2 * DCERPC Helper routines
3 * Günther Deschner <gd@samba.org> 2010.
4 * Simo Sorce <idra@samba.org> 2010.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/rpc/dcerpc.h"
23 #include "librpc/gen_ndr/ndr_dcerpc.h"
24 #include "librpc/gen_ndr/ndr_schannel.h"
25 #include "../libcli/auth/schannel.h"
26 #include "../libcli/auth/spnego.h"
27 #include "../libcli/auth/ntlmssp.h"
28 #include "ntlmssp_wrap.h"
29 #include "librpc/rpc/dcerpc_gssapi.h"
30 #include "librpc/rpc/dcerpc_spnego.h"
33 #define DBGC_CLASS DBGC_RPC_PARSE
36 * @brief NDR Encodes a ncacn_packet
38 * @param mem_ctx The memory context the blob will be allocated on
39 * @param ptype The DCERPC packet type
40 * @param pfc_flags The DCERPC PFC Falgs
41 * @param auth_length The length of the trailing auth blob
42 * @param call_id The call ID
43 * @param u The payload of the packet
44 * @param blob [out] The encoded blob if successful
46 * @return an NTSTATUS error code
48 NTSTATUS dcerpc_push_ncacn_packet(TALLOC_CTX *mem_ctx,
49 enum dcerpc_pkt_type ptype,
53 union dcerpc_payload *u,
56 struct ncacn_packet r;
57 enum ndr_err_code ndr_err;
62 r.pfc_flags = pfc_flags;
63 r.drep[0] = DCERPC_DREP_LE;
67 r.auth_length = auth_length;
71 ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r,
72 (ndr_push_flags_fn_t)ndr_push_ncacn_packet);
73 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
74 return ndr_map_error2ntstatus(ndr_err);
77 dcerpc_set_frag_length(blob, blob->length);
80 if (DEBUGLEVEL >= 10) {
81 /* set frag len for print function */
82 r.frag_length = blob->length;
83 NDR_PRINT_DEBUG(ncacn_packet, &r);
90 * @brief Decodes a ncacn_packet
92 * @param mem_ctx The memory context on which to allocate the packet
94 * @param blob The blob of data to decode
95 * @param r An empty ncacn_packet, must not be NULL
97 * @return a NTSTATUS error code
99 NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
100 const DATA_BLOB *blob,
101 struct ncacn_packet *r,
104 enum ndr_err_code ndr_err;
105 struct ndr_pull *ndr;
107 ndr = ndr_pull_init_blob(blob, mem_ctx);
109 return NT_STATUS_NO_MEMORY;
112 ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
115 ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
117 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
119 return ndr_map_error2ntstatus(ndr_err);
123 if (DEBUGLEVEL >= 10) {
124 NDR_PRINT_DEBUG(ncacn_packet, r);
131 * @brief NDR Encodes a NL_AUTH_MESSAGE
133 * @param mem_ctx The memory context the blob will be allocated on
134 * @param r The NL_AUTH_MESSAGE to encode
135 * @param blob [out] The encoded blob if successful
137 * @return a NTSTATUS error code
139 NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx,
140 struct NL_AUTH_MESSAGE *r,
143 enum ndr_err_code ndr_err;
145 ndr_err = ndr_push_struct_blob(blob, mem_ctx, r,
146 (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
147 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
148 return ndr_map_error2ntstatus(ndr_err);
151 if (DEBUGLEVEL >= 10) {
152 NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, r);
159 * @brief NDR Encodes a dcerpc_auth structure
161 * @param mem_ctx The memory context the blob will be allocated on
162 * @param auth_type The DCERPC Authentication Type
163 * @param auth_level The DCERPC Authentication Level
164 * @param auth_pad_length The padding added to the packet this blob will be
166 * @param auth_context_id The context id
167 * @param credentials The authentication credentials blob (signature)
168 * @param blob [out] The encoded blob if successful
170 * @return a NTSTATUS error code
172 NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
173 enum dcerpc_AuthType auth_type,
174 enum dcerpc_AuthLevel auth_level,
175 uint8_t auth_pad_length,
176 uint32_t auth_context_id,
177 const DATA_BLOB *credentials,
180 struct dcerpc_auth r;
181 enum ndr_err_code ndr_err;
183 r.auth_type = auth_type;
184 r.auth_level = auth_level;
185 r.auth_pad_length = auth_pad_length;
