*/
*rdata = *pdu;
+ ret = dcerpc_sec_vt_preauth_update(&cli->preauth,
+ pkt,
+ pdu,
+ &cli->preauth);
+ if (!NT_STATUS_IS_OK(ret)) {
+ return ret;
+ }
+
if ((pkt->ptype == DCERPC_PKT_BIND_ACK) &&
!(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) {
/*
NTSTATUS status;
struct ndr_syntax_id bind_time_features = dcerpc_construct_bind_time_features(
DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING |
- DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN);
+ DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN |
+ DCERPC_BIND_TIME_SUPPORT_PREAUTH);
struct dcerpc_ctx_list ctx_list[2] = {
[0] = {
.context_id = 0,
uint32_t req_trailer_sent;
bool verify_bitmask1;
bool verify_pcontext;
+ bool verify_preauth;
DATA_BLOB rpc_out;
DATA_BLOB reply_pdu;
};
};
}
+ if (!state->cli->verified_preauth) {
+ struct dcerpc_sec_vt *c = NULL;
+ DATA_BLOB buffer = { .length = 0, };
+ NTSTATUS status;
+
+ t->commands = talloc_realloc(t, t->commands,
+ struct dcerpc_sec_vt,
+ t->count.count + 1);
+ if (t->commands == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ c = &t->commands[t->count.count++];
+ *c = (struct dcerpc_sec_vt) {
+ .command = DCERPC_SEC_VT_COMMAND_PREAUTH,
+ };
+
+ generate_random_buffer(c->u.preauth.salt,
+ sizeof(c->u.preauth.salt));
+
+ buffer = data_blob_const(c->u.preauth.salt,
+ sizeof(c->u.preauth.salt));
+
+ status = dcerpc_sec_vt_preauth_update(&state->cli->preauth,
+ NULL, &buffer,
+ &c->u.preauth);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ state->verify_preauth = true;
+ }
+
if (t->count.count == 0) {
TALLOC_FREE(t);
return NT_STATUS_OK;
state->cli->verified_pcontext = true;
}
+ if (state->verify_preauth) {
+ state->cli->verified_preauth = true;
+ }
+
tevent_req_done(req);
}
return tevent_req_post(req, ev);
}
+ status = dcerpc_sec_vt_preauth_update(&state->cli->preauth,
+ NULL,
+ &state->rpc_out,
+ &state->cli->preauth);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
subreq = rpc_api_pipe_send(state, ev, cli, &state->rpc_out,
DCERPC_PKT_BIND_ACK, state->rpc_call_id);
if (tevent_req_nomem(subreq, req)) {
return status;
}
+ status = dcerpc_sec_vt_preauth_update(&state->cli->preauth,
+ NULL,
+ &state->rpc_out,
+ &state->cli->preauth);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
subreq = rpc_api_pipe_send(state, state->ev, state->cli,
&state->rpc_out, DCERPC_PKT_ALTER_RESP,
state->rpc_call_id);
return status;
}
+ status = dcerpc_sec_vt_preauth_update(&state->cli->preauth,
+ NULL,
+ &state->rpc_out,
+ &state->cli->preauth);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
subreq = rpc_api_pipe_send(state, state->ev, state->cli,
&state->rpc_out, DCERPC_PKT_AUTH3,
state->rpc_call_id);