diff options
| author | Andrew Tridgell <tridge@samba.org> | 2005-01-10 07:14:12 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:08:35 -0500 |
| commit | 5da3f75a5975c09dc1db0b1ad146acf1d5f3ae41 (patch) | |
| tree | ae73c01bdac2e45686eb381f9c1d16fd401f12e4 /source4/librpc/rpc/dcerpc_auth.c | |
| parent | f6596e4ae77c0125a1362e483aa1aedb8cf489c1 (diff) | |
| download | samba-5da3f75a5975c09dc1db0b1ad146acf1d5f3ae41.tar.gz samba-5da3f75a5975c09dc1db0b1ad146acf1d5f3ae41.tar.bz2 samba-5da3f75a5975c09dc1db0b1ad146acf1d5f3ae41.zip | |
r4627: - simplified the dcerpc auth code using a common function
- added support for "spnego" in binding strings. This enables SPNEGO
auth in the dcerpc client code, using as many allter_context calls as
are needed
To try SPNEGO do this:
smbtorture ncacn_ip_tcp:SERVER[spnego,seal] -Uadministrator%password RPC-SAMR
(This used to be commit 9c0a3423f03111c110d21c0d3910e16aa1a8bf87)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_auth.c')
| -rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 61 |
1 files changed, 30 insertions, 31 deletions
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 4ff8fe549e..228a99d5c5 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -30,45 +30,33 @@ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p, const char *uuid, uint_t version) { - TALLOC_CTX *mem_ctx; + TALLOC_CTX *tmp_ctx = talloc_new(p); NTSTATUS status; - mem_ctx = talloc_init("dcerpc_bind_auth_ntlm"); - if (!mem_ctx) { - return NT_STATUS_NO_MEMORY; - } - - status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version); - talloc_destroy(mem_ctx); + status = dcerpc_bind_byuuid(p, tmp_ctx, uuid, version); + talloc_free(tmp_ctx); return status; } -NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level, +/* + perform a multi-part authenticated bind +*/ +NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level, const char *uuid, uint_t version) { NTSTATUS status; - TALLOC_CTX *mem_ctx; + TALLOC_CTX *tmp_ctx = talloc_new(p); DATA_BLOB credentials; DATA_BLOB null_data_blob = data_blob(NULL, 0); - mem_ctx = talloc_init("dcerpc_bind_auth"); - if (!mem_ctx) { - return NT_STATUS_NO_MEMORY; - } - if (!p->conn->security_state.generic_state) { status = gensec_client_start(p, &p->conn->security_state.generic_state); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + if (!NT_STATUS_IS_OK(status)) goto done; status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state, auth_type, auth_level); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } + if (!NT_STATUS_IS_OK(status)) goto done; } p->conn->security_state.auth_info = talloc(p, struct dcerpc_auth); @@ -84,34 +72,44 @@ NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t aut p->conn->security_state.auth_info->auth_context_id = random(); p->conn->security_state.auth_info->credentials = null_data_blob; - status = gensec_update(p->conn->security_state.generic_state, mem_ctx, + status = gensec_update(p->conn->security_state.generic_state, tmp_ctx, null_data_blob, &credentials); - if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { goto done; } p->conn->security_state.auth_info->credentials = credentials; - status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version); + status = dcerpc_bind_byuuid(p, tmp_ctx, uuid, version); if (!NT_STATUS_IS_OK(status)) { goto done; } - status = gensec_update(p->conn->security_state.generic_state, mem_ctx, + status = gensec_update(p->conn->security_state.generic_state, tmp_ctx, p->conn->security_state.auth_info->credentials, &credentials); - if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { goto done; } - p->conn->security_state.auth_info->credentials = credentials; - - status = dcerpc_auth3(p->conn, mem_ctx); + do { + p->conn->security_state.auth_info->credentials = credentials; + + if (auth_type == DCERPC_AUTH_TYPE_SPNEGO) { + status = dcerpc_alter_context(p, tmp_ctx, &p->syntax, &p->transfer_syntax); + if (NT_STATUS_IS_OK(status)) { + status = gensec_update(p->conn->security_state.generic_state, tmp_ctx, + p->conn->security_state.auth_info->credentials, + &credentials); + } + } else { + status = dcerpc_auth3(p->conn, tmp_ctx); + } + } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)); + done: - talloc_destroy(mem_ctx); + talloc_free(tmp_ctx); if (!NT_STATUS_IS_OK(status)) { talloc_free(p->conn->security_state.generic_state); @@ -123,3 +121,4 @@ done: return status; } + |