[SCM] Samba Shared Repository - branch master updated
Simo Sorce
idra at samba.org
Thu Jul 8 16:59:28 MDT 2010
The branch, master has been updated
via 966641b... s3-dcerpc: Use dcerpc_pull_dcerpc_auth in api_pipe_bind_auth3()
via 2076009... s3-dcerpc: Use dcerpc_auth in api_pipe_bind_req()
via 1796767... s3-dcerpc: make dcerpc_pull_dcerpc_auth() public
via a054832... s3-dcerpc: make dceprc_push_dcerpc_auth public
via aca60c2... s3-dcerpc: use dcerpc_pull_dcerpc_auth() in rpc_finish_spnego_ntlmssp_bind_send()
via 5591135... s3-dcerpc: use dcerpc_push_dcerpc_auth in add_schannel_auth_footer()
via 1febe9d... s3-dcerpc: use dcerpc_push_dcerpc_auth() in add_ntlmssp_auth_footer()
via c609e84... s3-dcerpc: use dcerpc_pull_dcerpc_auth() in cli_pipe_verify_schannel()
via 91cb2ae... s3-dcerpc: use dcerpc_push_ncacn_packet() in create_rpc_bind_auth3()
from 7e134f1... Change one more use of "struct rpc_hdr_info" -> "struct ncacn_packet_header"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 966641b9fed90a34beae32fff091edb983ca6359
Author: Simo Sorce <idra at samba.org>
Date: Thu Jul 8 18:38:25 2010 -0400
s3-dcerpc: Use dcerpc_pull_dcerpc_auth in api_pipe_bind_auth3()
commit 207600991c2e42309672ab7d3c9731c5c77696d1
Author: Simo Sorce <idra at samba.org>
Date: Thu Jul 8 16:02:08 2010 -0400
s3-dcerpc: Use dcerpc_auth in api_pipe_bind_req()
commit 1796767a36fcd880139eb40176c7bcb34fd4ec90
Author: Simo Sorce <idra at samba.org>
Date: Thu Jul 8 15:18:08 2010 -0400
s3-dcerpc: make dcerpc_pull_dcerpc_auth() public
commit a054832f4fda4a158c1d0bf6fa2646bd5835aa2e
Author: Simo Sorce <idra at samba.org>
Date: Thu Jul 8 11:36:03 2010 -0400
s3-dcerpc: make dceprc_push_dcerpc_auth public
commit aca60c29e7f890524ebd3a896a3e4f591b5830f6
Author: Simo Sorce <idra at samba.org>
Date: Thu Jul 8 15:16:32 2010 -0400
s3-dcerpc: use dcerpc_pull_dcerpc_auth() in rpc_finish_spnego_ntlmssp_bind_send()
commit 559113596478a5ac8f5227bc25a3720db56314fe
Author: Simo Sorce <idra at samba.org>
Date: Thu Jul 8 15:04:40 2010 -0400
s3-dcerpc: use dcerpc_push_dcerpc_auth in add_schannel_auth_footer()
commit 1febe9de6b6137d575ac1b1263e7d1f7a29cea1f
Author: Simo Sorce <idra at samba.org>
Date: Thu Jul 8 14:55:20 2010 -0400
s3-dcerpc: use dcerpc_push_dcerpc_auth() in add_ntlmssp_auth_footer()
commit c609e84170486f183ad0a7a13c87c3b7c7bc490d
Author: Simo Sorce <idra at samba.org>
Date: Thu Jul 8 14:00:54 2010 -0400
s3-dcerpc: use dcerpc_pull_dcerpc_auth() in cli_pipe_verify_schannel()
commit 91cb2aed54cb7fe1f5e5c6359b0ef505f689b172
Author: Simo Sorce <idra at samba.org>
Date: Thu Jul 8 13:30:50 2010 -0400
s3-dcerpc: use dcerpc_push_ncacn_packet() in create_rpc_bind_auth3()
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 10 ++
source3/rpc_client/cli_pipe.c | 266 ++++++++++++++++++++---------------------
source3/rpc_server/srv_pipe.c | 199 +++++++++++++++----------------
3 files changed, 238 insertions(+), 237 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 8ce2bf1..860e19d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4847,6 +4847,16 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