187 r.auth_context_id = auth_context_id;
188 r.credentials = *credentials;
190 ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r,
191 (ndr_push_flags_fn_t)ndr_push_dcerpc_auth);
192 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
193 return ndr_map_error2ntstatus(ndr_err);
196 if (DEBUGLEVEL >= 10) {
197 NDR_PRINT_DEBUG(dcerpc_auth, &r);
204 * @brief Decodes a dcerpc_auth blob
206 * @param mem_ctx The memory context on which to allocate the packet
208 * @param blob The blob of data to decode
209 * @param r An empty dcerpc_auth structure, must not be NULL
211 * @return a NTSTATUS error code
213 NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
214 const DATA_BLOB *blob,
215 struct dcerpc_auth *r,
218 enum ndr_err_code ndr_err;
219 struct ndr_pull *ndr;
221 ndr = ndr_pull_init_blob(blob, mem_ctx);
223 return NT_STATUS_NO_MEMORY;
226 ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
229 ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, r);
231 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
233 return ndr_map_error2ntstatus(ndr_err);
237 if (DEBUGLEVEL >= 10) {
238 NDR_PRINT_DEBUG(dcerpc_auth, r);
245 * @brief Calculate how much data we can in a packet, including calculating
246 * auth token and pad lengths.
248 * @param auth The pipe_auth_data structure for this pipe.
249 * @param header_len The length of the packet header
250 * @param data_left The data left in the send buffer
251 * @param max_xmit_frag The max fragment size.
252 * @param pad_alignment The NDR padding size.
253 * @param data_to_send [out] The max data we will send in the pdu
254 * @param frag_len [out] The total length of the fragment
255 * @param auth_len [out] The length of the auth trailer
256 * @param pad_len [out] The padding to be applied
258 * @return A NT Error status code.
260 NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
261 size_t header_len, size_t data_left,
262 size_t max_xmit_frag, size_t pad_alignment,
263 size_t *data_to_send, size_t *frag_len,
264 size_t *auth_len, size_t *pad_len)
268 struct gse_context *gse_ctx;
269 enum dcerpc_AuthType auth_type;
274 /* no auth token cases first */
275 switch (auth->auth_level) {
276 case DCERPC_AUTH_LEVEL_NONE:
277 case DCERPC_AUTH_LEVEL_CONNECT:
278 case DCERPC_AUTH_LEVEL_PACKET:
279 max_len = max_xmit_frag - header_len;
280 *data_to_send = MIN(max_len, data_left);
283 *frag_len = header_len + *data_to_send;
286 case DCERPC_AUTH_LEVEL_PRIVACY:
290 case DCERPC_AUTH_LEVEL_INTEGRITY:
294 return NT_STATUS_INVALID_PARAMETER;
298 /* Sign/seal case, calculate auth and pad lengths */
300 max_len = max_xmit_frag - header_len - DCERPC_AUTH_TRAILER_LENGTH;
302 /* Treat the same for all authenticated rpc requests. */
303 switch (auth->auth_type) {
304 case DCERPC_AUTH_TYPE_SPNEGO:
305 /* compat for server code */
306 if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
307 *auth_len = NTLMSSP_SIG_SIZE;
311 status = spnego_get_negotiated_mech(auth->a_u.spnego_state,
312 &auth_type, &auth_ctx);
313 if (!NT_STATUS_IS_OK(status)) {
317 case DCERPC_AUTH_TYPE_NTLMSSP:
318 *auth_len = NTLMSSP_SIG_SIZE;
321 case DCERPC_AUTH_TYPE_KRB5:
322 gse_ctx = talloc_get_type(auth_ctx,
325 return NT_STATUS_INVALID_PARAMETER;
327 *auth_len = gse_get_signature_length(gse_ctx,
332 return NT_STATUS_INVALID_PARAMETER;
336 case DCERPC_AUTH_TYPE_NTLMSSP:
337 *auth_len = NTLMSSP_SIG_SIZE;
340 case DCERPC_AUTH_TYPE_SCHANNEL:
341 *auth_len = NL_AUTH_SIGNATURE_SIZE;
344 case DCERPC_AUTH_TYPE_KRB5:
345 *auth_len = gse_get_signature_length(auth->a_u.gssapi_state,
350 return NT_STATUS_INVALID_PARAMETER;
353 max_len -= *auth_len;
355 *data_to_send = MIN(max_len, data_left);
357 mod_len = (header_len + *data_to_send) % pad_alignment;
359 *pad_len = pad_alignment - mod_len;
364 if (*data_to_send + *pad_len > max_len) {
365 *data_to_send -= pad_alignment;
368 *frag_len = header_len + *data_to_send + *pad_len
369 + DCERPC_AUTH_TRAILER_LENGTH + *auth_len;
