diff options
author | Stefan Metzmacher <metze@samba.org> | 2005-03-01 16:08:36 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:10:55 -0500 |
commit | 4a3ca96fb44a62867ef565d1eeb6c0a16418e505 (patch) | |
tree | b5c37a846d03bc3fb6e36f02c4ca34b45dfdee5c | |
parent | 70f7c56168056c025c6931ce6e934203a5c2c9dc (diff) | |
download | samba-4a3ca96fb44a62867ef565d1eeb6c0a16418e505.tar.gz samba-4a3ca96fb44a62867ef565d1eeb6c0a16418e505.tar.bz2 samba-4a3ca96fb44a62867ef565d1eeb6c0a16418e505.zip |
r5603: add "authservice()" property to the interface property list
so we can specify allowed target service names in the idl file
the default is "host"
metze
(This used to be commit bf40d5321f3257bf9354a42d31265f1a9b0d53ad)
-rw-r--r-- | source4/build/pidl/ndr.pm | 38 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 7 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 12 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 12 | ||||
-rw-r--r-- | source4/torture/rpc/bind.c | 14 |
5 files changed, 63 insertions, 20 deletions
diff --git a/source4/build/pidl/ndr.pm b/source4/build/pidl/ndr.pm index 27f0b87d97..c460c92c95 100644 --- a/source4/build/pidl/ndr.pm +++ b/source4/build/pidl/ndr.pm @@ -2008,18 +2008,40 @@ sub FunctionTable($) pidl ""; pidl "static const struct dcerpc_endpoint_list $interface->{NAME}\_endpoints = {"; - pidl "\t$endpoint_count, $interface->{NAME}\_endpoint_strings"; + pidl "\t.count\t= $endpoint_count,"; + pidl "\t.names\t= $interface->{NAME}\_endpoint_strings"; + pidl "};"; + pidl ""; + + if (! defined $interface->{PROPERTIES}->{authservice}) { + $interface->{PROPERTIES}->{authservice} = "\"host\""; + } + + my @a = split / /, $interface->{PROPERTIES}->{authservice}; + my $authservice_count = $#a + 1; + + pidl "static const char * const $interface->{NAME}\_authservice_strings[] = {"; + foreach my $ap (@a) { + pidl "\t$ap, "; + } + pidl "};"; + pidl ""; + + pidl "static const struct dcerpc_authservice_list $interface->{NAME}\_authservices = {"; + pidl "\t.count\t= $endpoint_count,"; + pidl "\t.names\t= $interface->{NAME}\_authservice_strings"; pidl "};"; pidl ""; pidl "\nconst struct dcerpc_interface_table dcerpc_table_$interface->{NAME} = {"; - pidl "\t\"$interface->{NAME}\","; - pidl "\tDCERPC_$uname\_UUID,"; - pidl "\tDCERPC_$uname\_VERSION,"; - pidl "\tDCERPC_$uname\_HELPSTRING,"; - pidl "\t$count,"; - pidl "\t$interface->{NAME}\_calls,"; - pidl "\t&$interface->{NAME}\_endpoints"; + pidl "\t.name\t\t= \"$interface->{NAME}\","; + pidl "\t.uuid\t\t= DCERPC_$uname\_UUID,"; + pidl "\t.if_version\t= DCERPC_$uname\_VERSION,"; + pidl "\t.helpstring\t= DCERPC_$uname\_HELPSTRING,"; + pidl "\t.num_calls\t= $count,"; + pidl "\t.calls\t\t= $interface->{NAME}\_calls,"; + pidl "\t.endpoints\t= &$interface->{NAME}\_endpoints,"; + pidl "\t.authservices\t= &$interface->{NAME}\_authservices"; pidl "};"; pidl ""; diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 32a03d71a7..db7b76a779 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -153,6 +153,11 @@ struct dcerpc_endpoint_list { const char * const *names; }; +struct dcerpc_authservice_list { + uint32_t count; + const char * const *names; +}; + struct dcerpc_interface_table { const char *name; const char *uuid; @@ -161,6 +166,7 @@ struct dcerpc_interface_table { uint32_t num_calls; const struct dcerpc_interface_call *calls; const struct dcerpc_endpoint_list *endpoints; + const struct dcerpc_authservice_list *authservices; }; struct dcerpc_interface_list { @@ -175,6 +181,7 @@ struct dcerpc_binding { uint16_t object_version; const char *host; const char *endpoint; + const char *authservice; const char **options; uint32_t flags; }; diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index c0b72b6842..1bcf4224c4 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -146,7 +146,8 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p, const char *domain, const char *username, const char *password, - uint8_t auth_type) + uint8_t auth_type, + const char *service) { NTSTATUS status; @@ -189,6 +190,15 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p, return status; } + if (service) { + status = gensec_set_target_service(p->conn->security_state.generic_state, service); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start set GENSEC target service: %s\n", + nt_errstr(status))); + return status; + } + } + status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state, auth_type, dcerpc_auth_level(p->conn)); diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 3697d2f181..7b753d1b30 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -789,13 +789,15 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind if (table) { struct dcerpc_binding default_binding; - + + binding->authservice = talloc_strdup(mem_ctx, table->authservices->names[0]); + /* Find one of the default pipes for this interface */ for (i = 0; i < table->endpoints->count; i++) { status = dcerpc_parse_binding(mem_ctx, table->endpoints->names[i], &default_binding); if (NT_STATUS_IS_OK(status) && default_binding.transport == binding->transport && default_binding.endpoint) { - binding->endpoint = talloc_strdup(mem_ctx, default_binding.endpoint); + binding->endpoint = talloc_strdup(mem_ctx, default_binding.endpoint); return NT_STATUS_OK; } } @@ -808,6 +810,7 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind epmapper_binding.options = NULL; epmapper_binding.flags = 0; epmapper_binding.endpoint = NULL; + epmapper_binding.authservice = NULL; status = dcerpc_pipe_connect_b(&p, &epmapper_binding, @@ -903,8 +906,9 @@ static NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version, domain, username, password, - auth_type); - } else { + auth_type, + binding->authservice); + } else { status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version); } diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c index d626536169..10ffa50289 100644 --- a/source4/torture/rpc/bind.c +++ b/source4/torture/rpc/bind.c @@ -53,7 +53,7 @@ BOOL torture_multi_bind(void) status = dcerpc_parse_binding(mem_ctx, binding_string, &b); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("Failed to parse dcerpc binding '%s'\n", binding_string)); + printf("Failed to parse dcerpc binding '%s'\n", binding_string); talloc_free(mem_ctx); return False; } @@ -82,21 +82,21 @@ BOOL torture_multi_bind(void) status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version, domain, username, password, - auth_type); - } else { + auth_type, + binding->authservice); + } else { status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version); } if (NT_STATUS_IS_OK(status)) { - DEBUG(0,("(incorrectly) allowed re-bind to uuid %s - %s\n", - pipe_uuid, nt_errstr(status))); + printf("(incorrectly) allowed re-bind to uuid %s - %s\n", + pipe_uuid, nt_errstr(status)); ret = False; } else { + printf("\n"); ret = True; } - printf("\n"); - talloc_free(mem_ctx); torture_rpc_close(p); |