From 9f2e81ae02549369db49c05edf7071612a03a8b8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 24 Apr 2013 12:33:28 +0200 Subject: libcli/auth: maintain the sequence number for the NETLOGON SSP as 64bit See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- libcli/auth/schannel.h | 2 +- libcli/auth/schannel_sign.c | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) (limited to 'libcli') diff --git a/libcli/auth/schannel.h b/libcli/auth/schannel.h index bfccd950b6..271b5bb6ba 100644 --- a/libcli/auth/schannel.h +++ b/libcli/auth/schannel.h @@ -30,7 +30,7 @@ enum schannel_position { struct schannel_state { enum schannel_position state; - uint32_t seq_num; + uint64_t seq_num; bool initiator; struct netlogon_creds_CredentialState *creds; }; diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c index 1871da256b..6e5d4544af 100644 --- a/libcli/auth/schannel_sign.c +++ b/libcli/auth/schannel_sign.c @@ -24,6 +24,17 @@ #include "../libcli/auth/schannel.h" #include "../lib/crypto/crypto.h" +#define SETUP_SEQNUM(state, buf, initiator) do { \ + uint8_t *_buf = buf; \ + uint32_t _seq_num_low = (state)->seq_num & UINT32_MAX; \ + uint32_t _seq_num_high = (state)->seq_num >> 32; \ + if (initiator) { \ + _seq_num_high |= 0x80000000; \ + } \ + RSIVAL(_buf, 0, _seq_num_low); \ + RSIVAL(_buf, 4, _seq_num_high); \ +} while(0) + static void netsec_offset_and_sizes(struct schannel_state *state, bool do_seal, uint32_t *_min_sig_size, @@ -255,8 +266,7 @@ NTSTATUS netsec_incoming_packet(struct schannel_state *state, confounder = NULL; } - RSIVAL(seq_num, 0, state->seq_num); - SIVAL(seq_num, 4, state->initiator?0:0x80); + SETUP_SEQNUM(state, seq_num, !state->initiator); if (do_unseal) { netsec_do_seal(state, seq_num, @@ -325,8 +335,7 @@ NTSTATUS netsec_outgoing_packet(struct schannel_state *state, &checksum_length, &confounder_ofs); - RSIVAL(seq_num, 0, state->seq_num); - SIVAL(seq_num, 4, state->initiator?0x80:0); + SETUP_SEQNUM(state, seq_num, state->initiator); if (do_seal) { confounder = _confounder; -- cgit