diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-06-02 22:52:56 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-06-07 23:34:29 +1000 |
| commit | 9a747d500fad699038ecf75615c680a9fd9e4cc7 (patch) | |
| tree | 7ecdedc0de25c1372afa55b96db270b735b556bf | |
| parent | edba46ce94c335411ab337eeb4ef6f88fb3aae80 (diff) | |
| download | samba-9a747d500fad699038ecf75615c680a9fd9e4cc7.tar.gz samba-9a747d500fad699038ecf75615c680a9fd9e4cc7.tar.bz2 samba-9a747d500fad699038ecf75615c680a9fd9e4cc7.zip | |
s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP
This allows the right hooks to be called in GENSEC when s3compat
implements the auth_ntlmssp interface. Otherwise, we can't do the
signing or sealing as we have not negoitated it's use.
Andrew Bartlett
| -rw-r--r-- | source3/auth/auth_ntlmssp.c | 10 | ||||
| -rw-r--r-- | source3/include/proto.h | 2 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 21 |
3 files changed, 33 insertions, 0 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 1b48ba022d..7184fa6b95 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -74,6 +74,16 @@ bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state) return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL; } +void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state) +{ + +} + +void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state) +{ + +} + NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, struct auth_ntlmssp_state *auth_ntlmssp_state, struct auth_serversupplied_info **_server_info) diff --git a/source3/include/proto.h b/source3/include/proto.h index 268e2b50aa..9582884c2f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -63,6 +63,8 @@ const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_stat const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *auth_ntlmssp_state); bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *auth_ntlmssp_state); bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state); +void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state); +void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state); NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state); void auth_ntlmssp_end(struct auth_ntlmssp_state **auth_ntlmssp_state); NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state, diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 0f60cdff1c..4678aeb698 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -1189,6 +1189,16 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_ goto err; } + switch (auth_info.auth_level) { + case DCERPC_AUTH_LEVEL_INTEGRITY: + auth_ntlmssp_want_sign(a); + break; + case DCERPC_AUTH_LEVEL_PRIVACY: + auth_ntlmssp_want_seal(a); + break; + default: + break; + } /* * Pass the first security blob of data to it. * This can return an error or NT_STATUS_MORE_PROCESSING_REQUIRED @@ -1524,6 +1534,17 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, goto err; } + switch (pauth_info->auth_level) { + case DCERPC_AUTH_LEVEL_INTEGRITY: + auth_ntlmssp_want_sign(a); + break; + case DCERPC_AUTH_LEVEL_PRIVACY: + auth_ntlmssp_want_seal(a); + break; + default: + break; + } + status = auth_ntlmssp_update(a, blob, &response); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { DEBUG(0,("pipe_ntlmssp_auth_bind: auth_ntlmssp_update failed: %s\n", |