374 /*******************************************************************
375 Create and add the NTLMSSP sign/seal auth data.
376 ********************************************************************/
378 static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
379 enum dcerpc_AuthLevel auth_level,
382 uint16_t data_and_pad_len = rpc_out->length
383 - DCERPC_RESPONSE_LENGTH
384 - DCERPC_AUTH_TRAILER_LENGTH;
389 return NT_STATUS_INVALID_PARAMETER;
392 switch (auth_level) {
393 case DCERPC_AUTH_LEVEL_PRIVACY:
394 /* Data portion is encrypted. */
395 status = auth_ntlmssp_seal_packet(auth_state,
398 + DCERPC_RESPONSE_LENGTH,
403 if (!NT_STATUS_IS_OK(status)) {
408 case DCERPC_AUTH_LEVEL_INTEGRITY:
409 /* Data is signed. */
410 status = auth_ntlmssp_sign_packet(auth_state,
413 + DCERPC_RESPONSE_LENGTH,
418 if (!NT_STATUS_IS_OK(status)) {
425 smb_panic("bad auth level");
427 return NT_STATUS_INVALID_PARAMETER;
430 /* Finally attach the blob. */
431 if (!data_blob_append(NULL, rpc_out,
432 auth_blob.data, auth_blob.length)) {
433 DEBUG(0, ("Failed to add %u bytes auth blob.\n",
434 (unsigned int)auth_blob.length));
435 return NT_STATUS_NO_MEMORY;
437 data_blob_free(&auth_blob);
442 /*******************************************************************
443 Check/unseal the NTLMSSP auth data. (Unseal in place).
444 ********************************************************************/
446 static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
447 enum dcerpc_AuthLevel auth_level,
448 DATA_BLOB *data, DATA_BLOB *full_pkt,
449 DATA_BLOB *auth_token)
451 switch (auth_level) {
452 case DCERPC_AUTH_LEVEL_PRIVACY:
453 /* Data portion is encrypted. */
454 return auth_ntlmssp_unseal_packet(auth_state,
461 case DCERPC_AUTH_LEVEL_INTEGRITY:
462 /* Data is signed. */
463 return auth_ntlmssp_check_packet(auth_state,
471 return NT_STATUS_INVALID_PARAMETER;
475 /*******************************************************************
476 Create and add the schannel sign/seal auth data.
477 ********************************************************************/
479 static NTSTATUS add_schannel_auth_footer(struct schannel_state *sas,
480 enum dcerpc_AuthLevel auth_level,
483 uint8_t *data_p = rpc_out->data + DCERPC_RESPONSE_LENGTH;
484 size_t data_and_pad_len = rpc_out->length
485 - DCERPC_RESPONSE_LENGTH
486 - DCERPC_AUTH_TRAILER_LENGTH;
491 return NT_STATUS_INVALID_PARAMETER;
494 DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
497 switch (auth_level) {
498 case DCERPC_AUTH_LEVEL_PRIVACY:
499 status = netsec_outgoing_packet(sas,
506 case DCERPC_AUTH_LEVEL_INTEGRITY:
507 status = netsec_outgoing_packet(sas,
515 status = NT_STATUS_INTERNAL_ERROR;
519 if (!NT_STATUS_IS_OK(status)) {
520 DEBUG(1,("add_schannel_auth_footer: failed to process packet: %s\n",
525 if (DEBUGLEVEL >= 10) {
526 dump_NL_AUTH_SIGNATURE(talloc_tos(), &auth_blob);
529 /* Finally attach the blob. */
530 if (!data_blob_append(NULL, rpc_out,
531 auth_blob.data, auth_blob.length)) {
532 return NT_STATUS_NO_MEMORY;
534 data_blob_free(&auth_blob);
