diff options
| author | Andrew Tridgell <tridge@samba.org> | 2004-09-25 07:25:51 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:59:12 -0500 |
| commit | 642ba4bfeee9951957287647628fa82269a318b1 (patch) | |
| tree | b235192d584c043bb592a499c167d4906b6b1cdb /source4/librpc/rpc/dcerpc_util.c | |
| parent | 4fa2904290e2c345eae76ad66fc284b76eccd5f8 (diff) | |
| download | samba-642ba4bfeee9951957287647628fa82269a318b1.tar.gz samba-642ba4bfeee9951957287647628fa82269a318b1.tar.bz2 samba-642ba4bfeee9951957287647628fa82269a318b1.zip | |
r2614: support CONNECT level DCE/RPC security in both client and
server. CONNECT security uses NTLMSSP, but does not do any signing or
sealing (or equivalently, its like signing, but with a zero filled
checksum).
(This used to be commit f4660857bc708db7f5aa7487bf7ab04bffe68928)
Diffstat (limited to 'source4/librpc/rpc/dcerpc_util.c')
| -rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 2c9ae0354a..2a715eac1d 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -275,6 +275,7 @@ static const struct { } ncacn_options[] = { {"sign", DCERPC_SIGN}, {"seal", DCERPC_SEAL}, + {"connect", DCERPC_CONNECT}, {"validate", DCERPC_DEBUG_VALIDATE_BOTH}, {"print", DCERPC_DEBUG_PRINT_BOTH}, {"padcheck", DCERPC_DEBUG_PAD_CHECK}, @@ -495,7 +496,7 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **p, if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) { status = dcerpc_bind_auth_schannel(*p, pipe_uuid, pipe_version, domain, username, password); - } else if (username && username[0] && (binding->flags & (DCERPC_SIGN | DCERPC_SEAL))) { + } else if (username && username[0]) { status = dcerpc_bind_auth_ntlm(*p, pipe_uuid, pipe_version, domain, username, password); } else { status = dcerpc_bind_auth_none(*p, pipe_uuid, pipe_version); @@ -548,12 +549,6 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_ip_tcp(struct dcerpc_pipe **p, return status; } - /* it doesn't seem to work to do a null NTLMSSP session without either sign - or seal, so force signing if we are doing ntlmssp */ - if (username && username[0] && !(binding->flags & (DCERPC_SIGN|DCERPC_SEAL))) { - binding->flags |= DCERPC_SIGN; - } - (*p)->flags = binding->flags; /* remember the binding string for possible secondary connections */ @@ -562,7 +557,7 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_ip_tcp(struct dcerpc_pipe **p, if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) { status = dcerpc_bind_auth_schannel(*p, pipe_uuid, pipe_version, domain, username, password); - } else if (username && username[0] && (binding->flags & (DCERPC_SIGN | DCERPC_SEAL))) { + } else if (username && username[0]) { status = dcerpc_bind_auth_ntlm(*p, pipe_uuid, pipe_version, domain, username, password); } else { status = dcerpc_bind_auth_none(*p, pipe_uuid, pipe_version); |