From 5341ad20e1b8953c9256cd8e04a7e55ba9ef84b5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 5 Jun 2004 05:01:38 +0000 Subject: r1030: added server side schannel support (This used to be commit 2ac79dfba0e64056a680f21d7dd0c007f79d4a70) --- source4/librpc/idl/dcerpc.idl | 11 +++++++++++ source4/librpc/idl/idl_types.h | 5 +++++ source4/librpc/ndr/ndr_basic.c | 23 +++++++++++++++++++++++ source4/librpc/rpc/dcerpc_schannel.c | 25 +++++++++++-------------- source4/librpc/rpc/dcerpc_util.c | 8 ++++---- 5 files changed, 54 insertions(+), 18 deletions(-) (limited to 'source4/librpc') diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl index 0ee3d7b69b..8805b61da6 100644 --- a/source4/librpc/idl/dcerpc.idl +++ b/source4/librpc/idl/dcerpc.idl @@ -23,6 +23,17 @@ interface dcerpc dcerpc_syntax_id transfer_syntaxes[num_transfer_syntaxes]; } dcerpc_ctx_list; + /* + a schannel bind blob - used in auth_info + on a schannel bind + */ + typedef [public] struct { + uint32 unknown1; + uint32 unknown2; + astring domain; + astring hostname; + } dcerpc_bind_schannel; + typedef struct { uint16 max_xmit_frag; uint16 max_recv_frag; diff --git a/source4/librpc/idl/idl_types.h b/source4/librpc/idl/idl_types.h index 7f1ba48bc8..d36e51f8be 100644 --- a/source4/librpc/idl/idl_types.h +++ b/source4/librpc/idl/idl_types.h @@ -50,6 +50,11 @@ */ #define ascstr_noterm [flag(STR_NOTERM|STR_ASCII|STR_SIZE4|STR_LEN4)] string +/* + a null terminated ascii string +*/ +#define astring [flag(STR_ASCII|STR_NULLTERM)] string + #define NDR_NOALIGN LIBNDR_FLAG_NOALIGN #define NDR_REMAINING LIBNDR_FLAG_REMAINING diff --git a/source4/librpc/ndr/ndr_basic.c b/source4/librpc/ndr/ndr_basic.c index f8315b3af0..ea58a77c47 100644 --- a/source4/librpc/ndr/ndr_basic.c +++ b/source4/librpc/ndr/ndr_basic.c @@ -497,6 +497,17 @@ NTSTATUS ndr_pull_string(struct ndr_pull *ndr, int ndr_flags, const char **s) (*s) = as; break; + case LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM: + len1 = strnlen(ndr->data+ndr->offset, (ndr->data_size - ndr->offset)); + if (len1+1 <= ndr->data_size - ndr->offset) { + len1++; + } + NDR_ALLOC_N(ndr, as, (len1+1)); + NDR_CHECK(ndr_pull_bytes(ndr, as, len1)); + as[len1] = 0; + (*s) = as; + break; + default: return ndr_pull_error(ndr, NDR_ERR_STRING, "Bad string flags 0x%x\n", ndr->flags & LIBNDR_STRING_FLAGS); @@ -639,6 +650,18 @@ NTSTATUS ndr_push_string(struct ndr_push *ndr, int ndr_flags, const char *s) ndr->offset += c_len + 1; break; + case LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM: + NDR_PUSH_NEED_BYTES(ndr, c_len + 1); + ret = convert_string(CH_UNIX, CH_DOS, + s, s_len+1, + ndr->data+ndr->offset, c_len + 1); + if (ret == -1) { + return ndr_push_error(ndr, NDR_ERR_CHARCNV, + "Bad character conversion"); + } + ndr->offset += c_len + 1; + break; + default: return ndr_push_error(ndr, NDR_ERR_STRING, "Bad string flags 0x%x\n", ndr->flags & LIBNDR_STRING_FLAGS); diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index ebfcdf7ff3..c271a94bf0 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -173,6 +173,7 @@ NTSTATUS dcerpc_bind_auth_schannel_key(struct dcerpc_pipe *p, uint8_t full_session_key[16]; struct schannel_state *schannel_state; const char *workgroup, *workstation; + struct dcerpc_bind_schannel bind_schannel; memcpy(full_session_key, session_key, 8); memset(full_session_key+8, 0, 8); @@ -203,21 +204,17 @@ NTSTATUS dcerpc_bind_auth_schannel_key(struct dcerpc_pipe *p, p->auth_info->auth_context_id = random(); p->security_state = NULL; - p->auth_info->credentials = data_blob_talloc(p->mem_ctx, - NULL, - 8 + - strlen(workgroup)+1 + - strlen(workstation)+1); - if (!p->auth_info->credentials.data) { - return NT_STATUS_NO_MEMORY; - } + /* TODO: what are these?? */ + bind_schannel.unknown1 = 0; + bind_schannel.unknown2 = 3; + bind_schannel.domain = workgroup; + bind_schannel.hostname = workstation; - /* oh, this is ugly! */ - SIVAL(p->auth_info->credentials.data, 0, 0); - SIVAL(p->auth_info->credentials.data, 4, 3); - memcpy(p->auth_info->credentials.data+8, workgroup, strlen(workgroup)+1); - memcpy(p->auth_info->credentials.data+8+strlen(workgroup)+1, - workstation, strlen(workstation)+1); + status = ndr_push_struct_blob(&p->auth_info->credentials, p->mem_ctx, &bind_schannel, + (ndr_push_flags_fn_t)ndr_push_dcerpc_bind_schannel); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } /* send the authenticated bind request */ status = dcerpc_bind_byuuid(p, p->mem_ctx, uuid, version); diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index d8da1327d5..623d5ec24a 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -483,7 +483,7 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **p, (*p)->flags = binding->flags; if (binding->flags & DCERPC_SCHANNEL) { - const char *trust_password = secrets_fetch_machine_password(); + const char *trust_password = NULL; // samdb_fetch_member_password(); if (!trust_password) { DEBUG(0,("Unable to fetch machine password\n")); goto done; @@ -635,9 +635,9 @@ NTSTATUS dcerpc_pipe_connect(struct dcerpc_pipe **p, /* - create a secondary dcerpc connection on SMB - the secondary connection will be on the same SMB connection, but - use a new fnum + create a secondary dcerpc connection from a primary SMB connection + + the secondary connection will be on the same SMB connection, but use a new fnum */ NTSTATUS dcerpc_secondary_smb(struct dcerpc_pipe *p, struct dcerpc_pipe **p2, const char *pipe_name, -- cgit