NTSTATUS dcerpc_pull_ncacn_packet_header(TALLOC_CTX *mem_ctx,
const DATA_BLOB *blob,
struct ncacn_packet_header *r);
+NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level,
+ uint8_t auth_pad_length,
+ uint32_t auth_context_id,
+ const DATA_BLOB *credentials,
+ DATA_BLOB *blob);
+NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *blob,
+ struct dcerpc_auth *r);
struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct rpc_pipe_client *cli,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 9c6982b..b9b04b6 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -404,9 +404,9 @@ static NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx,
/*******************************************************************
********************************************************************/
-static NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
- const DATA_BLOB *blob,
- struct dcerpc_auth *r)
+NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *blob,
+ struct dcerpc_auth *r)
{
enum ndr_err_code ndr_err;
@@ -930,7 +930,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli,
prs_struct *current_pdu,
uint8 *p_ss_padding_len)
{
- RPC_HDR_AUTH auth_info;
+ struct dcerpc_auth auth_info;
uint32_t auth_len = prhdr->auth_length;
uint32 save_offset = prs_offset(current_pdu);
struct schannel_state *schannel_auth =
@@ -976,17 +976,23 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli,
return NT_STATUS_BUFFER_TOO_SMALL;
}
- if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, current_pdu, 0)) {
- DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshall RPC_HDR_AUTH.\n"));
- return NT_STATUS_BUFFER_TOO_SMALL;
+ blob = data_blob_const(prs_data_p(current_pdu)
+ + prs_offset(current_pdu),
+ prs_data_size(current_pdu)
+ - prs_offset(current_pdu));
+
+ status = dcerpc_pull_dcerpc_auth(cli, &blob, &auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("cli_pipe_verify_ntlmssp: failed to unmarshall dcerpc_auth.\n"));
+ return status;
}
/* Ensure auth_pad_len fits into the packet. */
- if (RPC_HEADER_LEN + RPC_HDR_REQ_LEN + auth_info.auth_pad_len +
+ if (RPC_HEADER_LEN + RPC_HDR_REQ_LEN + auth_info.auth_pad_length +
RPC_HDR_AUTH_LEN + auth_len > prhdr->frag_length) {
DEBUG(0,("cli_pipe_verify_schannel: auth_info.auth_pad_len "
"too large (%u), auth_len (%u), frag_len = (%u).\n",
- (unsigned int)auth_info.auth_pad_len,
+ (unsigned int)auth_info.auth_pad_length,
(unsigned int)auth_len,
(unsigned int)prhdr->frag_length));
return NT_STATUS_BUFFER_TOO_SMALL;
@@ -1051,7 +1057,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli,
* stream once the sign/seal is done.
*/
- *p_ss_padding_len = auth_info.auth_pad_len;
+ *p_ss_padding_len = auth_info.auth_pad_length;
return NT_STATUS_OK;
}
@@ -1748,15 +1754,16 @@ static NTSTATUS rpc_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
}
/*******************************************************************
+ Creates an auth_data blob.
