diff options
| author | Simo Sorce <idra@samba.org> | 2010-07-20 13:26:36 -0400 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2010-07-28 12:19:32 -0400 |
| commit | 2463a871776bb4de8653d6a44469d2adb3ec9418 (patch) | |
| tree | fe715ba8a3bc4a6853ec1173f9242c72d980e802 /source3/librpc/rpc/dcerpc_helpers.c | |
| parent | 1e915d231d4191bf3a0bb54ba99a31ad6b2afd3b (diff) | |
| download | samba-2463a871776bb4de8653d6a44469d2adb3ec9418.tar.gz samba-2463a871776bb4de8653d6a44469d2adb3ec9418.tar.bz2 samba-2463a871776bb4de8653d6a44469d2adb3ec9418.zip | |
s3-dcerpc: Use dcerpc_AuthType in pipe_auth_data
Diffstat (limited to 'source3/librpc/rpc/dcerpc_helpers.c')
| -rw-r--r-- | source3/librpc/rpc/dcerpc_helpers.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index fc9915cf08..be076d8645 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -383,13 +383,12 @@ static NTSTATUS add_schannel_auth_footer(struct schannel_state *sas, NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, size_t pad_len, DATA_BLOB *rpc_out) { - enum dcerpc_AuthType auth_type; char pad[CLIENT_NDR_PADDING_SIZE] = { 0, }; DATA_BLOB auth_info; DATA_BLOB auth_blob; NTSTATUS status; - if (auth->auth_type == PIPE_AUTH_TYPE_NONE) { + if (auth->auth_type == DCERPC_AUTH_TYPE_NONE) { return NT_STATUS_OK; } @@ -400,14 +399,12 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, } } - auth_type = map_pipe_auth_type_to_rpc_auth_type(auth->auth_type); - /* marshall the dcerpc_auth with an actually empty auth_blob. * This is needed because the ntmlssp signature includes the * auth header. We will append the actual blob later. */ auth_blob = data_blob_null; status = dcerpc_push_dcerpc_auth(rpc_out->data, - auth_type, + auth->auth_type, auth->auth_level, pad_len, 1 /* context id. */, @@ -428,16 +425,20 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, /* Generate any auth sign/seal and add the auth footer. */ switch (auth->auth_type) { - case PIPE_AUTH_TYPE_NONE: + case DCERPC_AUTH_TYPE_NONE: status = NT_STATUS_OK; break; - case PIPE_AUTH_TYPE_NTLMSSP: - case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + case DCERPC_AUTH_TYPE_SPNEGO: + if (auth->spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { + return NT_STATUS_INVALID_PARAMETER; + } + /* fall thorugh */ + case DCERPC_AUTH_TYPE_NTLMSSP: status = add_ntlmssp_auth_footer(auth->a_u.auth_ntlmssp_state, auth->auth_level, rpc_out); break; - case PIPE_AUTH_TYPE_SCHANNEL: + case DCERPC_AUTH_TYPE_SCHANNEL: status = add_schannel_auth_footer(auth->a_u.schannel_auth, auth->auth_level, rpc_out); @@ -530,11 +531,17 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, raw_pkt->length - auth_info.credentials.length); switch (auth->auth_type) { - case PIPE_AUTH_TYPE_NONE: + case DCERPC_AUTH_TYPE_NONE: return NT_STATUS_OK; - case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: - case PIPE_AUTH_TYPE_NTLMSSP: + case DCERPC_AUTH_TYPE_SPNEGO: + if (auth->spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { + DEBUG(0, ("Currently only NTLMSSP is supported " + "with SPNEGO\n")); + return NT_STATUS_INVALID_PARAMETER; + } + /* fall through */ + case DCERPC_AUTH_TYPE_NTLMSSP: DEBUG(10, ("NTLMSSP auth\n")); @@ -575,7 +582,7 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, } break; - case PIPE_AUTH_TYPE_SCHANNEL: + case DCERPC_AUTH_TYPE_SCHANNEL: DEBUG(10, ("SCHANNEL auth\n")); |