summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2005-01-24 14:44:15 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:09:10 -0500
commitc108689bf69bd7ac863b94b4535ddf4c51531fc5 (patch)
treebb6c8cc631b47451d21e64701e03b32f4903784f /source4
parent56e4f0db341e31ffa572861e011493d5b7e0ae91 (diff)
downloadsamba-c108689bf69bd7ac863b94b4535ddf4c51531fc5.tar.gz
samba-c108689bf69bd7ac863b94b4535ddf4c51531fc5.tar.bz2
samba-c108689bf69bd7ac863b94b4535ddf4c51531fc5.zip
r4962: add infrastructure to use raw krb5 auth in dcerpc client code
Note this doesn't work currently because the gensec_modules are not ready for that yet metze (This used to be commit 7b09a3f725baca5d4483b7ec24a9cb6151557bb5)
Diffstat (limited to 'source4')
-rw-r--r--source4/librpc/idl/dcerpc.idl11
-rw-r--r--source4/librpc/rpc/dcerpc.h5
-rw-r--r--source4/librpc/rpc/dcerpc_util.c3
3 files changed, 13 insertions, 6 deletions
diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl
index d4fb026c8c..b5f9fbf466 100644
--- a/source4/librpc/idl/dcerpc.idl
+++ b/source4/librpc/idl/dcerpc.idl
@@ -110,18 +110,19 @@ interface dcerpc
uint32 status;
} dcerpc_fault;
-
+ /* the auth types we know about
const uint8 DCERPC_AUTH_TYPE_NONE = 0;
- const uint8 DCERPC_AUTH_TYPE_KRB5 = 1;
+ /* this seems to be not krb5! */
+ const uint8 DCERPC_AUTH_TYPE_KRB5_1 = 1;
const uint8 DCERPC_AUTH_TYPE_SPNEGO = 9;
const uint8 DCERPC_AUTH_TYPE_NTLMSSP = 10;
/* I'm not 100% sure but type 16(0x10)
* seems to be raw krb5 --metze
*/
- const uint8 DCERPC_AUTH_TYPE_KRB5_16 = 16;
+ const uint8 DCERPC_AUTH_TYPE_KRB5 = 16;
const uint8 DCERPC_AUTH_TYPE_SCHANNEL = 68;
- const uint8 DCERPC_AUTH_TYPE_MSMQ = 100;
-
+ const uint8 DCERPC_AUTH_TYPE_MSMQ = 100;
+
const uint8 DCERPC_AUTH_LEVEL_DEFAULT = DCERPC_AUTH_LEVEL_CONNECT;
const uint8 DCERPC_AUTH_LEVEL_NONE = 1;
const uint8 DCERPC_AUTH_LEVEL_CONNECT = 2;
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 4e58c3c75f..4e0172b6f3 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -129,11 +129,14 @@ struct dcerpc_pipe {
/* set LIBNDR_FLAG_REF_ALLOC flag when decoding NDR */
#define DCERPC_NDR_REF_ALLOC (1<<14)
-#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO)
+#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5)
/* enable spnego auth */
#define DCERPC_AUTH_SPNEGO (1<<15)
+/* enable krb5 auth */
+#define DCERPC_AUTH_KRB5 (1<<16)
+
/*
this is used to find pointers to calls
*/
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 8b974df0fd..7307b44cb8 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -177,6 +177,7 @@ static const struct {
{"seal", DCERPC_SEAL},
{"connect", DCERPC_CONNECT},
{"spnego", DCERPC_AUTH_SPNEGO},
+ {"krb5", DCERPC_AUTH_KRB5},
{"validate", DCERPC_DEBUG_VALIDATE_BOTH},
{"print", DCERPC_DEBUG_PRINT_BOTH},
{"padcheck", DCERPC_DEBUG_PAD_CHECK},
@@ -797,6 +798,8 @@ static NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
uint8_t auth_type;
if (binding->flags & DCERPC_AUTH_SPNEGO) {
auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ } else if (binding->flags & DCERPC_AUTH_KRB5) {
+ auth_type = DCERPC_AUTH_TYPE_KRB5;
} else {
auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
}