svn commit: samba r3805 - in branches/SAMBA_4_0/source: libcli/auth torture/rpc

abartlet at samba.org abartlet at samba.org
Wed Nov 17 12:27:16 GMT 2004


Author: abartlet
Date: 2004-11-17 12:27:16 +0000 (Wed, 17 Nov 2004)
New Revision: 3805

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=3805

Log:
Fix the LSA portions of the RPC-SAMSYNC test - I was not using the LSA
secrets interface correctly.  (New interface added).

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/libcli/auth/session.c
   branches/SAMBA_4_0/source/torture/rpc/samsync.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/auth/session.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/auth/session.c	2004-11-17 11:56:13 UTC (rev 3804)
+++ branches/SAMBA_4_0/source/libcli/auth/session.c	2004-11-17 12:27:16 UTC (rev 3805)
@@ -131,3 +131,80 @@
 
 	return ret;
 }
+
+/*
+  a convenient wrapper around sess_crypt_blob() for DATA_BLOBs, using the LSA convention
+
+  note that we round the length to a multiple of 8. This seems to be needed for 
+  compatibility with windows
+
+  caller should free using data_blob_free()
+*/
+DATA_BLOB sess_encrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob_in, const DATA_BLOB *session_key)
+{
+	DATA_BLOB ret, src;
+	int dlen = (blob_in->length+7) & ~7;
+
+	src = data_blob_talloc(mem_ctx, NULL, 8+dlen);
+	if (!src.data) {
+		return data_blob(NULL, 0);
+	}
+
+	ret = data_blob(NULL, 8+dlen);
+	if (!ret.data) {
+		data_blob_free(&src);
+		return data_blob(NULL, 0);
+	}
+
+	SIVAL(src.data, 0, blob_in->length);
+	SIVAL(src.data, 4, 1);
+	memset(src.data+8, 0, dlen);
+	memcpy(src.data+8, blob_in->data, blob_in->length);
+
+	sess_crypt_blob(&ret, &src, session_key, True);
+	
+	data_blob_free(&src);
+
+	return ret;
+}
+
+/*
+  a convenient wrapper around sess_crypt_blob() for strings, using the LSA convention
+
+  caller should free the returned string
+*/
+DATA_BLOB sess_decrypt_blob(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const DATA_BLOB *session_key)
+{
+	DATA_BLOB out;
+	int slen;
+	DATA_BLOB ret;
+
+	if (blob->length < 8) {
+		return data_blob(NULL, 0);
+	}
+	
+	out = data_blob_talloc(mem_ctx, NULL, blob->length);
+	if (!out.data) {
+		return data_blob(NULL, 0);
+	}
+
+	sess_crypt_blob(&out, blob, session_key, False);
+
+	slen = IVAL(out.data, 0);
+	if (slen > blob->length - 8) {
+		DEBUG(0,("Invalid crypt length %d\n", slen));
+		return data_blob(NULL, 0);
+	}
+
+	if (IVAL(out.data, 4) != 1) {
+		DEBUG(0,("Unexpected revision number %d in session crypted string\n",
+			 IVAL(out.data, 4)));
+		return data_blob(NULL, 0);
+	}
+		
+	ret = data_blob_talloc(mem_ctx, out.data+8, slen);
+
+	data_blob_free(&out);
+
+	return ret;
+}

Modified: branches/SAMBA_4_0/source/torture/rpc/samsync.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samsync.c	2004-11-17 11:56:13 UTC (rev 3804)
+++ branches/SAMBA_4_0/source/torture/rpc/samsync.c	2004-11-17 12:27:16 UTC (rev 3805)
@@ -583,9 +583,7 @@
 		lsa_blob1.data = q.out.new_val->buf->data;
 		lsa_blob1.length = q.out.new_val->buf->length;
 
-		lsa_blob_out = data_blob(NULL, lsa_blob1.length);
-
-		sess_crypt_blob(&lsa_blob_out, &lsa_blob1, &session_key, 0);
+		lsa_blob_out = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key);
 		
 		if (new->secret.length != lsa_blob_out.length) {
 			printf("Returned secret %s doesn't match: %d != %d\n",



More information about the samba-cvs mailing list