svn commit: samba r9487 - in trunk/source: include rpc_parse
rpc_server
jra at samba.org
jra at samba.org
Mon Aug 22 19:48:22 GMT 2005
Author: jra
Date: 2005-08-22 19:48:20 +0000 (Mon, 22 Aug 2005)
New Revision: 9487
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9487
Log:
Get rid of the "auth_flags" member for schannel processing.
It was only an abstraction for the rpc auth_level anyway and
isn't needed. Now to separate out the auth_flags into auth_type
and auth_level in the client code.
Jeremy
Modified:
trunk/source/include/ntdomain.h
trunk/source/rpc_parse/parse_prs.c
trunk/source/rpc_server/srv_pipe.c
Changeset:
Modified: trunk/source/include/ntdomain.h
===================================================================
--- trunk/source/include/ntdomain.h 2005-08-22 19:47:56 UTC (rev 9486)
+++ trunk/source/include/ntdomain.h 2005-08-22 19:48:20 UTC (rev 9487)
@@ -179,21 +179,8 @@
struct schannel_auth_struct {
uchar sess_key[16];
uint32 seq_num;
- int auth_flags;
};
-#if 0
-/* auth state for ntlmssp. */
-struct ntlmssp_auth_struct {
- uint32 ntlmssp_chal_flags; /* Client challenge flags. */
- BOOL ntlmssp_auth_requested; /* If the client wanted authenticated rpc. */
- BOOL ntlmssp_auth_validated; /* If the client *got* authenticated rpc. */
- unsigned char challenge[8];
- unsigned char ntlmssp_arc4_state[258];
- uint32 ntlmssp_seq_num;
-};
-#endif
-
/* auth state for all bind types. */
struct pipe_auth_data {
@@ -233,19 +220,6 @@
struct pipe_auth_data auth;
enum pipe_auth_level auth_level;
-#if 0
- uint32 ntlmssp_chal_flags; /* Client challenge flags. */
- BOOL ntlmssp_auth_requested; /* If the client wanted authenticated rpc. */
- BOOL ntlmssp_auth_validated; /* If the client *got* authenticated rpc. */
- unsigned char challenge[8];
- unsigned char ntlmssp_hash[258];
- uint32 ntlmssp_seq_num;
-
- /* schannel auth state. */
- BOOL netsec_auth_validated;
- struct netsec_auth_struct netsec_auth;
-#endif
-
struct dcinfo dc; /* Keeps the creds data. */
/*
Modified: trunk/source/rpc_parse/parse_prs.c
===================================================================
--- trunk/source/rpc_parse/parse_prs.c 2005-08-22 19:47:56 UTC (rev 9486)
+++ trunk/source/rpc_parse/parse_prs.c 2005-08-22 19:48:20 UTC (rev 9487)
@@ -1412,7 +1412,7 @@
********************************************************************/
static void schannel_digest(struct schannel_auth_struct *a,
- int auth_flags,
+ enum pipe_auth_level auth_level,
RPC_AUTH_SCHANNEL_CHK * verf,
char *data, size_t data_len,
uchar digest_final[16])
@@ -1427,7 +1427,7 @@
out of order */
MD5Update(&ctx3, zeros, sizeof(zeros));
MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
- if (auth_flags & AUTH_PIPE_SEAL) {
+ if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
}
MD5Update(&ctx3, (const unsigned char *)data, data_len);
@@ -1517,7 +1517,7 @@
quite compatible with what MS does.
