summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/ntdomain.h7
-rw-r--r--source3/librpc/rpc/dcerpc_helpers.c26
-rw-r--r--source3/rpc_client/cli_pipe.c12
-rw-r--r--source3/rpc_server/srv_pipe.c6
-rw-r--r--source3/rpc_server/srv_samr_nt.c4
-rw-r--r--source3/rpcclient/rpcclient.c6
6 files changed, 13 insertions, 48 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 073efe54b9..9fdb794fd3 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -93,19 +93,12 @@ typedef struct pipe_rpc_fns {
* Can't keep in sync with wire values as spnego wraps different auth methods.
*/
-enum pipe_auth_type_spnego {
- PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
- PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
- PIPE_AUTH_TYPE_SPNEGO_KRB5
-};
-
struct gse_context;
/* auth state for all bind types. */
struct pipe_auth_data {
enum dcerpc_AuthType auth_type;
- enum pipe_auth_type_spnego spnego_type; /* used by server only */
enum dcerpc_AuthLevel auth_level;
union {
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 870706bcbe..c83668f9b8 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -303,11 +303,6 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
/* Treat the same for all authenticated rpc requests. */
switch (auth->auth_type) {
case DCERPC_AUTH_TYPE_SPNEGO:
- /* compat for server code */
- if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
- *auth_len = NTLMSSP_SIG_SIZE;
- break;
- }
status = spnego_get_negotiated_mech(auth->a_u.spnego_state,
&auth_type, &auth_ctx);
@@ -806,13 +801,6 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
status = NT_STATUS_OK;
break;
case DCERPC_AUTH_TYPE_SPNEGO:
- if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
- /* compat for server code */
- return add_ntlmssp_auth_footer(
- auth->a_u.auth_ntlmssp_state,
- auth->auth_level,
- rpc_out);
- }
status = add_spnego_auth_footer(auth->a_u.spnego_state,
auth->auth_level, rpc_out);
break;
@@ -923,20 +911,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
return NT_STATUS_OK;
case DCERPC_AUTH_TYPE_SPNEGO:
- if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
- /* compat for server code */
- DEBUG(10, ("NTLMSSP auth\n"));
-
- status = get_ntlmssp_auth_footer(
- auth->a_u.auth_ntlmssp_state,
- auth->auth_level,
- &data, &full_pkt,
- &auth_info.credentials);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- break;
- }
status = get_spnego_auth_footer(pkt, auth->a_u.spnego_state,
auth->auth_level,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 8538b232ec..fa139f4f89 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1630,10 +1630,9 @@ struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
return NULL;
}
- DEBUG(5,("Bind RPC Pipe: %s auth_type %u(%u), auth_level %u\n",
+ DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n",
rpccli_pipe_txt(talloc_tos(), cli),
(unsigned int)auth->auth_type,
- (unsigned int)auth->spnego_type,
(unsigned int)auth->auth_level ));
state->ev = ev;
@@ -1813,9 +1812,8 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
return;
err_out:
- DEBUG(0,("cli_finish_bind_auth: unknown auth type %u(%u)\n",
- (unsigned int)state->cli->auth->auth_type,
- (unsigned int)state->cli->auth->spnego_type));
+ DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n",
+ (unsigned int)state->cli->auth->auth_type));
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
}
@@ -2234,7 +2232,6 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
}
result->auth_type = DCERPC_AUTH_TYPE_NONE;
- result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
result->auth_level = DCERPC_AUTH_LEVEL_NONE;
result->user_name = talloc_strdup(result, "");
@@ -2346,7 +2343,6 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
}
result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
- result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
result->auth_level = auth_level;
result->user_name = talloc_strdup(result, "");
@@ -3064,8 +3060,6 @@ NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli,
}
auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
auth->auth_level = auth_level;
- /* compat */
- auth->spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
if (!username) {
username = "";
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 3e56646aa2..ba6acc8289 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -548,7 +548,6 @@ static bool setup_bind_nak(struct pipes_struct *p, struct ncacn_packet *pkt)
free_pipe_auth_data(&p->auth);
p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
p->auth.auth_type = DCERPC_AUTH_TYPE_NONE;
- p->auth.spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
p->pipe_bound = False;
return True;
@@ -1186,7 +1185,6 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
/* Unauthenticated bind request. */
/* We're finished - no more packets. */
p->auth.auth_type = DCERPC_AUTH_TYPE_NONE;
- p->auth.spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
/* We must set the pipe auth_level here also. */
p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
p->pipe_bound = True;
@@ -1546,8 +1544,8 @@ static bool api_pipe_request(struct pipes_struct *p,
if (p->pipe_bound &&
((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) ||
- ((p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO) &&
- (p->auth.spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP)))) {
+ (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) ||
+ (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) {
if(!become_authenticated_pipe_user(p)) {
data_blob_free(&p->out_data.rdata);
return False;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 994fc7934b..efcf18af81 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2781,8 +2781,8 @@ static NTSTATUS get_user_info_18(struct pipes_struct *p,
}
if ((p->auth.auth_type != DCERPC_AUTH_TYPE_NTLMSSP) ||
- ((p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO) &&
- (p->auth.spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
+ (p->auth.auth_type != DCERPC_AUTH_TYPE_KRB5) ||
+ (p->auth.auth_type != DCERPC_AUTH_TYPE_SPNEGO)) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 5fa8132db8..a1faca78d8 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -28,6 +28,12 @@
#include "../librpc/gen_ndr/ndr_netlogon.h"
#include "rpc_client/cli_netlogon.h"
+enum pipe_auth_type_spnego {
+ PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
+ PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
+ PIPE_AUTH_TYPE_SPNEGO_KRB5
+};
+
struct dom_sid domain_sid;
static enum dcerpc_AuthType pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE;