summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-10-01 22:00:19 +0000
committerGerald Carter <jerry@samba.org>2003-10-01 22:00:19 +0000
commite9568f8df282a8de58d077fb88b54b43023795ca (patch)
treed1b06a99b783c59f282b004ca1cdbddf05585f59 /source3/rpc_client
parentb8092fbf99d01783110566b51dfaf26d4802f403 (diff)
downloadsamba-e9568f8df282a8de58d077fb88b54b43023795ca.tar.gz
samba-e9568f8df282a8de58d077fb88b54b43023795ca.tar.bz2
samba-e9568f8df282a8de58d077fb88b54b43023795ca.zip
commit sign only patch from Andrew; bug 167; tested using 2k & XP clientspreviously joined to the Samba domain
(This used to be commit 9d2e585e5e6f9066c6901aa8d8308734f8667296)
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_pipe.c29
1 files changed, 12 insertions, 17 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index dedbf017a9..9ce10202db 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -29,7 +29,9 @@
extern struct pipe_id_info pipe_names[];
-static void get_auth_type_level(int pipe_auth_flags, int *auth_type, int *auth_level)
+/* convert pipe auth flags into the RPC auth type and level */
+
+void get_auth_type_level(int pipe_auth_flags, int *auth_type, int *auth_level)
{
*auth_type = 0;
*auth_level = 0;
@@ -938,7 +940,6 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
uint32 data_len, send_size;
uint8 flags = 0;
uint32 auth_padding = 0;
- RPC_AUTH_NETSEC_CHK verf;
DATA_BLOB sign_blob;
/*
@@ -1022,14 +1023,10 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
}
else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
- static const uchar netsec_sig[8] = NETSEC_SIGNATURE;
- static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 };
size_t parse_offset_marker;
+ RPC_AUTH_NETSEC_CHK verf;
DEBUG(10,("SCHANNEL seq_num=%d\n", cli->auth_info.seq_num));
- init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes,
- nullbytes, nullbytes);
-
netsec_encode(&cli->auth_info,
cli->pipe_auth_flags,
SENDER_IS_INITIATOR,
@@ -1277,8 +1274,10 @@ static BOOL rpc_send_auth_reply(struct cli_state *cli, prs_struct *rdata, uint32
prs_init(&rpc_out, RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN, /* need at least this much */
cli->mem_ctx, MARSHALL);
- create_rpc_bind_resp(cli, rpc_call_id,
- &rpc_out);
+ if (!NT_STATUS_IS_OK(create_rpc_bind_resp(cli, rpc_call_id,
+ &rpc_out))) {
+ return False;
+ }
if ((ret = cli_write(cli, cli->nt_pipe_fnum, 0x8, prs_data_p(&rpc_out),
0, (size_t)prs_offset(&rpc_out))) != (ssize_t)prs_offset(&rpc_out)) {
@@ -1493,9 +1492,7 @@ NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan,
const uchar trust_password[16])
{
NTSTATUS result;
- /* The 7 here seems to be required to get Win2k not to downgrade us
- to NT4. Actually, anything other than 1ff would seem to do... */
- uint32 neg_flags = 0x000701ff;
+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
int fnum;
cli_nt_netlogon_netsec_session_close(cli);
@@ -1584,13 +1581,11 @@ NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan,
}
-NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan,
+NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan, int auth_flags,
const uchar trust_password[16])
{
NTSTATUS result;
- /* The 7 here seems to be required to get Win2k not to downgrade us
- to NT4. Actually, anything other than 1ff would seem to do... */
- uint32 neg_flags = 0x000701ff;
+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
cli->pipe_auth_flags = 0;
if (lp_client_schannel() == False) {
@@ -1632,7 +1627,7 @@ NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan,
cli->nt_pipe_fnum = 0;
/* doing schannel, not per-user auth */
- cli->pipe_auth_flags = AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL;
+ cli->pipe_auth_flags = auth_flags;
return NT_STATUS_OK;
}