summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/build/pidl/ndr.pm38
-rw-r--r--source4/librpc/rpc/dcerpc.h7
-rw-r--r--source4/librpc/rpc/dcerpc_auth.c12
-rw-r--r--source4/librpc/rpc/dcerpc_util.c12
-rw-r--r--source4/torture/rpc/bind.c14
5 files changed, 63 insertions, 20 deletions
diff --git a/source4/build/pidl/ndr.pm b/source4/build/pidl/ndr.pm
index 27f0b87d97..c460c92c95 100644
--- a/source4/build/pidl/ndr.pm
+++ b/source4/build/pidl/ndr.pm
@@ -2008,18 +2008,40 @@ sub FunctionTable($)
pidl "";
pidl "static const struct dcerpc_endpoint_list $interface->{NAME}\_endpoints = {";
- pidl "\t$endpoint_count, $interface->{NAME}\_endpoint_strings";
+ pidl "\t.count\t= $endpoint_count,";
+ pidl "\t.names\t= $interface->{NAME}\_endpoint_strings";
+ pidl "};";
+ pidl "";
+
+ if (! defined $interface->{PROPERTIES}->{authservice}) {
+ $interface->{PROPERTIES}->{authservice} = "\"host\"";
+ }
+
+ my @a = split / /, $interface->{PROPERTIES}->{authservice};
+ my $authservice_count = $#a + 1;
+
+ pidl "static const char * const $interface->{NAME}\_authservice_strings[] = {";
+ foreach my $ap (@a) {
+ pidl "\t$ap, ";
+ }
+ pidl "};";
+ pidl "";
+
+ pidl "static const struct dcerpc_authservice_list $interface->{NAME}\_authservices = {";
+ pidl "\t.count\t= $endpoint_count,";
+ pidl "\t.names\t= $interface->{NAME}\_authservice_strings";
pidl "};";
pidl "";
pidl "\nconst struct dcerpc_interface_table dcerpc_table_$interface->{NAME} = {";
- pidl "\t\"$interface->{NAME}\",";
- pidl "\tDCERPC_$uname\_UUID,";
- pidl "\tDCERPC_$uname\_VERSION,";
- pidl "\tDCERPC_$uname\_HELPSTRING,";
- pidl "\t$count,";
- pidl "\t$interface->{NAME}\_calls,";
- pidl "\t&$interface->{NAME}\_endpoints";
+ pidl "\t.name\t\t= \"$interface->{NAME}\",";
+ pidl "\t.uuid\t\t= DCERPC_$uname\_UUID,";
+ pidl "\t.if_version\t= DCERPC_$uname\_VERSION,";
+ pidl "\t.helpstring\t= DCERPC_$uname\_HELPSTRING,";
+ pidl "\t.num_calls\t= $count,";
+ pidl "\t.calls\t\t= $interface->{NAME}\_calls,";
+ pidl "\t.endpoints\t= &$interface->{NAME}\_endpoints,";
+ pidl "\t.authservices\t= &$interface->{NAME}\_authservices";
pidl "};";
pidl "";
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 32a03d71a7..db7b76a779 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -153,6 +153,11 @@ struct dcerpc_endpoint_list {
const char * const *names;
};
+struct dcerpc_authservice_list {
+ uint32_t count;
+ const char * const *names;
+};
+
struct dcerpc_interface_table {
const char *name;
const char *uuid;
@@ -161,6 +166,7 @@ struct dcerpc_interface_table {
uint32_t num_calls;
const struct dcerpc_interface_call *calls;
const struct dcerpc_endpoint_list *endpoints;
+ const struct dcerpc_authservice_list *authservices;
};
struct dcerpc_interface_list {
@@ -175,6 +181,7 @@ struct dcerpc_binding {
uint16_t object_version;
const char *host;
const char *endpoint;
+ const char *authservice;
const char **options;
uint32_t flags;
};
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index c0b72b6842..1bcf4224c4 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -146,7 +146,8 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p,
const char *domain,
const char *username,
const char *password,
- uint8_t auth_type)
+ uint8_t auth_type,
+ const char *service)
{
NTSTATUS status;
@@ -189,6 +190,15 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p,
return status;
}
+ if (service) {
+ status = gensec_set_target_service(p->conn->security_state.generic_state, service);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to start set GENSEC target service: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ }
+
status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state,
auth_type,
dcerpc_auth_level(p->conn));
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 3697d2f181..7b753d1b30 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -789,13 +789,15 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
if (table) {
struct dcerpc_binding default_binding;
-
+
+ binding->authservice = talloc_strdup(mem_ctx, table->authservices->names[0]);
+
/* Find one of the default pipes for this interface */
for (i = 0; i < table->endpoints->count; i++) {
status = dcerpc_parse_binding(mem_ctx, table->endpoints->names[i], &default_binding);
if (NT_STATUS_IS_OK(status) && default_binding.transport == binding->transport && default_binding.endpoint) {
- binding->endpoint = talloc_strdup(mem_ctx, default_binding.endpoint);
+ binding->endpoint = talloc_strdup(mem_ctx, default_binding.endpoint);
return NT_STATUS_OK;
}
}
@@ -808,6 +810,7 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
epmapper_binding.options = NULL;
epmapper_binding.flags = 0;
epmapper_binding.endpoint = NULL;
+ epmapper_binding.authservice = NULL;
status = dcerpc_pipe_connect_b(&p,
&epmapper_binding,
@@ -903,8 +906,9 @@ static NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version,
domain, username, password,
- auth_type);
- } else {
+ auth_type,
+ binding->authservice);
+ } else {
status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version);
}
diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c
index d626536169..10ffa50289 100644
--- a/source4/torture/rpc/bind.c
+++ b/source4/torture/rpc/bind.c
@@ -53,7 +53,7 @@ BOOL torture_multi_bind(void)
status = dcerpc_parse_binding(mem_ctx, binding_string, &b);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("Failed to parse dcerpc binding '%s'\n", binding_string));
+ printf("Failed to parse dcerpc binding '%s'\n", binding_string);
talloc_free(mem_ctx);
return False;
}
@@ -82,21 +82,21 @@ BOOL torture_multi_bind(void)
status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version,
domain, username, password,
- auth_type);
- } else {
+ auth_type,
+ binding->authservice);
+ } else {
status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version);
}
if (NT_STATUS_IS_OK(status)) {
- DEBUG(0,("(incorrectly) allowed re-bind to uuid %s - %s\n",
- pipe_uuid, nt_errstr(status)));
+ printf("(incorrectly) allowed re-bind to uuid %s - %s\n",
+ pipe_uuid, nt_errstr(status));
ret = False;
} else {
+ printf("\n");
ret = True;
}
- printf("\n");
-
talloc_free(mem_ctx);
torture_rpc_close(p);