The branch, master has been updated
via 7208809... rpcclient: Use DCERPC_AUTH_LEVEL_CONNECT if no sign/seal
is set for krb5 auth
via 183e0a0... s3-dcerpc: Refactor calculate_data_len_tosend()
via c08d684... s3-dcerpc: Add auth trailer only when appropriate.
via 866f85e... s3-dcerpc: consolidate unmarshalling of dcerpc_auth
via 146af48... s3-dcerpc: revive cli_rpc_pipe_open_krb5()
via 250e341... misc: Remove unused structure elements
via b00f9a0... s3-rpcclient: Allow choosing spnego mech: (ntlm/krb5)
via 2463a87... s3-dcerpc: Use dcerpc_AuthType in pipe_auth_data
via 1e915d2... s3-dcerpc: Cleanup and refactor create_rpc_bind_req()
via 3c3237d... s3-auth: Remove unimplemented functions
via bfe53d4... s3-dcerpc: Set flags directly instead of calling
unimplemented functions.
via 7407c97... s3-dcerpc: Use dcerpc_check_auth in client code too
via 9565e3f... s3-dcerpc: Make dcerpc_check_auth() common code
via 5f2cca6... s3-dcerpc: Add the same paranoia checks we have in the
client code
via 49a8c29... s3-dcerpc: Split auth checking into a generic function.
via 1fc71c9... s3-dcerpc do not pass pipes_struct to
dcesrv_auth_request()
via 2ce169c... s3-dcerpc: Make dcesrv_auth_request() return NTSTATUS
codes
via aa4c5a2... s3-dcerpc: Use the common dcerpc_add_auth_footer() in
the server code
via 3139333... s3-dcerpc: Move dcerpc_add_auth_footer() to the common
helpers file
via 6f5cdf9... s3-dcerpc: Introduce generic helper function to add auth
trailer
via 1b57249... s3-dcerpc: Pass explicit arguments so that this is not
client specific
via e2b0e43... s3-dcerpc: Move marshalling of dcerpc_auth_header in the
callers
from 6ffd7dc... s3-rpc: Use struct pipes_struct.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 72088096af8dbf57cbc85c71cd0eef4447e7560d
Author: Simo Sorce <[email protected]>
Date: Wed Jul 21 12:11:37 2010 -0400
rpcclient: Use DCERPC_AUTH_LEVEL_CONNECT if no sign/seal is set for krb5
auth
commit 183e0a0d9f87bc619cd832decf5745be1d28f598
Author: Simo Sorce <[email protected]>
Date: Thu Jul 22 16:14:16 2010 -0400
s3-dcerpc: Refactor calculate_data_len_tosend()
commit c08d684f4ef679831e8fed69cd87e4d9b06cb3e0
Author: Simo Sorce <[email protected]>
Date: Wed Jul 21 13:33:09 2010 -0400
s3-dcerpc: Add auth trailer only when appropriate.
commit 866f85e31973de356c3843836d5cacdbdf245e32
Author: Simo Sorce <[email protected]>
Date: Wed Jul 21 12:12:58 2010 -0400
s3-dcerpc: consolidate unmarshalling of dcerpc_auth
commit 146af48d4887e8fa0c66bf53aa5f204366648478
Author: Simo Sorce <[email protected]>
Date: Tue Jul 20 18:43:37 2010 -0400
s3-dcerpc: revive cli_rpc_pipe_open_krb5()
commit 250e341e0aad67c2f70fea597f34deadea1d2ccc
Author: Simo Sorce <[email protected]>
Date: Tue Jul 20 18:39:46 2010 -0400
misc: Remove unused structure elements
commit b00f9a0a2d3b692dd12e182a2a4a7979c626dec7
Author: Simo Sorce <[email protected]>
Date: Tue Jul 20 17:26:32 2010 -0400
s3-rpcclient: Allow choosing spnego mech: (ntlm/krb5)
commit 2463a871776bb4de8653d6a44469d2adb3ec9418
Author: Simo Sorce <[email protected]>
Date: Tue Jul 20 13:26:36 2010 -0400
s3-dcerpc: Use dcerpc_AuthType in pipe_auth_data
commit 1e915d231d4191bf3a0bb54ba99a31ad6b2afd3b
Author: Simo Sorce <[email protected]>
Date: Tue Jul 20 11:49:23 2010 -0400
s3-dcerpc: Cleanup and refactor create_rpc_bind_req()
commit 3c3237dd0afa37ba0e545424f5008973b645cf96
Author: Simo Sorce <[email protected]>
Date: Tue Jul 20 11:23:11 2010 -0400
s3-auth: Remove unimplemented functions
commit bfe53d414548cd8a0226136b73cf2b766b6a61ef
Author: Simo Sorce <[email protected]>
Date: Tue Jul 20 11:22:50 2010 -0400
s3-dcerpc: Set flags directly instead of calling unimplemented functions.
