From c5c04fcf90849d31ff4d0343dedec2c097823a7e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 16 Sep 2009 07:53:26 +0200 Subject: s3-schannel: add dump_NL_AUTH_SIGNATURE. Guenther --- librpc/ndr/ndr_schannel.c | 36 ++++++++++++++++++++++++++++++++++++ librpc/ndr/ndr_schannel.h | 3 ++- source3/rpc_client/cli_pipe.c | 23 +++-------------------- source3/rpc_server/srv_pipe.c | 26 +++----------------------- 4 files changed, 44 insertions(+), 44 deletions(-) diff --git a/librpc/ndr/ndr_schannel.c b/librpc/ndr/ndr_schannel.c index 02796f7d9f..b610429211 100644 --- a/librpc/ndr/ndr_schannel.c +++ b/librpc/ndr/ndr_schannel.c @@ -69,3 +69,39 @@ _PUBLIC_ void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, cons } } + +void dump_NL_AUTH_SIGNATURE(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob) +{ + enum ndr_err_code ndr_err; + uint16_t signature_algorithm; + + if (blob->length < 2) { + return; + } + + signature_algorithm = SVAL(blob->data, 0); + + switch (signature_algorithm) { + case NL_SIGN_HMAC_MD5: { + struct NL_AUTH_SIGNATURE r; + ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &r, + (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &r); + } + break; + } + case NL_SIGN_HMAC_SHA256: { + struct NL_AUTH_SHA2_SIGNATURE r; + ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &r, + (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SHA2_SIGNATURE); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NDR_PRINT_DEBUG(NL_AUTH_SHA2_SIGNATURE, &r); + } + break; + } + default: + break; + } +} diff --git a/librpc/ndr/ndr_schannel.h b/librpc/ndr/ndr_schannel.h index d2dce7911a..d57278cfb2 100644 --- a/librpc/ndr/ndr_schannel.h +++ b/librpc/ndr/ndr_schannel.h @@ -21,4 +21,5 @@ void ndr_print_NL_AUTH_MESSAGE_BUFFER(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER *r); void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER_REPLY *r); - +void dump_NL_AUTH_SIGNATURE(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index febf787815..133334b9b1 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -672,13 +672,11 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p uint8 *p_ss_padding_len) { RPC_HDR_AUTH auth_info; - struct NL_AUTH_SIGNATURE schannel_chk; uint32 auth_len = prhdr->auth_len; uint32 save_offset = prs_offset(current_pdu); struct schannel_state *schannel_auth = cli->auth->a_u.schannel_auth; uint32 data_len; - enum ndr_err_code ndr_err; DATA_BLOB blob; NTSTATUS status; @@ -725,15 +723,8 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p blob = data_blob_const(prs_data_p(current_pdu) + prs_offset(current_pdu), auth_len); - ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk, - (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n")); - return ndr_map_error2ntstatus(ndr_err); - } - if (DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &schannel_chk); + dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } switch (cli->auth->auth_level) { @@ -1930,11 +1921,9 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, prs_struct *outgoing_pdu) { RPC_HDR_AUTH auth_info; - struct NL_AUTH_SIGNATURE verf; struct schannel_state *sas = cli->auth->a_u.schannel_auth; char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN; size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; - enum ndr_err_code ndr_err; DATA_BLOB blob; NTSTATUS status; @@ -1982,17 +1971,11 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, nt_errstr(status))); return status; } -#if 0 - ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &verf, - (ndr_push_flags_fn_t)ndr_push_NL_AUTH_SIGNATURE); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return ndr_map_error2ntstatus(ndr_err); - } if (DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &verf); + dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } -#endif + /* Finally marshall the blob. */ if (!prs_copy_data_in(outgoing_pdu, (const char *)blob.data, blob.length)) { return NT_STATUS_NO_MEMORY; diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 576bd85745..040831c98f 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -410,9 +410,7 @@ static bool create_next_pdu_schannel(pipes_struct *p) * Schannel processing. */ RPC_HDR_AUTH auth_info; - struct NL_AUTH_SIGNATURE verf; DATA_BLOB blob; - enum ndr_err_code ndr_err; /* Check it's the type of reply we were expecting to decode */ @@ -458,18 +456,10 @@ static bool create_next_pdu_schannel(pipes_struct *p) /* Finally marshall the blob. */ -#if 0 - ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &verf, - (ndr_push_flags_fn_t)ndr_push_NL_AUTH_SIGNATURE); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - prs_mem_free(&p->out_data.frag); - return false; - } - if (DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &verf); + dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } -#endif + if (!prs_copy_data_in(&p->out_data.frag, (const char *)blob.data, blob.length)) { prs_mem_free(&p->out_data.frag); return false; @@ -2170,8 +2160,6 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss uint32 auth_len; uint32 save_offset = prs_offset(rpc_in); RPC_HDR_AUTH auth_info; - struct NL_AUTH_SIGNATURE schannel_chk; - enum ndr_err_code ndr_err; DATA_BLOB blob; NTSTATUS status; @@ -2223,16 +2211,8 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss blob = data_blob_const(prs_data_p(rpc_in) + prs_offset(rpc_in), auth_len); - ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk, - (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(0,("failed to pull NL_AUTH_SIGNATURE\n")); - dump_data(2, blob.data, blob.length); - return false; - } - if (DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &schannel_chk); + dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob); } switch (auth_info.auth_level) { -- cgit