg_flags = 0;
@@ -460,18 +456,16 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
#endif
if (in.length) {
- nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx,
- "CddAA",
- "NTLMSSP",
- &ntlmssp_command,
- &neg_flags,
- &cliname,
- &domname);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &in, "CddAA",
+ "NTLMSSP",
+ &ntlmssp_command,
+ &neg_flags,
+ &cliname,
+ &domname)) {
DEBUG(1, ("ntlmssp_server_negotiate: failed to parse NTLMSSP:\n"));
dump_data(2, (const char *)in.data, in.length);
- return nt_status;
+ return NT_STATUS_INVALID_PARAMETER;
}
debug_ntlmssp_flags(neg_flags);
@@ -521,14 +515,13 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
target_name_dns = dnsname;
}
- /* TODO: do we need to check the result here? --metze */
- ndr_push_format_blob(&struct_blob, out_mem_ctx,
- "aaaaa",
- NTLMSSP_NAME_TYPE_DOMAIN, target_name,
- NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(),
- NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname,
- NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname,
- 0, "");
+ msrpc_gen(out_mem_ctx,
+ &struct_blob, "aaaaa",
+ NTLMSSP_NAME_TYPE_DOMAIN, target_name,
+ NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(),
+ NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname,
+ NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname,
+ 0, "");
} else {
struct_blob = data_blob(NULL, 0);
}
@@ -541,17 +534,16 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
} else {
gen_string = "CdAdbddB";
}
-
- /* TODO: do we need to check the result here? --metze */
- ndr_push_format_blob(out, out_mem_ctx,
- gen_string,
- "NTLMSSP",
- NTLMSSP_CHALLENGE,
- target_name,
- chal_flags,
- cryptkey, 8,
- 0, 0,
- struct_blob.data, struct_blob.length);
+
+ msrpc_gen(out_mem_ctx,
+ out, gen_string,
+ "NTLMSSP",
+ NTLMSSP_CHALLENGE,
+ target_name,
+ chal_flags,
+ cryptkey, 8,
+ 0, 0,
+ struct_blob.data, struct_blob.length);
}
ntlmssp_state->expected_state = NTLMSSP_AUTH;
@@ -599,20 +591,18 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->workstation = NULL;
/* now the NTLMSSP encoded auth hashes */
- nt_status = ndr_pull_format_blob(&request, ntlmssp_state->mem_ctx,
- parse_string,
- "NTLMSSP",
- &ntlmssp_command,
- &ntlmssp_state->lm_resp,
- &ntlmssp_state->nt_resp,
- &domain,
- &user,
- &workstation,
- &ntlmssp_state->encrypted_session_key,
- &auth_flags);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(10, ("ntlmssp_server_preauth: failed to parse NTLMSSP (nonfatal):\n"));
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &request, parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &ntlmssp_state->lm_resp,
+ &ntlmssp_state->nt_resp,
+ &domain,
+ &user,
+ &workstation,
+ &ntlmssp_state->encrypted_session_key,
+ &auth_flags)) {
+ DEBUG(10, ("ntlmssp_server_auth: failed to parse NTLMSSP (nonfatal):\n"));
dump_data(10, (const char *)request.data, request.length);
/* zero this out */
@@ -627,20 +617,19 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
}
/* now the NTLMSSP encoded auth hashes */
- nt_status = ndr_pull_format_blob(&request, ntlmssp_state->mem_ctx,
- parse_string,
- "NTLMSSP",
- &ntlmssp_command,
- &ntlmssp_state->lm_resp,
- &ntlmssp_state->nt_resp,
- &domain,
- &user,
- &workstation);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(1, ("ntlmssp_server_preauth: failed to parse NTLMSSP:\n"));
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &request, parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &ntlmssp_state->lm_resp,
+ &ntlmssp_state->nt_resp,
+ &domain,
+ &user,
+ &workstation)) {
+ DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP:\n"));
dump_data(2, (const char *)request.data, request.length);
- return nt_status;
+
+ return NT_STATUS_INVALID_PARAMETER;
}
}
@@ -969,8 +958,6 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx,
DATA_BLOB in, DATA_BLOB *out)
{
- NTSTATUS nt_status;
-
if (ntlmssp_state->unicode) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
} else {
@@ -982,17 +969,13 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
}
/* generate the ntlmssp negotiate packet */
- nt_status = ndr_push_format_blob(out, out_mem_ctx,
