diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-09-11 15:11:36 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:58:39 -0500 |
| commit | 909c9b681a0718b8701e05addbad08c0aec87113 (patch) | |
| tree | d569f2f54075a0514fa6e4b591d383f47e8d631d /source4/librpc/rpc/dcerpc_util.c | |
| parent | 4490c816a90871cd93b1a709bae91e5176e4f599 (diff) | |
| download | samba-909c9b681a0718b8701e05addbad08c0aec87113.tar.gz samba-909c9b681a0718b8701e05addbad08c0aec87113.tar.bz2 samba-909c9b681a0718b8701e05addbad08c0aec87113.zip | |
r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.
This means that 'require NTLMv2 session security' now works for RPC
pipe signing. We don't yet have sealing, but it can't be much further.
This is almost all tridge's code, munged into a form that can work
with the GENSEC API.
This commit also includes more lsakey fixes - that key is used for all
DCE-RPC level authenticated connections, even over CIFS/ncacn_np.
No doubt I missed something, but I'm going to get some sleep :-)
Andrew Bartlett
(This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_util.c')
| -rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index fc9f6c847d..1898575003 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -458,8 +458,7 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **p, pipe_name += 6; } - if ((binding->flags & (DCERPC_SCHANNEL_ANY | DCERPC_SIGN | DCERPC_SEAL)) - || !username || !username[0]) { + if (!username || !username[0]) { status = smbcli_full_connection(&cli, lp_netbios_name(), binding->host, NULL, "ipc$", "?????", @@ -500,6 +499,7 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **p, status = dcerpc_bind_auth_ntlm(*p, pipe_uuid, pipe_version, domain, username, password); } else { status = dcerpc_bind_auth_none(*p, pipe_uuid, pipe_version); + } if (!NT_STATUS_IS_OK(status)) { @@ -691,15 +691,22 @@ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p, struct dcerpc_pipe * return NT_STATUS_OK; } +NTSTATUS dcerpc_generic_session_key(struct dcerpc_pipe *p, + DATA_BLOB *session_key) +{ + /* this took quite a few CPU cycles to find ... */ + session_key->data = "SystemLibraryDTC"; + session_key->length = 16; + return NT_STATUS_OK; +} /* - fetch the user session key for the underlying transport. Currently - only works for the ncacn_np transport + fetch the user session key - may be default (above) or the SMB session key */ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p, DATA_BLOB *session_key) { - return p->transport.session_key(p, session_key); + return p->security_state.session_key(p, session_key); } |