diff options
| author | Stefan Metzmacher <metze@samba.org> | 2004-06-07 12:30:22 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:36 -0500 |
| commit | c0871cb0c13599039f4e8243bd8d60d472653930 (patch) | |
| tree | d8f1908ed723d9d78060aa4bfb105795c7421918 /source4/librpc/rpc/dcerpc_auth.c | |
| parent | 6564fd402d500b1e24f76f63e4335b38ef1164db (diff) | |
| download | samba-c0871cb0c13599039f4e8243bd8d60d472653930.tar.gz samba-c0871cb0c13599039f4e8243bd8d60d472653930.tar.bz2 samba-c0871cb0c13599039f4e8243bd8d60d472653930.zip | |
r1068: make the dcerpc client side auth/crypto code much more generic
metze
(This used to be commit 1706ff88a72c6578a109c2cf24f2f009812c3892)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_auth.c')
| -rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 3faf0603ce..021249847a 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -41,3 +41,102 @@ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p, return status; } + +const struct dcesrv_security_ops *dcerpc_security_by_authtype(uint8_t auth_type) +{ + switch (auth_type) { + case DCERPC_AUTH_TYPE_SCHANNEL: + return dcerpc_schannel_security_get_ops(); + + case DCERPC_AUTH_TYPE_NTLMSSP: + return dcerpc_ntlmssp_security_get_ops(); + } + + return NULL; +} + +NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, uint8_t auth_type, + const char *uuid, uint_t version, + const char *domain, + const char *username, + const char *password) +{ + NTSTATUS status; + TALLOC_CTX *mem_ctx; + DATA_BLOB credentials; + + mem_ctx = talloc_init("dcerpc_bind_auth"); + if (!mem_ctx) { + return NT_STATUS_NO_MEMORY; + } + + p->security_state.ops = dcerpc_security_by_authtype(auth_type); + if (!p->security_state.ops) { + status = NT_STATUS_INVALID_PARAMETER; + goto done; + } + + p->security_state.user.domain = domain; + p->security_state.user.name = username; + p->security_state.user.password = password; + + status = p->security_state.ops->start(p, &p->security_state); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + p->security_state.auth_info = talloc(p->mem_ctx, sizeof(*p->security_state.auth_info)); + if (!p->security_state.auth_info) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + p->security_state.auth_info->auth_type = auth_type; + p->security_state.auth_info->auth_pad_length = 0; + p->security_state.auth_info->auth_reserved = 0; + p->security_state.auth_info->auth_context_id = random(); + p->security_state.auth_info->credentials = data_blob(NULL, 0); + + if (p->flags & DCERPC_SEAL) { + p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY; + } else if (p->flags & DCERPC_SIGN) { + p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; + } else { + p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE; + } + + status = p->security_state.ops->update(&p->security_state, mem_ctx, + p->security_state.auth_info->credentials, + &credentials); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto done; + } + + p->security_state.auth_info->credentials = credentials; + + status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = p->security_state.ops->update(&p->security_state, mem_ctx, + p->security_state.auth_info->credentials, + &credentials); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto done; + } + + p->security_state.auth_info->credentials = credentials; + + status = dcerpc_auth3(p, mem_ctx); +done: + talloc_destroy(mem_ctx); + + if (!NT_STATUS_IS_OK(status)) { + ZERO_STRUCT(p->security_state); + } + + return status; +} |