diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-02-10 10:22:12 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2004-02-10 10:22:12 +0000 |
commit | 078cced5ec1026432f5df275a7023db70a62693e (patch) | |
tree | 3d9e8d162c9268cde955087cfc78b24b1167164e /source4/librpc/rpc/dcerpc_util.c | |
parent | f5cb6392b3810301614a99de2ecb938d925da519 (diff) | |
download | samba-078cced5ec1026432f5df275a7023db70a62693e.tar.gz samba-078cced5ec1026432f5df275a7023db70a62693e.tar.bz2 samba-078cced5ec1026432f5df275a7023db70a62693e.zip |
- modified the dcerpc client security code to be generic, so ntlmssp
and schannel are both instances of possible security modules
- added schannel sign and sign/seal support to the dcerpc client
code. You select it with binding options of "schannel,sign" or
"schannel,seal".
(This used to be commit 05db0b9d942cad8f1dd574dc35b759e5e79d4195)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_util.c')
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 96f0b959e7..ba61f28c95 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -275,6 +275,7 @@ static const struct { } ncacn_options[] = { {"sign", DCERPC_SIGN}, {"seal", DCERPC_SEAL}, + {"schannel", DCERPC_SCHANNEL}, {"validate", DCERPC_DEBUG_VALIDATE_BOTH}, {"print", DCERPC_DEBUG_PRINT_BOTH}, {"bigendian", DCERPC_PUSH_BIGENDIAN} @@ -481,11 +482,23 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **p, (*p)->flags = binding->flags; - if (binding->flags & (DCERPC_SIGN | DCERPC_SEAL)) { + if (binding->flags & DCERPC_SCHANNEL) { + const char *trust_password = secrets_fetch_machine_password(); + if (!trust_password) { + DEBUG(0,("Unable to fetch machine password\n")); + goto done; + } + status = dcerpc_bind_auth_schannel(*p, pipe_uuid, pipe_version, + lp_workgroup(), + lp_netbios_name(), + trust_password); + } else if (binding->flags & (DCERPC_SIGN | DCERPC_SEAL)) { status = dcerpc_bind_auth_ntlm(*p, pipe_uuid, pipe_version, domain, username, password); } else { status = dcerpc_bind_auth_none(*p, pipe_uuid, pipe_version); } + +done: if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Failed to bind to uuid %s - %s\n", pipe_uuid, nt_errstr(status))); dcerpc_pipe_close(*p); |