commit 7407c979a1469997c9277c501787b5f222216aac
Author: Simo Sorce <[email protected]>
Date: Mon Jul 19 20:03:08 2010 -0400
s3-dcerpc: Use dcerpc_check_auth in client code too
commit 9565e3f6a7ef2fb590558eb7b29c6c2fc657fca9
Author: Simo Sorce <[email protected]>
Date: Mon Jul 19 19:49:35 2010 -0400
s3-dcerpc: Make dcerpc_check_auth() common code
commit 5f2cca6b2a7b8b7bad4a47a2bd31174c45fa2611
Author: Simo Sorce <[email protected]>
Date: Mon Jul 19 19:42:12 2010 -0400
s3-dcerpc: Add the same paranoia checks we have in the client code
commit 49a8c2965d2982e6510609fa9772a56597494641
Author: Simo Sorce <[email protected]>
Date: Mon Jul 19 19:34:34 2010 -0400
s3-dcerpc: Split auth checking into a generic function.
commit 1fc71c9c6ff26f2d49f314b8425c6cd4c91683f3
Author: Simo Sorce <[email protected]>
Date: Mon Jul 19 17:51:18 2010 -0400
s3-dcerpc do not pass pipes_struct to dcesrv_auth_request()
commit 2ce169ce187cc7229aecdc3e5cd889c5194956aa
Author: Simo Sorce <[email protected]>
Date: Mon Jul 19 17:14:56 2010 -0400
s3-dcerpc: Make dcesrv_auth_request() return NTSTATUS codes
commit aa4c5a2bfb27fc274de2a83c4724e0f10ad6b119
Author: Simo Sorce <[email protected]>
Date: Mon Jul 19 16:16:40 2010 -0400
s3-dcerpc: Use the common dcerpc_add_auth_footer() in the server code
commit 31393334194be7763072900408bb61ebb7c1d11a
Author: Simo Sorce <[email protected]>
Date: Mon Jul 19 16:10:35 2010 -0400
s3-dcerpc: Move dcerpc_add_auth_footer() to the common helpers file
commit 6f5cdf9ae9707cdbc62e0ed5ad2578316796b4b3
Author: Simo Sorce <[email protected]>
Date: Mon Jul 19 09:07:22 2010 -0400
s3-dcerpc: Introduce generic helper function to add auth trailer
commit 1b572493e2ea30b262a0ca1b04e913017a3ac13d
Author: Simo Sorce <[email protected]>
Date: Sat Jul 17 17:53:44 2010 -0400
s3-dcerpc: Pass explicit arguments so that this is not client specific
commit e2b0e43da9b6c3f1fb12a10898dcc09e56da795a
Author: Simo Sorce <[email protected]>
Date: Sat Jul 17 17:32:35 2010 -0400
s3-dcerpc: Move marshalling of dcerpc_auth_header in the callers
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_ntlmssp.c | 10 -
source3/include/client.h | 6 -
source3/include/ntdomain.h | 10 +-
source3/include/proto.h | 4 +-
source3/librpc/rpc/dcerpc.h | 8 +
source3/librpc/rpc/dcerpc_helpers.c | 395 ++++++++++++++
source3/librpc/rpc/rpc_common.c | 33 --
source3/rpc_client/cli_pipe.c | 1002 ++++++++++-------------------------
source3/rpc_server/rpc_handles.c | 3 +-
source3/rpc_server/srv_lsa_nt.c | 4 +-
source3/rpc_server/srv_netlog_nt.c | 6 +-
source3/rpc_server/srv_pipe.c | 452 ++++------------
source3/rpc_server/srv_samr_nt.c | 4 +-
source3/rpcclient/rpcclient.c | 152 ++++--
14 files changed, 899 insertions(+), 1190 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 66adc6f..0cccab5 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -24,16 +24,6 @@
#include "../libcli/auth/ntlmssp.h"
#include "ntlmssp_wrap.h"
-void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
-
-}
-
-void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
-
-}
-
NTSTATUS auth_ntlmssp_steal_server_info(TALLOC_CTX *mem_ctx,
struct auth_ntlmssp_state *auth_ntlmssp_state,
struct auth_serversupplied_info **server_info)
diff --git a/source3/include/client.h b/source3/include/client.h
index ee5afc8..c73d0b4 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -215,7 +215,6 @@ struct cli_state {
fstring dev;
struct nmb_name called;
struct nmb_name calling;
- fstring full_dest_host_name;
struct sockaddr_storage dest_ss;
DATA_BLOB secblob; /* cryptkey or negTokenInit */
@@ -241,11 +240,6 @@ struct cli_state {
uint32_t requested_posix_capabilities;
bool dfsroot;
-#if 0
- TALLOC_CTX *longterm_mem_ctx;
- TALLOC_CTX *call_mem_ctx;
-#endif
-
struct smb_signing_state *signing_state;
struct smb_trans_enc_state *trans_enc_state; /* Setup if we're
encrypting SMB's. */
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 5801fd3..c843bc9 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -93,8 +93,11 @@ typedef struct pipe_rpc_fns {
* Can't keep in sync with wire values as spnego wraps different auth methods.
