The branch, master has been updated via a155f3f9a92d57c2fa18ef44780e85e16cb32d1f (commit) via 9ab5d9be8d5df7f5d894159d75f343913d9d8778 (commit) via 721b76cfbadb6a9466e6015c5e77bbb8f6491c3d (commit) via 38ab500b787a96788cf59c14fadfc4f5a42bd029 (commit) from 3c70480f3b01befe3fa8e7f0bdf5853949d55449 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a155f3f9a92d57c2fa18ef44780e85e16cb32d1f Author: Günther Deschner <g...@samba.org> Date: Fri Sep 11 02:21:33 2009 +0200 s3-schannel: remove unused code. Guenther commit 9ab5d9be8d5df7f5d894159d75f343913d9d8778 Author: Günther Deschner <g...@samba.org> Date: Fri Sep 11 02:20:59 2009 +0200 s3-schannel: use NL_AUTH_MESSAGE for schannel bind reply. Guenther commit 721b76cfbadb6a9466e6015c5e77bbb8f6491c3d Author: Günther Deschner <g...@samba.org> Date: Fri Sep 11 02:18:59 2009 +0200 schannel: more work on reponse NL_AUTH_MESSAGES. Guenther commit 38ab500b787a96788cf59c14fadfc4f5a42bd029 Author: Günther Deschner <g...@samba.org> Date: Fri Sep 11 02:17:51 2009 +0200 s3-nterr: add NT_STATUS_RPC_NT_PROTOCOL_ERROR to nt_errstr(). Guenther ----------------------------------------------------------------------- Summary of changes: librpc/gen_ndr/ndr_schannel.c | 64 +++++++++++++++++++++++++++++++++++++++++ librpc/gen_ndr/ndr_schannel.h | 3 ++ librpc/gen_ndr/schannel.h | 5 +++ librpc/idl/schannel.idl | 8 ++++- librpc/ndr/ndr_schannel.c | 15 +++++++++ librpc/ndr/ndr_schannel.h | 2 + source3/include/proto.h | 6 ---- source3/include/rpc_dce.h | 6 ---- source3/libsmb/nterr.c | 1 + source3/rpc_parse/parse_rpc.c | 63 ---------------------------------------- source3/rpc_server/srv_pipe.c | 27 +++++++++++------ 11 files changed, 114 insertions(+), 86 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/gen_ndr/ndr_schannel.c b/librpc/gen_ndr/ndr_schannel.c index 98021e5..4bbb56a 100644 --- a/librpc/gen_ndr/ndr_schannel.c +++ b/librpc/gen_ndr/ndr_schannel.c @@ -571,6 +571,62 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NL_AUTH_MESSAGE_BUFFER(struct ndr_pull *ndr, return NDR_ERR_SUCCESS; } +_PUBLIC_ enum ndr_err_code ndr_push_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_push *ndr, int ndr_flags, const union NL_AUTH_MESSAGE_BUFFER_REPLY *r) +{ + if (ndr_flags & NDR_SCALARS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case NL_NEGOTIATE_RESPONSE: { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->dummy)); + break; } + + default: { + break; } + + } + } + if (ndr_flags & NDR_BUFFERS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case NL_NEGOTIATE_RESPONSE: + break; + + default: + break; + + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_pull *ndr, int ndr_flags, union NL_AUTH_MESSAGE_BUFFER_REPLY *r) +{ + int level; + level = ndr_pull_get_switch_value(ndr, r); + if (ndr_flags & NDR_SCALARS) { + switch (level) { + case NL_NEGOTIATE_RESPONSE: { + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dummy)); + break; } + + default: { + break; } + + } + } + if (ndr_flags & NDR_BUFFERS) { + switch (level) { + case NL_NEGOTIATE_RESPONSE: + break; + + default: + break; + + } + } + return NDR_ERR_SUCCESS; +} + _PUBLIC_ enum ndr_err_code ndr_push_NL_AUTH_MESSAGE(struct ndr_push *ndr, int ndr_flags, const struct NL_AUTH_MESSAGE *r) { { @@ -590,6 +646,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_NL_AUTH_MESSAGE(struct ndr_push *ndr, int nd NDR_CHECK(ndr_push_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_SCALARS, &r->utf8_dns_host)); NDR_CHECK(ndr_push_set_switch_value(ndr, &r->utf8_netbios_computer, r->Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME)); NDR_CHECK(ndr_push_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_SCALARS, &r->utf8_netbios_computer)); + NDR_CHECK(ndr_push_set_switch_value(ndr, &r->Buffer, r->MessageType & NL_NEGOTIATE_RESPONSE)); + NDR_CHECK(ndr_push_NL_AUTH_MESSAGE_BUFFER_REPLY(ndr, NDR_SCALARS, &r->Buffer)); } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_push_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_BUFFERS, &r->oem_netbios_domain)); @@ -597,6 +655,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_NL_AUTH_MESSAGE(struct ndr_push *ndr, int nd NDR_CHECK(ndr_push_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_BUFFERS, &r->utf8_dns_domain)); NDR_CHECK(ndr_push_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_BUFFERS, &r->utf8_dns_host)); NDR_CHECK(ndr_push_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_BUFFERS, &r->utf8_netbios_computer)); + NDR_CHECK(ndr_push_NL_AUTH_MESSAGE_BUFFER_REPLY(ndr, NDR_BUFFERS, &r->Buffer)); } ndr->flags = _flags_save_STRUCT; } @@ -622,6 +681,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NL_AUTH_MESSAGE(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_SCALARS, &r->utf8_dns_host)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->utf8_netbios_computer, r->Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME)); NDR_CHECK(ndr_pull_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_SCALARS, &r->utf8_netbios_computer)); + NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->Buffer, r->MessageType & NL_NEGOTIATE_RESPONSE)); + NDR_CHECK(ndr_pull_NL_AUTH_MESSAGE_BUFFER_REPLY(ndr, NDR_SCALARS, &r->Buffer)); } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_BUFFERS, &r->oem_netbios_domain)); @@ -629,6 +690,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NL_AUTH_MESSAGE(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_BUFFERS, &r->utf8_dns_domain)); NDR_CHECK(ndr_pull_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_BUFFERS, &r->utf8_dns_host)); NDR_CHECK(ndr_pull_NL_AUTH_MESSAGE_BUFFER(ndr, NDR_BUFFERS, &r->utf8_netbios_computer)); + NDR_CHECK(ndr_pull_NL_AUTH_MESSAGE_BUFFER_REPLY(ndr, NDR_BUFFERS, &r->Buffer)); } ndr->flags = _flags_save_STRUCT; } @@ -654,6 +716,8 @@ _PUBLIC_ void ndr_print_NL_AUTH_MESSAGE(struct ndr_print *ndr, const char *name, ndr_print_NL_AUTH_MESSAGE_BUFFER(ndr, "utf8_dns_host", &r->utf8_dns_host); ndr_print_set_switch_value(ndr, &r->utf8_netbios_computer, r->Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME); ndr_print_NL_AUTH_MESSAGE_BUFFER(ndr, "utf8_netbios_computer", &r->utf8_netbios_computer); + ndr_print_set_switch_value(ndr, &r->Buffer, r->MessageType & NL_NEGOTIATE_RESPONSE); + ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(ndr, "Buffer", &r->Buffer); ndr->depth--; ndr->flags = _flags_save_STRUCT; } diff --git a/librpc/gen_ndr/ndr_schannel.h b/librpc/gen_ndr/ndr_schannel.h index 3e04905..ed40933 100644 --- a/librpc/gen_ndr/ndr_schannel.h +++ b/librpc/gen_ndr/ndr_schannel.h @@ -25,6 +25,9 @@ void ndr_print_NL_AUTH_MESSAGE_FLAGS(struct ndr_print *ndr, const char *name, ui enum ndr_err_code ndr_push_NL_AUTH_MESSAGE_BUFFER(struct ndr_push *ndr, int ndr_flags, const union NL_AUTH_MESSAGE_BUFFER *r); enum ndr_err_code ndr_pull_NL_AUTH_MESSAGE_BUFFER(struct ndr_pull *ndr, int ndr_flags, union NL_AUTH_MESSAGE_BUFFER *r); void ndr_print_NL_AUTH_MESSAGE_BUFFER(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER *r); +enum ndr_err_code ndr_push_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_push *ndr, int ndr_flags, const union NL_AUTH_MESSAGE_BUFFER_REPLY *r); +enum ndr_err_code ndr_pull_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_pull *ndr, int ndr_flags, union NL_AUTH_MESSAGE_BUFFER_REPLY *r); +void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER_REPLY *r); enum ndr_err_code ndr_push_NL_AUTH_MESSAGE(struct ndr_push *ndr, int ndr_flags, const struct NL_AUTH_MESSAGE *r); enum ndr_err_code ndr_pull_NL_AUTH_MESSAGE(struct ndr_pull *ndr, int ndr_flags, struct NL_AUTH_MESSAGE *r); void ndr_print_NL_AUTH_MESSAGE(struct ndr_print *ndr, const char *name, const struct NL_AUTH_MESSAGE *r); diff --git a/librpc/gen_ndr/schannel.h b/librpc/gen_ndr/schannel.h index 83357d8..6a85af2 100644 --- a/librpc/gen_ndr/schannel.h +++ b/librpc/gen_ndr/schannel.h @@ -76,6 +76,10 @@ union NL_AUTH_MESSAGE_BUFFER { const char * u;/* [case(NL_FLAG_UTF8_DNS_DOMAIN_NAME)] */ }/* [noprint,nodiscriminant,public] */; +union NL_AUTH_MESSAGE_BUFFER_REPLY { + uint32_t dummy;/* [case(NL_NEGOTIATE_RESPONSE)] */ +}/* [noprint,nodiscriminant,public] */; + struct NL_AUTH_MESSAGE { enum NL_AUTH_MESSAGE_TYPE MessageType; uint32_t Flags; @@ -84,6 +88,7 @@ struct NL_AUTH_MESSAGE { union NL_AUTH_MESSAGE_BUFFER