539 /*******************************************************************
540 Check/unseal the Schannel auth data. (Unseal in place).
541 ********************************************************************/
543 static NTSTATUS get_schannel_auth_footer(TALLOC_CTX *mem_ctx,
544 struct schannel_state *auth_state,
545 enum dcerpc_AuthLevel auth_level,
546 DATA_BLOB *data, DATA_BLOB *full_pkt,
547 DATA_BLOB *auth_token)
549 switch (auth_level) {
550 case DCERPC_AUTH_LEVEL_PRIVACY:
551 /* Data portion is encrypted. */
552 return netsec_incoming_packet(auth_state,
558 case DCERPC_AUTH_LEVEL_INTEGRITY:
559 /* Data is signed. */
560 return netsec_incoming_packet(auth_state,
567 return NT_STATUS_INVALID_PARAMETER;
571 /*******************************************************************
572 Create and add the gssapi sign/seal auth data.
573 ********************************************************************/
575 static NTSTATUS add_gssapi_auth_footer(struct gse_context *gse_ctx,
576 enum dcerpc_AuthLevel auth_level,
584 return NT_STATUS_INVALID_PARAMETER;
587 data.data = rpc_out->data + DCERPC_RESPONSE_LENGTH;
588 data.length = rpc_out->length - DCERPC_RESPONSE_LENGTH
589 - DCERPC_AUTH_TRAILER_LENGTH;
591 switch (auth_level) {
592 case DCERPC_AUTH_LEVEL_PRIVACY:
593 status = gse_seal(talloc_tos(), gse_ctx, &data, &auth_blob);
595 case DCERPC_AUTH_LEVEL_INTEGRITY:
596 status = gse_sign(talloc_tos(), gse_ctx, &data, &auth_blob);
599 status = NT_STATUS_INTERNAL_ERROR;
603 if (!NT_STATUS_IS_OK(status)) {
604 DEBUG(1, ("Failed to process packet: %s\n",
609 /* Finally attach the blob. */
610 if (!data_blob_append(NULL, rpc_out,
611 auth_blob.data, auth_blob.length)) {
612 return NT_STATUS_NO_MEMORY;
615 data_blob_free(&auth_blob);
620 /*******************************************************************
621 Check/unseal the gssapi auth data. (Unseal in place).
622 ********************************************************************/
624 static NTSTATUS get_gssapi_auth_footer(TALLOC_CTX *mem_ctx,
625 struct gse_context *gse_ctx,
626 enum dcerpc_AuthLevel auth_level,
627 DATA_BLOB *data, DATA_BLOB *full_pkt,
628 DATA_BLOB *auth_token)
630 /* TODO: pass in full_pkt when
631 * DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN is set */
632 switch (auth_level) {
633 case DCERPC_AUTH_LEVEL_PRIVACY:
634 /* Data portion is encrypted. */
635 return gse_unseal(mem_ctx, gse_ctx,
638 case DCERPC_AUTH_LEVEL_INTEGRITY:
639 /* Data is signed. */
640 return gse_sigcheck(mem_ctx, gse_ctx,
643 return NT_STATUS_INVALID_PARAMETER;
647 /*******************************************************************
648 Create and add the spnego-negotiated sign/seal auth data.
649 ********************************************************************/
651 static NTSTATUS add_spnego_auth_footer(struct spnego_context *spnego_ctx,
652 enum dcerpc_AuthLevel auth_level,
655 enum dcerpc_AuthType auth_type;
656 struct gse_context *gse_ctx;
657 struct auth_ntlmssp_state *ntlmssp_ctx;
662 return NT_STATUS_INVALID_PARAMETER;
665 status = spnego_get_negotiated_mech(spnego_ctx,
666 &auth_type, &auth_ctx);
667 if (!NT_STATUS_IS_OK(status)) {
672 case DCERPC_AUTH_TYPE_KRB5:
673 gse_ctx = talloc_get_type(auth_ctx, struct gse_context);
675 status = NT_STATUS_INTERNAL_ERROR;
678 status = add_gssapi_auth_footer(gse_ctx,
679 auth_level, rpc_out);
682 case DCERPC_AUTH_TYPE_NTLMSSP:
683 ntlmssp_ctx = talloc_get_type(auth_ctx,
684 struct auth_ntlmssp_state);
686 status = NT_STATUS_INTERNAL_ERROR;
689 status = add_ntlmssp_auth_footer(ntlmssp_ctx,
690 auth_level, rpc_out);
694 status = NT_STATUS_INTERNAL_ERROR;
701 static NTSTATUS get_spnego_auth_footer(TALLOC_CTX *mem_ctx,
702 struct spnego_context *sp_ctx,
703 enum dcerpc_AuthLevel auth_level,
704 DATA_BLOB *data, DATA_BLOB *full_pkt,
705 DATA_BLOB *auth_token)
707 enum dcerpc_AuthType auth_type;
708 struct auth_ntlmssp_state *ntlmssp_ctx;
709 struct gse_context *gse_ctx;
713 status = spnego_get_negotiated_mech(sp_ctx, &auth_type, &auth_ctx);
714 if (!NT_STATUS_IS_OK(status)) {
719 case DCERPC_AUTH_TYPE_KRB5:
720 gse_ctx = talloc_get_type(auth_ctx,
723 return NT_STATUS_INVALID_PARAMETER;
726 DEBUG(10, ("KRB5 auth\n"));
728 return get_gssapi_auth_footer(mem_ctx, gse_ctx,
732 case DCERPC_AUTH_TYPE_NTLMSSP:
733 ntlmssp_ctx = talloc_get_type(auth_ctx,
734 struct auth_ntlmssp_state);
736 return NT_STATUS_INVALID_PARAMETER;
739 DEBUG(10, ("NTLMSSP auth\n"));
741 return get_ntlmssp_auth_footer(ntlmssp_ctx,
746 return NT_STATUS_INVALID_PARAMETER;
751 * @brief Append an auth footer according to what is the current mechanism
753 * @param auth The pipe_auth_data associated with the connection
754 * @param pad_len The padding used in the packet
755 * @param rpc_out Packet blob up to and including the auth header
757 * @return A NTSTATUS error code.
759 NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
760 size_t pad_len, DATA_BLOB *rpc_out)
762 char pad[CLIENT_NDR_PADDING_SIZE] = { 0, };
767 if (auth->auth_type == DCERPC_AUTH_TYPE_NONE) {
772 /* Copy the sign/seal padding data. */
773 if (!data_blob_append(NULL, rpc_out, pad, pad_len)) {
774 return NT_STATUS_NO_MEMORY;
778 /* marshall the dcerpc_auth with an actually empty auth_blob.
779 * This is needed because the ntmlssp signature includes the
780 * auth header. We will append the actual blob later. */
781 auth_blob = data_blob_null;
782 status = dcerpc_push_dcerpc_auth(rpc_out->data,
789 if (!NT_STATUS_IS_OK(status)) {
793 /* append the header */
794 if (!data_blob_append(NULL, rpc_out,
795 auth_info.data, auth_info.length)) {
796 DEBUG(0, ("Failed to add %u bytes auth blob.\n",
797 (unsigned int)auth_info.length));
798 return NT_STATUS_NO_MEMORY;
800 data_blob_free(&auth_info);
802 /* Generate any auth sign/seal and add the auth footer. */
803 switch (auth->auth_type) {
804 case DCERPC_AUTH_TYPE_NONE:
805 status = NT_STATUS_OK;
807 case DCERPC_AUTH_TYPE_SPNEGO:
808 if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
809 /* compat for server code */
810 return add_ntlmssp_auth_footer(
811 auth->a_u.auth_ntlmssp_state,
815 status = add_spnego_auth_footer(auth->a_u.spnego_state,
816 auth->auth_level, rpc_out);
818 case DCERPC_AUTH_TYPE_NTLMSSP:
819 status = add_ntlmssp_auth_footer(auth->a_u.auth_ntlmssp_state,
823 case DCERPC_AUTH_TYPE_SCHANNEL:
