The Samba-Bugzilla – Attachment 174 Details for
Bug 167
We do not support schannel signing
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Allow Samba to use 'only signed' connections
schannel-sign.patch (text/plain), 20.29 KB, created by
Andrew Bartlett
on 2003-09-30 20:27:51 UTC
(
hide
)
Description:
Allow Samba to use 'only signed' connections
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2003-09-30 20:27:51 UTC
Size:
20.29 KB
patch
obsolete
>Index: include/rpc_dce.h >=================================================================== >RCS file: /home/cvs/samba/source/include/rpc_dce.h,v >retrieving revision 1.22.2.10 >diff -u -r1.22.2.10 rpc_dce.h >--- include/rpc_dce.h 14 Aug 2003 21:14:27 -0000 1.22.2.10 >+++ include/rpc_dce.h 30 Sep 2003 23:18:39 -0000 >@@ -61,8 +61,14 @@ > > /* Netlogon schannel auth type and level */ > #define NETSEC_AUTH_TYPE 0x44 >-#define NETSEC_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } >+#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } >+#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } > #define RPC_AUTH_NETSEC_CHK_LEN 0x20 >+ >+/* The 7 here seems to be required to get Win2k not to downgrade us >+ to NT4. Actually, anything other than 1ff would seem to do... */ >+#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff >+ > #define NETLOGON_NEG_SCHANNEL 0x40000000 > > enum netsec_direction >@@ -239,13 +245,14 @@ > uint8 sig [8]; /* 77 00 7a 00 ff ff 00 00 */ > uint8 packet_digest[8]; /* checksum over the packet, MD5'ed with session key */ > uint8 seq_num[8]; /* verifier, seq num */ >- uint8 data8[8]; /* random 8-byte nonce */ >+ uint8 confounder[8]; /* random 8-byte nonce */ > } RPC_AUTH_NETSEC_CHK; > > struct netsec_auth_struct > { > uchar sess_key[16]; > uint32 seq_num; >+ int auth_flags; > }; > > /* RPC_BIND_REQ - ms req bind */ >Index: rpcclient/rpcclient.c >=================================================================== >RCS file: /home/cvs/samba/source/rpcclient/rpcclient.c,v >retrieving revision 1.180.2.31 >diff -u -r1.180.2.31 rpcclient.c >--- rpcclient/rpcclient.c 19 Aug 2003 22:47:10 -0000 1.180.2.31 >+++ rpcclient/rpcclient.c 30 Sep 2003 23:18:40 -0000 >@@ -352,38 +352,33 @@ > return NT_STATUS_OK; > } > >-static NTSTATUS cmd_schannel(struct cli_state *cli, TALLOC_CTX *mem_ctx, >- int argc, const char **argv) >+static NTSTATUS setup_schannel(struct cli_state *cli, int pipe_auth_flags, >+ int argc, const char **argv) > { > NTSTATUS ret; >+ static uchar zeros[16]; > uchar trust_password[16]; > uint32 sec_channel_type; >- static uchar zeros[16]; >- > if (argc == 2) { > strhex_to_str((char *)cli->auth_info.sess_key, > strlen(argv[1]), > argv[1]); > memcpy(cli->sess_key, cli->auth_info.sess_key, sizeof(cli->sess_key)); > >- cli->pipe_auth_flags = AUTH_PIPE_NETSEC; >- cli->pipe_auth_flags |= AUTH_PIPE_SIGN; >- cli->pipe_auth_flags |= AUTH_PIPE_SEAL; >- >+ cli->pipe_auth_flags = pipe_auth_flags; > return NT_STATUS_OK; > } > > /* Cleanup */ > > if ((memcmp(cli->auth_info.sess_key, zeros, sizeof(cli->auth_info.sess_key)) != 0)) { >- if (cli->pipe_auth_flags == (AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL)) { >+ if (cli->pipe_auth_flags == pipe_auth_flags) { > /* already in this mode nothing to do */ > return NT_STATUS_OK; > } else { >- /* schannel is setup, just need to use it again */ >- cli->pipe_auth_flags = AUTH_PIPE_NETSEC; >- cli->pipe_auth_flags |= AUTH_PIPE_SIGN; >- cli->pipe_auth_flags |= AUTH_PIPE_SEAL; >+ /* schannel