From feff2e9cbdd2e3e8e9db5d9b01b5d5cec42943c0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 30 Oct 2004 11:07:28 +0000 Subject: r3390: fixed schannel server side support. RPC-SCHANNEL now works against Samba4. (This used to be commit 01f5c1c72d9fc8f21029adc586154b0c54f76c9e) --- source4/include/includes.h | 1 - source4/libcli/auth/gensec.h | 3 ++- source4/libcli/auth/schannel.c | 27 ++++++++++++--------------- source4/libcli/auth/schannel.h | 35 ----------------------------------- source4/librpc/rpc/dcerpc_schannel.c | 1 - source4/param/loadparm.c | 2 ++ 6 files changed, 16 insertions(+), 53 deletions(-) delete mode 100644 source4/libcli/auth/schannel.h (limited to 'source4') diff --git a/source4/include/includes.h b/source4/include/includes.h index 9438b468f5..9df5e23816 100644 --- a/source4/include/includes.h +++ b/source4/include/includes.h @@ -653,7 +653,6 @@ extern int errno; #include "libcli/auth/ntlmssp.h" #include "libcli/auth/credentials.h" -#include "libcli/auth/schannel.h" #include "libcli/auth/kerberos.h" #include "libcli/auth/gensec.h" #include "libcli/auth/spnego.h" diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h index 7020435f44..624c7ebe1d 100644 --- a/source4/libcli/auth/gensec.h +++ b/source4/libcli/auth/gensec.h @@ -108,4 +108,5 @@ struct gensec_critical_sizes { }; - +/* pre-declare schannel structure for schannel backend */ +struct schannel_state; diff --git a/source4/libcli/auth/schannel.c b/source4/libcli/auth/schannel.c index 2e752f0172..a99822534b 100644 --- a/source4/libcli/auth/schannel.c +++ b/source4/libcli/auth/schannel.c @@ -22,6 +22,16 @@ #include "includes.h" +struct schannel_state { + TALLOC_CTX *mem_ctx; + uint8_t session_key[16]; + uint32_t seq_num; + BOOL initiator; +}; + +#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } +#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } + /******************************************************************* Encode or Decode the sequence number (which is symmetric) ********************************************************************/ @@ -209,13 +219,7 @@ NTSTATUS schannel_seal_packet(struct schannel_state *state, netsec_deal_with_seq_num(state, digest_final, seq_num); - if (!state->signature.data) { - state->signature = data_blob_talloc(state->mem_ctx, NULL, 32); - if (!state->signature.data) { - return NT_STATUS_NO_MEMORY; - } - } - (*sig) = state->signature; + (*sig) = data_blob_talloc(state->mem_ctx, NULL, 32); memcpy(sig->data, netsec_sig, 8); memcpy(sig->data+8, seq_num, 8); @@ -252,13 +256,7 @@ NTSTATUS schannel_sign_packet(struct schannel_state *state, netsec_deal_with_seq_num(state, digest_final, seq_num); - if (!state->signature.data) { - state->signature = data_blob_talloc(state->mem_ctx, NULL, 32); - if (!state->signature.data) { - return NT_STATUS_NO_MEMORY; - } - } - (*sig) = state->signature; + (*sig) = data_blob_talloc(state->mem_ctx, NULL, 32); memcpy(sig->data, netsec_sig, 8); memcpy(sig->data+8, seq_num, 8); @@ -307,7 +305,6 @@ NTSTATUS schannel_start(struct schannel_state **state, (*state)->mem_ctx = mem_ctx; memcpy((*state)->session_key, session_key, 16); (*state)->initiator = initiator; - (*state)->signature = data_blob(NULL, 0); (*state)->seq_num = 0; return NT_STATUS_OK; diff --git a/source4/libcli/auth/schannel.h b/source4/libcli/auth/schannel.h deleted file mode 100644 index b074b104fb..0000000000 --- a/source4/libcli/auth/schannel.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - schannel library code - - Copyright (C) Andrew Tridgell 2004 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -struct schannel_state { - TALLOC_CTX *mem_ctx; - uint8_t session_key[16]; - uint32_t seq_num; - BOOL initiator; - DATA_BLOB signature; -}; - -#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } -#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } - diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 2d2e845837..43f53d72b3 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -316,7 +316,6 @@ static NTSTATUS dcerpc_schannel_client_start(struct gensec_security *gensec_secu return status; } - dump_data_pw("session key:\n", dce_schan_state->schannel_state->session_key, 16); return NT_STATUS_OK; } diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index f8b90203e7..cddb85f80e 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -1685,6 +1685,8 @@ static BOOL lp_add_ipc(const char *ipc_name, BOOL guest_ok) ServicePtrs[i]->bPrint_ok = False; ServicePtrs[i]->bBrowseable = sDefault.bBrowseable; + lp_do_parameter(i, "ntvfs handler", "default"); + DEBUG(3, ("adding IPC service\n")); return (True); -- cgit