diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-05-04 10:03:41 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:05:36 -0500 |
| commit | 5f4d86f955d939e96ec9b81c8a9d080aab4354b6 (patch) | |
| tree | b785a6c2aa092fea9bd64391cc45915788b31692 /source4/librpc/rpc/dcerpc_connect.c | |
| parent | 086c9cc5f4a9145ee93060db2eebb3badc325e44 (diff) | |
| download | samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.tar.gz samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.tar.bz2 samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.zip | |
r15426: Implement SPNEGO as the default RPC authentication mechanism. Where
this isn't supported, fallback to NTLM.
Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS. (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).
Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.
Andrew Bartlett
(This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_connect.c')
| -rw-r--r-- | source4/librpc/rpc/dcerpc_connect.c | 51 |
1 files changed, 29 insertions, 22 deletions
diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 2b40935be6..64bb78ec60 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -28,6 +28,7 @@ #include "smb.h" #include "libcli/composite/composite.h" #include "libcli/smb_composite/smb_composite.h" +#include "lib/events/events.h" #include "libcli/smb2/smb2.h" #include "libcli/smb2/smb2_calls.h" #include "auth/credentials/credentials.h" @@ -762,8 +763,9 @@ static void continue_pipe_auth(struct composite_context *ctx) { struct composite_context *c = talloc_get_type(ctx->async.private_data, struct composite_context); + struct pipe_connect_state *s = talloc_get_type(c->private_data, struct pipe_connect_state); - c->status = dcerpc_pipe_auth_recv(ctx); + c->status = dcerpc_pipe_auth_recv(ctx, s, &s->pipe); if (!composite_is_ok(c)) return; composite_done(c); @@ -775,7 +777,6 @@ static void continue_pipe_auth(struct composite_context *ctx) specified binding structure to determine the endpoint and options */ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent_ctx, - struct dcerpc_pipe **pp, struct dcerpc_binding *binding, const struct dcerpc_interface_table *table, struct cli_credentials *credentials, @@ -796,16 +797,19 @@ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent_ctx, c->state = COMPOSITE_STATE_IN_PROGRESS; c->private_data = s; - (*pp) = NULL; + if (ev == NULL) { + ev = event_context_init(c); + if (ev == NULL) { + talloc_free(c); + return NULL; + } + } + c->event_ctx = ev; /* initialise dcerpc pipe structure */ s->pipe = dcerpc_pipe_init(c, ev); if (composite_nomem(s->pipe, c)) return c; - /* get event context from initialised dcerpc pipe */ - c->event_ctx = s->pipe->conn->event_ctx; - (*pp) = s->pipe; - /* store parameters in state structure */ s->binding = binding; s->table = table; @@ -842,12 +846,10 @@ NTSTATUS dcerpc_pipe_connect_b_recv(struct composite_context *c, TALLOC_CTX *mem status = composite_wait(c); - if (NT_STATUS_IS_OK(status) && p) { - s = talloc_get_type(c->private_data, struct pipe_connect_state); - talloc_steal(mem_ctx, s->pipe); - *p = s->pipe; - } - + s = talloc_get_type(c->private_data, struct pipe_connect_state); + talloc_steal(mem_ctx, s->pipe); + *p = s->pipe; + talloc_free(c); return status; } @@ -866,7 +868,7 @@ NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx, { struct composite_context *c; - c = dcerpc_pipe_connect_b_send(parent_ctx, pp, binding, table, + c = dcerpc_pipe_connect_b_send(parent_ctx, binding, table, credentials, ev); return dcerpc_pipe_connect_b_recv(c, parent_ctx, pp); } @@ -908,6 +910,15 @@ struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx, c->state = COMPOSITE_STATE_IN_PROGRESS; c->private_data = s; + if (ev == NULL) { + ev = event_context_init(c); + if (ev == NULL) { + talloc_free(c); + return NULL; + } + } + c->event_ctx = ev; + /* parse binding string to the structure */ status = dcerpc_parse_binding(c, binding, &b); if (!NT_STATUS_IS_OK(status)) { @@ -922,12 +933,9 @@ struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx, start connecting to a rpc pipe after binding structure is established */ - pipe_conn_req = dcerpc_pipe_connect_b_send(c, &s->pipe, b, table, + pipe_conn_req = dcerpc_pipe_connect_b_send(c, b, table, credentials, ev); - /* event context for created dcerpc_pipe would be useful... */ - c->event_ctx = s->pipe->conn->event_ctx; - if (composite_nomem(pipe_conn_req, c)) return c; composite_continue(c, pipe_conn_req, continue_pipe_connect_b, c); @@ -947,6 +955,7 @@ static void continue_pipe_connect_b(struct composite_context *ctx) struct pipe_conn_state); c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->pipe); + talloc_steal(s, s->pipe); if (!composite_is_ok(c)) return; composite_done(c); @@ -965,10 +974,8 @@ NTSTATUS dcerpc_pipe_connect_recv(struct composite_context *c, struct pipe_conn_state *s; status = composite_wait(c); - if (NT_STATUS_IS_OK(status) && pp) { - s = talloc_get_type(c->private_data, struct pipe_conn_state); - *pp = talloc_steal(mem_ctx, s->pipe); - } + s = talloc_get_type(c->private_data, struct pipe_conn_state); + *pp = talloc_steal(mem_ctx, s->pipe); talloc_free(c); return status; |