- modified the dcerpc client security code to be generic, so ntlmssp

  and schannel are both instances of possible security modules

- added schannel sign and sign/seal support to the dcerpc client
  code. You select it with binding options of "schannel,sign" or
  "schannel,seal".
(This used to be commit 05db0b9d942cad8f1dd574dc35b759e5e79d4195)

1 files changed, 0 insertions, 121 deletions

diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 99ea03c216..2b01ad2d4e 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -23,127 +23,6 @@
 #include "includes.h"
 
 /*
-  do a simple ntlm style authentication on a dcerpc pipe
-*/
-NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
-			       const char *uuid, unsigned version,
-			       const char *domain,
-			       const char *username,
-			       const char *password)
-{
-	NTSTATUS status;
-	struct ntlmssp_state *state;
-	TALLOC_CTX *mem_ctx;
-	DATA_BLOB credentials;
-
-	mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
-	if (!mem_ctx) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	status = ntlmssp_client_start(&state);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	status = ntlmssp_set_domain(state, domain);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-	
-	status = ntlmssp_set_username(state, username);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	status = ntlmssp_set_password(state, password);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	p->auth_info = talloc(p->mem_ctx, sizeof(*p->auth_info));
-	if (!p->auth_info) {
-		status = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
-
-	p->auth_info->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
-	
-	if (p->flags & DCERPC_SEAL) {
-		p->auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
-		state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL;
-	} else if (p->flags & DCERPC_SIGN) {
-		state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
-		p->auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
-	} else {
-		state->neg_flags &= ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
-		p->auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE;
-	}
-	p->auth_info->auth_pad_length = 0;
-	p->auth_info->auth_reserved = 0;
-	p->auth_info->auth_context_id = random();
-	p->auth_info->credentials = data_blob(NULL, 0);
-	p->ntlmssp_state = NULL;
-
-	status = ntlmssp_update(state, 
-				p->auth_info->credentials,
-				&credentials);
-	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		goto done;
-	}
-
-	p->auth_info->credentials = data_blob_talloc(mem_ctx, 
-						     credentials.data, 
-						     credentials.length);
-	data_blob_free(&credentials);
-
-	status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-
-	status = ntlmssp_update(state, 
-				p->auth_info->credentials, 
-				&credentials);
-	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		goto done;
-	}
-
-	p->auth_info->credentials = data_blob_talloc(mem_ctx, 
-						     credentials.data, 
-						     credentials.length);
-	data_blob_free(&credentials);
-
-	status = dcerpc_auth3(p, mem_ctx);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	p->ntlmssp_state = state;
-
-	switch (p->auth_info->auth_level) {
-	case DCERPC_AUTH_LEVEL_PRIVACY:
-	case DCERPC_AUTH_LEVEL_INTEGRITY:
-		/* setup for signing */
-		status = ntlmssp_sign_init(state);
-		break;
-	}
-
-done:
-	talloc_destroy(mem_ctx);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		p->ntlmssp_state = NULL;
-		p->auth_info = NULL;
-	}
-
-	return status;
-}
-
-
-/*
   do a non-athenticated dcerpc bind
 */
 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,