diff options
author | Andrew Tridgell <tridge@samba.org> | 2003-11-26 12:29:08 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2003-11-26 12:29:08 +0000 |
commit | 1ca1b85c4c0bcf3315ef82316289fe03ecf11737 (patch) | |
tree | 99dd50a02351dfd97912ab1db28a931db653f648 /source4/librpc/rpc/dcerpc_auth.c | |
parent | ee67d68f1c6d71d4d3fbe86899d5ea9f271cfbc8 (diff) | |
download | samba-1ca1b85c4c0bcf3315ef82316289fe03ecf11737.tar.gz samba-1ca1b85c4c0bcf3315ef82316289fe03ecf11737.tar.bz2 samba-1ca1b85c4c0bcf3315ef82316289fe03ecf11737.zip |
by default sign RPC over TCP but not RPC over SMB. I will add command line control soon
(This used to be commit 215852116c1fb8c0d8ef559155a3dd55346f0c31)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_auth.c')
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 103a3c70d8..5850ec6979 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -68,7 +68,17 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p, } p->auth_info->auth_type = DCERPC_AUTH_TYPE_NTLMSSP; - p->auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; + + if (p->flags & DCERPC_SEAL) { + p->auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY; + state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL; + } else if (p->flags & DCERPC_SIGN) { + state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; + p->auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; + } else { + state->neg_flags &= ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL); + p->auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE; + } p->auth_info->auth_pad_length = 0; p->auth_info->auth_reserved = 0; p->auth_info->auth_context_id = random(); @@ -113,8 +123,13 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p, p->ntlmssp_state = state; - /* setup for signing */ - status = ntlmssp_sign_init(state); + switch (p->auth_info->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: + /* setup for signing */ + status = ntlmssp_sign_init(state); + break; + } done: talloc_destroy(mem_ctx); |