NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *sig_mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
DATA_BLOB *sig)
{
struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
NTSTATUS nt_status;
nt_status = ntlmssp_seal_packet(gensec_ntlmssp->ntlmssp_state,
sig_mem_ctx,
data, length,
whole_pdu, pdu_length,
sig);
return nt_status;
}
static ADS_STATUS ads_sasl_ntlmssp_wrap(ADS_STRUCT *ads, uint8 *buf, uint32 len)
{
struct ntlmssp_state *ntlmssp_state =
(struct ntlmssp_state *)ads->ldap.wrap_private_data;
ADS_STATUS status;
NTSTATUS nt_status;
DATA_BLOB sig;
TALLOC_CTX *frame;
uint8 *dptr = ads->ldap.out.buf + (4 + NTLMSSP_SIG_SIZE);
frame = talloc_stackframe();
/* copy the data to the right location */
memcpy(dptr, buf, len);
/* create the signature and may encrypt the data */
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
nt_status = ntlmssp_seal_packet(ntlmssp_state,
frame,
dptr, len,
dptr, len,
&sig);
} else {
nt_status = ntlmssp_sign_packet(ntlmssp_state,
frame,
dptr, len,
dptr, len,
&sig);
}
status = ADS_ERROR_NT(nt_status);
if (!ADS_ERR_OK(status)) return status;
/* copy the signature to the right location */
memcpy(ads->ldap.out.buf + 4,
sig.data, NTLMSSP_SIG_SIZE);
TALLOC_FREE(frame);
/* set how many bytes must be written to the underlying socket */
ads->ldap.out.left = 4 + NTLMSSP_SIG_SIZE + len;
return ADS_SUCCESS;
}
BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
prs_struct *data, prs_struct *rdata)
{
uint32 auth_len, real_auth_len, auth_hdr_len, max_data, data_left, data_sent;
NTSTATUS nt_status;
BOOL ret = False;
uint32 callid = 0;
fstring dump_name;
auth_len = 0;
real_auth_len = 0;
auth_hdr_len = 0;
if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
}
if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
auth_len = RPC_AUTH_NETSEC_CHK_LEN;
}
auth_hdr_len = RPC_HDR_AUTH_LEN;
}
/*
* calc how much actual data we can send in a PDU fragment
*/
max_data = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
auth_hdr_len - auth_len - 8;
for (data_left = prs_offset(data), data_sent = 0; data_left > 0;) {
prs_struct outgoing_packet;
prs_struct sec_blob;
uint32 data_len, send_size;
uint8 flags = 0;
uint32 auth_padding = 0;
DATA_BLOB sign_blob;
/*
* how much will we send this time
*/
send_size = MIN(data_left, max_data);
if (!prs_init(&sec_blob, send_size, /* will need at least this much */
cli->mem_ctx, MARSHALL)) {
DEBUG(0,("Could not malloc %u bytes",
send_size+auth_padding));
return False;
}
if(!prs_append_some_prs_data(&sec_blob, data,
data_sent, send_size)) {
DEBUG(0,("Failed to append data to netsec blob\n"));
prs_mem_free(&sec_blob);
return False;
}
/*
* NT expects the data that is sealed to be 8-byte
* aligned. The padding must be encrypted as well and
* taken into account when generating the
* authentication verifier. The amount of padding must
* be stored in the auth header.
*/
if (cli->pipe_auth_flags) {
size_t data_and_padding_size;
int auth_type;
int auth_level;
prs_align_uint64(&sec_blob);
get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
data_and_padding_size = prs_offset(&sec_blob);
auth_padding = data_and_padding_size - send_size;
/* insert the auth header */
if(!create_auth_hdr(&sec_blob, auth_type, auth_level, auth_padding)) {
prs_mem_free(&sec_blob);
return False;
}
/* create an NTLMSSP signature */
if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
/*
* Seal the outgoing data if requested.
*/
if (cli->pipe_auth_flags & AUTH_PIPE_SEAL) {
nt_status = ntlmssp_seal_packet(cli->ntlmssp_pipe_state,
(unsigned char*)prs_data_p(&sec_blob),
data_and_padding_size,
&sign_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
prs_mem_free(&sec_blob);
return False;
}
}
else if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
nt_status = ntlmssp_sign_packet(cli->ntlmssp_pipe_state,
(unsigned char*)prs_data_p(&sec_blob),
data_and_padding_size, &sign_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
prs_mem_free(&sec_blob);
return False;
}
}
/* write auth footer onto the packet */
real_auth_len = sign_blob.length;
prs_copy_data_in(&sec_blob, (char *)sign_blob.data, sign_blob.length);
data_blob_free(&sign_blob);
}
else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
size_t parse_offset_marker;
RPC_AUTH_NETSEC_CHK verf;
DEBUG(10,("SCHANNEL seq_num=%d\n", cli->auth_info.seq_num));
netsec_encode(&cli->auth_info,
cli->pipe_auth_flags,
SENDER_IS_INITIATOR,
&verf,
prs_data_p(&sec_blob),
data_and_padding_size);
cli->auth_info.seq_num++;
/* write auth footer onto the packet */
parse_offset_marker = prs_offset(&sec_blob);
if (!smb_io_rpc_auth_netsec_chk("", &verf,
&sec_blob, 0)) {
prs_mem_free(&sec_blob);
return False;
}
real_auth_len = prs_offset(&sec_blob) - parse_offset_marker;
}
}
data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + prs_offset(&sec_blob);
/*
* Malloc parse struct to hold it (and enough for alignments).
*/
if(!prs_init(&outgoing_packet, data_len + 8,
cli->mem_ctx, MARSHALL)) {
DEBUG(0,("rpc_api_pipe_req: Failed to malloc %u bytes.\n", (unsigned int)data_len ));
return False;
}
if (data_left == prs_offset(data))
flags |= RPC_FLG_FIRST;
if (data_left <= max_data)
flags |= RPC_FLG_LAST;
/*
* Write out the RPC header and the request header.
*/
if(!(callid = create_rpc_request(&outgoing_packet, op_num,
data_len, real_auth_len, flags,
callid, data_left))) {
DEBUG(0,("rpc_api_pipe_req: Failed to create RPC request.\n"));
prs_mem_free(&outgoing_packet);
prs_mem_free(&sec_blob);
return False;
}
prs_append_prs_data(&outgoing_packet, &sec_blob);
prs_mem_free(&sec_blob);
DEBUG(100,("data_len: %x data_calc_len: %x\n", data_len,
prs_offset(&outgoing_packet)));
if (flags & RPC_FLG_LAST)
ret = rpc_api_pipe(cli, &outgoing_packet,
rdata, RPC_RESPONSE);
else {
cli_write(cli, cli->nt_pipe_fnum, 0x0008,
prs_data_p(&outgoing_packet),
data_sent, data_len);
}
prs_mem_free(&outgoing_packet);
data_sent += send_size;
data_left -= send_size;
}
/* Also capture received data */
slprintf(dump_name, sizeof(dump_name) - 1, "reply_%s",
cli_pipe_get_name(cli));
prs_dump(dump_name, op_num, rdata);
return ret;
}
