summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/librpc/rpc/dcerpc_gssapi.c48
-rw-r--r--source3/librpc/rpc/dcerpc_gssapi.h2
-rw-r--r--source3/rpc_client/cli_pipe.c50
3 files changed, 55 insertions, 45 deletions
diff --git a/source3/librpc/rpc/dcerpc_gssapi.c b/source3/librpc/rpc/dcerpc_gssapi.c
index 8c0ad6a8b3..56f2a53c91 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.c
+++ b/source3/librpc/rpc/dcerpc_gssapi.c
@@ -169,9 +169,8 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
const char *username,
const char *password,
uint32_t add_gss_c_flags,
- struct pipe_auth_data **_auth)
+ struct gse_context **_gse_ctx)
{
- struct pipe_auth_data *auth;
struct gse_context *gse_ctx;
OM_uint32 gss_maj, gss_min;
gss_buffer_desc name_buffer = {0, NULL};
@@ -182,42 +181,15 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- auth = talloc(mem_ctx, struct pipe_auth_data);
- if (auth == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- auth->auth_type = auth_type;
- if (auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
- auth->spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
- }
- auth->auth_level = auth_level;
-
- if (!username) {
- username = "";
- }
-
- auth->user_name = talloc_strdup(auth, username);
- if (!auth->user_name) {
- status = NT_STATUS_NO_MEMORY;
- goto err_out;
- }
-
- /* Fixme, should we fetch/set the Realm ? */
- auth->domain = talloc_strdup(auth, "");
- if (!auth->domain) {
- status = NT_STATUS_NO_MEMORY;
- goto err_out;
- }
-
- status = gse_context_init(auth, auth_type, auth_level,
+ status = gse_context_init(mem_ctx, auth_type, auth_level,
ccache_name, add_gss_c_flags,
&gse_ctx);
if (!NT_STATUS_IS_OK(status)) {
- goto err_out;
+ return NT_STATUS_NO_MEMORY;
}
- name_buffer.value = talloc_asprintf(auth, "%s@%s", service, server);
+ name_buffer.value = talloc_asprintf(gse_ctx,
+ "%s@%s", service, server);
if (!name_buffer.value) {
status = NT_STATUS_NO_MEMORY;
goto err_out;
@@ -229,7 +201,7 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
if (gss_maj) {
DEBUG(0, ("gss_import_name failed for %s, with [%s]\n",
(char *)name_buffer.value,
- gse_errstr(auth, gss_maj, gss_min)));
+ gse_errstr(gse_ctx, gss_maj, gss_min)));
status = NT_STATUS_INTERNAL_ERROR;
goto err_out;
}
@@ -250,18 +222,18 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
if (gss_maj) {
DEBUG(0, ("gss_acquire_creds failed for %s, with [%s]\n",
(char *)name_buffer.value,
- gse_errstr(auth, gss_maj, gss_min)));
+ gse_errstr(gse_ctx, gss_maj, gss_min)));
status = NT_STATUS_INTERNAL_ERROR;
goto err_out;
}
- auth->a_u.gssapi_state = gse_ctx;
- *_auth = auth;
+ *_gse_ctx = gse_ctx;
TALLOC_FREE(name_buffer.value);
return NT_STATUS_OK;
err_out:
- TALLOC_FREE(auth);
+ TALLOC_FREE(name_buffer.value);
+ TALLOC_FREE(gse_ctx);
return status;
}
diff --git a/source3/librpc/rpc/dcerpc_gssapi.h b/source3/librpc/rpc/dcerpc_gssapi.h
index 6367990ac1..3152033841 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.h
+++ b/source3/librpc/rpc/dcerpc_gssapi.h
@@ -35,7 +35,7 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
const char *username,
const char *password,
uint32_t add_gss_c_flags,
- struct pipe_auth_data **_auth);
+ struct gse_context **_gse_ctx);
NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx,
struct gse_context *gse_ctx,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index bbd869e19d..6c4525935c 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3353,27 +3353,65 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
return status;
}
- status = gse_init_client(result, DCERPC_AUTH_TYPE_KRB5, auth_level,
+ auth = talloc(result, struct pipe_auth_data);
+ if (auth == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto err_out;
+ }
+ auth->auth_type = DCERPC_AUTH_TYPE_KRB5;
+ auth->auth_level = auth_level;
+
+ if (!username) {
+ username = "";
+ }
+ auth->user_name = talloc_strdup(auth, username);
+ if (!auth->user_name) {
+ status = NT_STATUS_NO_MEMORY;
+ goto err_out;
+ }
+
+ /* Fixme, should we fetch/set the Realm ? */
+ auth->domain = talloc_strdup(auth, "");
+ if (!auth->domain) {
+ status = NT_STATUS_NO_MEMORY;
+ goto err_out;
+ }
+
+ status = gse_init_client(auth, auth->auth_type, auth->auth_level,
NULL, server, "cifs", username, password,
- GSS_C_DCE_STYLE, &auth);
+ GSS_C_DCE_STYLE, &auth->a_u.gssapi_state);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("gse_init_client returned %s\n",
nt_errstr(status)));
- TALLOC_FREE(result);
- return status;
+ goto err_out;
}
status = rpc_pipe_bind(result, auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("cli_rpc_pipe_bind failed with error %s\n",
nt_errstr(status)));
- TALLOC_FREE(result);
- return status;
+ goto err_out;
}
*presult = result;
return NT_STATUS_OK;
+
+err_out:
+ TALLOC_FREE(result);
+ return status;
+}
+
+NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
+ const char *server,
+ const char *username,
+ const char *password,
+ struct rpc_pipe_client **presult)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,