diff options
-rw-r--r-- | source3/include/ntdomain.h | 7 | ||||
-rw-r--r-- | source3/librpc/rpc/dcerpc_helpers.c | 26 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 12 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 6 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 4 | ||||
-rw-r--r-- | source3/rpcclient/rpcclient.c | 6 |
6 files changed, 13 insertions, 48 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 073efe54b9..9fdb794fd3 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -93,19 +93,12 @@ typedef struct pipe_rpc_fns { * Can't keep in sync with wire values as spnego wraps different auth methods. */ -enum pipe_auth_type_spnego { - PIPE_AUTH_TYPE_SPNEGO_NONE = 0, - PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, - PIPE_AUTH_TYPE_SPNEGO_KRB5 -}; - struct gse_context; /* auth state for all bind types. */ struct pipe_auth_data { enum dcerpc_AuthType auth_type; - enum pipe_auth_type_spnego spnego_type; /* used by server only */ enum dcerpc_AuthLevel auth_level; union { diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index 870706bcbe..c83668f9b8 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -303,11 +303,6 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, /* Treat the same for all authenticated rpc requests. */ switch (auth->auth_type) { case DCERPC_AUTH_TYPE_SPNEGO: - /* compat for server code */ - if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { - *auth_len = NTLMSSP_SIG_SIZE; - break; - } status = spnego_get_negotiated_mech(auth->a_u.spnego_state, &auth_type, &auth_ctx); @@ -806,13 +801,6 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, status = NT_STATUS_OK; break; case DCERPC_AUTH_TYPE_SPNEGO: - if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { - /* compat for server code */ - return add_ntlmssp_auth_footer( - auth->a_u.auth_ntlmssp_state, - auth->auth_level, - rpc_out); - } status = add_spnego_auth_footer(auth->a_u.spnego_state, auth->auth_level, rpc_out); break; @@ -923,20 +911,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, return NT_STATUS_OK; case DCERPC_AUTH_TYPE_SPNEGO: - if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { - /* compat for server code */ - DEBUG(10, ("NTLMSSP auth\n")); - - status = get_ntlmssp_auth_footer( - auth->a_u.auth_ntlmssp_state, - auth->auth_level, - &data, &full_pkt, - &auth_info.credentials); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - break; - } status = get_spnego_auth_footer(pkt, auth->a_u.spnego_state, auth->auth_level, diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 8538b232ec..fa139f4f89 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1630,10 +1630,9 @@ struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx, return NULL; } - DEBUG(5,("Bind RPC Pipe: %s auth_type %u(%u), auth_level %u\n", + DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n", rpccli_pipe_txt(talloc_tos(), cli), (unsigned int)auth->auth_type, - (unsigned int)auth->spnego_type, (unsigned int)auth->auth_level )); state->ev = ev; @@ -1813,9 +1812,8 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) return; err_out: - DEBUG(0,("cli_finish_bind_auth: unknown auth type %u(%u)\n", - (unsigned int)state->cli->auth->auth_type, - (unsigned int)state->cli->auth->spnego_type)); + DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n", + (unsigned int)state->cli->auth->auth_type)); tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); } @@ -2234,7 +2232,6 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, } result->auth_type = DCERPC_AUTH_TYPE_NONE; - result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE; result->auth_level = DCERPC_AUTH_LEVEL_NONE; result->user_name = talloc_strdup(result, ""); @@ -2346,7 +2343,6 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, } result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL; - result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE; result->auth_level = auth_level; result->user_name = talloc_strdup(result, ""); @@ -3064,8 +3060,6 @@ NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli, } auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO; auth->auth_level = auth_level; - /* compat */ - auth->spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5; if (!username) { username = ""; diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 3e56646aa2..ba6acc8289 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -548,7 +548,6 @@ static bool setup_bind_nak(struct pipes_struct *p, struct ncacn_packet *pkt) free_pipe_auth_data(&p->auth); p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; p->auth.auth_type = DCERPC_AUTH_TYPE_NONE; - p->auth.spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE; p->pipe_bound = False; return True; @@ -1186,7 +1185,6 @@ static bool api_pipe_bind_req(struct pipes_struct *p, /* Unauthenticated bind request. */ /* We're finished - no more packets. */ p->auth.auth_type = DCERPC_AUTH_TYPE_NONE; - p->auth.spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE; /* We must set the pipe auth_level here also. */ p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; p->pipe_bound = True; @@ -1546,8 +1544,8 @@ static bool api_pipe_request(struct pipes_struct *p, if (p->pipe_bound && ((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) || - ((p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO) && - (p->auth.spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP)))) { + (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) || + (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) { if(!become_authenticated_pipe_user(p)) { data_blob_free(&p->out_data.rdata); return False; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 994fc7934b..efcf18af81 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2781,8 +2781,8 @@ static NTSTATUS get_user_info_18(struct pipes_struct *p, } if ((p->auth.auth_type != DCERPC_AUTH_TYPE_NTLMSSP) || - ((p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO) && - (p->auth.spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) { + (p->auth.auth_type != DCERPC_AUTH_TYPE_KRB5) || + (p->auth.auth_type != DCERPC_AUTH_TYPE_SPNEGO)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 5fa8132db8..a1faca78d8 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -28,6 +28,12 @@ #include "../librpc/gen_ndr/ndr_netlogon.h" #include "rpc_client/cli_netlogon.h" +enum pipe_auth_type_spnego { + PIPE_AUTH_TYPE_SPNEGO_NONE = 0, + PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, + PIPE_AUTH_TYPE_SPNEGO_KRB5 +}; + struct dom_sid domain_sid; static enum dcerpc_AuthType pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE; |