- "CddAA",
- "NTLMSSP",
- NTLMSSP_NEGOTIATE,
- ntlmssp_state->neg_flags,
- ntlmssp_state->get_domain(),
- ntlmssp_state->get_global_myname());
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
+ msrpc_gen(out_mem_ctx,
+ out, "CddAA",
+ "NTLMSSP",
+ NTLMSSP_NEGOTIATE,
+ ntlmssp_state->neg_flags,
+ ntlmssp_state->get_domain(),
+ ntlmssp_state->get_global_myname());
ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
@@ -1027,17 +1010,16 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
NTSTATUS nt_status;
- nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx,
- "CdBd",
- "NTLMSSP",
- &ntlmssp_command,
- &server_domain_blob,
- &chal_flags);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &in, "CdBd",
+ "NTLMSSP",
+ &ntlmssp_command,
+ &server_domain_blob,
+ &chal_flags)) {
DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
dump_data(2, (const char *)in.data, in.length);
- return nt_status;
+
+ return NT_STATUS_INVALID_PARAMETER;
}
data_blob_free(&server_domain_blob);
@@ -1067,20 +1049,18 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
DEBUG(3, ("NTLMSSP: Set final flags:\n"));
debug_ntlmssp_flags(ntlmssp_state->neg_flags);
- nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx,
- chal_parse_string,
- "NTLMSSP",
- &ntlmssp_command,
- &server_domain,
- &chal_flags,
- &challenge_blob, 8,
- &unkn1, &unkn2,
- &struct_blob);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &in, chal_parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &server_domain,
+ &chal_flags,
+ &challenge_blob, 8,
+ &unkn1, &unkn2,
+ &struct_blob)) {
DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
dump_data(2, (const char *)in.data, in.length);
- return nt_status;
+ return NT_STATUS_INVALID_PARAMETER;
}
ntlmssp_state->server_domain = server_domain;
@@ -1236,20 +1216,19 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
}
/* this generates the actual auth packet */
- nt_status = ndr_push_format_blob(out, out_mem_ctx,
- auth_gen_string,
- "NTLMSSP",
- NTLMSSP_AUTH,
- lm_response.data, lm_response.length,
- nt_response.data, nt_response.length,
- ntlmssp_state->domain,
- ntlmssp_state->user,
- ntlmssp_state->get_global_myname(),
- encrypted_session_key.data, encrypted_session_key.length,
- ntlmssp_state->neg_flags);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
+ if (!msrpc_gen(out_mem_ctx,
+ out, auth_gen_string,
+ "NTLMSSP",
+ NTLMSSP_AUTH,
+ lm_response.data, lm_response.length,
+ nt_response.data, nt_response.length,
+ ntlmssp_state->domain,
+ ntlmssp_state->user,
+ ntlmssp_state->get_global_myname(),
+ encrypted_session_key.data, encrypted_session_key.length,
+ ntlmssp_state->neg_flags)) {
+
+ return NT_STATUS_NO_MEMORY;
}
ntlmssp_state->session_key = session_key;
@@ -1263,9 +1242,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->expected_state = NTLMSSP_DONE;
- nt_status = ntlmssp_sign_init(ntlmssp_state);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {
DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n",
nt_errstr(nt_status)));
return nt_status;
diff --git a/source4/libcli/auth/ntlmssp_parse.c b/source4/libcli/auth/ntlmssp_parse.c
new file mode 100644
index 0000000000..251effd7e1
--- /dev/null
+++ b/source4/libcli/auth/ntlmssp_parse.c
@@ -0,0 +1,321 @@
+/*
+ Unix SMB/CIFS implementation.
+ simple kerberos5/SPNEGO routines
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
+ Copyright (C) Andrew Bartlett 2002-2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ this is a tiny msrpc packet generator. I am only using this to
+ avoid tying this code to a particular varient of our rpc code. This
+ generator is not general enough for all our rpc needs, its just
+ enough for the spnego/ntlmssp code
+
+ format specifiers are:
+
+ U = unicode string (input is unix string)
+ a = address (input is char *unix_string)
+ (1 byte type, 1 byte length, unicode/ASCII string, all inline)
+ A = ASCII string (input is unix string)
+ B = data blob (pointer + length)
+ b = data blob in header (pointer + length)
+ D
+ d = word (4 bytes)
+ C = constant ascii string
+ */
+BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
+ const char *format, ...)