********************************************************************/
-static NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
- enum dcerpc_AuthType auth_type,
- enum dcerpc_AuthLevel auth_level,
- uint8_t auth_pad_length,
- uint32_t auth_context_id,
- const DATA_BLOB *credentials,
- DATA_BLOB *blob)
+NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level,
+ uint8_t auth_pad_length,
+ uint32_t auth_context_id,
+ const DATA_BLOB *credentials,
+ DATA_BLOB *blob)
{
struct dcerpc_auth r;
enum ndr_err_code ndr_err;
@@ -2125,82 +2132,76 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli,
static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
uint32 ss_padding_len,
- prs_struct *outgoing_pdu)
+ prs_struct *rpc_out)
{
- RPC_HDR_AUTH auth_info;
+ DATA_BLOB auth_info;
NTSTATUS status;
DATA_BLOB auth_blob = data_blob_null;
- uint16 data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
- TALLOC_CTX *frame;
+ uint16_t data_and_pad_len =
+ prs_offset(rpc_out) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
if (!cli->auth->a_u.ntlmssp_state) {
return NT_STATUS_INVALID_PARAMETER;
}
- frame = talloc_stackframe();
-
- /* Init and marshall the auth header. */
- init_rpc_hdr_auth(&auth_info,
- map_pipe_auth_type_to_rpc_auth_type(
- cli->auth->auth_type),
- cli->auth->auth_level,
- ss_padding_len,
- 1 /* context id. */);
-
- if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, outgoing_pdu, 0)) {
- DEBUG(0,("add_ntlmssp_auth_footer: failed to marshall RPC_HDR_AUTH.\n"));
- talloc_free(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
switch (cli->auth->auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- /* Data portion is encrypted. */
- status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
- frame,
- (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ /* Data portion is encrypted. */
+ status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
+ prs_get_mem_context(rpc_out),
+ (unsigned char *)prs_data_p(rpc_out)
+ + RPC_HEADER_LEN
+ + RPC_HDR_RESP_LEN,
data_and_pad_len,
- (unsigned char *)prs_data_p(outgoing_pdu),
- (size_t)prs_offset(outgoing_pdu),
+ (unsigned char *)prs_data_p(rpc_out),
+ (size_t)prs_offset(rpc_out),
&auth_blob);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(frame);
- return status;
- }
- break;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ break;
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- /* Data is signed. */
- status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
- frame,
- (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ /* Data is signed. */
+ status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
+ prs_get_mem_context(rpc_out),
+ (unsigned char *)prs_data_p(rpc_out)
+ + RPC_HEADER_LEN
+ + RPC_HDR_RESP_LEN,
data_and_pad_len,
- (unsigned char *)prs_data_p(outgoing_pdu),
- (size_t)prs_offset(outgoing_pdu),
+ (unsigned char *)prs_data_p(rpc_out),
+ (size_t)prs_offset(rpc_out),
&auth_blob);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(frame);
- return status;
- }
- break;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ break;
- default:
- /* Can't happen. */
- smb_panic("bad auth level");
- /* Notreached. */
- return NT_STATUS_INVALID_PARAMETER;
+ default:
+ /* Can't happen. */
+ smb_panic("bad auth level");
+ /* Notreached. */
+ return NT_STATUS_INVALID_PARAMETER;
}
/* Finally marshall the blob. */
+ status = dcerpc_push_dcerpc_auth(prs_get_mem_context(rpc_out),
+ map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type),
+ cli->auth->auth_level,
+ ss_padding_len,
+ 1 /* context id. */,
+ &auth_blob,
+ &auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- if (!prs_copy_data_in(outgoing_pdu, (const char *)auth_blob.data, NTLMSSP_SIG_SIZE)) {
- DEBUG(0,("add_ntlmssp_auth_footer: failed to add %u bytes auth blob.\n",
- (unsigned int)NTLMSSP_SIG_SIZE));
- talloc_free(frame);
+ if (!prs_copy_data_in(rpc_out, (const char *)auth_info.data, auth_info.length)) {
+ DEBUG(0, ("add_ntlmssp_auth_footer: failed to add %u bytes auth blob.\n",
