diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-01-12 09:33:49 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:50:55 -0500 |
commit | a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f (patch) | |
tree | 71b27ab4d11e2fc537b0ccf5d4e9c75dcc9757eb /source4/librpc/rpc/dcerpc_auth.c | |
parent | 4c6b9c79ff5d35e1d03ad5eb543db4b6b906b5ce (diff) | |
download | samba-a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f.tar.gz samba-a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f.tar.bz2 samba-a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f.zip |
r12865: Upgrade the librpc and libnet code.
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous. This should better
function with servers that set restrict anonymous.
There are too many parts of Samba that get, parse and modify the
binding parameters. Avoid the extra work, and add a binding element
to the struct dcerpc_pipe
The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern. Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.
To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.
Andrew Bartlett
(This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_auth.c')
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index bffa994abe..f0a7dc8ffe 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -168,7 +168,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p, const struct dcerpc_interface_table *table, struct cli_credentials *credentials, - uint8_t auth_type, + uint8_t auth_type, uint8_t auth_level, const char *service) { struct composite_context *c, *creq; @@ -233,8 +233,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, } c->status = gensec_start_mech_by_authtype(sec->generic_state, - auth_type, - dcerpc_auth_level(p->conn)); + auth_type, auth_level); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n", gensec_get_name_by_authtype(auth_type), @@ -249,7 +248,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, } sec->auth_info->auth_type = auth_type; - sec->auth_info->auth_level = dcerpc_auth_level(p->conn); + sec->auth_info->auth_level = auth_level, sec->auth_info->auth_pad_length = 0; sec->auth_info->auth_reserved = 0; sec->auth_info->auth_context_id = random(); @@ -323,11 +322,11 @@ NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq) NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, const struct dcerpc_interface_table *table, struct cli_credentials *credentials, - uint8_t auth_type, + uint8_t auth_type, uint8_t auth_level, const char *service) { struct composite_context *creq; creq = dcerpc_bind_auth_send(p, p, table, credentials, - auth_type, service); + auth_type, auth_level, service); return dcerpc_bind_auth_recv(creq); } |