is setup, just need to use it again with new flags */ >+ cli->pipe_auth_flags = pipe_auth_flags; >+ > if (cli->nt_pipe_fnum != 0) > cli_nt_session_close(cli); > return NT_STATUS_OK; >@@ -393,17 +388,13 @@ > if (cli->nt_pipe_fnum != 0) > cli_nt_session_close(cli); > >- cli->pipe_auth_flags = AUTH_PIPE_NETSEC; >- cli->pipe_auth_flags |= AUTH_PIPE_SIGN; >- cli->pipe_auth_flags |= AUTH_PIPE_SEAL; >- > if (!secrets_fetch_trust_account_password(lp_workgroup(), > trust_password, > NULL, &sec_channel_type)) { > return NT_STATUS_UNSUCCESSFUL; > } > >- ret = cli_nt_setup_netsec(cli, sec_channel_type, trust_password); >+ ret = cli_nt_setup_netsec(cli, sec_channel_type, pipe_auth_flags, trust_password); > if (NT_STATUS_IS_OK(ret)) { > char *hex_session_key; > hex_encode(cli->auth_info.sess_key, >@@ -415,6 +406,24 @@ > return ret; > } > >+ >+static NTSTATUS cmd_schannel(struct cli_state *cli, TALLOC_CTX *mem_ctx, >+ int argc, const char **argv) >+{ >+ d_printf("Setting schannel - sign and seal\n"); >+ return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL, >+ argc, argv); >+} >+ >+static NTSTATUS cmd_schannel_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx, >+ int argc, const char **argv) >+{ >+ d_printf("Setting schannel - sign only\n"); >+ return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN, >+ argc, argv); >+} >+ >+ > /* Built in rpcclient commands */ > > static struct cmd_set rpcclient_commands[] = { >@@ -430,6 +439,7 @@ > { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, "Force RPC pipe connections to be signed", "" }, > { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, "Force RPC pipe connections to be sealed", "" }, > { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, "Force RPC pipe connections to be sealed with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" }, >+ { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, -1, "Force RPC pipe connections to be signed (not sealed) with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" }, > { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, "Force RPC pipe connections to have no special properties", "" }, > > { NULL } >@@ -522,9 +532,7 @@ > /* some of the DsXXX commands use the netlogon pipe */ > > if (lp_client_schannel() && (cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) { >- /* The 7 here seems to be required to get Win2k not to downgrade us >- to NT4. Actually, anything other than 1ff would seem to do... */ >- uint32 neg_flags = 0x000001ff; >+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; > uint32 sec_channel_type; > > if (!secrets_fetch_trust_account_password(lp_workgroup(), >Index: rpc_client/cli_pipe.c >=================================================================== >RCS file: /home/cvs/samba/source/rpc_client/cli_pipe.c,v >retrieving revision 1.79.2.37 >diff -u -r1.79.2.37 cli_pipe.c >--- rpc_client/cli_pipe.c 19 Aug 2003 20:39:32 -0000 1.79.2.37 >+++ rpc_client/cli_pipe.c 30 Sep 2003 23:18:41 -0000 >@@ -29,7 +29,9 @@ > > extern struct pipe_id_info pipe_names[]; > >-static void get_auth_type_level(int pipe_auth_flags, int *auth_type, int *auth_level) >+/* convert pipe auth flags into the RPC auth type and level */ >+ >+void get_auth_type_level(int pipe_auth_flags, int *auth_type, int *auth_level) > { > *auth_type = 0; > *auth_level = 0; >@@ -938,7 +940,6 @@ > uint32 data_len, send_size; > uint8 flags = 0; > uint32 auth_padding = 0; >- RPC_AUTH_NETSEC_CHK verf; > DATA_BLOB sign_blob; > > /* >@@ -1022,14 +1023,10 @@ > > } > else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) { >- static const uchar netsec_sig[8] = NETSEC_SIGNATURE; >- static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 }; > size_t parse_offset_marker; >+ RPC_AUTH_NETSEC_CHK verf; > DEBUG(10,("SCHANNEL seq_num=%d\n", cli->auth_info.seq_num)); > >- init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes, >- nullbytes, nullbytes); >- > netsec_encode(&cli->auth_info, > cli->pipe_auth_flags, > SENDER_IS_INITIATOR, >@@ -1277,8 +1274,10 @@ > prs_init(&rpc_out, RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN, /* need at least this much */ > cli->mem_ctx, MARSHALL); > >- create_rpc_bind_resp(cli, rpc_call_id, >- &rpc_out); >+ if (!NT_STATUS_IS_OK(create_rpc_bind_resp(cli, rpc_call_id, >+ &rpc_out))) { >+ return False; >+ } > > if ((ret = cli_write(cli, cli->nt_pipe_fnum, 0x8, prs_data_p(&rpc_out), > 0, (size_t)prs_offset(&rpc_out))) != (ssize_t)prs_offset(&rpc_out)) { >@@ -1493,9 +1492,7 @@ > const uchar trust_password[16]) > { > NTSTATUS result; >- /* The 7 here seems to be required to get Win2k not to downgrade us >- to NT4. Actually, anything other than 1ff would seem to do... */ >- uint32 neg_flags = 0x000701ff; >+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; > int fnum; > > cli_nt_netlogon_netsec_session_close(cli); >@@ -1584,13 +1581,11 @@ > } > > >-NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan, >+NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan, int auth_flags, > const uchar trust_password[16]) > { > NTSTATUS result; >- /* The 7 here seems to be required to get Win2k not to downgrade us >- to NT4. Actually, anything other than 1ff would seem to do... */ >- uint32 neg_flags = 0x000701ff; >+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; > cli->pipe_auth_flags = 0; > > if (lp_client_schannel() == False) { >@@ -1632,7 +1627,7 @@ > cli->nt_pipe_fnum = 0; > > /* doing schannel, not per-user auth */ >- cli->pipe_auth_flags = AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL; >+ cli->pipe_auth_flags = auth_flags; > > return NT_STATUS_OK; > } >Index: rpc_parse/parse_prs.c >=================================================================== >RCS file: /home/cvs/samba/source/rpc_parse/parse_prs.c,v >retrieving revision 1.75.2.17 >diff -u -r1.75.2.17 parse_prs.c >--- rpc_parse/parse_prs.c 15 Aug 2003 04:42:04 -0000 1.75.2.17 >+++ rpc_parse/parse_prs.c 30 Sep 2003 23:18:43 -0000 >@@ -3,7 +3,8 @@ > Samba memory buffer functions > Copyright (C) Andrew Tridgell 1992-1997 > Copyright (C) Luke Kenneth Casson Leighton 1996-1997 >- Copyright (C) Jeremy Allison 1999. >+ Copyright (C) Jeremy Allison 1999 >+ Copyright (C) Andrew Bartlett 2003. > > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by >@@ -1337,47 +1338,6 @@ > return True; > } > >-static void netsechash(uchar * key, uchar * data, int data_len) >-{ >- uchar hash[256]; >- uchar index_i = 0; >- uchar index_j = 0; >- uchar j = 0; >- int ind; >- >- for (ind = 0; ind < 256; ind++) >- { >- hash[ind] = (uchar) ind; >- } >- >- for (ind = 0; ind < 256; ind++) >- { >- uchar tc; >- >- j += (hash[ind] + key[ind % 16]); >- >- tc = hash[ind]; >- hash[ind] = hash[j]; >- hash[j] = tc; >- } >- >- for (ind = 0; ind < data_len; ind++) >- { >- uchar tc; >- uchar t; >- >- index_i++; >- index_j += hash[index_i]; >- >- tc = hash[index_i]; >- hash[index_i] = hash[index_j]; >- hash[index_j] = tc; >- >- t = hash[index_i] + hash[index_j]; >- data[ind] ^= hash[t]; >- } >-} >- > > /******************************************************************* > Create a digest over the entire packet (including the data), and >@@ -1400,7 +1360,7 @@ > MD5Update(&ctx3, zeros, sizeof(zeros)); > MD5Update(&ctx3, verf->sig, sizeof(verf->sig)); > if (auth_flags & AUTH_PIPE_SEAL) { >- MD5Update(&ctx3, verf->data8, sizeof(verf->data8)); >+ MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder)); > } > MD5Update(&ctx3, (const unsigned char *)data, data_len); > MD5Final(whole_packet_digest, &ctx3); >@@ -1456,10 +1416,29 @@ > dump_data_pw("sequence_key:\n", sequence_key, sizeof(sequence_key)); > > dump_data_pw("seq_num (before):\n", verf->seq_num, sizeof(verf->seq_num)); >- netsechash(sequence_key, verf->seq_num, 8); >+ SamOEMhash(verf->seq_num, sequence_key, 8); > dump_data_pw("seq_num (after):\n", verf->seq_num, sizeof(verf->seq_num)); > } > >+/******************************************************************* >+creates an RPC_AUTH_NETSEC_CHK structure. >+********************************************************************/ >+static BOOL init_rpc_auth_netsec_chk(RPC_AUTH_NETSEC_CHK * chk, >+ const uchar sig[8], >+ const uchar packet_digest[8], >+ const uchar seq_num[8], const uchar confounder[8]) >+{ >+ if (chk == NULL) >+ return False; >+ >+ memcpy(chk->sig, sig, sizeof(chk->sig)); >+ memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest)); >+ memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num)); >+ memcpy(chk->confounder, confounder, sizeof(chk->confounder)); >+ >+ return True; >+} >+ > > /******************************************************************* > Encode a blob of data using the netsec (schannel) alogrithm, also produceing >@@ -1469,26 +1448,47 @@ > ********************************************************************/ > void netsec_encode(struct netsec_auth_struct *a, int auth_flags, > enum netsec_direction direction, >- RPC_AUTH_NETSEC_CHK * verf, char *data, size_t data_len) >+ RPC_AUTH_NETSEC_CHK * verf, >+ char *data, size_t data_len) > { > uchar digest_final[16]; >+ uchar confounder[8]; >+ uchar seq_num[8]; >+ static const uchar nullbytes[8]; >+ >+ static const uchar netsec_seal_sig[8] = NETSEC_SEAL_SIGNATURE; >+ static const uchar netsec_sign_sig[8] = NETSEC_SIGN_SIGNATURE; >+ const uchar *netsec_sig; > > DEBUG(10,("SCHANNEL: netsec_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len)); >+ >+ if (auth_flags & AUTH_PIPE_SEAL) { >+ netsec_sig = netsec_seal_sig; >+ } else if (auth_flags & AUTH_PIPE_SIGN) { >+ netsec_sig = netsec_sign_sig; >+ } >+ >+ /* fill the 'confounder' with random data */ >+ generate_random_buffer(confounder, sizeof(confounder), False); >+ > dump_data_pw("a->sess_key:\n", a->sess_key, sizeof(a->sess_key)); > >- RSIVAL(verf->seq_num, 0, a->seq_num); >+ RSIVAL(seq_num, 0, a->seq_num); > > switch (direction) { > case SENDER_IS_INITIATOR: >- SIVAL(verf->seq_num, 4, 0x80); >+ SIVAL(seq_num, 4, 0x80); > break; > case SENDER_IS_ACCEPTOR: >- SIVAL(verf->seq_num, 4, 0x0); >+ SIVAL(seq_num, 4, 0x0); > break; > } > >- dump_data_pw("verf->seq_num:\n", verf->seq_num, sizeof(verf->seq_num)); >+ dump_data_pw("verf->seq_num:\n", seq_num, sizeof(verf->seq_num)); > >+ init_rpc_auth_netsec_chk(verf, netsec_sig, nullbytes, >+ seq_num, confounder); >+ > /* produce a digest of the packet to prove it's legit (before we seal it) */ > netsec_digest(a, auth_flags, verf, data, data_len, digest_final); > memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest)); >@@ -1500,14 +1500,14 @@ > netsec_get_sealing_key(a, verf, sealing_key); > > /* encode the verification data */ >- dump_data_pw("verf->data8:\n", verf->data8, sizeof(verf->data8)); >- netsechash(sealing_key, verf->data8, 8); >+ dump_data_pw("verf->confounder:\n", verf->confounder, sizeof(verf->confounder)); >+ SamOEMhash(verf->confounder, sealing_key, 8); > >- dump_data_pw("verf->data8_enc:\n", verf->data8, sizeof(verf->data8)); >+ dump_data_pw("verf->confounder_enc:\n", verf->confounder, sizeof(verf->confounder)); > > /* encode the packet payload */ > dump_data_pw("data:\n", (const unsigned char *)data, data_len); >- netsechash(sealing_key, (unsigned char *)data, data_len); >+ SamOEMhash((unsigned char *)data, sealing_key, data_len); > dump_data_pw("data_enc:\n", (const unsigned char *)data, data_len); > } > >@@ -1531,8 +1531,21 @@ > { > uchar digest_final[16]; > >- /* Create the expected sequence number for comparison */ >+ static const uchar netsec_seal_sig[8] = NETSEC_SEAL_SIGNATURE; >+ static const uchar netsec_sign_sig[8] = NETSEC_SIGN_SIGNATURE; >+ const uchar *netsec_sig; >+ > uchar seq_num[8]; >+ >+ DEBUG(10,("SCHANNEL: netsec_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len)); >+ >+ if (auth_flags & AUTH_PIPE_SEAL) { >+ netsec_sig = netsec_seal_sig; >+ } else if (auth_flags & AUTH_PIPE_SIGN) { >+ netsec_sig = netsec_sign_sig; >+ } >+ >+ /* Create the expected sequence number for comparison */ > RSIVAL(seq_num, 0, a->seq_num); > > switch (direction) { >@@ -1560,6 +1573,20 @@ > digest, as supplied by the client. We check that it's a valid > checksum after the decode, below > */ >+ DEBUG(2, ("netsec_decode: FAILED: packet sequence number:\n")); >+ dump_data(2, verf->seq_num, sizeof(verf->seq_num)); >+ DEBUG(2, ("should be:\n")); >+ dump_data(2, seq_num, sizeof(seq_num)); >+ >+ return False; >+ } >+ >+ if (memcmp(verf->sig, netsec_sig, sizeof(verf->sig))) { >+ /* Validate that the other end sent the expected header */ >+ DEBUG(2, ("netsec_decode: FAILED: packet header:\n")); >+ dump_data(2, verf->sig, sizeof(verf->sig)); >+ DEBUG(2, ("should be:\n")); >+ dump_data(2, netsec_sig, sizeof(netsec_sig)); > return False; > } > >@@ -1570,16 +1597,16 @@ > netsec_get_sealing_key(a, verf, sealing_key); > > /* extract the verification data */ >- dump_data_pw("verf->data8:\n", verf->data8, >- sizeof(verf->data8)); >- netsechash(sealing_key, verf->data8, 8); >+ dump_data_pw("verf->confounder:\n", verf->confounder, >+ sizeof(verf->confounder)); >+ SamOEMhash(verf->confounder, sealing_key, 8); > >- dump_data_pw("verf->data8_dec:\n", verf->data8, >- sizeof(verf->data8)); >+ dump_data_pw("verf->confounder_dec:\n", verf->confounder, >+ sizeof(verf->confounder)); > > /* extract the packet payload */ > dump_data_pw("data :\n", (const unsigned char *)data, data_len); >- netsechash(sealing_key, (unsigned char *)data, data_len); >+ SamOEMhash((unsigned char *)data, sealing_key, data_len); > dump_data_pw("datadec:\n", (const unsigned char *)data, data_len); > } > >Index: rpc_parse/parse_rpc.c >=================================================================== >RCS file: /home/cvs/samba/source/rpc_parse/parse_rpc.c,v >retrieving revision 1.45.2.12 >diff -u -r1.45.2.12 parse_rpc.c >--- rpc_parse/parse_rpc.c 14 Jul 2003 08:46:31 -0000 1.45.2.12 >+++ rpc_parse/parse_rpc.c 30 Sep 2003 23:18:43 -0000 >@@ -1175,7 +1175,7 @@ > BOOL init_rpc_auth_netsec_chk(RPC_AUTH_NETSEC_CHK * chk, > const uchar sig[8], > const