824 status = add_schannel_auth_footer(auth->a_u.schannel_auth,
828 case DCERPC_AUTH_TYPE_KRB5:
829 status = add_gssapi_auth_footer(auth->a_u.gssapi_state,
834 status = NT_STATUS_INVALID_PARAMETER;
842 * @brief Check authentication for request/response packets
844 * @param auth The auth data for the connection
845 * @param pkt The actual ncacn_packet
846 * @param pkt_trailer The stub_and_verifier part of the packet
847 * @param header_size The header size
848 * @param raw_pkt The whole raw packet data blob
849 * @param pad_len [out] The padding length used in the packet
851 * @return A NTSTATUS error code
853 NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
854 struct ncacn_packet *pkt,
855 DATA_BLOB *pkt_trailer,
861 struct dcerpc_auth auth_info;
862 uint32_t auth_length;
866 switch (auth->auth_level) {
867 case DCERPC_AUTH_LEVEL_PRIVACY:
868 DEBUG(10, ("Requested Privacy.\n"));
871 case DCERPC_AUTH_LEVEL_INTEGRITY:
872 DEBUG(10, ("Requested Integrity.\n"));
875 case DCERPC_AUTH_LEVEL_CONNECT:
876 if (pkt->auth_length != 0) {
882 case DCERPC_AUTH_LEVEL_NONE:
883 if (pkt->auth_length != 0) {
884 DEBUG(3, ("Got non-zero auth len on non "
885 "authenticated connection!\n"));
886 return NT_STATUS_INVALID_PARAMETER;
892 DEBUG(3, ("Unimplemented Auth Level %d",
894 return NT_STATUS_INVALID_PARAMETER;
897 /* Paranioa checks for auth_length. */
898 if (pkt->auth_length > pkt->frag_length) {
899 return NT_STATUS_INFO_LENGTH_MISMATCH;
901 if (((unsigned int)pkt->auth_length
902 + DCERPC_AUTH_TRAILER_LENGTH < (unsigned int)pkt->auth_length) ||
903 ((unsigned int)pkt->auth_length
904 + DCERPC_AUTH_TRAILER_LENGTH < DCERPC_AUTH_TRAILER_LENGTH)) {
905 /* Integer wrap attempt. */
906 return NT_STATUS_INFO_LENGTH_MISMATCH;
909 status = dcerpc_pull_auth_trailer(pkt, pkt, pkt_trailer,
910 &auth_info, &auth_length, false);
911 if (!NT_STATUS_IS_OK(status)) {
915 data = data_blob_const(raw_pkt->data + header_size,
916 pkt_trailer->length - auth_length);
917 full_pkt = data_blob_const(raw_pkt->data,
918 raw_pkt->length - auth_info.credentials.length);
920 switch (auth->auth_type) {
921 case DCERPC_AUTH_TYPE_NONE:
924 case DCERPC_AUTH_TYPE_SPNEGO:
925 if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
926 /* compat for server code */
927 DEBUG(10, ("NTLMSSP auth\n"));
929 status = get_ntlmssp_auth_footer(
930 auth->a_u.auth_ntlmssp_state,
933 &auth_info.credentials);
934 if (!NT_STATUS_IS_OK(status)) {
940 status = get_spnego_auth_footer(pkt, auth->a_u.spnego_state,
943 &auth_info.credentials);
944 if (!NT_STATUS_IS_OK(status)) {
949 case DCERPC_AUTH_TYPE_NTLMSSP:
951 DEBUG(10, ("NTLMSSP auth\n"));
953 status = get_ntlmssp_auth_footer(auth->a_u.auth_ntlmssp_state,
956 &auth_info.credentials);
957 if (!NT_STATUS_IS_OK(status)) {
962 case DCERPC_AUTH_TYPE_SCHANNEL:
964 DEBUG(10, ("SCHANNEL auth\n"));
966 status = get_schannel_auth_footer(pkt,
967 auth->a_u.schannel_auth,
970 &auth_info.credentials);
971 if (!NT_STATUS_IS_OK(status)) {
976 case DCERPC_AUTH_TYPE_KRB5:
978 DEBUG(10, ("KRB5 auth\n"));
980 status = get_gssapi_auth_footer(pkt,
981 auth->a_u.gssapi_state,
984 &auth_info.credentials);
985 if (!NT_STATUS_IS_OK(status)) {
991 DEBUG(0, ("process_request_pdu: "
992 "unknown auth type %u set.\n",
993 (unsigned int)auth->auth_type));
994 return NT_STATUS_INVALID_PARAMETER;
997 /* TODO: remove later
998 * this is still needed because in the server code the
999 * pkt_trailer actually has a copy of the raw data, and they
1000 * are still both used in later calls */
1001 if (auth->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1002 memcpy(pkt_trailer->data, data.data, data.length);
1005 *pad_len = auth_info.auth_pad_length;
1006 data_blob_free(&auth_info.credentials);
1007 return NT_STATUS_OK;