diff options
| author | Andrew Tridgell <tridge@samba.org> | 2005-01-10 07:14:12 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:08:35 -0500 |
| commit | 5da3f75a5975c09dc1db0b1ad146acf1d5f3ae41 (patch) | |
| tree | ae73c01bdac2e45686eb381f9c1d16fd401f12e4 /source4/librpc/rpc/dcerpc_util.c | |
| parent | f6596e4ae77c0125a1362e483aa1aedb8cf489c1 (diff) | |
| download | samba-5da3f75a5975c09dc1db0b1ad146acf1d5f3ae41.tar.gz samba-5da3f75a5975c09dc1db0b1ad146acf1d5f3ae41.tar.bz2 samba-5da3f75a5975c09dc1db0b1ad146acf1d5f3ae41.zip | |
r4627: - simplified the dcerpc auth code using a common function
- added support for "spnego" in binding strings. This enables SPNEGO
auth in the dcerpc client code, using as many allter_context calls as
are needed
To try SPNEGO do this:
smbtorture ncacn_ip_tcp:SERVER[spnego,seal] -Uadministrator%password RPC-SAMR
(This used to be commit 9c0a3423f03111c110d21c0d3910e16aa1a8bf87)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_util.c')
| -rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 107 |
1 files changed, 41 insertions, 66 deletions
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 305c1c7725..534c17678d 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -176,6 +176,7 @@ static const struct { {"sign", DCERPC_SIGN}, {"seal", DCERPC_SEAL}, {"connect", DCERPC_CONNECT}, + {"spnego", DCERPC_AUTH_SPNEGO}, {"validate", DCERPC_DEBUG_VALIDATE_BOTH}, {"print", DCERPC_DEBUG_PRINT_BOTH}, {"padcheck", DCERPC_DEBUG_PAD_CHECK}, @@ -772,6 +773,42 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind } +/* + perform an authenticated bind if needed +*/ +static NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, + struct dcerpc_binding *binding, + const char *pipe_uuid, + uint32_t pipe_version, + const char *domain, + const char *username, + const char *password) +{ + NTSTATUS status; + + p->conn->flags = binding->flags; + + /* remember the binding string for possible secondary connections */ + p->conn->binding_string = dcerpc_binding_string(p, binding); + + if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) { + status = dcerpc_bind_auth_schannel(p, pipe_uuid, pipe_version, + domain, username, password); + } else if (username && username[0] && (binding->flags & DCERPC_AUTH_SPNEGO)) { + status = dcerpc_bind_auth_spnego(p, pipe_uuid, pipe_version, domain, username, password); + } else if (username && username[0]) { + status = dcerpc_bind_auth_ntlm(p, pipe_uuid, pipe_version, domain, username, password); + } else { + status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version); + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("Failed to bind to uuid %s - %s\n", pipe_uuid, nt_errstr(status))); + } + return status; +} + + /* open a rpc connection to a rpc pipe on SMB using the binding structure to determine the endpoint and options */ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp, @@ -846,24 +883,8 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp, return status; } - p->conn->flags = binding->flags; - - /* remember the binding string for possible secondary connections */ - p->conn->binding_string = dcerpc_binding_string(p, binding); - - if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) { - status = dcerpc_bind_auth_schannel(p, pipe_uuid, pipe_version, - domain, username, password); - } else if (username && username[0] && - (binding->flags & (DCERPC_CONNECT|DCERPC_SIGN|DCERPC_SEAL))) { - status = dcerpc_bind_auth_ntlm(p, pipe_uuid, pipe_version, domain, username, password); - } else { - status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version); - - } - + status = dcerpc_pipe_auth(p, binding, pipe_uuid, pipe_version, domain, username, password); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("Failed to bind to uuid %s - %s\n", pipe_uuid, nt_errstr(status))); talloc_free(p); return status; } @@ -916,22 +937,8 @@ static NTSTATUS dcerpc_pipe_connect_ncalrpc(struct dcerpc_pipe **pp, return status; } - p->conn->flags = binding->flags; - - /* remember the binding string for possible secondary connections */ - p->conn->binding_string = dcerpc_binding_string(p, binding); - - if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) { - status = dcerpc_bind_auth_schannel(p, pipe_uuid, pipe_version, - domain, username, password); - } else if (username && username[0]) { - status = dcerpc_bind_auth_ntlm(p, pipe_uuid, pipe_version, domain, username, password); - } else { - status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version); - } - + status = dcerpc_pipe_auth(p, binding, pipe_uuid, pipe_version, domain, username, password); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("Failed to bind to uuid %s - %s\n", pipe_uuid, nt_errstr(status))); talloc_free(p); return status; } @@ -977,22 +984,8 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_unix_stream(struct dcerpc_pipe **pp, return status; } - p->conn->flags = binding->flags; - - /* remember the binding string for possible secondary connections */ - p->conn->binding_string = dcerpc_binding_string(p, binding); - - if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) { - status = dcerpc_bind_auth_schannel(p, pipe_uuid, pipe_version, - domain, username, password); - } else if (username && username[0]) { - status = dcerpc_bind_auth_ntlm(p, pipe_uuid, pipe_version, domain, username, password); - } else { - status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version); - } - + status = dcerpc_pipe_auth(p, binding, pipe_uuid, pipe_version, domain, username, password); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("Failed to bind to uuid %s - %s\n", pipe_uuid, nt_errstr(status))); talloc_free(p); return status; } @@ -1047,23 +1040,8 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_ip_tcp(struct dcerpc_pipe **pp, return status; } - p->conn->flags = binding->flags; - - /* remember the binding string for possible secondary connections */ - p->conn->binding_string = dcerpc_binding_string(p, binding); - - if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) { - status = dcerpc_bind_auth_schannel(p, pipe_uuid, pipe_version, - domain, username, password); - } else if (username && username[0]) { - status = dcerpc_bind_auth_ntlm(p, pipe_uuid, pipe_version, domain, username, password); - } else { - status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version); - } - + status = dcerpc_pipe_auth(p, binding, pipe_uuid, pipe_version, domain, username, password); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("Failed to bind to uuid %s - %s\n", - pipe_uuid, nt_errstr(status))); talloc_free(p); return status; } @@ -1171,7 +1149,6 @@ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p, struct dcerpc_pipe * if (!tree) { return NT_STATUS_INVALID_PARAMETER; } - status = dcerpc_pipe_open_smb((*p2)->conn, tree, pipe_name); break; @@ -1180,7 +1157,6 @@ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p, struct dcerpc_pipe * if (!NT_STATUS_IS_OK(status)) { return status; } - b.flags &= ~DCERPC_AUTH_OPTIONS; status = dcerpc_pipe_open_tcp((*p2)->conn, b.host, atoi(b.endpoint)); break; @@ -1189,7 +1165,6 @@ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p, struct dcerpc_pipe * if (!NT_STATUS_IS_OK(status)) { return status; } - b.flags &= ~DCERPC_AUTH_OPTIONS; status = dcerpc_pipe_open_pipe((*p2)->conn, b.endpoint); break; |