uchar packet_digest[8], >- const uchar seq_num[8], const uchar data8[8]) >+ const uchar seq_num[8], const uchar confounder[8]) > { > if (chk == NULL) > return False; >@@ -1183,7 +1183,7 @@ > memcpy(chk->sig, sig, sizeof(chk->sig)); > memcpy(chk->packet_digest, packet_digest, sizeof(chk->packet_digest)); > memcpy(chk->seq_num, seq_num, sizeof(chk->seq_num)); >- memcpy(chk->data8, data8, sizeof(chk->data8)); >+ memcpy(chk->confounder, confounder, sizeof(chk->confounder)); > > return True; > } >@@ -1203,7 +1203,7 @@ > prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)); > prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)); > prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)); >- prs_uint8s(False, "data8", ps, depth, chk->data8, sizeof(chk->data8)); >+ prs_uint8s(False, "data8", ps, depth, chk->confounder, sizeof(chk->confounder)); > > return True; > } >Index: rpc_server/srv_pipe.c >=================================================================== >RCS file: /home/cvs/samba/source/rpc_server/srv_pipe.c,v >retrieving revision 1.93.2.24 >diff -u -r1.93.2.24 srv_pipe.c >--- rpc_server/srv_pipe.c 15 Aug 2003 01:42:29 -0000 1.93.2.24 >+++ rpc_server/srv_pipe.c 30 Sep 2003 23:18:43 -0000 >@@ -254,18 +254,19 @@ > } > > if (p->netsec_auth_validated) { >+ int auth_type, auth_level; > char *data; > RPC_HDR_AUTH auth_info; >- static const uchar netsec_sig[8] = NETSEC_SIGNATURE; >- static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 }; > > RPC_AUTH_NETSEC_CHK verf; > prs_struct rverf; > prs_struct rauth; > > data = prs_data_p(&outgoing_pdu) + data_pos; >+ /* Check it's the type of reply we were expecting to decode */ > >- init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL, >+ get_auth_type_level(p->netsec_auth.auth_flags, &auth_type, &auth_level); >+ init_rpc_hdr_auth(&auth_info, auth_type, auth_level, > RPC_HDR_AUTH_LEN, 1); > > if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) { >@@ -277,10 +278,8 @@ > prs_init(&rverf, 0, p->mem_ctx, MARSHALL); > prs_init(&rauth, 0, p->mem_ctx, MARSHALL); > >- init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes, nullbytes, nullbytes); >- > netsec_encode(&p->netsec_auth, >- AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL, >+ p->netsec_auth.auth_flags, > SENDER_IS_ACCEPTOR, > &verf, data, data_len); > >@@ -1337,10 +1336,19 @@ > return False; > } > >- if ((auth_info.auth_type != NETSEC_AUTH_TYPE) || >- (auth_info.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL)) { >- DEBUG(0,("Invalid auth info %d or level %d on schannel\n", >- auth_info.auth_type, auth_info.auth_level)); >+ if (auth_info.auth_type != NETSEC_AUTH_TYPE) { >+ DEBUG(0,("Invalid auth info %d on schannel\n", >+ auth_info.auth_type)); >+ return False; >+ } >+ >+ if (auth_info.auth_level == RPC_PIPE_AUTH_SEAL_LEVEL) { >+ p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL; >+ } else if (auth_info.auth_level == RPC_PIPE_AUTH_SIGN_LEVEL) { >+ p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN; >+ } else { >+ DEBUG(0,("Invalid auth level %d on schannel\n", >+ auth_info.auth_level)); > return False; > } > >@@ -1350,7 +1358,7 @@ > } > > if (!netsec_decode(&p->netsec_auth, >- AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL, >+ p->netsec_auth.auth_flags, > SENDER_IS_INITIATOR, > &netsec_chk, > prs_data_p(rpc_in)+old_offset, data_len)) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=174">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 167
: 174