static NTSTATUS add_schannel_auth_footer(struct schannel_state *sas,
enum dcerpc_AuthLevel auth_level,
DATA_BLOB *rpc_out)
{
uint8_t *data_p = rpc_out->data + DCERPC_RESPONSE_LENGTH;
size_t data_and_pad_len = rpc_out->length
- DCERPC_RESPONSE_LENGTH
- DCERPC_AUTH_TRAILER_LENGTH;
DATA_BLOB auth_blob;
NTSTATUS status;
if (!sas) {
return NT_STATUS_INVALID_PARAMETER;
}
DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
sas->seq_num));
switch (auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
status = netsec_outgoing_packet(sas,
rpc_out->data,
true,
data_p,
data_and_pad_len,
&auth_blob);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
status = netsec_outgoing_packet(sas,
rpc_out->data,
false,
data_p,
data_and_pad_len,
&auth_blob);
break;
default:
status = NT_STATUS_INTERNAL_ERROR;
break;
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("add_schannel_auth_footer: failed to process packet: %s\n",
nt_errstr(status)));
return status;
}
if (DEBUGLEVEL >= 10) {
dump_NL_AUTH_SIGNATURE(talloc_tos(), &auth_blob);
}
/* Finally attach the blob. */
if (!data_blob_append(NULL, rpc_out,
auth_blob.data, auth_blob.length)) {
return NT_STATUS_NO_MEMORY;
}
data_blob_free(&auth_blob);
return NT_STATUS_OK;
}
/*
seal a packet
*/
static NTSTATUS schannel_seal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
DATA_BLOB *sig)
{
struct schannel_state *state =
talloc_get_type(gensec_security->private_data,
struct schannel_state);
return netsec_outgoing_packet(state, mem_ctx, true,
data, length, sig);
}
