From 3fe884c26c772fca65470c45540d37a58deda403 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 28 Apr 2004 13:17:28 +0000 Subject: r390: added my best guess for how session keys are supposed to work when you use NTLMSSP sign or seal at the RPC layer It doesn't work yet, but then again neither does the old code (which just assumed the SMB session key was used, which of course makes no sense on a ncacn_ip_tcp connection) (This used to be commit e8782329269bc78d36d8ca83fb7a4e38b9c6b167) --- source4/librpc/rpc/dcerpc.h | 1 + source4/librpc/rpc/dcerpc_ntlm.c | 12 ++++++++++++ source4/librpc/rpc/dcerpc_schannel.c | 7 +++++++ source4/librpc/rpc/dcerpc_util.c | 19 ++++++++++++++----- 4 files changed, 34 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 55c81c374e..c79d14bec0 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -35,6 +35,7 @@ struct dcerpc_security { uchar *data, size_t length, DATA_BLOB *sig); NTSTATUS (*sign_packet)(struct dcerpc_security *, const uchar *data, size_t length, DATA_BLOB *sig); + NTSTATUS (*session_key)(struct dcerpc_security *, uint8 session_key[16]); void (*security_end)(struct dcerpc_security *); }; diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c index 81f434cccf..194b1aa865 100644 --- a/source4/librpc/rpc/dcerpc_ntlm.c +++ b/source4/librpc/rpc/dcerpc_ntlm.c @@ -56,6 +56,17 @@ static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security, return ntlmssp_sign_packet(ntlmssp_state, data, length, sig); } +static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security, + uint8 session_key[16]) +{ + struct ntlmssp_state *ntlmssp_state = dcerpc_security->private; + if (!ntlmssp_state || ntlmssp_state->session_key.length < 16) { + return NT_STATUS_UNSUCCESSFUL; + } + memcpy(session_key, ntlmssp_state->session_key.data, 16); + return NT_STATUS_OK; +} + static void ntlm_security_end(struct dcerpc_security *dcerpc_security) { struct ntlmssp_state *ntlmssp_state = dcerpc_security->private; @@ -173,6 +184,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p, p->security_state->check_packet = ntlm_check_packet; p->security_state->seal_packet = ntlm_seal_packet; p->security_state->sign_packet = ntlm_sign_packet; + p->security_state->session_key = ntlm_session_key; p->security_state->security_end = ntlm_security_end; switch (p->auth_info->auth_level) { diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 2a4c0a6bb1..504c8dfd6f 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -56,6 +56,12 @@ static NTSTATUS schan_sign_packet(struct dcerpc_security *dcerpc_security, return schannel_sign_packet(schannel_state, data, length, sig); } +static NTSTATUS schan_session_key(struct dcerpc_security *dcerpc_security, + uint8 session_key[16]) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + static void schan_security_end(struct dcerpc_security *dcerpc_security) { struct schannel_state *schannel_state = dcerpc_security->private; @@ -232,6 +238,7 @@ NTSTATUS dcerpc_bind_auth_schannel_key(struct dcerpc_pipe *p, p->security_state->check_packet = schan_check_packet; p->security_state->seal_packet = schan_seal_packet; p->security_state->sign_packet = schan_sign_packet; + p->security_state->session_key = schan_session_key; p->security_state->security_end = schan_security_end; done: diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index b52631670b..0e045e0033 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -677,14 +677,23 @@ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p, { struct cli_tree *tree; + memset(session_key, 0, 16); + tree = dcerpc_smb_tree(p); - if (!tree) { - return NT_STATUS_INVALID_PARAMETER; + if (tree) { + memcpy(session_key, + tree->session->transport->negotiate.user_session_key, + 16); } - memcpy(session_key, - tree->session->transport->negotiate.user_session_key, - 16); + if (p->security_state) { + NTSTATUS status; + + status = p->security_state->session_key(p->security_state, session_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } return NT_STATUS_OK; } -- cgit