*/
-enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP,
PIPE_AUTH_TYPE_SCHANNEL,
- PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5,
PIPE_AUTH_TYPE_SPNEGO_KRB5 };
+enum pipe_auth_type_spnego {
+ PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
+ PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
+ PIPE_AUTH_TYPE_SPNEGO_KRB5
+};
/* auth state for krb5. */
struct kerberos_auth_struct {
@@ -105,7 +108,8 @@ struct kerberos_auth_struct {
/* auth state for all bind types. */
struct pipe_auth_data {
- enum pipe_auth_type auth_type; /* switch for union below. */
+ enum dcerpc_AuthType auth_type;
+ enum pipe_auth_type_spnego spnego_type;
enum dcerpc_AuthLevel auth_level;
union {
diff --git a/source3/include/proto.h b/source3/include/proto.h
index e591ce3..1af36dd 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -57,8 +57,6 @@ NTSTATUS auth_netlogond_init(void);
NTSTATUS auth_ntlmssp_steal_server_info(TALLOC_CTX *mem_ctx,
struct auth_ntlmssp_state *auth_ntlmssp_state,
struct auth_serversupplied_info **server_info);
-void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state);
-void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state);
NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state);
@@ -4754,7 +4752,6 @@ const struct ndr_interface_table *get_iface_from_syntax(
const struct ndr_syntax_id *syntax);
const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *syntax);
-enum dcerpc_AuthType map_pipe_auth_type_to_rpc_auth_type(enum pipe_auth_type
auth_type);
struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx,
struct event_context *ev,
@@ -4845,6 +4842,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
index bb7bd34..d170daa 100644
--- a/source3/librpc/rpc/dcerpc.h
+++ b/source3/librpc/rpc/dcerpc.h
@@ -139,5 +139,13 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
const DATA_BLOB *blob,
struct dcerpc_auth *r,
bool bigendian);
+NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
+ size_t pad_len, DATA_BLOB *rpc_out);
+NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
+ struct ncacn_packet *pkt,
+ DATA_BLOB *pkt_trailer,
+ size_t header_size,
+ DATA_BLOB *raw_pkt,
+ size_t *pad_len);
#endif /* __DCERPC_H__ */
diff --git a/source3/librpc/rpc/dcerpc_helpers.c
b/source3/librpc/rpc/dcerpc_helpers.c
index 5c92a79..be076d8 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -22,6 +22,10 @@
#include "librpc/rpc/dcerpc.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "librpc/gen_ndr/ndr_schannel.h"
+#include "../libcli/auth/schannel.h"
+#include "../libcli/auth/spnego.h"
+#include "../libcli/auth/ntlmssp.h"
+#include "ntlmssp_wrap.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_PARSE
@@ -234,3 +238,394 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+
+/*******************************************************************
+ Create and add the NTLMSSP sign/seal auth data.