+{
+ int i, n;
+ va_list ap;
+ char *s;
+ uint8_t *b;
+ int head_size=0, data_size=0;
+ int head_ofs, data_ofs;
+
+ /* first scan the format to work out the header and body size */
+ va_start(ap, format);
+ for (i=0; format[i]; i++) {
+ switch (format[i]) {
+ case 'U':
+ s = va_arg(ap, char *);
+ head_size += 8;
+ data_size += str_charnum(s) * 2;
+ break;
+ case 'A':
+ s = va_arg(ap, char *);
+ head_size += 8;
+ data_size += str_ascii_charnum(s);
+ break;
+ case 'a':
+ n = va_arg(ap, int);
+ s = va_arg(ap, char *);
+ data_size += (str_charnum(s) * 2) + 4;
+ break;
+ case 'B':
+ b = va_arg(ap, uint8_t *);
+ head_size += 8;
+ data_size += va_arg(ap, int);
+ break;
+ case 'b':
+ b = va_arg(ap, uint8_t *);
+ head_size += va_arg(ap, int);
+ break;
+ case 'd':
+ n = va_arg(ap, int);
+ head_size += 4;
+ break;
+ case 'C':
+ s = va_arg(ap, char *);
+ head_size += str_charnum(s) + 1;
+ break;
+ }
+ }
+ va_end(ap);
+
+ /* allocate the space, then scan the format again to fill in the values */
+ *blob = data_blob_talloc(mem_ctx, NULL, head_size + data_size);
+
+ head_ofs = 0;
+ data_ofs = head_size;
+
+ va_start(ap, format);
+ for (i=0; format[i]; i++) {
+ switch (format[i]) {
+ case 'U':
+ s = va_arg(ap, char *);
+ n = str_charnum(s);
+ SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
+ SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
+ SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
+ push_string(NULL, blob->data+data_ofs, s, n*2, STR_UNICODE|STR_NOALIGN);
+ data_ofs += n*2;
+ break;
+ case 'A':
+ s = va_arg(ap, char *);
+ n = str_ascii_charnum(s);
+ SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+ SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+ SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
+ push_string(NULL, blob->data+data_ofs, s, n, STR_ASCII|STR_NOALIGN);
+ data_ofs += n;
+ break;
+ case 'a':
+ n = va_arg(ap, int);
+ SSVAL(blob->data, data_ofs, n); data_ofs += 2;
+ s = va_arg(ap, char *);
+ n = str_charnum(s);
+ SSVAL(blob->data, data_ofs, n*2); data_ofs += 2;
+ if (0 < n) {
+ push_string(NULL, blob->data+data_ofs, s, n*2,
+ STR_UNICODE|STR_NOALIGN);
+ }
+ data_ofs += n*2;
+ break;
+
+ case 'B':
+ b = va_arg(ap, uint8_t *);
+ n = va_arg(ap, int);
+ SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+ SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+ SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
+ if (n && b) /* don't follow null pointers... */
+ memcpy(blob->data+data_ofs, b, n);
+ data_ofs += n;
+ break;
+ case 'd':
+ n = va_arg(ap, int);
+ SIVAL(blob->data, head_ofs, n); head_ofs += 4;
+ break;
+ case 'b':
+ b = va_arg(ap, uint8_t *);
+ n = va_arg(ap, int);
+ memcpy(blob->data + head_ofs, b, n);
+ head_ofs += n;
+ break;
+ case 'C':
+ s = va_arg(ap, char *);
+ head_ofs += push_string(NULL, blob->data+head_ofs, s, -1,
+ STR_ASCII|STR_TERMINATE);
+ break;
+ }
+ }
+ va_end(ap);
+
+ return True;
+}
+
+
+/* a helpful macro to avoid running over the end of our blob */
+#define NEED_DATA(amount) \
+if ((head_ofs + amount) > blob->length) { \
+ return False; \
+}
+
+/*
+ this is a tiny msrpc packet parser. This the the partner of msrpc_gen
+
+ format specifiers are:
+
+ U = unicode string (output is unix string)
+ A = ascii string
+ B = data blob
+ b = data blob in header
+ d = word (4 bytes)
+ C = constant ascii string
+ */
+
+BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
+ const char *format, ...)
