net: add basic support for sealed RPC connections (using NET_FLAGS_SEAL).

Guenther
(This used to be commit 7541a0103ad22000e94ffc6d057ffd5d33d1a930)

2 files changed, 12 insertions, 1 deletions

diff --git a/source3/utils/net.h b/source3/utils/net.h
index aa4f3dbb6d..941172a8c1 100644
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -141,6 +141,8 @@ enum netdom_domain_t { ND_TYPE_NT4, ND_TYPE_AD };
 #define NET_FLAGS_PDC 				0x00000008	/* PDC only */
 #define NET_FLAGS_ANONYMOUS 			0x00000010	/* use an anonymous connection */
 #define NET_FLAGS_NO_PIPE 			0x00000020	/* don't open an RPC pipe */
+#define NET_FLAGS_SIGN				0x00000040	/* sign RPC connection */
+#define NET_FLAGS_SEAL				0x00000080	/* seal RPC connection */
 
 /* net share operation modes */
 #define NET_MODE_SHARE_MIGRATE 1
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 19566bdf09..08b68f012a 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -165,7 +165,16 @@ int run_rpc_command(struct net_context *c,
 				return -1;
 			}
 		} else {
-			pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx, &nt_status);
+			if (conn_flags & NET_FLAGS_SEAL) {
+				pipe_hnd = cli_rpc_pipe_open_ntlmssp(cli, pipe_idx,
+								     PIPE_AUTH_LEVEL_PRIVACY,
+								     lp_workgroup(),
+								     c->opt_user_name,
+								     c->opt_password,
+								     &nt_status);
+			} else {
+				pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx, &nt_status);
+			}
 			if (!pipe_hnd) {
 				DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
 					cli_get_pipe_name(pipe_idx),