mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
r390: added my best guess for how session keys are supposed to work when you
use NTLMSSP sign or seal at the RPC layer
It doesn't work yet, but then again neither does the old code (which
just assumed the SMB session key was used, which of course makes no
sense on a ncacn_ip_tcp connection)
(This used to be commit e878232926
)
This commit is contained in:
parent
932b0ff5f5
commit
3fe884c26c
@ -35,6 +35,7 @@ struct dcerpc_security {
|
||||
uchar *data, size_t length, DATA_BLOB *sig);
|
||||
NTSTATUS (*sign_packet)(struct dcerpc_security *,
|
||||
const uchar *data, size_t length, DATA_BLOB *sig);
|
||||
NTSTATUS (*session_key)(struct dcerpc_security *, uint8 session_key[16]);
|
||||
void (*security_end)(struct dcerpc_security *);
|
||||
};
|
||||
|
||||
|
@ -56,6 +56,17 @@ static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security,
|
||||
return ntlmssp_sign_packet(ntlmssp_state, data, length, sig);
|
||||
}
|
||||
|
||||
static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security,
|
||||
uint8 session_key[16])
|
||||
{
|
||||
struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
|
||||
if (!ntlmssp_state || ntlmssp_state->session_key.length < 16) {
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
memcpy(session_key, ntlmssp_state->session_key.data, 16);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
static void ntlm_security_end(struct dcerpc_security *dcerpc_security)
|
||||
{
|
||||
struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
|
||||
@ -173,6 +184,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
|
||||
p->security_state->check_packet = ntlm_check_packet;
|
||||
p->security_state->seal_packet = ntlm_seal_packet;
|
||||
p->security_state->sign_packet = ntlm_sign_packet;
|
||||
p->security_state->session_key = ntlm_session_key;
|
||||
p->security_state->security_end = ntlm_security_end;
|
||||
|
||||
switch (p->auth_info->auth_level) {
|
||||
|
@ -56,6 +56,12 @@ static NTSTATUS schan_sign_packet(struct dcerpc_security *dcerpc_security,
|
||||
return schannel_sign_packet(schannel_state, data, length, sig);
|
||||
}
|
||||
|
||||
static NTSTATUS schan_session_key(struct dcerpc_security *dcerpc_security,
|
||||
uint8 session_key[16])
|
||||
{
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
static void schan_security_end(struct dcerpc_security *dcerpc_security)
|
||||
{
|
||||
struct schannel_state *schannel_state = dcerpc_security->private;
|
||||
@ -232,6 +238,7 @@ NTSTATUS dcerpc_bind_auth_schannel_key(struct dcerpc_pipe *p,
|
||||
p->security_state->check_packet = schan_check_packet;
|
||||
p->security_state->seal_packet = schan_seal_packet;
|
||||
p->security_state->sign_packet = schan_sign_packet;
|
||||
p->security_state->session_key = schan_session_key;
|
||||
p->security_state->security_end = schan_security_end;
|
||||
|
||||
done:
|
||||
|
@ -677,14 +677,23 @@ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
|
||||
{
|
||||
struct cli_tree *tree;
|
||||
|
||||
memset(session_key, 0, 16);
|
||||
|
||||
tree = dcerpc_smb_tree(p);
|
||||
if (!tree) {
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
if (tree) {
|
||||
memcpy(session_key,
|
||||
tree->session->transport->negotiate.user_session_key,
|
||||
16);
|
||||
}
|
||||
|
||||
memcpy(session_key,
|
||||
tree->session->transport->negotiate.user_session_key,
|
||||
16);
|
||||
if (p->security_state) {
|
||||
NTSTATUS status;
|
||||
|
||||
status = p->security_state->session_key(p->security_state, session_key);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user