********************************************************************/
-void schannel_encode(struct schannel_auth_struct *a, int auth_flags,
+void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
enum schannel_direction direction,
RPC_AUTH_SCHANNEL_CHK * verf,
char *data, size_t data_len)
@@ -1533,9 +1533,9 @@
DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
- if (auth_flags & AUTH_PIPE_SEAL) {
+ if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
schannel_sig = schannel_seal_sig;
- } else if (auth_flags & AUTH_PIPE_SIGN) {
+ } else {
schannel_sig = schannel_sign_sig;
}
@@ -1561,10 +1561,10 @@
seq_num, confounder);
/* produce a digest of the packet to prove it's legit (before we seal it) */
- schannel_digest(a, auth_flags, verf, data, data_len, digest_final);
+ schannel_digest(a, auth_level, verf, data, data_len, digest_final);
memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
- if (auth_flags & AUTH_PIPE_SEAL) {
+ if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
uchar sealing_key[16];
/* get the key to encode the data with */
@@ -1596,7 +1596,7 @@
as well as decode sealed messages
********************************************************************/
-BOOL schannel_decode(struct schannel_auth_struct *a, int auth_flags,
+BOOL schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
enum schannel_direction direction,
RPC_AUTH_SCHANNEL_CHK * verf, char *data, size_t data_len)
{
@@ -1610,9 +1610,9 @@
DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
- if (auth_flags & AUTH_PIPE_SEAL) {
+ if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
schannel_sig = schannel_seal_sig;
- } else if (auth_flags & AUTH_PIPE_SIGN) {
+ } else {
schannel_sig = schannel_sign_sig;
}
@@ -1661,7 +1661,7 @@
return False;
}
- if (auth_flags & AUTH_PIPE_SEAL) {
+ if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
uchar sealing_key[16];
/* get the key to extract the data with */
@@ -1682,7 +1682,7 @@
}
/* digest includes 'data' after unsealing */
- schannel_digest(a, auth_flags, verf, data, data_len, digest_final);
+ schannel_digest(a, auth_level, verf, data, data_len, digest_final);
dump_data_pw("Calculated digest:\n", digest_final,
sizeof(digest_final));
Modified: trunk/source/rpc_server/srv_pipe.c
===================================================================
--- trunk/source/rpc_server/srv_pipe.c 2005-08-22 19:47:56 UTC (rev 9486)
+++ trunk/source/rpc_server/srv_pipe.c 2005-08-22 19:48:20 UTC (rev 9487)
@@ -405,7 +405,6 @@
/*
* Schannel processing.
*/
- int auth_type, auth_level;
char *data;
RPC_HDR_AUTH auth_info;
@@ -416,9 +415,11 @@
data = prs_data_p(&outgoing_pdu) + data_pos;
/* Check it's the type of reply we were expecting to decode */
- get_auth_type_level(p->auth.a_u.schannel_auth->auth_flags, &auth_type, &auth_level);
- init_rpc_hdr_auth(&auth_info, auth_type, auth_level,
- ss_padding_len, 1);
+ init_rpc_hdr_auth(&auth_info,
+ RPC_SCHANNEL_AUTH_TYPE,
+ p->auth_level == PIPE_AUTH_LEVEL_PRIVACY ?
+ RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY,
+ ss_padding_len, 1);
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
DEBUG(0,("create_next_pdu_schannel: failed to marshall RPC_HDR_AUTH.\n"));
@@ -430,7 +431,7 @@
prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
schannel_encode(p->auth.a_u.schannel_auth,
- p->auth.a_u.schannel_auth->auth_flags,
+ p->auth_level,
SENDER_IS_ACCEPTOR,
&verf, data, data_len + ss_padding_len);
@@ -1978,25 +1979,13 @@
return False;
}
- if (auth_info.auth_level == RPC_AUTH_LEVEL_PRIVACY) {
- p->auth.a_u.schannel_auth->auth_flags = AUTH_PIPE_SCHANNEL|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL;
- } else if (auth_info.auth_level == RPC_AUTH_LEVEL_INTEGRITY) {
- p->auth.a_u.schannel_auth->auth_flags = AUTH_PIPE_SCHANNEL|AUTH_PIPE_SIGN;
- } else {
- DEBUG(0,("Invalid auth level %d on schannel\n",
- auth_info.auth_level));
- return False;
- }
-
- if(!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN,
- &schannel_chk, rpc_in, 0))
- {
+ if(!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, &schannel_chk, rpc_in, 0)) {
DEBUG(0,("failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n"));
return False;
}
if (!schannel_decode(p->auth.a_u.schannel_auth,
- p->auth.a_u.schannel_auth->auth_flags,
+ p->auth_level,
SENDER_IS_INITIATOR,
&schannel_chk,
prs_data_p(rpc_in)+old_offset, data_len)) {
More information about the samba-cvs
mailing list