diff options
Diffstat (limited to 'source3/librpc/rpc')
-rw-r--r-- | source3/librpc/rpc/dcerpc_helpers.c | 33 | ||||
-rw-r--r-- | source3/librpc/rpc/rpc_common.c | 33 |
2 files changed, 20 insertions, 46 deletions
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index fc9915cf08..be076d8645 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -383,13 +383,12 @@ static NTSTATUS add_schannel_auth_footer(struct schannel_state *sas, NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, size_t pad_len, DATA_BLOB *rpc_out) { - enum dcerpc_AuthType auth_type; char pad[CLIENT_NDR_PADDING_SIZE] = { 0, }; DATA_BLOB auth_info; DATA_BLOB auth_blob; NTSTATUS status; - if (auth->auth_type == PIPE_AUTH_TYPE_NONE) { + if (auth->auth_type == DCERPC_AUTH_TYPE_NONE) { return NT_STATUS_OK; } @@ -400,14 +399,12 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, } } - auth_type = map_pipe_auth_type_to_rpc_auth_type(auth->auth_type); - /* marshall the dcerpc_auth with an actually empty auth_blob. * This is needed because the ntmlssp signature includes the * auth header. We will append the actual blob later. */ auth_blob = data_blob_null; status = dcerpc_push_dcerpc_auth(rpc_out->data, - auth_type, + auth->auth_type, auth->auth_level, pad_len, 1 /* context id. */, @@ -428,16 +425,20 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, /* Generate any auth sign/seal and add the auth footer. */ switch (auth->auth_type) { - case PIPE_AUTH_TYPE_NONE: + case DCERPC_AUTH_TYPE_NONE: status = NT_STATUS_OK; break; - case PIPE_AUTH_TYPE_NTLMSSP: - case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + case DCERPC_AUTH_TYPE_SPNEGO: + if (auth->spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { + return NT_STATUS_INVALID_PARAMETER; + } + /* fall thorugh */ + case DCERPC_AUTH_TYPE_NTLMSSP: status = add_ntlmssp_auth_footer(auth->a_u.auth_ntlmssp_state, auth->auth_level, rpc_out); break; - case PIPE_AUTH_TYPE_SCHANNEL: + case DCERPC_AUTH_TYPE_SCHANNEL: status = add_schannel_auth_footer(auth->a_u.schannel_auth, auth->auth_level, rpc_out); @@ -530,11 +531,17 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, raw_pkt->length - auth_info.credentials.length); switch (auth->auth_type) { - case PIPE_AUTH_TYPE_NONE: + case DCERPC_AUTH_TYPE_NONE: return NT_STATUS_OK; - case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: - case PIPE_AUTH_TYPE_NTLMSSP: + case DCERPC_AUTH_TYPE_SPNEGO: + if (auth->spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { + DEBUG(0, ("Currently only NTLMSSP is supported " + "with SPNEGO\n")); + return NT_STATUS_INVALID_PARAMETER; + } + /* fall through */ + case DCERPC_AUTH_TYPE_NTLMSSP: DEBUG(10, ("NTLMSSP auth\n")); @@ -575,7 +582,7 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, } break; - case PIPE_AUTH_TYPE_SCHANNEL: + case DCERPC_AUTH_TYPE_SCHANNEL: DEBUG(10, ("SCHANNEL auth\n")); diff --git a/source3/librpc/rpc/rpc_common.c b/source3/librpc/rpc/rpc_common.c index 78b88f7e33..ed0320adf0 100644 --- a/source3/librpc/rpc/rpc_common.c +++ b/source3/librpc/rpc/rpc_common.c @@ -203,36 +203,3 @@ const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx, return result; } -/******************************************************************** - Map internal value to wire value. - ********************************************************************/ - -enum dcerpc_AuthType map_pipe_auth_type_to_rpc_auth_type(enum pipe_auth_type auth_type) -{ - switch (auth_type) { - - case PIPE_AUTH_TYPE_NONE: - return DCERPC_AUTH_TYPE_NONE; - - case PIPE_AUTH_TYPE_NTLMSSP: - return DCERPC_AUTH_TYPE_NTLMSSP; - - case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: - case PIPE_AUTH_TYPE_SPNEGO_KRB5: - return DCERPC_AUTH_TYPE_SPNEGO; - - case PIPE_AUTH_TYPE_SCHANNEL: - return DCERPC_AUTH_TYPE_SCHANNEL; - - case PIPE_AUTH_TYPE_KRB5: - return DCERPC_AUTH_TYPE_KRB5; - - default: - DEBUG(0,("map_pipe_auth_type_to_rpc_type: unknown pipe " - "auth type %u\n", - (unsigned int)auth_type )); - break; - } - return -1; -} - |