+{
+ int i;
+ va_list ap;
+ const char **ps, *s;
+ DATA_BLOB *b;
+ size_t head_ofs = 0;
+ uint16_t len1, len2;
+ uint32_t ptr;
+ uint32_t *v;
+ pstring p;
+
+ va_start(ap, format);
+ for (i=0; format[i]; i++) {
+ switch (format[i]) {
+ case 'U':
+ NEED_DATA(8);
+ len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
+
+ ps = va_arg(ap, char **);
+ if (len1 == 0 && len2 == 0) {
+ *ps = "";
+ } else {
+ /* make sure its in the right format - be strict */
+ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
+ return False;
+ }
+ if (len1 & 1) {
+ /* if odd length and unicode */
+ return False;
+ }
+ if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
+ return False;
+
+ if (0 < len1) {
+ pull_string(NULL, p, blob->data + ptr, sizeof(p),
+ len1,
+ STR_UNICODE|STR_NOALIGN);
+ (*ps) = talloc_strdup(mem_ctx, p);
+ if (!(*ps)) {
+ return False;
+ }
+ } else {
+ (*ps) = "";
+ }
+ }
+ break;
+ case 'A':
+ NEED_DATA(8);
+ len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
+
+ ps = va_arg(ap, char **);
+ /* make sure its in the right format - be strict */
+ if (len1 == 0 && len2 == 0) {
+ *ps = "";
+ } else {
+ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
+ return False;
+ }
+
+ if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
+ return False;
+
+ if (0 < len1) {
+ pull_string(NULL, p, blob->data + ptr, sizeof(p),
+ len1,
+ STR_ASCII|STR_NOALIGN);
+ (*ps) = talloc_strdup(mem_ctx, p);
+ if (!(*ps)) {
+ return False;
+ }
+ } else {
+ (*ps) = "";
+ }
+ }
+ break;
+ case 'B':
+ NEED_DATA(8);
+ len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+ ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
+
+ b = (DATA_BLOB *)va_arg(ap, void *);
+ if (len1 == 0 && len2 == 0) {
+ *b = data_blob_talloc(mem_ctx, NULL, 0);
+ } else {
+ /* make sure its in the right format - be strict */
+ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
+ return False;
+ }
+
+ if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
+ return False;
+
+ *b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
+ }
+ break;
+ case 'b':
+ b = (DATA_BLOB *)va_arg(ap, void *);
+ len1 = va_arg(ap, uint_t);
+ /* make sure its in the right format - be strict */
+ NEED_DATA(len1);
+ if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
+ return False;
+
+ *b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
+ head_ofs += len1;
+ break;
+ case 'd':
+ v = va_arg(ap, uint32_t *);
+ NEED_DATA(4);
+ *v = IVAL(blob->data, head_ofs); head_ofs += 4;
+ break;
+ case 'C':
+ s = va_arg(ap, char *);
+
+ if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
+ return False;
+
+ head_ofs += pull_string(NULL, p, blob->data+head_ofs, sizeof(p),
+ blob->length - head_ofs,
+ STR_ASCII|STR_TERMINATE);
+ if (strcmp(s, p) != 0) {
+ return False;
+ }
+ break;
+ }
+ }
+ va_end(ap);
+
+ return True;
+}
diff --git a/source4/libcli/auth/ntlmssp_sign.c b/source4/libcli/auth/ntlmssp_sign.c
index 385ea18cd2..d680da9495 100644
--- a/source4/libcli/auth/ntlmssp_sign.c
+++ b/source4/libcli/auth/ntlmssp_sign.c
@@ -117,8 +117,6 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
enum ntlmssp_direction direction,
DATA_BLOB *sig)
{
- NTSTATUS nt_status;
-
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
HMACMD5Context ctx;
@@ -157,18 +155,9 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
} else {
uint32_t crc;
-
crc = crc32_calc_buffer((const char *)data, length);
-
- nt_status = ndr_push_format_blob(sig, sig_mem_ctx,
- "dddd",
- NTLMSSP_SIGN_VERSION,
- 0,
- crc,
- ntlmssp_state->ntlmssp_seq_num);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
+ if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmssp_seq_num)) {
