diff options
author | Volker Lendecke <vlendec@samba.org> | 2004-11-10 16:50:15 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:05:42 -0500 |
commit | f847f3a3e13d2d96f9b74a398047d84b4ad78127 (patch) | |
tree | dd73f41e4149a6d19b0aa83ef4f1a445ed23741b /source4/librpc | |
parent | e7810eeab787bb93b36c95f8783d0b8f4c7cf7c0 (diff) | |
download | samba-f847f3a3e13d2d96f9b74a398047d84b4ad78127.tar.gz samba-f847f3a3e13d2d96f9b74a398047d84b4ad78127.tar.bz2 samba-f847f3a3e13d2d96f9b74a398047d84b4ad78127.zip |
r3660: This simulates the logon sequence of a XP login session I'm currently tuning
Samba3/OpenLDAP for. For a concrete situation you have to adapt the domain,
pdcname and usernames/passwords. Sorry, not parametrized yet, but this should
be doable if necessary.
Volker
(This used to be commit 02f52058722fc1aea02d4fe237c97404d8e4f491)
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 66 |
1 files changed, 42 insertions, 24 deletions
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 3472e1cbe2..c0db63e8b8 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -425,39 +425,23 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, do a schannel style bind on a dcerpc pipe. The username is usually of the form HOSTNAME$ and the password is the domain trust password */ -NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, - const char *uuid, uint_t version, - const char *domain, - const char *username, - const char *password) +NTSTATUS dcerpc_bind_auth_schannel_withkey(struct dcerpc_pipe *p, + const char *uuid, uint_t version, + const char *domain, + const char *username, + const char *password, + uint8_t session_key[16]) { NTSTATUS status; - int chan_type = 0; status = gensec_client_start(p, &p->security_state.generic_state); if (!NT_STATUS_IS_OK(status)) { return status; } - if (p->flags & DCERPC_SCHANNEL_BDC) { - chan_type = SEC_CHAN_BDC; - } else if (p->flags & DCERPC_SCHANNEL_WORKSTATION) { - chan_type = SEC_CHAN_WKSTA; - } else if (p->flags & DCERPC_SCHANNEL_DOMAIN) { - chan_type = SEC_CHAN_DOMAIN; - } + memcpy(p->security_state.generic_state->user.schan_session_key, + session_key, 16); - status = dcerpc_schannel_key(p, domain, - username, - password, - chan_type, - p->security_state.generic_state->user.schan_session_key); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to fetch schannel session key: %s\n", nt_errstr(status))); - gensec_end(&p->security_state.generic_state); - return status; - } - status = gensec_set_username(p->security_state.generic_state, username); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to set schannel username to %s: %s\n", username, nt_errstr(status))); @@ -492,6 +476,40 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, return NT_STATUS_OK; } +NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, + const char *uuid, uint_t version, + const char *domain, + const char *username, + const char *password) +{ + NTSTATUS status; + int chan_type = 0; + uint8_t new_session_key[16]; + + if (p->flags & DCERPC_SCHANNEL_BDC) { + chan_type = SEC_CHAN_BDC; + } else if (p->flags & DCERPC_SCHANNEL_WORKSTATION) { + chan_type = SEC_CHAN_WKSTA; + } else if (p->flags & DCERPC_SCHANNEL_DOMAIN) { + chan_type = SEC_CHAN_DOMAIN; + } + + status = dcerpc_schannel_key(p, domain, + username, + password, + chan_type, + new_session_key); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to fetch schannel session key: %s\n", + nt_errstr(status))); + return status; + } + + return dcerpc_bind_auth_schannel_withkey(p, uuid, version, domain, + username, password, + new_session_key); +} static const struct gensec_security_ops gensec_dcerpc_schannel_security_ops = { .name = "dcerpc_schannel", |