diff options
| author | Stefan Metzmacher <metze@samba.org> | 2005-01-24 14:44:15 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:09:10 -0500 |
| commit | c108689bf69bd7ac863b94b4535ddf4c51531fc5 (patch) | |
| tree | bb6c8cc631b47451d21e64701e03b32f4903784f | |
| parent | 56e4f0db341e31ffa572861e011493d5b7e0ae91 (diff) | |
| download | samba-c108689bf69bd7ac863b94b4535ddf4c51531fc5.tar.gz samba-c108689bf69bd7ac863b94b4535ddf4c51531fc5.tar.bz2 samba-c108689bf69bd7ac863b94b4535ddf4c51531fc5.zip | |
r4962: add infrastructure to use raw krb5 auth in dcerpc client code
Note this doesn't work currently because the gensec_modules are not ready for that yet
metze
(This used to be commit 7b09a3f725baca5d4483b7ec24a9cb6151557bb5)
| -rw-r--r-- | prog_guide.txt | 1 | ||||
| -rw-r--r-- | source4/librpc/idl/dcerpc.idl | 11 | ||||
| -rw-r--r-- | source4/librpc/rpc/dcerpc.h | 5 | ||||
| -rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 3 |
4 files changed, 14 insertions, 6 deletions
diff --git a/prog_guide.txt b/prog_guide.txt index 9a80d757f0..3ed51e986c 100644 --- a/prog_guide.txt +++ b/prog_guide.txt @@ -542,6 +542,7 @@ other recognised flags are: sign : enable ntlmssp signing seal : enable ntlmssp sealing spnego : use SPNEGO instead of NTLMSSP authentication + krb5 : use KRB5 instead of NTLMSSP authentication connect : enable rpc connect level auth (auth, but no sign or seal) validate : enable the NDR validator print : enable debugging of the packets diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl index d4fb026c8c..b5f9fbf466 100644 --- a/source4/librpc/idl/dcerpc.idl +++ b/source4/librpc/idl/dcerpc.idl @@ -110,18 +110,19 @@ interface dcerpc uint32 status; } dcerpc_fault; - + /* the auth types we know about const uint8 DCERPC_AUTH_TYPE_NONE = 0; - const uint8 DCERPC_AUTH_TYPE_KRB5 = 1; + /* this seems to be not krb5! */ + const uint8 DCERPC_AUTH_TYPE_KRB5_1 = 1; const uint8 DCERPC_AUTH_TYPE_SPNEGO = 9; const uint8 DCERPC_AUTH_TYPE_NTLMSSP = 10; /* I'm not 100% sure but type 16(0x10) * seems to be raw krb5 --metze */ - const uint8 DCERPC_AUTH_TYPE_KRB5_16 = 16; + const uint8 DCERPC_AUTH_TYPE_KRB5 = 16; const uint8 DCERPC_AUTH_TYPE_SCHANNEL = 68; - const uint8 DCERPC_AUTH_TYPE_MSMQ = 100; - + const uint8 DCERPC_AUTH_TYPE_MSMQ = 100; + const uint8 DCERPC_AUTH_LEVEL_DEFAULT = DCERPC_AUTH_LEVEL_CONNECT; const uint8 DCERPC_AUTH_LEVEL_NONE = 1; const uint8 DCERPC_AUTH_LEVEL_CONNECT = 2; diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 4e58c3c75f..4e0172b6f3 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -129,11 +129,14 @@ struct dcerpc_pipe { /* set LIBNDR_FLAG_REF_ALLOC flag when decoding NDR */ #define DCERPC_NDR_REF_ALLOC (1<<14) -#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO) +#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5) /* enable spnego auth */ #define DCERPC_AUTH_SPNEGO (1<<15) +/* enable krb5 auth */ +#define DCERPC_AUTH_KRB5 (1<<16) + /* this is used to find pointers to calls */ diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 8b974df0fd..7307b44cb8 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -177,6 +177,7 @@ static const struct { {"seal", DCERPC_SEAL}, {"connect", DCERPC_CONNECT}, {"spnego", DCERPC_AUTH_SPNEGO}, + {"krb5", DCERPC_AUTH_KRB5}, {"validate", DCERPC_DEBUG_VALIDATE_BOTH}, {"print", DCERPC_DEBUG_PRINT_BOTH}, {"padcheck", DCERPC_DEBUG_PAD_CHECK}, @@ -797,6 +798,8 @@ static NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, uint8_t auth_type; if (binding->flags & DCERPC_AUTH_SPNEGO) { auth_type = DCERPC_AUTH_TYPE_SPNEGO; + } else if (binding->flags & DCERPC_AUTH_KRB5) { + auth_type = DCERPC_AUTH_TYPE_KRB5; } else { auth_type = DCERPC_AUTH_TYPE_NTLMSSP; } |