+ return NT_STATUS_NO_MEMORY;
}
dump_data_pw("ntlmssp hash:\n", ntlmssp_state->ntlmssp_hash,
@@ -275,9 +264,7 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *sig_mem_ctx,
uint8_t *data, size_t length,
DATA_BLOB *sig)
-{
- NTSTATUS nt_status;
-
+{
if (!ntlmssp_state->session_key.length) {
DEBUG(3, ("NO session key, cannot seal packet\n"));
return NT_STATUS_NO_USER_SESSION_KEY;
@@ -313,18 +300,9 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
memcpy(sig->data + 12, seq_num, 4);
} else {
uint32_t crc;
-
crc = crc32_calc_buffer((const char *)data, length);
-
- nt_status = ndr_push_format_blob(sig, sig_mem_ctx,
- "dddd",
- NTLMSSP_SIGN_VERSION,
- 0,
- crc,
- ntlmssp_state->ntlmssp_seq_num);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
+ if (!msrpc_gen(sig_mem_ctx, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmssp_seq_num)) {
+ return NT_STATUS_NO_MEMORY;
}
/* The order of these two operations matters - we must first seal the packet,
diff --git a/source4/libcli/config.m4 b/source4/libcli/config.m4
index eb23c045af..992f84005d 100644
--- a/source4/libcli/config.m4
+++ b/source4/libcli/config.m4
@@ -44,6 +44,7 @@ SMB_SUBSYSTEM(LIBCLI_AUTH,[],
[libcli/auth/spnego.o
libcli/auth/spnego_parse.o
libcli/auth/ntlmssp.o
+ libcli/auth/ntlmssp_parse.o
libcli/auth/ntlmssp_sign.o
libcli/auth/schannel.o
libcli/auth/credentials.o
diff --git a/source4/libcli/util/smbencrypt.c b/source4/libcli/util/smbencrypt.c
index e2fb033279..72c6589097 100644
--- a/source4/libcli/util/smbencrypt.c
+++ b/source4/libcli/util/smbencrypt.c
@@ -267,12 +267,10 @@ DATA_BLOB NTLMv2_generate_names_blob(TALLOC_CTX *mem_ctx,
{
DATA_BLOB names_blob = data_blob_talloc(mem_ctx, NULL, 0);
- ndr_push_format_blob(&names_blob ,mem_ctx,
- "aaa",
- NTLMSSP_NAME_TYPE_DOMAIN, domain,
- NTLMSSP_NAME_TYPE_SERVER, hostname,
- 0, "");
-
+ msrpc_gen(mem_ctx, &names_blob, "aaa",
+ NTLMSSP_NAME_TYPE_DOMAIN, domain,
+ NTLMSSP_NAME_TYPE_SERVER, hostname,
+ 0, "");
return names_blob;
}
@@ -291,14 +289,13 @@ static DATA_BLOB NTLMv2_generate_client_data(TALLOC_CTX *mem_ctx, const DATA_BLO
/* See http://www.ubiqx.org/cifs/SMB.html#SMB.8.5 */
- ndr_push_format_blob(&response, mem_ctx,
- "ddbbdb",
- 0x00000101, /* Header */
- 0, /* 'Reserved' */
- long_date, 8, /* Timestamp */
- client_chal, 8, /* client challenge */
- 0, /* Unknown */
- names_blob->data, names_blob->length); /* End of name list */
+ msrpc_gen(mem_ctx, &response, "ddbbdb",
+ 0x00000101, /* Header */
+ 0, /* 'Reserved' */
+ long_date, 8, /* Timestamp */
+ client_chal, 8, /* client challenge */
+ 0, /* Unknown */
+ names_blob->data, names_blob->length); /* End of name list */
return response;
}
diff --git a/source4/librpc/ndr/ndr_basic.c b/source4/librpc/ndr/ndr_basic.c
index 1adf6ea1d3..5d4ade096f 100644
--- a/source4/librpc/ndr/ndr_basic.c
+++ b/source4/librpc/ndr/ndr_basic.c
@@ -972,304 +972,3 @@ NTSTATUS ndr_pull_DATA_BLOB(struct ndr_pull *ndr, DATA_BLOB *blob)
ndr->offset += length;
return NT_STATUS_OK;
}
-
-/*
- this is a tiny ndr packet generator. This
- generator is not general enough for all our rpc needs, its just
- enough for the ntlmssp code
-
- format specifiers are:
-
- U = unicode string (input is unix string)
- a = address (input is char *unix_string)
- (1 byte type, 1 byte length, unicode/ASCII string, all inline)
- A = ASCII string (input is unix string)
- B = data blob (pointer + length)
- b = data blob in header (pointer + length)
- D
- d = word (4 bytes)
- C = constant ascii string
- */
-NTSTATUS ndr_push_format_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
- const char *format, ...)
