pidl "\t\tif (DEBUGLEVEL > 10 && dce_call->fault_code == 0) {\n";
pidl "\t\t\tNDR_PRINT_OUT_DEBUG($d->{NAME}, r2);\n";
pidl "\t\t}\n";
+ pidl "\t\tif (dce_call->fault_code != 0) {\n";
+ pidl "\t\t\tDEBUG(2,(\"dcerpc_fault 0x%x in $d->{NAME}\\n\", dce_call->fault_code));\n";
+ pidl "\t\t}\n";
pidl "\t\tbreak;\n\t}\n";
$count++;
}
return count;
}
#endif
+
+
+/*
+ format a string into length-prefixed dotted domain format, as used in NBT
+ and in some ADS structures
+*/
+const char *str_format_nbt_domain(TALLOC_CTX *mem_ctx, const char *s)
+{
+ char *ret;
+ int i;
+ if (!s || !*s) {
+ return talloc_strdup(mem_ctx, "");
+ }
+ ret = talloc(mem_ctx, strlen(s)+2);
+ if (!ret) {
+ return ret;
+ }
+
+ memcpy(ret+1, s, strlen(s)+1);
+ ret[0] = '.';
+
+ for (i=0;ret[i];i++) {
+ if (ret[i] == '.') {
+ char *p = strchr(ret+i+1, '.');
+ if (p) {
+ ret[i] = p-(ret+i+1);
+ } else {
+ ret[i] = strlen(ret+i+1);
+ }
+ }
+ }
+
+ return ret;
+}
librpc/gen_ndr/ndr_ntsvcs.o
librpc/gen_ndr/ndr_netlogon.o
librpc/gen_ndr/ndr_trkwks.o
- librpc/gen_ndr/ndr_keysvc.o])
+ librpc/gen_ndr/ndr_keysvc.o
+ librpc/gen_ndr/ndr_schannel.o])
SMB_SUBSYSTEM(LIBRPC_RAW,[],
[librpc/rpc/dcerpc.o
dcerpc_syntax_id transfer_syntaxes[num_transfer_syntaxes];
} dcerpc_ctx_list;
- /*
- a schannel bind blob - used in auth_info
- on a schannel bind
- */
- typedef [public] struct {
- uint32 unknown1;
- uint32 unknown2;
- astring domain;
- astring hostname;
- } dcerpc_bind_schannel;
-
typedef struct {
uint16 max_xmit_frag;
uint16 max_recv_frag;
--- /dev/null
+#include "idl_types.h"
+
+/*
+ schannel structures
+*/
+
+[]
+interface schannel
+{
+ /*
+ a schannel bind blob - used in dcerpc auth_info
+ on a schannel
+ */
+ typedef struct {
+ astring domain;
+ astring account_name;
+ } schannel_bind_3;
+
+ typedef struct {
+ astring domain;
+ astring account_name;
+ astring dnsdomain; /* in NBT dotted format */
+ astring workstation;
+ } schannel_bind_23;
+
+ typedef [nodiscriminant] union {
+ [case (3)] schannel_bind_3 info3;
+ [case (23)] schannel_bind_23 info23;
+ } schannel_bind_info;
+
+ typedef [public] struct {
+ uint32 unknown1; /* seems to need to be 0 */
+ uint32 bind_type;
+ [switch_is(bind_type)] schannel_bind_info u;
+ } schannel_bind;
+
+ /* a bind_ack blob */
+ typedef [public] struct {
+ uint32 unknown1; /* 1 */
+ uint32 unknown2; /* 0 */
+ uint32 unknown3; /* 0x006c0000 */
+ } schannel_bind_ack;
+}
if (!ndr.mem_ctx) return;
ndr.print = ndr_print_debug_helper;
ndr.depth = 1;
+ ndr.flags = 0;
fn(&ndr, name, ptr);
talloc_destroy(ndr.mem_ctx);
}
if (!ndr.mem_ctx) return;
ndr.print = ndr_print_debug_helper;
ndr.depth = 1;
+ ndr.flags = 0;
fn(&ndr, name, level, ptr);
talloc_destroy(ndr.mem_ctx);
}
NTSTATUS status;
struct schannel_state *schannel_state;
const char *workgroup, *workstation;
- struct dcerpc_bind_schannel bind_schannel;
+ struct schannel_bind bind_schannel;
workstation = username;
workgroup = domain;
p->auth_info->auth_context_id = random();
p->security_state = NULL;
- /* TODO: what are these?? */
bind_schannel.unknown1 = 0;
- bind_schannel.unknown2 = 3;
- bind_schannel.domain = workgroup;
- bind_schannel.hostname = workstation;
+#if 0
+ /* to support this we'd need to have access to the full domain name */
+ bind_schannel.bind_type = 23;
+ bind_schannel.u.info23.domain = domain;
+ bind_schannel.u.info23.account_name = username;
+ bind_schannel.u.info23.dnsdomain = str_format_nbt_domain(p->mem_ctx, fulldomainname);
+ bind_schannel.u.info23.workstation = str_format_nbt_domain(p->mem_ctx, username);
+#else
+ bind_schannel.bind_type = 3;
+ bind_schannel.u.info3.domain = domain;
+ bind_schannel.u.info3.account_name = username;
+#endif
status = ndr_push_struct_blob(&p->auth_info->credentials, p->mem_ctx, &bind_schannel,
- (ndr_push_flags_fn_t)ndr_push_dcerpc_bind_schannel);
+ (ndr_push_flags_fn_t)ndr_push_schannel_bind);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
struct srv_schannel_state {
TALLOC_CTX *mem_ctx;
- struct dcerpc_bind_schannel bind_info;
+ struct schannel_bind bind_info;
struct schannel_state *state;
};
NTSTATUS status;
TALLOC_CTX *mem_ctx;
uint8_t session_key[16];
+ const char *account_name;
+ struct schannel_bind_ack ack;
mem_ctx = talloc_init("schannel_start");
if (!mem_ctx) {
/* parse the schannel startup blob */
status = ndr_pull_struct_blob(auth_blob, mem_ctx, &schannel->bind_info,
- (ndr_pull_flags_fn_t)ndr_pull_dcerpc_bind_schannel);
+ (ndr_pull_flags_fn_t)ndr_pull_schannel_bind);
if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
return NT_STATUS_INVALID_PARAMETER;
}
+ if (schannel->bind_info.bind_type == 23) {
+ account_name = schannel->bind_info.u.info23.account_name;
+ } else {
+ account_name = schannel->bind_info.u.info3.account_name;
+ }
+
/* pull the session key for this client */
- status = schannel_fetch_session_key(mem_ctx, schannel->bind_info.hostname, session_key);
+ status = schannel_fetch_session_key(mem_ctx, account_name, session_key);
if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
return NT_STATUS_INVALID_HANDLE;
auth->crypto_ctx.private_data = schannel;
+ ack.unknown1 = 1;
+ ack.unknown2 = 0;
+ ack.unknown3 = 0x6c0000;
+
+ status = ndr_push_struct_blob(auth_blob, mem_ctx, &ack,
+ (ndr_push_flags_fn_t)ndr_push_schannel_bind_ack);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_destroy(mem_ctx);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
return status;
}
sign a packet
*/
static NTSTATUS dcesrv_crypto_schannel_sign(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data, size_t length, DATA_BLOB *sig)
+ const uint8_t *data, size_t length, DATA_BLOB *sig)
{
struct srv_schannel_state *srv_schannel_state = auth->crypto_ctx.private_data;
git.samba.org / samba.git / commitdiff