svn commit: samba r9978 - in branches/tmp/RPCREWRITE/source: rpc_client rpc_server

jra at samba.org jra at samba.org
Fri Sep 2 23:42:57 GMT 2005 

Author: jra
Date: 2005-09-02 23:42:56 +0000 (Fri, 02 Sep 2005)
New Revision: 9978

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9978

Log:
Schannel now seems to work (at least to Samba3 head).
Jeremy.

Modified:
   branches/tmp/RPCREWRITE/source/rpc_client/cli_pipe.c
   branches/tmp/RPCREWRITE/source/rpc_server/srv_pipe.c


Changeset:
Modified: branches/tmp/RPCREWRITE/source/rpc_client/cli_pipe.c
===================================================================
--- branches/tmp/RPCREWRITE/source/rpc_client/cli_pipe.c	2005-09-02 23:36:01 UTC (rev 9977)
+++ branches/tmp/RPCREWRITE/source/rpc_client/cli_pipe.c	2005-09-02 23:42:56 UTC (rev 9978)
@@ -402,10 +402,11 @@
 	}
 
 	if (!schannel_decode(schannel_auth,
-				cli->auth.auth_level,
-				SENDER_IS_ACCEPTOR,
-				&schannel_chk,
-				prs_data_p(current_pdu)+RPC_HDR_RESP_LEN, data_len)) {
+			cli->auth.auth_level,
+			SENDER_IS_ACCEPTOR,
+			&schannel_chk,
+			prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN,
+			data_len)) {
 		DEBUG(3,("cli_pipe_verify_schannel: failed to decode PDU "
 				"Connection to remote machine %s "
 				"pipe %s fnum 0x%x.\n",
@@ -1184,37 +1185,61 @@
 static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
 					RPC_HDR *phdr,
 					uint32 ss_padding_len,
-					prs_struct *p_outgoing_pdu)
+					prs_struct *outgoing_pdu)
 {
-#if 0
-			else if (cli->pipe_auth_flags & AUTH_PIPE_SCHANNEL) {	
-				size_t parse_offset_marker;
-				RPC_AUTH_SCHANNEL_CHK verf;
-				DEBUG(10,("SCHANNEL seq_num=%d\n", cli->auth_info.seq_num));
-				
-				schannel_encode(&cli->auth_info, 
-					      cli->pipe_auth_flags,
-					      SENDER_IS_INITIATOR,
-					      &verf,
-					      prs_data_p(&sec_blob),
-					      data_and_padding_size);
+	RPC_HDR_AUTH auth_info;
+	RPC_AUTH_SCHANNEL_CHK verf;
+	struct schannel_auth_struct *sas = cli->auth.a_u.schannel_auth;
+	char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN;
+	size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
 
-				cli->auth_info.seq_num++;
+	if (!sas) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
-				/* write auth footer onto the packet */
-				
-				parse_offset_marker = prs_offset(&sec_blob);
-				if (!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, 
-					&verf, &sec_blob, 0)) 
-				{
-					prs_mem_free(&sec_blob);
-					return False;
-				}
-				real_auth_len = prs_offset(&sec_blob) - parse_offset_marker;
-			}
-		}
-#endif
-	return NT_STATUS_NO_MEMORY;
+	/* Init and marshall the auth header. */
+	init_rpc_hdr_auth(&auth_info,
+			map_pipe_auth_type_to_rpc_auth_type(cli->auth.auth_type),
+			cli->auth.auth_level,
+			ss_padding_len,
+			1 /* context id. */);
+
+	if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, outgoing_pdu, 0)) {
+		DEBUG(0,("add_schannel_auth_footer: failed to marshall RPC_HDR_AUTH.\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch (cli->auth.auth_level) {
+		case PIPE_AUTH_LEVEL_PRIVACY:
+		case PIPE_AUTH_LEVEL_INTEGRITY:
+			DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
+				sas->seq_num));
+
+			schannel_encode(sas,
+					cli->auth.auth_level,
+					SENDER_IS_INITIATOR,
+					&verf,
+					data_p,
+					data_and_pad_len);
+
+			sas->seq_num++;
+			break;
+
+		default:
+			/* Can't happen. */
+			smb_panic("bad auth level");
+			/* Notreached. */
+			return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* Finally marshall the blob. */
+	smb_io_rpc_auth_schannel_chk("",
+			RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN,
+			&verf,
+			outgoing_pdu,
+			0);
+                                                                                               
+	return NT_STATUS_OK;
 }
 
 /*******************************************************************

Modified: branches/tmp/RPCREWRITE/source/rpc_server/srv_pipe.c
===================================================================
--- branches/tmp/RPCREWRITE/source/rpc_server/srv_pipe.c	2005-09-02 23:36:01 UTC (rev 9977)
+++ branches/tmp/RPCREWRITE/source/rpc_server/srv_pipe.c	2005-09-02 23:42:56 UTC (rev 9978)
@@ -407,10 +407,7 @@
 		 */
 		char *data;
 		RPC_HDR_AUTH auth_info;
-
 		RPC_AUTH_SCHANNEL_CHK verf;
-		prs_struct rverf;
-		prs_struct rauth;
 
 		data = prs_data_p(&outgoing_pdu) + data_pos;
 		/* Check it's the type of reply we were expecting to decode */
@@ -427,16 +424,16 @@
 			return False;
 		}
 
-		prs_init(&rverf, 0, p->mem_ctx, MARSHALL);
-		prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
-
 		schannel_encode(p->auth.a_u.schannel_auth, 
 			      p->auth.auth_level,
 			      SENDER_IS_ACCEPTOR,
 			      &verf, data, data_len + ss_padding_len);
 
-		smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, 
-			&verf, &outgoing_pdu, 0);
+		if (!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, 
+				&verf, &outgoing_pdu, 0)) {
+			prs_mem_free(&outgoing_pdu);
+			return False;
+		}
 
 		p->auth.a_u.schannel_auth->seq_num++;
 	}

More information about the samba-cvs mailing list