-{
- int i, n;
- va_list ap;
- char *s;
- uint8_t *b;
- int head_size=0, data_size=0;
- int head_ofs, data_ofs;
-
- /* first scan the format to work out the header and body size */
- va_start(ap, format);
- for (i=0; format[i]; i++) {
- switch (format[i]) {
- case 'U':
- s = va_arg(ap, char *);
- head_size += 8;
- data_size += str_charnum(s) * 2;
- break;
- case 'A':
- s = va_arg(ap, char *);
- head_size += 8;
- data_size += str_ascii_charnum(s);
- break;
- case 'a':
- n = va_arg(ap, int);
- s = va_arg(ap, char *);
- data_size += (str_charnum(s) * 2) + 4;
- break;
- case 'B':
- b = va_arg(ap, uint8_t *);
- head_size += 8;
- data_size += va_arg(ap, int);
- break;
- case 'b':
- b = va_arg(ap, uint8_t *);
- head_size += va_arg(ap, int);
- break;
- case 'd':
- n = va_arg(ap, int);
- head_size += 4;
- break;
- case 'C':
- s = va_arg(ap, char *);
- head_size += str_charnum(s) + 1;
- break;
- }
- }
- va_end(ap);
-
- /* allocate the space, then scan the format again to fill in the values */
- *blob = data_blob_talloc(mem_ctx, NULL, head_size + data_size);
-
- if (blob->length != (head_size + data_size)) {
- return NT_STATUS_NO_MEMORY;
- }
-
- head_ofs = 0;
- data_ofs = head_size;
-
- va_start(ap, format);
- for (i=0; format[i]; i++) {
- switch (format[i]) {
- case 'U':
- s = va_arg(ap, char *);
- n = str_charnum(s);
- SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
- SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
- SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
- push_string(NULL, blob->data+data_ofs, s, n*2, STR_UNICODE|STR_NOALIGN);
- data_ofs += n*2;
- break;
- case 'A':
- s = va_arg(ap, char *);
- n = str_ascii_charnum(s);
- SSVAL(blob->data, head_ofs, n); head_ofs += 2;
- SSVAL(blob->data, head_ofs, n); head_ofs += 2;
- SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
- push_string(NULL, blob->data+data_ofs, s, n, STR_ASCII|STR_NOALIGN);
- data_ofs += n;
- break;
- case 'a':
- n = va_arg(ap, int);
- SSVAL(blob->data, data_ofs, n); data_ofs += 2;
- s = va_arg(ap, char *);
- n = str_charnum(s);
- SSVAL(blob->data, data_ofs, n*2); data_ofs += 2;
- if (0 < n) {
- push_string(NULL, blob->data+data_ofs, s, n*2,
- STR_UNICODE|STR_NOALIGN);
- }
- data_ofs += n*2;
- break;
-
- case 'B':
- b = va_arg(ap, uint8_t *);
- n = va_arg(ap, int);
- SSVAL(blob->data, head_ofs, n); head_ofs += 2;
- SSVAL(blob->data, head_ofs, n); head_ofs += 2;
- SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
- if (n && b) /* don't follow null pointers... */
- memcpy(blob->data+data_ofs, b, n);
- data_ofs += n;
- break;
- case 'd':
- n = va_arg(ap, int);
- SIVAL(blob->data, head_ofs, n); head_ofs += 4;
- break;
- case 'b':
- b = va_arg(ap, uint8_t *);
- n = va_arg(ap, int);
- memcpy(blob->data + head_ofs, b, n);
- head_ofs += n;
- break;
- case 'C':
- s = va_arg(ap, char *);
- head_ofs += push_string(NULL, blob->data+head_ofs, s, -1,
- STR_ASCII|STR_TERMINATE);
- break;
- }
- }
- va_end(ap);
-
- return NT_STATUS_OK;
-}
-
-
-/* a helpful macro to avoid running over the end of our blob */
-#define NEED_DATA(amount) \
-if ((head_ofs + amount) > blob->length) { \
- return NT_STATUS_INVALID_PARAMETER; \
-}
-
-/*
- this is a tiny msrpc packet parser. This the the partner of msrpc_gen
-
- format specifiers are:
-
- U = unicode string (output is unix string)
- A = ascii string
- B = data blob
- b = data blob in header
- d = word (4 bytes)
- C = constant ascii string
- */
-
-NTSTATUS ndr_pull_format_blob(const DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
- const char *format, ...)
