diff options
| author | Jeremy Allison <jra@samba.org> | 2005-07-27 20:25:04 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:00:18 -0500 |
| commit | 8b2b177a8e07e3a0cb00fbd7fdbafc8aeba5b204 (patch) | |
| tree | b8b68c1a30899de0f90020a25ceb605c0534c928 /source3/rpc_server/srv_pipe.c | |
| parent | b344de3f83d8025d0c00c8ae20207e9e42b70d57 (diff) | |
| download | samba-8b2b177a8e07e3a0cb00fbd7fdbafc8aeba5b204.tar.gz samba-8b2b177a8e07e3a0cb00fbd7fdbafc8aeba5b204.tar.bz2 samba-8b2b177a8e07e3a0cb00fbd7fdbafc8aeba5b204.zip | |
r8805: Merge a duplicate struct. Get ready to support SPNEGO rpc binds.
Jeremy.
(This used to be commit fd6e342746edfda2f25df1ae0067d359b756e0cd)
Diffstat (limited to 'source3/rpc_server/srv_pipe.c')
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 125 |
1 files changed, 65 insertions, 60 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 30aacdc4c5..70563d3029 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -582,9 +582,9 @@ BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p) return False; } - if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL) { + if (autha_info.auth.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL) { DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n", - (int)autha_info.auth_type, (int)autha_info.auth_level )); + (int)autha_info.auth.auth_type, (int)autha_info.auth.auth_level )); return False; } @@ -941,67 +941,72 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) return False; } - if(auth_info.auth_type == NTLMSSP_AUTH_TYPE) { - - if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) { - DEBUG(0,("api_pipe_bind_req: unable to " - "unmarshall RPC_HDR_AUTH struct.\n")); - return False; - } - - if(!strequal(auth_verifier.signature, "NTLMSSP")) { - DEBUG(0,("api_pipe_bind_req: " - "auth_verifier.signature != NTLMSSP\n")); - return False; - } - - if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) { - DEBUG(0,("api_pipe_bind_req: " - "auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n", - auth_verifier.msg_type)); - return False; - } - - if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) { - DEBUG(0,("api_pipe_bind_req: " - "Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n")); - return False; - } - - p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS; - p->ntlmssp_auth_requested = True; - - } else if (auth_info.auth_type == NETSEC_AUTH_TYPE) { - - RPC_AUTH_NETSEC_NEG neg; - struct netsec_auth_struct *a = &(p->netsec_auth); - - if (!server_auth2_negotiated) { - DEBUG(0, ("Attempt to bind using schannel " - "without successful serverauth2\n")); - return False; + switch(auth_info.auth_type) { + case NTLMSSP_AUTH_TYPE: + + if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) { + DEBUG(0,("api_pipe_bind_req: unable to " + "unmarshall RPC_HDR_AUTH struct.\n")); + return False; + } + + if(!strequal(auth_verifier.signature, "NTLMSSP")) { + DEBUG(0,("api_pipe_bind_req: " + "auth_verifier.signature != NTLMSSP\n")); + return False; + } + + if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) { + DEBUG(0,("api_pipe_bind_req: " + "auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n", + auth_verifier.msg_type)); + return False; + } + + if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) { + DEBUG(0,("api_pipe_bind_req: " + "Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n")); + return False; + } + + p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS; + p->ntlmssp_auth_requested = True; + break; + + case NETSEC_AUTH_TYPE: + { + RPC_AUTH_NETSEC_NEG neg; + struct netsec_auth_struct *a = &(p->netsec_auth); + + if (!server_auth2_negotiated) { + DEBUG(0, ("Attempt to bind using schannel " + "without successful serverauth2\n")); + return False; + } + + if (!smb_io_rpc_auth_netsec_neg("", &neg, rpc_in_p, 0)) { + DEBUG(0,("api_pipe_bind_req: " + "Could not unmarshal SCHANNEL auth neg\n")); + return False; + } + + p->netsec_auth_validated = True; + + memset(a->sess_key, 0, sizeof(a->sess_key)); + memcpy(a->sess_key, last_dcinfo.sess_key, sizeof(last_dcinfo.sess_key)); + + a->seq_num = 0; + + DEBUG(10,("schannel auth: domain [%s] myname [%s]\n", + neg.domain, neg.myname)); + break; } - if (!smb_io_rpc_auth_netsec_neg("", &neg, rpc_in_p, 0)) { - DEBUG(0,("api_pipe_bind_req: " - "Could not unmarshal SCHANNEL auth neg\n")); + case SPNEGO_AUTH_TYPE: + default: + DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n", + auth_info.auth_type )); return False; - } - - p->netsec_auth_validated = True; - - memset(a->sess_key, 0, sizeof(a->sess_key)); - memcpy(a->sess_key, last_dcinfo.sess_key, sizeof(last_dcinfo.sess_key)); - - a->seq_num = 0; - - DEBUG(10,("schannel auth: domain [%s] myname [%s]\n", - neg.domain, neg.myname)); - - } else { - DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n", - auth_info.auth_type )); - return False; } } |