summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2006-07-31 07:29:44 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:15:16 -0500
commit3ecdc5c24f502f45b24f97938dbd6bffd1b6383b (patch)
tree6f16c11b1b933a96c7d46c839f62723f5562c6ce
parent582cf8c1c01e5f933c31ce82bf4504e7537da2d1 (diff)
downloadsamba-3ecdc5c24f502f45b24f97938dbd6bffd1b6383b.tar.gz
samba-3ecdc5c24f502f45b24f97938dbd6bffd1b6383b.tar.bz2
samba-3ecdc5c24f502f45b24f97938dbd6bffd1b6383b.zip
r17336: make the logic a bit more easier to understand...
metze (This used to be commit 60afb466831da7a6946079ef0683cb6bff5edeb9)
-rw-r--r--source4/librpc/rpc/dcerpc_util.c106
1 files changed, 51 insertions, 55 deletions
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index d3eed5c4bb..e1bae14462 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -1150,6 +1150,7 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
struct composite_context *auth_req;
struct composite_context *auth_none_req;
struct dcerpc_connection *conn;
+ uint8_t auth_type;
/* composite context allocation and setup */
c = talloc_zero(NULL, struct composite_context);
@@ -1174,81 +1175,76 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
/* remember the binding string for possible secondary connections */
conn->binding_string = dcerpc_binding_string(p, binding);
- if (!cli_credentials_is_anonymous(s->credentials) &&
- (binding->flags & DCERPC_SCHANNEL) &&
- !cli_credentials_get_netlogon_creds(s->credentials)) {
+ if (cli_credentials_is_anonymous(s->credentials)) {
+ auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
+ composite_continue(c, auth_none_req, continue_auth_none, c);
+ return c;
+ }
+ if ((binding->flags & DCERPC_SCHANNEL) &&
+ !cli_credentials_get_netlogon_creds(s->credentials)) {
/* If we don't already have netlogon credentials for
* the schannel bind, then we have to get these
* first */
auth_schannel_req = dcerpc_bind_auth_schannel_send(c, s->pipe, s->table,
s->credentials,
dcerpc_auth_level(conn));
- if (composite_nomem(auth_schannel_req, c)) return c;
-
composite_continue(c, auth_schannel_req, continue_auth_schannel, c);
+ return c;
+ }
- } else if (!cli_credentials_is_anonymous(s->credentials) &&
- !(conn->transport.transport == NCACN_NP &&
- !(s->binding->flags & DCERPC_SIGN) &&
- !(s->binding->flags & DCERPC_SEAL))) {
+ /*
+ * we rely on the already authenticated CIFS connection
+ * if not doing sign or seal
+ */
+ if (conn->transport.transport == NCACN_NP &&
+ !(s->binding->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
+ auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
+ composite_continue(c, auth_none_req, continue_auth_none, c);
+ return c;
+ }
- /* Perform an authenticated DCE-RPC bind, except where
- * we ask for a connection on NCACN_NP, and that
- * connection is not signed or sealed. For that case
- * we rely on the already authenticated CIFS connection
- */
-
- uint8_t auth_type;
- if ((conn->flags & (DCERPC_SIGN|DCERPC_SEAL)) == 0) {
- /*
- we are doing an authenticated connection,
- but not using sign or seal. We must force
- the CONNECT dcerpc auth type as a NONE auth
- type doesn't allow authentication
- information to be passed.
- */
- conn->flags |= DCERPC_CONNECT;
- }
+ /* Perform an authenticated DCE-RPC bind
+ */
+ if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
+ /*
+ we are doing an authenticated connection,
+ but not using sign or seal. We must force
+ the CONNECT dcerpc auth type as a NONE auth
+ type doesn't allow authentication
+ information to be passed.
+ */
+ conn->flags |= DCERPC_CONNECT;
+ }
- if (s->binding->flags & DCERPC_AUTH_SPNEGO) {
- auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ if (s->binding->flags & DCERPC_AUTH_SPNEGO) {
+ auth_type = DCERPC_AUTH_TYPE_SPNEGO;
- } else if (s->binding->flags & DCERPC_AUTH_KRB5) {
- auth_type = DCERPC_AUTH_TYPE_KRB5;
+ } else if (s->binding->flags & DCERPC_AUTH_KRB5) {
+ auth_type = DCERPC_AUTH_TYPE_KRB5;
- } else if (s->binding->flags & DCERPC_SCHANNEL) {
- auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
+ } else if (s->binding->flags & DCERPC_SCHANNEL) {
+ auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
- } else if (s->binding->flags & DCERPC_AUTH_NTLM) {
- auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
- } else {
- auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
- s->credentials, DCERPC_AUTH_TYPE_SPNEGO,
- dcerpc_auth_level(conn),
- s->table->authservices->names[0]);
- if (composite_nomem(auth_req, c)) return c;
-
- composite_continue(c, auth_req, continue_auth_auto, c);
- return c;
- }
-
+ } else if (s->binding->flags & DCERPC_AUTH_NTLM) {
+ auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+
+ } else {
+ /* try SPNEGO with fallback to NTLMSSP */
auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
- s->credentials, auth_type,
+ s->credentials, DCERPC_AUTH_TYPE_SPNEGO,
dcerpc_auth_level(conn),
s->table->authservices->names[0]);
- if (composite_nomem(auth_req, c)) return c;
-
- composite_continue(c, auth_req, continue_auth, c);
-
- } else {
- auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
- if (composite_nomem(auth_none_req, c)) return c;
-
- composite_continue(c, auth_none_req, continue_auth_none, c);
+ composite_continue(c, auth_req, continue_auth_auto, c);
+ return c;
}
+ auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
+ s->credentials, auth_type,
+ dcerpc_auth_level(conn),
+ s->table->authservices->names[0]);
+ composite_continue(c, auth_req, continue_auth, c);
return c;
}