diff options
author | Stefan Metzmacher <metze@samba.org> | 2005-01-24 14:44:15 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:09:10 -0500 |
commit | c108689bf69bd7ac863b94b4535ddf4c51531fc5 (patch) | |
tree | bb6c8cc631b47451d21e64701e03b32f4903784f /source4 | |
parent | 56e4f0db341e31ffa572861e011493d5b7e0ae91 (diff) | |
download | samba-c108689bf69bd7ac863b94b4535ddf4c51531fc5.tar.gz samba-c108689bf69bd7ac863b94b4535ddf4c51531fc5.tar.bz2 samba-c108689bf69bd7ac863b94b4535ddf4c51531fc5.zip |
r4962: add infrastructure to use raw krb5 auth in dcerpc client code
Note this doesn't work currently because the gensec_modules are not ready for that yet
metze
(This used to be commit 7b09a3f725baca5d4483b7ec24a9cb6151557bb5)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/librpc/idl/dcerpc.idl | 11 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 5 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 3 |
3 files changed, 13 insertions, 6 deletions
diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl index d4fb026c8c..b5f9fbf466 100644 --- a/source4/librpc/idl/dcerpc.idl +++ b/source4/librpc/idl/dcerpc.idl @@ -110,18 +110,19 @@ interface dcerpc uint32 status; } dcerpc_fault; - + /* the auth types we know about const uint8 DCERPC_AUTH_TYPE_NONE = 0; - const uint8 DCERPC_AUTH_TYPE_KRB5 = 1; + /* this seems to be not krb5! */ + const uint8 DCERPC_AUTH_TYPE_KRB5_1 = 1; const uint8 DCERPC_AUTH_TYPE_SPNEGO = 9; const uint8 DCERPC_AUTH_TYPE_NTLMSSP = 10; /* I'm not 100% sure but type 16(0x10) * seems to be raw krb5 --metze */ - const uint8 DCERPC_AUTH_TYPE_KRB5_16 = 16; + const uint8 DCERPC_AUTH_TYPE_KRB5 = 16; const uint8 DCERPC_AUTH_TYPE_SCHANNEL = 68; - const uint8 DCERPC_AUTH_TYPE_MSMQ = 100; - + const uint8 DCERPC_AUTH_TYPE_MSMQ = 100; + const uint8 DCERPC_AUTH_LEVEL_DEFAULT = DCERPC_AUTH_LEVEL_CONNECT; const uint8 DCERPC_AUTH_LEVEL_NONE = 1; const uint8 DCERPC_AUTH_LEVEL_CONNECT = 2; diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 4e58c3c75f..4e0172b6f3 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -129,11 +129,14 @@ struct dcerpc_pipe { /* set LIBNDR_FLAG_REF_ALLOC flag when decoding NDR */ #define DCERPC_NDR_REF_ALLOC (1<<14) -#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO) +#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5) /* enable spnego auth */ #define DCERPC_AUTH_SPNEGO (1<<15) +/* enable krb5 auth */ +#define DCERPC_AUTH_KRB5 (1<<16) + /* this is used to find pointers to calls */ diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 8b974df0fd..7307b44cb8 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -177,6 +177,7 @@ static const struct { {"seal", DCERPC_SEAL}, {"connect", DCERPC_CONNECT}, {"spnego", DCERPC_AUTH_SPNEGO}, + {"krb5", DCERPC_AUTH_KRB5}, {"validate", DCERPC_DEBUG_VALIDATE_BOTH}, {"print", DCERPC_DEBUG_PRINT_BOTH}, {"padcheck", DCERPC_DEBUG_PAD_CHECK}, @@ -797,6 +798,8 @@ static NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, uint8_t auth_type; if (binding->flags & DCERPC_AUTH_SPNEGO) { auth_type = DCERPC_AUTH_TYPE_SPNEGO; + } else if (binding->flags & DCERPC_AUTH_KRB5) { + auth_type = DCERPC_AUTH_TYPE_KRB5; } else { auth_type = DCERPC_AUTH_TYPE_NTLMSSP; } |