summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-04-10 10:13:57 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:11:29 -0500
commit3ae4d872f5292f5620fc2d75b3c5434c52d726a1 (patch)
tree0d15069bcb730245d00e99c9903ae7e1d30e4029 /source4
parent6d1ae6d35aca66cff090d40927da1ac093dc65ce (diff)
downloadsamba-3ae4d872f5292f5620fc2d75b3c5434c52d726a1.tar.gz
samba-3ae4d872f5292f5620fc2d75b3c5434c52d726a1.tar.bz2
samba-3ae4d872f5292f5620fc2d75b3c5434c52d726a1.zip
r6272: For 'programmed' use of an anonymous account, we should use
cli_credentials_set_conf(), not cli_credentials_guess(). Also, clarify why for particular flags, we don't do a DCERPC-level authentication. Andrew Bartlett (This used to be commit 838925761d004a1426107f4c5c84d0276fddb2c0)
Diffstat (limited to 'source4')
-rw-r--r--source4/librpc/rpc/dcerpc_util.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index f45ae92bab..d1d9977b39 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -806,8 +806,8 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
struct cli_credentials *anon_creds
= cli_credentials_init(mem_ctx);
+ cli_credentials_set_conf(anon_creds);
cli_credentials_set_anonymous(anon_creds);
- cli_credentials_guess(anon_creds);
/* First, check if there is a default endpoint specified in the IDL */
@@ -939,7 +939,14 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
} else if (!cli_credentials_is_anonymous(credentials) &&
!(binding->transport == NCACN_NP &&
!(binding->flags & DCERPC_SIGN) &&
- !(binding->flags & DCERPC_SEAL))) {
+ !(binding->flags & DCERPC_SEAL))) {
+
+ /* Perform an authenticated DCE-RPC bind, except where
+ * we ask for a connection on NCACN_NP, and that
+ * connection is not signed or sealed. For that case
+ * we rely on the already authenicated CIFS connection
+ */
+
uint8_t auth_type;
if (binding->flags & DCERPC_AUTH_SPNEGO) {
auth_type = DCERPC_AUTH_TYPE_SPNEGO;