utf8_dns_domain;/* [switch_is(Flags&NL_FLAG_UTF8_DNS_DOMAIN_NAME)] */ union NL_AUTH_MESSAGE_BUFFER utf8_dns_host;/* [switch_is(Flags&NL_FLAG_UTF8_DNS_HOST_NAME)] */ union NL_AUTH_MESSAGE_BUFFER utf8_netbios_computer;/* [switch_is(Flags&NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME)] */ + union NL_AUTH_MESSAGE_BUFFER_REPLY Buffer;/* [switch_is(MessageType&NL_NEGOTIATE_RESPONSE)] */ }/* [public,flag(LIBNDR_PRINT_ARRAY_HEX)] */; enum NL_SIGNATURE_ALGORITHM diff --git a/librpc/idl/schannel.idl b/librpc/idl/schannel.idl index c3bf3aa..d9b230d 100644 --- a/librpc/idl/schannel.idl +++ b/librpc/idl/schannel.idl @@ -82,9 +82,14 @@ interface schannel [case (NL_FLAG_UTF8_DNS_DOMAIN_NAME)] nbt_string u; [case (NL_FLAG_UTF8_DNS_HOST_NAME)] nbt_string u; [case (NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME)] nbt_string u; - [default]; + [default] ; } NL_AUTH_MESSAGE_BUFFER; + typedef [public,nodiscriminant,noprint] union { + [case (NL_NEGOTIATE_RESPONSE)] uint32 dummy; + [default] ; + } NL_AUTH_MESSAGE_BUFFER_REPLY; + typedef [public,flag(NDR_PAHEX)] struct { NL_AUTH_MESSAGE_TYPE MessageType; NL_AUTH_MESSAGE_FLAGS Flags; @@ -93,6 +98,7 @@ interface schannel [switch_is(Flags & NL_FLAG_UTF8_DNS_DOMAIN_NAME)] NL_AUTH_MESSAGE_BUFFER utf8_dns_domain; [switch_is(Flags & NL_FLAG_UTF8_DNS_HOST_NAME)] NL_AUTH_MESSAGE_BUFFER utf8_dns_host; [switch_is(Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME)] NL_AUTH_MESSAGE_BUFFER utf8_netbios_computer; + [switch_is(MessageType & NL_NEGOTIATE_RESPONSE)] NL_AUTH_MESSAGE_BUFFER_REPLY Buffer; } NL_AUTH_MESSAGE; /* MS-NRPC 2.2.1.3.2 NL_AUTH_SIGNATURE */ diff --git a/librpc/ndr/ndr_schannel.c b/librpc/ndr/ndr_schannel.c index 9cf0e09..02796f7 100644 --- a/librpc/ndr/ndr_schannel.c +++ b/librpc/ndr/ndr_schannel.c @@ -54,3 +54,18 @@ _PUBLIC_ void ndr_print_NL_AUTH_MESSAGE_BUFFER(struct ndr_print *ndr, const char } } + +_PUBLIC_ void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER_REPLY *r) +{ + int level; + level = ndr_print_get_switch_value(ndr, r); + switch (level) { + case NL_NEGOTIATE_RESPONSE: + ndr_print_uint32(ndr, name, r->dummy); + break; + + default: + break; + + } +} diff --git a/librpc/ndr/ndr_schannel.h b/librpc/ndr/ndr_schannel.h index 5834488..d2dce79 100644 --- a/librpc/ndr/ndr_schannel.h +++ b/librpc/ndr/ndr_schannel.h @@ -20,3 +20,5 @@ */ void ndr_print_NL_AUTH_MESSAGE_BUFFER(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER *r); +void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER_REPLY *r); + diff --git a/source3/include/proto.h b/source3/include/proto.h index 5c58468..9de77f9 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5728,12 +5728,6 @@ void init_rpc_hdr_auth(RPC_HDR_AUTH *rai, uint8 auth_pad_len, uint32 auth_context_id); bool smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth); -bool rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav, - const char *signature, uint32 msg_type); -void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav, - const char *signature, uint32 msg_type); -bool smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth); -bool smb_io_rpc_schannel_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth); bool smb_io_rpc_auth_schannel_chk(const char *desc, int auth_len, RPC_AUTH_SCHANNEL_CHK * chk, prs_struct *ps, int depth); diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h index 684880d..7992658 100644 --- a/source3/include/rpc_dce.h +++ b/source3/include/rpc_dce.h @@ -228,10 +228,4 @@ typedef struct rpc_hdr_ba_info { struct ndr_syntax_id transfer; /* the transfer syntax from the request */ } RPC_HDR_BA; -/* RPC_AUTH_VERIFIER */ -typedef struct rpc_auth_verif_info { - fstring signature; /* "NTLMSSP".. Ok, not quite anymore */ - uint32 msg_type; /* NTLMSSP_MESSAGE_TYPE (1,2,3) and 5 for schannel */ -} RPC_AUTH_VERIFIER; - #endif /* _DCE_RPC_H */ diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c index e9084c0..a684f8d 100644 --- a/source3/libsmb/nterr.c +++ b/source3/libsmb/nterr.c @@ -541,6 +541,7 @@ static const nt_err_code_struct nt_errs[] = { "STATUS_NO_MORE_FILES", STATUS_NO_MORE_FILES }, { "NT_STATUS_RPC_CANNOT_SUPPORT", NT_STATUS_RPC_CANNOT_SUPPORT }, { "NT_STATUS_RPC_NT_CALL_FAILED", NT_STATUS_RPC_NT_CALL_FAILED }, + { "NT_STATUS_RPC_NT_PROTOCOL_ERROR", NT_STATUS_RPC_NT_PROTOCOL_ERROR }, { NULL, NT_STATUS(0) } }; diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c index 2e7216c..7b0592c 100644 --- a/source3/rpc_parse/parse_rpc.c +++ b/source3/rpc_parse/parse_rpc.c @@ -508,69 +508,6 @@ bool smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, in } /******************************************************************* - Checks an RPC_AUTH_VERIFIER structure. -********************************************************************/ - -bool rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav, - const char *signature, uint32 msg_type) -{ - return (strequal(rav->signature, signature) && rav->msg_type == msg_type); -} - -/******************************************************************* - Inits an RPC_AUTH_VERIFIER structure. -********************************************************************/ - -void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav, - const char *signature, uint32 msg_type) -{ - fstrcpy(rav->signature, signature); /* "NTLMSSP" */ - rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */ -} - -/******************************************************************* - Reads or writes an RPC_AUTH_VERIFIER structure. -********************************************************************/ - -bool smb_io_rpc_auth_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth) -{ - if (rav == NULL) - return False; - - prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier"); - depth++; - - /* "NTLMSSP" */ - if(!prs_string("signature", ps, depth, rav->signature, - sizeof(rav->signature))) - return False; - if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */ - return False; - - return True; -} - -/******************************************************************* - This parses an RPC_AUTH_VERIFIER for schannel. I think -********************************************************************/ - -bool smb_io_rpc_schannel_verifier(const char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth) -{ - if (rav == NULL) - return False; - - prs_debug(ps, depth, desc, "smb_io_rpc_schannel_verifier"); - depth++; - - if(!prs_string("signature", ps, depth, rav->signature, sizeof(rav->signature))) - return False; - if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) - return False; - - return True; -} - -/******************************************************************* reads or writes an RPC_AUTH_SCHANNEL_CHK structure. ********************************************************************/ diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index e42c81e..5df87e3 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -1328,11 +1328,10 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, { RPC_HDR_AUTH auth_info; struct NL_AUTH_MESSAGE neg; - RPC_AUTH_VERIFIER auth_verifier; + struct NL_AUTH_MESSAGE reply; bool ret; NTSTATUS status; struct netlogon_creds_CredentialState *creds; - uint32 flags; DATA_BLOB session_key; enum ndr_err_code ndr_err; DATA_BLOB blob; @@ -1422,17 +1421,25 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, /*** SCHANNEL verifier ***/ - init_rpc_auth_verifier(&auth_verifier, "\001", 0x0); - if(!smb_io_rpc_schannel_verifier("", &auth_verifier, pout_auth, 0)) { - DEBUG(0,("pipe_schannel_auth_bind: marshalling of RPC_AUTH_VERIFIER failed.\n")); - return False; + reply.MessageType = NL_NEGOTIATE_RESPONSE; + reply.Flags = 0; + reply.Buffer.dummy = 5; /* ??? actually I don't think + * this has any meaning + * here - gd */ + + ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &reply, + (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n")); + return false; } - prs_align(pout_auth); + if (DEBUGLEVEL >= 10) { + NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &reply); + } - flags = 5; - if(!prs_uint32("flags ", pout_auth, 0, &flags)) { - return False; + if (!prs_copy_data_in(pout_auth, (const char *)blob.data, blob.length)) { + return false; } DEBUG(10,("pipe_schannel_auth_bind: schannel auth: domain [%s] myname [%s]\n", -- Samba Shared Repository