+ ********************************************************************/
+
+static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
+ enum dcerpc_AuthLevel auth_level,
+ DATA_BLOB *rpc_out)
+{
+ uint16_t data_and_pad_len = rpc_out->length
+ - DCERPC_RESPONSE_LENGTH
+ - DCERPC_AUTH_TRAILER_LENGTH;
+ DATA_BLOB auth_blob;
+ NTSTATUS status;
+
+ if (!auth_state) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ /* Data portion is encrypted. */
+ status = auth_ntlmssp_seal_packet(auth_state,
+ rpc_out->data,
+ rpc_out->data
+ + DCERPC_RESPONSE_LENGTH,
+ data_and_pad_len,
+ rpc_out->data,
+ rpc_out->length,
+ &auth_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ break;
+
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ /* Data is signed. */
+ status = auth_ntlmssp_sign_packet(auth_state,
+ rpc_out->data,
+ rpc_out->data
+ + DCERPC_RESPONSE_LENGTH,
+ data_and_pad_len,
+ rpc_out->data,
+ rpc_out->length,
+ &auth_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ break;
+
+ default:
+ /* Can't happen. */
+ smb_panic("bad auth level");
+ /* Notreached. */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* Finally attach the blob. */
+ if (!data_blob_append(NULL, rpc_out,
+ auth_blob.data, auth_blob.length)) {
+ DEBUG(0, ("Failed to add %u bytes auth blob.\n",
+ (unsigned int)auth_blob.length));
+ return NT_STATUS_NO_MEMORY;
+ }
+ data_blob_free(&auth_blob);
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Create and add the schannel sign/seal auth data.
+ ********************************************************************/
+
+static NTSTATUS add_schannel_auth_footer(struct schannel_state *sas,
+ enum dcerpc_AuthLevel auth_level,
+ DATA_BLOB *rpc_out)
+{
+ uint8_t *data_p = rpc_out->data + DCERPC_RESPONSE_LENGTH;
+ size_t data_and_pad_len = rpc_out->length
+ - DCERPC_RESPONSE_LENGTH
+ - DCERPC_AUTH_TRAILER_LENGTH;
+ DATA_BLOB auth_blob;
+ NTSTATUS status;
+
+ if (!sas) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
+ sas->seq_num));
+
+ switch (auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ status = netsec_outgoing_packet(sas,
+ rpc_out->data,
+ true,
+ data_p,
+ data_and_pad_len,
+ &auth_blob);
+ break;
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ status = netsec_outgoing_packet(sas,
+ rpc_out->data,
+ false,
+ data_p,
+ data_and_pad_len,
+ &auth_blob);
+ break;
+ default:
+ status = NT_STATUS_INTERNAL_ERROR;
+ break;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1,("add_schannel_auth_footer: failed to process packet:
%s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ dump_NL_AUTH_SIGNATURE(talloc_tos(), &auth_blob);
+ }
+
+ /* Finally attach the blob. */
+ if (!data_blob_append(NULL, rpc_out,
+ auth_blob.data, auth_blob.length)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ data_blob_free(&auth_blob);
+
+ return NT_STATUS_OK;
+}
+
+/**
+* @brief Append an auth footer according to what is the current mechanism
+*
+* @param auth The pipe_auth_data associated with the connection
+* @param pad_len The padding used in the packet
+* @param rpc_out Packet blob up to and including the auth header
+*
+* @return A NTSTATUS error code.
+*/
+NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
+ size_t pad_len, DATA_BLOB *rpc_out)
+{
+ char pad[CLIENT_NDR_PADDING_SIZE] = { 0, };
+ DATA_BLOB auth_info;
+ DATA_BLOB auth_blob;
+ NTSTATUS status;
+
+ if (auth->auth_type == DCERPC_AUTH_TYPE_NONE) {
+ return NT_STATUS_OK;
+ }
+
+ if (pad_len) {
+ /* Copy the sign/seal padding data. */
+ if (!data_blob_append(NULL, rpc_out, pad, pad_len)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ /* marshall the dcerpc_auth with an actually empty auth_blob.