+ (unsigned int)auth_info.length));
return NT_STATUS_NO_MEMORY;
}
- talloc_free(frame);
return NT_STATUS_OK;
}
@@ -2210,12 +2211,12 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
uint32 ss_padding_len,
- prs_struct *outgoing_pdu)
+ prs_struct *rpc_out)
{
- RPC_HDR_AUTH auth_info;
+ DATA_BLOB auth_info;
struct schannel_state *sas = cli->auth->a_u.schannel_auth;
- char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN;
- size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
+ char *data_p = prs_data_p(rpc_out) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN;
+ size_t data_and_pad_len = prs_offset(rpc_out) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
DATA_BLOB blob;
NTSTATUS status;
@@ -2223,18 +2224,6 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
return NT_STATUS_INVALID_PARAMETER;
}
- /* Init and marshall the auth header. */
- init_rpc_hdr_auth(&auth_info,
- map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type),
- cli->auth->auth_level,
- ss_padding_len,
- 1 /* context id. */);
-
- if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, outgoing_pdu, 0)) {
- DEBUG(0,("add_schannel_auth_footer: failed to marshall RPC_HDR_AUTH.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
sas->seq_num));
@@ -2271,7 +2260,18 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
}
/* Finally marshall the blob. */
- if (!prs_copy_data_in(outgoing_pdu, (const char *)blob.data, blob.length)) {
+ status = dcerpc_push_dcerpc_auth(prs_get_mem_context(rpc_out),
+ map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type),
+ cli->auth->auth_level,
+ ss_padding_len,
+ 1 /* context id. */,
+ &blob,
+ &auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (!prs_copy_data_in(rpc_out, (const char *)auth_info.data, auth_info.length)) {
return NT_STATUS_NO_MEMORY;
}
@@ -2713,48 +2713,43 @@ static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
DATA_BLOB *pauth_blob,
prs_struct *rpc_out)
{
- RPC_HDR hdr;
- RPC_HDR_AUTH hdr_auth;
- uint32 pad = 0;
-
- /* Create the request RPC_HDR */
- init_rpc_hdr(&hdr, DCERPC_PKT_AUTH3, DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST, rpc_call_id,
- RPC_HEADER_LEN + 4 /* pad */ + RPC_HDR_AUTH_LEN + pauth_blob->length,
- pauth_blob->length );
-
- /* Marshall it. */
- if(!smb_io_rpc_hdr("hdr", &hdr, rpc_out, 0)) {
- DEBUG(0,("create_rpc_bind_auth3: failed to marshall RPC_HDR.\n"));
- return NT_STATUS_NO_MEMORY;
- }
+ uint16_t auth_len = pauth_blob->length;
+ uint16_t frag_len = 0;
+ NTSTATUS status;
+ union dcerpc_payload u;
+ DATA_BLOB blob;
- /*
- I'm puzzled about this - seems to violate the DCE RPC auth rules,
- about padding - shouldn't this pad to length CLIENT_NDR_PADDING_SIZE ? JRA.
- */
+ u.auth3._pad = 0;
- /* 4 bytes padding. */
- if (!prs_uint32("pad", rpc_out, 0, &pad)) {
- DEBUG(0,("create_rpc_bind_auth3: failed to marshall 4 byte pad.\n"));
- return NT_STATUS_NO_MEMORY;
+ status = dcerpc_push_dcerpc_auth(prs_get_mem_context(rpc_out),
+ map_pipe_auth_type_to_rpc_auth_type(auth_type),
+ auth_level,
+ 0, /* auth_pad_length */
+ 1, /* auth_context_id */
+ pauth_blob,
+ &u.auth3.auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- /* Create the request RPC_HDR_AUTHA */
- init_rpc_hdr_auth(&hdr_auth,
- map_pipe_auth_type_to_rpc_auth_type(auth_type),
- auth_level, 0, 1);
+ /* Start building the frag length. */
+ frag_len = RPC_HEADER_LEN + 4 /* pad */ + RPC_HDR_AUTH_LEN + auth_len;
- if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rpc_out, 0)) {
- DEBUG(0,("create_rpc_bind_auth3: failed to marshall RPC_HDR_AUTHA.\n"));
- return NT_STATUS_NO_MEMORY;
+ status = dcerpc_push_ncacn_packet(prs_get_mem_context(rpc_out),
+ DCERPC_PKT_AUTH3,
+ DCERPC_PFC_FLAG_FIRST |
+ DCERPC_PFC_FLAG_LAST,
+ frag_len,
+ auth_len ? auth_len - RPC_HDR_AUTH_LEN : 0,
+ rpc_call_id,
+ u,
+ &blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("create_bind_or_alt_ctx_internal: failed to marshall RPC_HDR_RB.\n"));
+ return status;
}
- /*
- * Append the auth data to the outgoing buffer.
