summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-05-01 19:29:00 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:16:26 -0500
commit85e9412c4786ede6f94d879185d493756d37eebe (patch)
treebb1f38e33db38af59f427228402cec1095bf4793 /source4/librpc
parent7fca1d46cea38229faf9a7092d86a452658f2ca0 (diff)
downloadsamba-85e9412c4786ede6f94d879185d493756d37eebe.tar.gz
samba-85e9412c4786ede6f94d879185d493756d37eebe.tar.bz2
samba-85e9412c4786ede6f94d879185d493756d37eebe.zip
r6565: Cludge, cludge, cludge...
We need to pass the 'secure channel type' to the NETLOGON layer, which must match the account type. (Yes, jelmer objects to this inclusion of the kitchen sink ;-) Andrew Bartlett (This used to be commit 8ee208a926d2b15fdc42753b1f9ee586564c6248)
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/idl/misc.idl9
-rw-r--r--source4/librpc/idl/netlogon.idl11
-rw-r--r--source4/librpc/rpc/dcerpc.h9
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c18
-rw-r--r--source4/librpc/rpc/dcerpc_util.c6
5 files changed, 19 insertions, 34 deletions
diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl
index 935032f305..45f4e25602 100644
--- a/source4/librpc/idl/misc.idl
+++ b/source4/librpc/idl/misc.idl
@@ -22,4 +22,13 @@ interface misc
uint32 handle_type;
GUID uuid;
} policy_handle;
+
+ /* secure channel types */
+ /* Only SEC_CHAN_WKSTA can forward requests to other domains. */
+
+ typedef [public] enum {
+ SEC_CHAN_WKSTA = 2,
+ SEC_CHAN_DOMAIN = 4,
+ SEC_CHAN_BDC = 6
+ } netr_SchannelType;
}
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 0e601b372a..e32b1ee86d 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -248,7 +248,7 @@ interface netlogon
[in] uint16 logon_level,
[in] [switch_is(logon_level)] netr_LogonLevel logon
);
-
+
/*****************/
@@ -264,15 +264,6 @@ interface netlogon
/*****************/
/* Function 0x05 */
- /* secure channel types */
- /* Only SEC_CHAN_WKSTA can forward requests to other domains. */
-
- typedef enum {
- SEC_CHAN_WKSTA = 2,
- SEC_CHAN_DOMAIN = 4,
- SEC_CHAN_BDC = 6
- } netr_SchannelType;
-
NTSTATUS netr_ServerAuthenticate(
[in] unistr *server_name,
[in] unistr account_name,
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index db7b76a779..89a969a118 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -113,12 +113,7 @@ struct dcerpc_pipe {
#define DCERPC_PUSH_BIGENDIAN (1<<7)
#define DCERPC_PULL_BIGENDIAN (1<<8)
-#define DCERPC_SCHANNEL_BDC (1<<9)
-#define DCERPC_SCHANNEL_WORKSTATION (1<<10)
-#define DCERPC_SCHANNEL_DOMAIN (1<<11)
-#define DCERPC_SCHANNEL_ANY (DCERPC_SCHANNEL_BDC| \
- DCERPC_SCHANNEL_DOMAIN| \
- DCERPC_SCHANNEL_WORKSTATION)
+#define DCERPC_SCHANNEL (1<<9)
/* use a 128 bit session key */
#define DCERPC_SCHANNEL_128 (1<<12)
@@ -129,7 +124,7 @@ struct dcerpc_pipe {
/* set LIBNDR_FLAG_REF_ALLOC flag when decoding NDR */
#define DCERPC_NDR_REF_ALLOC (1<<14)
-#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5)
+#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5)
/* enable spnego auth */
#define DCERPC_AUTH_SPNEGO (1<<15)
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 3ae2624ff9..cc6cbe7b46 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -30,8 +30,7 @@
*/
static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx,
struct dcerpc_pipe *p,
- struct cli_credentials *credentials,
- int chan_type)
+ struct cli_credentials *credentials)
{
NTSTATUS status;
struct dcerpc_binding *b;
@@ -109,7 +108,8 @@ static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx,
a.in.server_name = r.in.server_name;
a.in.account_name = cli_credentials_get_username(credentials);
- a.in.secure_channel_type = chan_type;
+ a.in.secure_channel_type =
+ cli_credentials_get_secure_channel_type(credentials);
a.in.computer_name = cli_credentials_get_workstation(credentials);
a.in.negotiate_flags = &negotiate_flags;
a.out.negotiate_flags = &negotiate_flags;
@@ -143,20 +143,10 @@ NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx,
struct cli_credentials *credentials)
{
NTSTATUS status;
- int chan_type = 0;
-
- if (p->conn->flags & DCERPC_SCHANNEL_BDC) {
- chan_type = SEC_CHAN_BDC;
- } else if (p->conn->flags & DCERPC_SCHANNEL_WORKSTATION) {
- chan_type = SEC_CHAN_WKSTA;
- } else if (p->conn->flags & DCERPC_SCHANNEL_DOMAIN) {
- chan_type = SEC_CHAN_DOMAIN;
- }
/* Fills in NETLOGON credentials */
status = dcerpc_schannel_key(tmp_ctx,
- p, credentials,
- chan_type);
+ p, credentials);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to setup credentials for account %s: %s\n",
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index d1d9977b39..763ec55e50 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -927,7 +927,7 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
p->conn->binding_string = dcerpc_binding_string(p, binding);
if (!cli_credentials_is_anonymous(credentials) &&
- (binding->flags & DCERPC_SCHANNEL_ANY) &&
+ (binding->flags & DCERPC_SCHANNEL) &&
!cli_credentials_get_netlogon_creds(credentials)) {
/* If we don't already have netlogon credentials for
@@ -952,7 +952,7 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
auth_type = DCERPC_AUTH_TYPE_SPNEGO;
} else if (binding->flags & DCERPC_AUTH_KRB5) {
auth_type = DCERPC_AUTH_TYPE_KRB5;
- } else if (binding->flags & DCERPC_SCHANNEL_ANY) {
+ } else if (binding->flags & DCERPC_SCHANNEL) {
auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
} else {
auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
@@ -986,7 +986,7 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(TALLOC_CTX *tmp_ctx,
struct smbcli_state *cli;
const char *pipe_name = NULL;
- if (binding->flags & DCERPC_SCHANNEL_ANY) {
+ if (binding->flags & DCERPC_SCHANNEL) {
struct cli_credentials *anon_creds
= cli_credentials_init(tmp_ctx);
cli_credentials_set_anonymous(anon_creds);