diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-01-12 09:33:49 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:50:55 -0500 |
commit | a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f (patch) | |
tree | 71b27ab4d11e2fc537b0ccf5d4e9c75dcc9757eb /source4/librpc/rpc/dcerpc_util.c | |
parent | 4c6b9c79ff5d35e1d03ad5eb543db4b6b906b5ce (diff) | |
download | samba-a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f.tar.gz samba-a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f.tar.bz2 samba-a5a79e8b8cbdf24d5c2db45ece4110ed5d85e58f.zip |
r12865: Upgrade the librpc and libnet code.
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous. This should better
function with servers that set restrict anonymous.
There are too many parts of Samba that get, parse and modify the
binding parameters. Avoid the extra work, and add a binding element
to the struct dcerpc_pipe
The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern. Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.
To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.
Andrew Bartlett
(This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_util.c')
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 15a45ed3f0..6ef91b87b0 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -889,9 +889,10 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, /* If we don't already have netlogon credentials for * the schannel bind, then we have to get these * first */ - status = dcerpc_bind_auth_schannel(tmp_ctx, p, table, credentials); + status = dcerpc_bind_auth_schannel(tmp_ctx, p, table, credentials, + dcerpc_auth_level(p->conn)); } else if (!cli_credentials_is_anonymous(credentials) && - !(binding->transport == NCACN_NP && + !(p->conn->transport.transport == NCACN_NP && !(binding->flags & DCERPC_SIGN) && !(binding->flags & DCERPC_SEAL))) { @@ -925,7 +926,9 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, } status = dcerpc_bind_auth(p, table, - credentials, auth_type, table->authservices->names[0]); + credentials, auth_type, + dcerpc_auth_level(p->conn), + table->authservices->names[0]); } else { status = dcerpc_bind_auth_none(p, table); } @@ -1099,6 +1102,11 @@ NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx, return status; } + p->binding = binding; + if (!talloc_reference(p, binding)) { + return NT_STATUS_NO_MEMORY; + } + status = dcerpc_pipe_auth(p, binding, table, credentials); if (!NT_STATUS_IS_OK(status)) { talloc_free(p); @@ -1195,6 +1203,10 @@ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p, struct dcerpc_pipe * } (*p2)->conn->flags = p->conn->flags; + (*p2)->binding = b; + if (!talloc_reference(*p2, b)) { + return NT_STATUS_NO_MEMORY; + } return NT_STATUS_OK; } |