Author: jra Date: 2007-03-22 00:08:22 +0000 (Thu, 22 Mar 2007) New Revision: 21923
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21923 Log: Add in the gss decrypt. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c =================================================================== --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 23:49:57 UTC (rev 21922) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-22 00:08:22 UTC (rev 21923) @@ -121,13 +121,54 @@ /****************************************************************************** Generic code for client and server. - gss-api decrypt an incoming buffer. + gss-api decrypt an incoming buffer. We insist that the size of the + unwrapped buffer must be smaller or identical to the incoming buffer. ******************************************************************************/ #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) NTSTATUS common_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf) { - return NT_STATUS_NOT_SUPPORTED; + OM_uint32 ret = 0; + OM_uint32 minor = 0; + int flags_got = 0; + gss_buffer_desc in_buf, out_buf; + size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */ + + if (buf_len < 8) { + return NT_STATUS_BUFFER_TOO_SMALL; + } + + in_buf.value = buf + 8; + in_buf.length = buf_len - 8; + + ret = gss_unwrap(&minor, + context_handle, + &in_buf, + &out_buf, + &flags_got, /* did we get sign+seal ? */ + (gss_qop_t *) NULL); + + if (ret != GSS_S_COMPLETE) { + ADS_STATUS adss = ADS_ERROR_GSS(ret, minor); + DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap failed. Error %s\n", + ads_errstr(adss) )); + /* Um - no mapping for gss-errs to NTSTATUS yet. */ + return ads_ntstatus(adss); + } + + if (out_buf.length > in_buf.length) { + DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap size (%u) too large (%u) !\n", + (unsigned int)out_buf.length, + (unsigned int)in_buf.length )); + gss_release_buffer(&minor, &out_buf); + return NT_STATUS_INVALID_PARAMETER; + } + + memcpy(buf + 8, out_buf.value, out_buf.length); + smb_setlen(buf, out_buf.length + 4); + + gss_release_buffer(&minor, &out_buf); + return NT_STATUS_OK; } #endif @@ -194,8 +235,9 @@ return NT_STATUS_NO_MEMORY; } - smb_setlen(*ppbuf_out, out_buf.length + 8); memcpy(*ppbuf_out+8, out_buf.value, out_buf.length); + smb_setlen(*ppbuf_out, out_buf.length + 4); + gss_release_buffer(&minor, &out_buf); return NT_STATUS_OK; }