svn commit: samba r9978 - in branches/tmp/RPCREWRITE/source:
rpc_client rpc_server
jra at samba.org
jra at samba.org
Fri Sep 2 23:42:57 GMT 2005
Author: jra
Date: 2005-09-02 23:42:56 +0000 (Fri, 02 Sep 2005)
New Revision: 9978
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9978
Log:
Schannel now seems to work (at least to Samba3 head).
Jeremy.
Modified:
branches/tmp/RPCREWRITE/source/rpc_client/cli_pipe.c
branches/tmp/RPCREWRITE/source/rpc_server/srv_pipe.c
Changeset:
Modified: branches/tmp/RPCREWRITE/source/rpc_client/cli_pipe.c
===================================================================
--- branches/tmp/RPCREWRITE/source/rpc_client/cli_pipe.c 2005-09-02 23:36:01 UTC (rev 9977)
+++ branches/tmp/RPCREWRITE/source/rpc_client/cli_pipe.c 2005-09-02 23:42:56 UTC (rev 9978)
@@ -402,10 +402,11 @@
}
if (!schannel_decode(schannel_auth,
- cli->auth.auth_level,
- SENDER_IS_ACCEPTOR,
- &schannel_chk,
- prs_data_p(current_pdu)+RPC_HDR_RESP_LEN, data_len)) {
+ cli->auth.auth_level,
+ SENDER_IS_ACCEPTOR,
+ &schannel_chk,
+ prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN,
+ data_len)) {
DEBUG(3,("cli_pipe_verify_schannel: failed to decode PDU "
"Connection to remote machine %s "
"pipe %s fnum 0x%x.\n",
@@ -1184,37 +1185,61 @@
static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
RPC_HDR *phdr,
uint32 ss_padding_len,
- prs_struct *p_outgoing_pdu)
+ prs_struct *outgoing_pdu)
{
-#if 0
- else if (cli->pipe_auth_flags & AUTH_PIPE_SCHANNEL) {
- size_t parse_offset_marker;
- RPC_AUTH_SCHANNEL_CHK verf;
- DEBUG(10,("SCHANNEL seq_num=%d\n", cli->auth_info.seq_num));
-
- schannel_encode(&cli->auth_info,
- cli->pipe_auth_flags,
- SENDER_IS_INITIATOR,
- &verf,
- prs_data_p(&sec_blob),
- data_and_padding_size);
+ RPC_HDR_AUTH auth_info;
+ RPC_AUTH_SCHANNEL_CHK verf;
+ struct schannel_auth_struct *sas = cli->auth.a_u.schannel_auth;
+ char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN;
+ size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
- cli->auth_info.seq_num++;
+ if (!sas) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
- /* write auth footer onto the packet */
-
- parse_offset_marker = prs_offset(&sec_blob);
- if (!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN,
- &verf, &sec_blob, 0))
- {
- prs_mem_free(&sec_blob);
- return False;
- }
- real_auth_len = prs_offset(&sec_blob) - parse_offset_marker;
- }
- }
-#endif
- return NT_STATUS_NO_MEMORY;
+ /* Init and marshall the auth header. */
+ init_rpc_hdr_auth(&auth_info,
+ map_pipe_auth_type_to_rpc_auth_type(cli->auth.auth_type),
+ cli->auth.auth_level,
+ ss_padding_len,
+ 1 /* context id. */);
+
+ if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, outgoing_pdu, 0)) {
+ DEBUG(0,("add_schannel_auth_footer: failed to marshall RPC_HDR_AUTH.\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ switch (cli->auth.auth_level) {
+ case PIPE_AUTH_LEVEL_PRIVACY:
+ case PIPE_AUTH_LEVEL_INTEGRITY:
+ DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
+ sas->seq_num));
+
+ schannel_encode(sas,
+ cli->auth.auth_level,
+ SENDER_IS_INITIATOR,
+ &verf,
+ data_p,
+ data_and_pad_len);
+
+ sas->seq_num++;
+ break;
+
+ default:
+ /* Can't happen. */
+ smb_panic("bad auth level");
+ /* Notreached. */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* Finally marshall the blob. */
+ smb_io_rpc_auth_schannel_chk("",
+ RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN,
+ &verf,
+ outgoing_pdu,
+ 0);
+
+ return NT_STATUS_OK;
}
/*******************************************************************
Modified: branches/tmp/RPCREWRITE/source/rpc_server/srv_pipe.c
===================================================================
--- branches/tmp/RPCREWRITE/source/rpc_server/srv_pipe.c 2005-09-02 23:36:01 UTC (rev 9977)
+++ branches/tmp/RPCREWRITE/source/rpc_server/srv_pipe.c 2005-09-02 23:42:56 UTC (rev 9978)
@@ -407,10 +407,7 @@
*/
char *data;
RPC_HDR_AUTH auth_info;
-
RPC_AUTH_SCHANNEL_CHK verf;
- prs_struct rverf;
- prs_struct rauth;
data = prs_data_p(&outgoing_pdu) + data_pos;
/* Check it's the type of reply we were expecting to decode */
@@ -427,16 +424,16 @@
return False;
}
- prs_init(&rverf, 0, p->mem_ctx, MARSHALL);
- prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
-
schannel_encode(p->auth.a_u.schannel_auth,
p->auth.auth_level,
SENDER_IS_ACCEPTOR,
&verf, data, data_len + ss_padding_len);
- smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN,
- &verf, &outgoing_pdu, 0);
+ if (!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN,
+ &verf, &outgoing_pdu, 0)) {
+ prs_mem_free(&outgoing_pdu);
+ return False;
+ }
p->auth.a_u.schannel_auth->seq_num++;
}
More information about the samba-cvs
mailing list