+ * This is needed because the ntmlssp signature includes the
+ * auth header. We will append the actual blob later. */
+ auth_blob = data_blob_null;
+ status = dcerpc_push_dcerpc_auth(rpc_out->data,
+ auth->auth_type,
+ auth->auth_level,
+ pad_len,
+ 1 /* context id. */,
+ &auth_blob,
+ &auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* append the header */
+ if (!data_blob_append(NULL, rpc_out,
+ auth_info.data, auth_info.length)) {
+ DEBUG(0, ("Failed to add %u bytes auth blob.\n",
+ (unsigned int)auth_info.length));
+ return NT_STATUS_NO_MEMORY;
+ }
+ data_blob_free(&auth_info);
+
+ /* Generate any auth sign/seal and add the auth footer. */
+ switch (auth->auth_type) {
+ case DCERPC_AUTH_TYPE_NONE:
+ status = NT_STATUS_OK;
+ break;
+ case DCERPC_AUTH_TYPE_SPNEGO:
+ if (auth->spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ /* fall thorugh */
+ case DCERPC_AUTH_TYPE_NTLMSSP:
+ status = add_ntlmssp_auth_footer(auth->a_u.auth_ntlmssp_state,
+ auth->auth_level,
+ rpc_out);
+ break;
+ case DCERPC_AUTH_TYPE_SCHANNEL:
+ status = add_schannel_auth_footer(auth->a_u.schannel_auth,
+ auth->auth_level,
+ rpc_out);
+ break;
+ default:
+ status = NT_STATUS_INVALID_PARAMETER;
+ break;
+ }
+
+ return status;
+}
+
+/**
+* @brief Check authentication for request/response packets
+*
+* @param auth The auth data for the connection
+* @param pkt The actual ncacn_packet
+* @param pkt_trailer The stub_and_verifier part of the packet
+* @param header_size The header size
+* @param raw_pkt The whole raw packet data blob
+* @param pad_len [out] The padding length used in the packet
+*
+* @return A NTSTATUS error code
+*/
+NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
+ struct ncacn_packet *pkt,
+ DATA_BLOB *pkt_trailer,
+ size_t header_size,
+ DATA_BLOB *raw_pkt,
+ size_t *pad_len)
+{
+ NTSTATUS status;
+ struct dcerpc_auth auth_info;
+ uint32_t auth_length;
+ DATA_BLOB full_pkt;
+ DATA_BLOB data;
+
+ switch (auth->auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ DEBUG(10, ("Requested Privacy.\n"));
+ break;
+
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ DEBUG(10, ("Requested Integrity.\n"));
+ break;
+
+ case DCERPC_AUTH_LEVEL_CONNECT:
+ if (pkt->auth_length != 0) {
+ break;
+ }
+ *pad_len = 0;
+ return NT_STATUS_OK;
+
+ case DCERPC_AUTH_LEVEL_NONE:
+ if (pkt->auth_length != 0) {
+ DEBUG(3, ("Got non-zero auth len on non "
+ "authenticated connection!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ *pad_len = 0;
+ return NT_STATUS_OK;
+
+ default:
+ DEBUG(3, ("Unimplemented Auth Level %d",
+ auth->auth_level));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* Paranioa checks for auth_length. */
+ if (pkt->auth_length > pkt->frag_length) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+ if ((pkt->auth_length
+ + DCERPC_AUTH_TRAILER_LENGTH < pkt->auth_length) ||
+ (pkt->auth_length
+ + DCERPC_AUTH_TRAILER_LENGTH < DCERPC_AUTH_TRAILER_LENGTH)) {
+ /* Integer wrap attempt. */
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+
+ status = dcerpc_pull_auth_trailer(pkt, pkt, pkt_trailer,
+ &auth_info, &auth_length, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ data = data_blob_const(raw_pkt->data + header_size,
+ pkt_trailer->length - auth_length);
+ full_pkt = data_blob_const(raw_pkt->data,
+ raw_pkt->length - auth_info.credentials.length);
+
+ switch (auth->auth_type) {
+ case DCERPC_AUTH_TYPE_NONE:
+ return NT_STATUS_OK;
+
+ case DCERPC_AUTH_TYPE_SPNEGO:
+ if (auth->spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
+ DEBUG(0, ("Currently only NTLMSSP is supported "
+ "with SPNEGO\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ /* fall through */
+ case DCERPC_AUTH_TYPE_NTLMSSP:
+
+ DEBUG(10, ("NTLMSSP auth\n"));
+
+ if (!auth->a_u.auth_ntlmssp_state) {
+ DEBUG(0, ("Invalid auth level, "
+ "failed to process packet auth.\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (auth->auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ status = auth_ntlmssp_unseal_packet(
+ auth->a_u.auth_ntlmssp_state,
+ data.data, data.length,
+ full_pkt.data, full_pkt.length,
+ &auth_info.credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ memcpy(pkt_trailer->data, data.data, data.length);
+ break;
+
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ status = auth_ntlmssp_check_packet(
+ auth->a_u.auth_ntlmssp_state,
+ data.data, data.length,
+ full_pkt.data, full_pkt.length,
+ &auth_info.credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ break;
+
+ default:
+ DEBUG(0, ("Invalid auth level, "
+ "failed to process packet auth.\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ break;
+
+ case DCERPC_AUTH_TYPE_SCHANNEL:
+
+ DEBUG(10, ("SCHANNEL auth\n"));
+
+ switch (auth->auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ status = netsec_incoming_packet(
+ auth->a_u.schannel_auth,
+ pkt, true,
+ data.data, data.length,
+ &auth_info.credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ memcpy(pkt_trailer->data, data.data, data.length);
+ break;
+
--
Samba Shared Repository
