summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-07-25 01:26:19 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-07-25 01:26:19 +0000
commitc9305f1c647abf4dc180c93e9f481a6da9220b57 (patch)
treefa2675705e1da12780eada31861875e02929aade /source3/rpc_client
parentff5f4d66a554eace6cc12bce4e1bed173c56025b (diff)
downloadsamba-c9305f1c647abf4dc180c93e9f481a6da9220b57.tar.gz
samba-c9305f1c647abf4dc180c93e9f481a6da9220b57.tar.bz2
samba-c9305f1c647abf4dc180c93e9f481a6da9220b57.zip
Schannel, once setup, may be used on *ANY* TCP/IP connection until the
connection that set it up has been shut down. (Also, pipes still connected, and reconnections to the same pipe (eg SAMR) may continue to use that session key until their TCP/IP connection is shut down) Allow further testing by printing out the session key, and allowing it's input into rpcclient. Next step is automatic storage in a TDB. Andrew Bartlett (This used to be commit fa4d7be1619b51aacec37ddf995c940b8100aef9)
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_pipe.c55
1 files changed, 52 insertions, 3 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 01b4c83235..53ff58b966 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -5,6 +5,7 @@
* Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
* Copyright (C) Paul Ashton 1998.
* Copyright (C) Jeremy Allison 1999.
+ * Copyright (C) Andrew Bartlett 2003.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -1568,9 +1569,6 @@ NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan,
}
}
- /* doing schannel, not per-user auth */
- cli->pipe_auth_flags = AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL;
-
if (!rpc_pipe_bind(cli, PI_NETLOGON, global_myname())) {
DEBUG(2,("rpc bind to %s failed\n", PIPE_NETLOGON));
cli_close(cli, cli->nt_pipe_fnum);
@@ -1581,6 +1579,57 @@ NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan,
}
+NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan,
+ const uchar trust_password[16])
+{
+ NTSTATUS result;
+ uint32 neg_flags = 0x000001ff;
+ cli->pipe_auth_flags = 0;
+
+ if (lp_client_schannel() == False) {
+ return NT_STATUS_OK;
+ }
+
+ if (!cli_nt_session_open(cli, PI_NETLOGON)) {
+ DEBUG(0, ("Could not initialise %s\n",
+ get_pipe_name_from_index(PI_NETLOGON)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (lp_client_schannel() != False)
+ neg_flags |= NETLOGON_NEG_SCHANNEL;
+
+ neg_flags |= NETLOGON_NEG_SCHANNEL;
+
+ result = cli_nt_setup_creds(cli, sec_chan, trust_password,
+ &neg_flags, 2);
+
+ if (!(neg_flags & NETLOGON_NEG_SCHANNEL)
+ && lp_client_schannel() == True) {
+ DEBUG(1, ("Could not negotiate SCHANNEL with the DC!\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (!NT_STATUS_IS_OK(result)) {
+ ZERO_STRUCT(cli->auth_info.sess_key);
+ ZERO_STRUCT(cli->sess_key);
+ cli->pipe_auth_flags = 0;
+ cli_nt_session_close(cli);
+ return result;
+ }
+
+ memcpy(cli->auth_info.sess_key, cli->sess_key,
+ sizeof(cli->auth_info.sess_key));
+
+ cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
+ cli->nt_pipe_fnum = 0;
+
+ /* doing schannel, not per-user auth */
+ cli->pipe_auth_flags = AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL;
+
+ return NT_STATUS_OK;
+}
+
const char *cli_pipe_get_name(struct cli_state *cli)
{
return cli->pipe_name;