1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s3-dcerpc: Fix ntlmssp sign/seal.

Header calculation was misplaced.

Signed-off-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Simo Sorce 2010-07-12 18:57:32 -04:00 committed by Günther Deschner
parent 6555307aa1
commit 25d487bebf

View File

@ -2146,6 +2146,29 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
return NT_STATUS_INVALID_PARAMETER;
}
/* marshall the dcerpc_auth with an actually empty auth_blob.
* this is needed because the ntmlssp signature includes the
* auth header */
status = dcerpc_push_dcerpc_auth(prs_get_mem_context(rpc_out),
map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type),
cli->auth->auth_level,
ss_padding_len,
1 /* context id. */,
&auth_blob,
&auth_info);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* append the header */
if (!prs_copy_data_in(rpc_out,
(char *)auth_info.data,
auth_info.length)) {
DEBUG(0, ("Failed to add %u bytes auth blob.\n",
(unsigned int)auth_info.length));
return NT_STATUS_NO_MEMORY;
}
switch (cli->auth->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
@ -2186,20 +2209,11 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
return NT_STATUS_INVALID_PARAMETER;
}
/* Finally marshall the blob. */
status = dcerpc_push_dcerpc_auth(prs_get_mem_context(rpc_out),
map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type),
cli->auth->auth_level,
ss_padding_len,
1 /* context id. */,
&auth_blob,
&auth_info);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (!prs_copy_data_in(rpc_out, (const char *)auth_info.data, auth_info.length)) {
DEBUG(0, ("add_ntlmssp_auth_footer: failed to add %u bytes auth blob.\n",
/* Finally attach the blob. */
if (!prs_copy_data_in(rpc_out,
(char *)auth_blob.data,
auth_blob.length)) {
DEBUG(0, ("Failed to add %u bytes auth blob.\n",
(unsigned int)auth_info.length));
return NT_STATUS_NO_MEMORY;
}