diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-01-12 09:33:49 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:50:55 -0500 |
| commit | a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f (patch) | |
| tree | 71b27ab4d11e2fc537b0ccf5d4e9c75dcc9757eb /source4/librpc/rpc/dcerpc_schannel.c | |
| parent | 4c6b9c79ff5d35e1d03ad5eb543db4b6b906b5ce (diff) | |
| download | samba-a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f.tar.gz samba-a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f.tar.bz2 samba-a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f.zip | |
r12865: Upgrade the librpc and libnet code.
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous. This should better
function with servers that set restrict anonymous.
There are too many parts of Samba that get, parse and modify the
binding parameters. Avoid the extra work, and add a binding element
to the struct dcerpc_pipe
The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern. Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.
To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.
Andrew Bartlett
(This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_schannel.c')
| -rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 108b678188..64cf6748e8 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -55,16 +55,15 @@ static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx, step 1 - establish a netlogon connection, with no authentication */ - /* Find the original binding string */ - status = dcerpc_parse_binding(tmp_ctx, p->conn->binding_string, &b); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("Failed to parse dcerpc binding '%s'\n", p->conn->binding_string)); - return status; + b = talloc(tmp_ctx, struct dcerpc_binding); + if (!b) { + return NT_STATUS_NO_MEMORY; } + *b = *p->binding; /* Make binding string for netlogon, not the other pipe */ status = dcerpc_epm_map_binding(tmp_ctx, b, - &dcerpc_table_netlogon, + &dcerpc_table_netlogon, p->conn->event_ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Failed to map DCERPC/TCP NCACN_NP pipe for '%s' - %s\n", @@ -141,7 +140,8 @@ static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx, NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx, struct dcerpc_pipe *p, const struct dcerpc_interface_table *table, - struct cli_credentials *credentials) + struct cli_credentials *credentials, + uint8_t auth_level) { NTSTATUS status; @@ -156,7 +156,8 @@ NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx, return status; } - return dcerpc_bind_auth(p, table, credentials, DCERPC_AUTH_TYPE_SCHANNEL, + return dcerpc_bind_auth(p, table, credentials, + DCERPC_AUTH_TYPE_SCHANNEL, auth_level, NULL); } |