diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-10-13 15:42:32 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2016-10-26 11:20:15 +0200 |
commit | 791186d8247fdce4870b4473f61a9265ffccd17d (patch) | |
tree | 859053b0b26b1edb73793f85322b84d09cd62dc8 /source4/librpc | |
parent | 857b96cafcbd609338f33bcc17036f278063d067 (diff) | |
download | samba-791186d8247fdce4870b4473f61a9265ffccd17d.tar.gz |
s4:librpc/rpc: make use of dcerpc_ncacn_pull_pkt_auth() in ncacn_pull_request_auth()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/rpc/dcerpc.c | 114 |
1 files changed, 20 insertions, 94 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 362de03469b..dcc098cb628 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -719,106 +719,32 @@ static NTSTATUS ncacn_pull_request_auth(struct dcecli_connection *c, TALLOC_CTX DATA_BLOB *raw_packet, struct ncacn_packet *pkt) { + const struct dcerpc_auth tmp_auth = { + .auth_type = c->security_state.auth_type, + .auth_level = c->security_state.auth_level, + .auth_context_id = c->security_state.auth_context_id, + }; NTSTATUS status; - struct dcerpc_auth auth; - uint32_t auth_length; - status = dcerpc_verify_ncacn_packet_header(pkt, DCERPC_PKT_RESPONSE, - pkt->u.response.stub_and_verifier.length, - 0, /* required_flags */ - DCERPC_PFC_FLAG_FIRST | - DCERPC_PFC_FLAG_LAST); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - switch (c->security_state.auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - case DCERPC_AUTH_LEVEL_INTEGRITY: - break; - - case DCERPC_AUTH_LEVEL_CONNECT: - if (pkt->auth_length != 0) { - break; - } - return NT_STATUS_OK; - case DCERPC_AUTH_LEVEL_NONE: - if (pkt->auth_length != 0) { - return NT_STATUS_INVALID_NETWORK_RESPONSE; - } - return NT_STATUS_OK; - - default: - return NT_STATUS_INVALID_LEVEL; - } - - if (pkt->auth_length == 0) { + status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, + c->security_state.generic_state, + mem_ctx, + DCERPC_PKT_RESPONSE, + 0, /* required_flags */ + DCERPC_PFC_FLAG_FIRST | + DCERPC_PFC_FLAG_LAST, + DCERPC_REQUEST_LENGTH, + &pkt->u.response.stub_and_verifier, + raw_packet, + pkt); + if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) { return NT_STATUS_INVALID_NETWORK_RESPONSE; } - - if (c->security_state.generic_state == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - - status = dcerpc_pull_auth_trailer(pkt, mem_ctx, - &pkt->u.response.stub_and_verifier, - &auth, &auth_length, false); - NT_STATUS_NOT_OK_RETURN(status); - - pkt->u.response.stub_and_verifier.length -= auth_length; - - if (auth.auth_type != c->security_state.auth_type) { - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - if (auth.auth_level != c->security_state.auth_level) { - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - if (auth.auth_context_id != c->security_state.auth_context_id) { - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - /* check signature or unseal the packet */ - switch (c->security_state.auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - status = gensec_unseal_packet(c->security_state.generic_state, - raw_packet->data + DCERPC_REQUEST_LENGTH, - pkt->u.response.stub_and_verifier.length, - raw_packet->data, - raw_packet->length - auth.credentials.length, - &auth.credentials); - memcpy(pkt->u.response.stub_and_verifier.data, - raw_packet->data + DCERPC_REQUEST_LENGTH, - pkt->u.response.stub_and_verifier.length); - break; - - case DCERPC_AUTH_LEVEL_INTEGRITY: - status = gensec_check_packet(c->security_state.generic_state, - pkt->u.response.stub_and_verifier.data, - pkt->u.response.stub_and_verifier.length, - raw_packet->data, - raw_packet->length - auth.credentials.length, - &auth.credentials); - break; - - case DCERPC_AUTH_LEVEL_CONNECT: - /* for now we ignore possible signatures here */ - status = NT_STATUS_OK; - break; - - default: - status = NT_STATUS_INVALID_LEVEL; - break; - } - - /* remove the indicated amount of padding */ - if (pkt->u.response.stub_and_verifier.length < auth.auth_pad_length) { - return NT_STATUS_INFO_LENGTH_MISMATCH; + if (!NT_STATUS_IS_OK(status)) { + return status; } - pkt->u.response.stub_and_verifier.length -= auth.auth_pad_length; - return status; + return NT_STATUS_OK; } |