diff options
| -rw-r--r-- | prog_guide.txt | 1 | ||||
| -rw-r--r-- | source4/librpc/idl/dcerpc.idl | 11 | ||||
| -rw-r--r-- | source4/librpc/rpc/dcerpc.h | 5 | ||||
| -rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 3 |
4 files changed, 14 insertions, 6 deletions
diff --git a/prog_guide.txt b/prog_guide.txt index 9a80d757f0..3ed51e986c 100644 --- a/prog_guide.txt +++ b/prog_guide.txt @@ -542,6 +542,7 @@ other recognised flags are: sign : enable ntlmssp signing seal : enable ntlmssp sealing spnego : use SPNEGO instead of NTLMSSP authentication + krb5 : use KRB5 instead of NTLMSSP authentication connect : enable rpc connect level auth (auth, but no sign or seal) validate : enable the NDR validator print : enable debugging of the packets diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl index d4fb026c8c..b5f9fbf466 100644 --- a/source4/librpc/idl/dcerpc.idl +++ b/source4/librpc/idl/dcerpc.idl @@ -110,18 +110,19 @@ interface dcerpc uint32 status; } dcerpc_fault; - + /* the auth types we know about const uint8 DCERPC_AUTH_TYPE_NONE = 0; - const uint8 DCERPC_AUTH_TYPE_KRB5 = 1; + /* this seems to be not krb5! */ + const uint8 DCERPC_AUTH_TYPE_KRB5_1 = 1; const uint8 DCERPC_AUTH_TYPE_SPNEGO = 9; const uint8 DCERPC_AUTH_TYPE_NTLMSSP = 10; /* I'm not 100% sure but type 16(0x10) * seems to be raw krb5 --metze */ - const uint8 DCERPC_AUTH_TYPE_KRB5_16 = 16; + const uint8 DCERPC_AUTH_TYPE_KRB5 = 16; const uint8 DCERPC_AUTH_TYPE_SCHANNEL = 68; - const uint8 DCERPC_AUTH_TYPE_MSMQ = 100; - + const uint8 DCERPC_AUTH_TYPE_MSMQ = 100; + const uint8 DCERPC_AUTH_LEVEL_DEFAULT = DCERPC_AUTH_LEVEL_CONNECT; const uint8 DCERPC_AUTH_LEVEL_NONE = 1; const uint8 DCERPC_AUTH_LEVEL_CONNECT = 2; diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 4e58c3c75f..4e0172b6f3 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -129,11 +129,14 @@ struct dcerpc_pipe { /* set LIBNDR_FLAG_REF_ALLOC flag when decoding NDR */ #define DCERPC_NDR_REF_ALLOC (1<<14) -#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO) +#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5) /* enable spnego auth */ #define DCERPC_AUTH_SPNEGO (1<<15) +/* enable krb5 auth */ +#define DCERPC_AUTH_KRB5 (1<<16) + /* this is used to find pointers to calls */ diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 8b974df0fd..7307b44cb8 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -177,6 +177,7 @@ static const struct { {"seal", DCERPC_SEAL}, {"connect", DCERPC_CONNECT}, {"spnego", DCERPC_AUTH_SPNEGO}, + {"krb5", DCERPC_AUTH_KRB5}, {"validate", DCERPC_DEBUG_VALIDATE_BOTH}, {"print", DCERPC_DEBUG_PRINT_BOTH}, {"padcheck", DCERPC_DEBUG_PAD_CHECK}, @@ -797,6 +798,8 @@ static NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, uint8_t auth_type; if (binding->flags & DCERPC_AUTH_SPNEGO) { auth_type = DCERPC_AUTH_TYPE_SPNEGO; + } else if (binding->flags & DCERPC_AUTH_KRB5) { + auth_type = DCERPC_AUTH_TYPE_KRB5; } else { auth_type = DCERPC_AUTH_TYPE_NTLMSSP; } |