dcerpc.idl: add DCERPC_SEC_VT_COMMAND_PREAUTH

This makes it possible to detect downgrade attacks.

Client and server calculate a rolling sha512 hash
over all incoming and outgoing BIND,BIND_ACK,ALTER,ALTER_RESP,AUTH3 PDUs.

Both start with an array of SHA512_DIGEST_LENGTH (64) zero bytes
for CONNECTION->PREAUTH_SHA512
Each PDU updates the hash in the following way.

CONNECTION->PREAUTH_SHA512 = SHA512(CONNECTION->PREAUTH_SHA512 + PDU_BYTES)

Each dcerpc_sec_vt_preauth structure contains a random SALT
and sha512 hash, it calculated as SHA512(CONNECTION->PREAUTH_SHA512 + SALT).

The server also calculates SHA512(CONNECTION->PREAUTH_SHA512 + SALT) and
compares the result with the client specified value.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl
index 95ca0f246ff132270ae6a655e83478d070db986e..53816008c2177cc0b1d710f8ea5f93c4b24d1bc4 100644 (file)
--- a/librpc/idl/dcerpc.idl
+++ b/librpc/idl/dcerpc.idl
@@ -608,7 +608,8 @@ interface dcerpc
        typedef [enum16bit] enum {
                DCERPC_SEC_VT_COMMAND_BITMASK1  = 0x0001,
                DCERPC_SEC_VT_COMMAND_PCONTEXT  = 0x0002,
-               DCERPC_SEC_VT_COMMAND_HEADER2   = 0x0003
+               DCERPC_SEC_VT_COMMAND_HEADER2   = 0x0003,
+               DCERPC_SEC_VT_COMMAND_PREAUTH   = 0x0004
        } dcerpc_sec_vt_command_enum;
 
        typedef [bitmap32bit] bitmap {
@@ -630,10 +631,16 @@ interface dcerpc
                uint16 opnum;
        } dcerpc_sec_vt_header2;
 
+       typedef struct {
+               [flag(NDR_PAHEX)] uint8 salt[16];
+               [flag(NDR_PAHEX)] uint8 sha512[64];
+       } dcerpc_sec_vt_preauth;
+
        typedef [switch_type(dcerpc_sec_vt_command_enum),nodiscriminant] union {
        [case(DCERPC_SEC_VT_COMMAND_BITMASK1)] dcerpc_sec_vt_bitmask1 bitmask1;
        [case(DCERPC_SEC_VT_COMMAND_PCONTEXT)] dcerpc_sec_vt_pcontext pcontext;
        [case(DCERPC_SEC_VT_COMMAND_HEADER2)] dcerpc_sec_vt_header2 header2;
+       [case(DCERPC_SEC_VT_COMMAND_PREAUTH)] dcerpc_sec_vt_preauth preauth;
        [default,flag(NDR_REMAINING)] DATA_BLOB _unknown;
        } dcerpc_sec_vt_union;
 

diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index b09e36a31211c2f2fe1acfca068bebcc608ec141..0d8c038011d352fe006a91f9e344c8eeb5398c17 100644 (file)
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -1018,6 +1018,7 @@ static bool dcerpc_sec_vt_is_valid(const struct dcerpc_sec_verification_trailer
                case DCERPC_SEC_VT_COMMAND_BITMASK1:
                case DCERPC_SEC_VT_COMMAND_PCONTEXT:
                case DCERPC_SEC_VT_COMMAND_HEADER2:
+               case DCERPC_SEC_VT_COMMAND_PREAUTH:
                        break;
                default:
                        if ((r->commands[i].u._unknown.length % 4) != 0) {