- */
-
- if(!prs_copy_data_in(rpc_out, (char *)pauth_blob->data, pauth_blob->length)) {
- DEBUG(0,("create_rpc_bind_auth3: failed to marshall auth blob.\n"));
+ if (!prs_copy_data_in(rpc_out, (char *)blob.data, blob.length)) {
return NT_STATUS_NO_MEMORY;
}
@@ -3039,13 +3034,13 @@ static void rpc_bind_auth3_write_done(struct tevent_req *subreq)
static NTSTATUS rpc_finish_spnego_ntlmssp_bind_send(struct tevent_req *req,
struct rpc_pipe_bind_state *state,
struct ncacn_packet *r,
- prs_struct *reply_pdu)
+ prs_struct *rpc_in)
{
- DATA_BLOB server_spnego_response = data_blob_null;
DATA_BLOB server_ntlm_response = data_blob_null;
DATA_BLOB client_reply = data_blob_null;
DATA_BLOB tmp_blob = data_blob_null;
- RPC_HDR_AUTH hdr_auth;
+ struct dcerpc_auth auth_info;
+ DATA_BLOB auth_blob;
struct tevent_req *subreq;
NTSTATUS status;
@@ -3056,33 +3051,32 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind_send(struct tevent_req *req,
/* Process the returned NTLMSSP blob first. */
if (!prs_set_offset(
- reply_pdu,
+ rpc_in,
r->frag_length - r->auth_length - RPC_HDR_AUTH_LEN)) {
return NT_STATUS_INVALID_PARAMETER;
}
- if (!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, reply_pdu, 0)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
+ auth_blob = data_blob_const(prs_data_p(rpc_in) + prs_offset(rpc_in),
+ prs_data_size(rpc_in) - prs_offset(rpc_in));
- server_spnego_response = data_blob(NULL, r->auth_length);
- prs_copy_data_out((char *)server_spnego_response.data,
- reply_pdu, r->auth_length);
+ status = dcerpc_pull_dcerpc_auth(state, &auth_blob, &auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to unmarshall dcerpc_auth.\n"));
+ return status;
+ }
/*
* The server might give us back two challenges - tmp_blob is for the
* second.
*/
- if (!spnego_parse_challenge(server_spnego_response,
+ if (!spnego_parse_challenge(auth_info.credentials,
&server_ntlm_response, &tmp_blob)) {
- data_blob_free(&server_spnego_response);
data_blob_free(&server_ntlm_response);
data_blob_free(&tmp_blob);
return NT_STATUS_INVALID_PARAMETER;
}
/* We're finished with the server spnego response and the tmp_blob. */
- data_blob_free(&server_spnego_response);
data_blob_free(&tmp_blob);
status = ntlmssp_update(state->cli->auth->a_u.ntlmssp_state,
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index a63e00a..7a62616 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -748,12 +748,11 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
{
- RPC_HDR_AUTH auth_info;
+ struct dcerpc_auth auth_info;
uint32 pad = 0;
- DATA_BLOB blob;
+ DATA_BLOB auth_blob;
uint32_t auth_len = p->hdr.auth_len;
-
- ZERO_STRUCT(blob);
+ NTSTATUS status;
DEBUG(5,("api_pipe_bind_auth3: decode request. %d\n", __LINE__));
@@ -796,9 +795,15 @@ bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
goto err;
}
- if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in_p, 0)) {
- DEBUG(0,("api_pipe_bind_auth3: failed to "
- "unmarshall RPC_HDR_AUTH.\n"));
+ auth_blob = data_blob_const(prs_data_p(rpc_in_p)
+ + prs_offset(rpc_in_p),
+ prs_data_size(rpc_in_p)
+ - prs_offset(rpc_in_p));
+
+ status = dcerpc_pull_dcerpc_auth(prs_get_mem_context(rpc_in_p),
+ &auth_blob, &auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to unmarshall dcerpc_auth.\n"));
goto err;
}
@@ -813,32 +818,21 @@ bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
return False;
}
- blob = data_blob(NULL,p->hdr.auth_len);
-
- if (!prs_copy_data_out((char *)blob.data, rpc_in_p, p->hdr.auth_len)) {
- DEBUG(0,("api_pipe_bind_auth3: Failed to pull %u bytes - the response blob.\n",
- (unsigned int)p->hdr.auth_len ));
- goto err;
- }
-
/*
* The following call actually checks the challenge/response data.
* for correctness against the given DOMAIN\user name.
*/
- if (!pipe_ntlmssp_verify_final(p, &blob)) {
+ if (!pipe_ntlmssp_verify_final(p, &auth_info.credentials)) {
goto err;
}
- data_blob_free(&blob);
-
p->pipe_bound = True;
--
Samba Shared Repository
More information about the samba-cvs
mailing list