-{
- int i;
- va_list ap;
- const char **ps, *s;
- DATA_BLOB *b;
- size_t head_ofs = 0;
- uint16_t len1, len2;
- uint32_t ptr;
- uint32_t *v;
- pstring p;
-
- va_start(ap, format);
- for (i=0; format[i]; i++) {
- switch (format[i]) {
- case 'U':
- NEED_DATA(8);
- len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
- len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
- ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
-
- ps = va_arg(ap, char **);
- if (len1 == 0 && len2 == 0) {
- *ps = "";
- } else {
- /* make sure its in the right format - be strict */
- if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
- if (len1 & 1) {
- /* if odd length and unicode */
- return NT_STATUS_INVALID_PARAMETER;
- }
- if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (0 < len1) {
- pull_string(NULL, p, blob->data + ptr, sizeof(p),
- len1,
- STR_UNICODE|STR_NOALIGN);
- (*ps) = talloc_strdup(mem_ctx, p);
- if (!(*ps)) {
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- (*ps) = "";
- }
- }
- break;
- case 'A':
- NEED_DATA(8);
- len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
- len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
- ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
-
- ps = va_arg(ap, char **);
- /* make sure its in the right format - be strict */
- if (len1 == 0 && len2 == 0) {
- *ps = "";
- } else {
- if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (0 < len1) {
- pull_string(NULL, p, blob->data + ptr, sizeof(p),
- len1,
- STR_ASCII|STR_NOALIGN);
- (*ps) = talloc_strdup(mem_ctx, p);
- if (!(*ps)) {
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- (*ps) = "";
- }
- }
- break;
- case 'B':
- NEED_DATA(8);
- len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
- len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
- ptr = IVAL(blob->data, head_ofs); head_ofs += 4;
-
- b = (DATA_BLOB *)va_arg(ap, void *);
- if (len1 == 0 && len2 == 0) {
- *b = data_blob_talloc(mem_ctx, NULL, 0);
- } else {
- /* make sure its in the right format - be strict */
- if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return NT_STATUS_INVALID_PARAMETER;
-
- *b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
- }
- break;
- case 'b':
- b = (DATA_BLOB *)va_arg(ap, void *);
- len1 = va_arg(ap, uint_t);
- /* make sure its in the right format - be strict */
- NEED_DATA(len1);
- if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
- return NT_STATUS_INVALID_PARAMETER;
-
- *b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
- head_ofs += len1;
- break;
- case 'd':
- v = va_arg(ap, uint32_t *);
- NEED_DATA(4);
- *v = IVAL(blob->data, head_ofs); head_ofs += 4;
- break;
- case 'C':
- s = va_arg(ap, char *);
-
- if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
- return NT_STATUS_INVALID_PARAMETER;
-
- head_ofs += pull_string(NULL, p, blob->data+head_ofs, sizeof(p),
- blob->length - head_ofs,
- STR_ASCII|STR_TERMINATE);
- if (strcmp(s, p) != 0) {
- return NT_STATUS_INVALID_PARAMETER;
- }
- break;
- }
- }
- va_end(ap);
-
- return NT_STATUS_OK;
-}