diff options
-rw-r--r-- | source3/librpc/rpc/dcerpc_gssapi.c | 48 | ||||
-rw-r--r-- | source3/librpc/rpc/dcerpc_gssapi.h | 2 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 50 |
3 files changed, 55 insertions, 45 deletions
diff --git a/source3/librpc/rpc/dcerpc_gssapi.c b/source3/librpc/rpc/dcerpc_gssapi.c index 8c0ad6a8b3..56f2a53c91 100644 --- a/source3/librpc/rpc/dcerpc_gssapi.c +++ b/source3/librpc/rpc/dcerpc_gssapi.c @@ -169,9 +169,8 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx, const char *username, const char *password, uint32_t add_gss_c_flags, - struct pipe_auth_data **_auth) + struct gse_context **_gse_ctx) { - struct pipe_auth_data *auth; struct gse_context *gse_ctx; OM_uint32 gss_maj, gss_min; gss_buffer_desc name_buffer = {0, NULL}; @@ -182,42 +181,15 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - auth = talloc(mem_ctx, struct pipe_auth_data); - if (auth == NULL) { - return NT_STATUS_NO_MEMORY; - } - - auth->auth_type = auth_type; - if (auth_type == DCERPC_AUTH_TYPE_SPNEGO) { - auth->spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5; - } - auth->auth_level = auth_level; - - if (!username) { - username = ""; - } - - auth->user_name = talloc_strdup(auth, username); - if (!auth->user_name) { - status = NT_STATUS_NO_MEMORY; - goto err_out; - } - - /* Fixme, should we fetch/set the Realm ? */ - auth->domain = talloc_strdup(auth, ""); - if (!auth->domain) { - status = NT_STATUS_NO_MEMORY; - goto err_out; - } - - status = gse_context_init(auth, auth_type, auth_level, + status = gse_context_init(mem_ctx, auth_type, auth_level, ccache_name, add_gss_c_flags, &gse_ctx); if (!NT_STATUS_IS_OK(status)) { - goto err_out; + return NT_STATUS_NO_MEMORY; } - name_buffer.value = talloc_asprintf(auth, "%s@%s", service, server); + name_buffer.value = talloc_asprintf(gse_ctx, + "%s@%s", service, server); if (!name_buffer.value) { status = NT_STATUS_NO_MEMORY; goto err_out; @@ -229,7 +201,7 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx, if (gss_maj) { DEBUG(0, ("gss_import_name failed for %s, with [%s]\n", (char *)name_buffer.value, - gse_errstr(auth, gss_maj, gss_min))); + gse_errstr(gse_ctx, gss_maj, gss_min))); status = NT_STATUS_INTERNAL_ERROR; goto err_out; } @@ -250,18 +222,18 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx, if (gss_maj) { DEBUG(0, ("gss_acquire_creds failed for %s, with [%s]\n", (char *)name_buffer.value, - gse_errstr(auth, gss_maj, gss_min))); + gse_errstr(gse_ctx, gss_maj, gss_min))); status = NT_STATUS_INTERNAL_ERROR; goto err_out; } - auth->a_u.gssapi_state = gse_ctx; - *_auth = auth; + *_gse_ctx = gse_ctx; TALLOC_FREE(name_buffer.value); return NT_STATUS_OK; err_out: - TALLOC_FREE(auth); + TALLOC_FREE(name_buffer.value); + TALLOC_FREE(gse_ctx); return status; } diff --git a/source3/librpc/rpc/dcerpc_gssapi.h b/source3/librpc/rpc/dcerpc_gssapi.h index 6367990ac1..3152033841 100644 --- a/source3/librpc/rpc/dcerpc_gssapi.h +++ b/source3/librpc/rpc/dcerpc_gssapi.h @@ -35,7 +35,7 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx, const char *username, const char *password, uint32_t add_gss_c_flags, - struct pipe_auth_data **_auth); + struct gse_context **_gse_ctx); NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx, struct gse_context *gse_ctx, diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index bbd869e19d..6c4525935c 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -3353,27 +3353,65 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, return status; } - status = gse_init_client(result, DCERPC_AUTH_TYPE_KRB5, auth_level, + auth = talloc(result, struct pipe_auth_data); + if (auth == NULL) { + status = NT_STATUS_NO_MEMORY; + goto err_out; + } + auth->auth_type = DCERPC_AUTH_TYPE_KRB5; + auth->auth_level = auth_level; + + if (!username) { + username = ""; + } + auth->user_name = talloc_strdup(auth, username); + if (!auth->user_name) { + status = NT_STATUS_NO_MEMORY; + goto err_out; + } + + /* Fixme, should we fetch/set the Realm ? */ + auth->domain = talloc_strdup(auth, ""); + if (!auth->domain) { + status = NT_STATUS_NO_MEMORY; + goto err_out; + } + + status = gse_init_client(auth, auth->auth_type, auth->auth_level, NULL, server, "cifs", username, password, - GSS_C_DCE_STYLE, &auth); + GSS_C_DCE_STYLE, &auth->a_u.gssapi_state); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("gse_init_client returned %s\n", nt_errstr(status))); - TALLOC_FREE(result); - return status; + goto err_out; } status = rpc_pipe_bind(result, auth); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("cli_rpc_pipe_bind failed with error %s\n", nt_errstr(status))); - TALLOC_FREE(result); - return status; + goto err_out; } *presult = result; return NT_STATUS_OK; + +err_out: + TALLOC_FREE(result); + return status; +} + +NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli, + const struct ndr_syntax_id *interface, + enum dcerpc_transport_t transport, + enum dcerpc_AuthLevel auth_level, + const char *server, + const char *username, + const char *password, + struct rpc_pipe_client **presult) +{ + return NT_STATUS_NOT_IMPLEMENTED; } NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, |