static NTSTATUS common_gss_decrypt_buffer(struct smb_tran_enc_state_gss *gss_state, char *buf) { gss_ctx_id_t gss_ctx = gss_state->gss_ctx; OM_uint32 ret = 0; OM_uint32 minor = 0; int flags_got = 0; gss_buffer_desc in_buf, out_buf; size_t buf_len = smb_len_nbt(buf) + 4; /* Don't forget the 4 length bytes. */ if (buf_len < 8) { return NT_STATUS_BUFFER_TOO_SMALL; } in_buf.value = buf + 8; in_buf.length = buf_len - 8; ret = gss_unwrap(&minor, gss_ctx, &in_buf, &out_buf, &flags_got, /* did we get sign+seal ? */ (gss_qop_t *) NULL); if (ret != GSS_S_COMPLETE) { NTSTATUS status = NT_STATUS_ACCESS_DENIED; char *gss_err; gss_err = gssapi_error_string(talloc_tos(), ret, minor, GSS_C_NULL_OID); DEBUG(0,("common_gss_decrypt_buffer: gss_unwrap failed. " "Error [%d/%d] - %s - %s\n", ret, minor, nt_errstr(status), gss_err ? gss_err : "<unknown>")); talloc_free(gss_err); return status; } if (out_buf.length > in_buf.length) { DEBUG(0,("common_gss_decrypt_buffer: gss_unwrap size (%u) too large (%u) !\n", (unsigned int)out_buf.length, (unsigned int)in_buf.length )); gss_release_buffer(&minor, &out_buf); return NT_STATUS_INVALID_PARAMETER; } memcpy(buf + 8, out_buf.value, out_buf.length); /* Reset the length and overwrite the header. */ smb_setlen_nbt(buf, out_buf.length + 4); gss_release_buffer(&minor, &out_buf); return NT_STATUS_OK; }
static NTSTATUS common_gensec_decrypt_buffer(struct gensec_security *gensec, char *buf) { NTSTATUS status; size_t buf_len = smb_len_nbt(buf) + 4; /* Don't forget the 4 length bytes. */ DATA_BLOB in_buf, out_buf; TALLOC_CTX *frame; if (buf_len < 8) { return NT_STATUS_BUFFER_TOO_SMALL; } frame = talloc_stackframe(); in_buf = data_blob_const(buf + 8, buf_len - 8); status = gensec_unwrap(gensec, frame, &in_buf, &out_buf); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("common_gensec_decrypt_buffer: gensec_unwrap failed. Error %s\n", nt_errstr(status))); TALLOC_FREE(frame); return status; } if (out_buf.length > in_buf.length) { DEBUG(0,("common_gensec_decrypt_buffer: gensec_unwrap size (%u) too large (%u) !\n", (unsigned int)out_buf.length, (unsigned int)in_buf.length )); TALLOC_FREE(frame); return NT_STATUS_INVALID_PARAMETER; } memcpy(buf + 8, out_buf.data, out_buf.length); /* Reset the length and overwrite the header. */ smb_setlen_nbt(buf, out_buf.length + 4); TALLOC_FREE(frame); return NT_STATUS_OK; }