svn commit: samba r2294 - in branches/SAMBA_4_0/source: libcli/auth
librpc/rpc rpc_server
tridge at samba.org
tridge at samba.org
Sun Sep 12 06:38:02 GMT 2004
Author: tridge
Date: 2004-09-12 06:38:00 +0000 (Sun, 12 Sep 2004)
New Revision: 2294
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_4_0/source&rev=2294&nolog=1
Log:
this fixes the NTLM2 sign+seal combination. I have now tested:
NTLM sign
NTLM sign+seal
NTLM2 sign
NTLM2 sign+seal
and all of the above both with and without key exchange
the NTLM2 seal case is ugly and involves an extra data copy, which
some API changes in gensec or the ndr layer might avoid in future.
Modified:
branches/SAMBA_4_0/source/libcli/auth/ntlmssp_sign.c
branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c
branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/auth/ntlmssp_sign.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/auth/ntlmssp_sign.c 2004-09-12 06:04:03 UTC (rev 2293)
+++ branches/SAMBA_4_0/source/libcli/auth/ntlmssp_sign.c 2004-09-12 06:38:00 UTC (rev 2294)
@@ -66,7 +66,7 @@
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
enum ntlmssp_direction direction,
- DATA_BLOB *sig, BOOL encrypt_sig)
+ DATA_BLOB *sig, BOOL encrypt_sig)
{
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
@@ -120,9 +120,7 @@
}
ntlmssp_state->ntlm_seq_num++;
- if (encrypt_sig) {
- arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4);
- }
+ arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4);
}
dump_data_pw("calculated ntlmssp signature\n", sig->data, sig->length);
return NT_STATUS_OK;
@@ -245,13 +243,14 @@
/* The order of these two operations matters - we must first seal the packet,
then seal the sequence number - this is becouse the send_seal_hash is not
constant, but is is rather updated with each iteration */
-
- arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, data, length);
-
nt_status = ntlmssp_make_packet_signature(ntlmssp_state, sig_mem_ctx,
data, length,
whole_pdu, pdu_length,
- NTLMSSP_SEND, sig, True);
+ NTLMSSP_SEND, sig, False);
+ arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, data, length);
+ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
+ arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, sig->data+4, 8);
+ }
} else {
uint32_t crc;
crc = crc32_calc_buffer((const char *)data, length);
@@ -259,12 +258,13 @@
return NT_STATUS_NO_MEMORY;
}
- /* The order of these two operations matters - we must first seal the packet,
- then seal the sequence number - this is becouse the ntlmssp_hash is not
- constant, but is is rather updated with each iteration */
-
- arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, data, length);
+ /* The order of these two operations matters - we must
+ first seal the packet, then seal the sequence
+ number - this is becouse the ntlmssp_hash is not
+ constant, but is is rather updated with each
+ iteration */
+ arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, data, length);
arcfour_crypt_sbox(ntlmssp_state->ntlmssp_hash, sig->data+4, sig->length-4);
/* increment counter on send */
ntlmssp_state->ntlm_seq_num++;
@@ -297,26 +297,16 @@
dump_data_pw("ntlmssp sealed data\n", data, length);
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+ arcfour_crypt_sbox(ntlmssp_state->recv_seal_hash, data, length);
- /* We have to pass the data past the arcfour pad in
- * the correct order, so we must encrypt the signature
- * after we decrypt the main body. however, the
- * signature is calculated over the encrypted data */
-
nt_status = ntlmssp_make_packet_signature(ntlmssp_state, sig_mem_ctx,
data, length,
whole_pdu, pdu_length,
- NTLMSSP_RECEIVE, &local_sig, False);
+ NTLMSSP_RECEIVE, &local_sig, True);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
- arcfour_crypt_sbox(ntlmssp_state->recv_seal_hash, data, length);
-
- if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
- arcfour_crypt_sbox(ntlmssp_state->send_seal_hash, local_sig.data + 4, 8);
- }
-
if (local_sig.length != sig->length ||
memcmp(local_sig.data,
sig->data, sig->length) != 0) {
Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c
===================================================================
--- branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2004-09-12 06:04:03 UTC (rev 2293)
+++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2004-09-12 06:38:00 UTC (rev 2294)
@@ -214,11 +214,14 @@
case DCERPC_AUTH_LEVEL_PRIVACY:
status = gensec_unseal_packet(p->security_state.generic_state,
mem_ctx,
- pkt->u.response.stub_and_verifier.data,
+ blob->data + DCERPC_REQUEST_LENGTH,
pkt->u.response.stub_and_verifier.length,
blob->data,
blob->length - auth.credentials.length,
&auth.credentials);
+ memcpy(pkt->u.response.stub_and_verifier.data,
+ blob->data + DCERPC_REQUEST_LENGTH,
+ pkt->u.response.stub_and_verifier.length);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
@@ -327,8 +330,8 @@
case DCERPC_AUTH_LEVEL_PRIVACY:
status = gensec_seal_packet(p->security_state.generic_state,
mem_ctx,
- ndr->data + DCERPC_REQUEST_LENGTH,
- ndr->offset - DCERPC_REQUEST_LENGTH,
+ blob->data + DCERPC_REQUEST_LENGTH,
+ pkt->u.request.stub_and_verifier.length+p->security_state.auth_info->auth_pad_length,
blob->data,
blob->length -
p->security_state.auth_info->credentials.length,
@@ -339,8 +342,8 @@
case DCERPC_AUTH_LEVEL_INTEGRITY:
status = gensec_sign_packet(p->security_state.generic_state,
mem_ctx,
- ndr->data + DCERPC_REQUEST_LENGTH,
- ndr->offset - DCERPC_REQUEST_LENGTH,
+ blob->data + DCERPC_REQUEST_LENGTH,
+ pkt->u.request.stub_and_verifier.length,
blob->data,
blob->length -
p->security_state.auth_info->credentials.length,
Modified: branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c 2004-09-12 06:04:03 UTC (rev 2293)
+++ branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c 2004-09-12 06:38:00 UTC (rev 2294)
@@ -240,11 +240,14 @@
case DCERPC_AUTH_LEVEL_PRIVACY:
status = gensec_unseal_packet(dce_conn->auth_state.gensec_security,
call->mem_ctx,
- pkt->u.request.stub_and_verifier.data,
+ full_packet->data + DCERPC_REQUEST_LENGTH,
pkt->u.request.stub_and_verifier.length,
full_packet->data,
full_packet->length-auth.credentials.length,
&auth.credentials);
+ memcpy(pkt->u.request.stub_and_verifier.data,
+ full_packet->data + DCERPC_REQUEST_LENGTH,
+ pkt->u.request.stub_and_verifier.length);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
More information about the samba-cvs
mailing list