summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/librpc/crypto/gse.c42
-rw-r--r--source3/librpc/crypto/gse.h7
-rw-r--r--source3/librpc/rpc/dcerpc_spnego.c4
-rw-r--r--source3/rpc_client/cli_pipe.c4
-rw-r--r--source3/rpc_server/srv_pipe.c6
5 files changed, 22 insertions, 41 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index c12656b0fa..0754462834 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -89,7 +89,6 @@ struct gse_context {
gss_cred_id_t delegated_creds;
gss_name_t client_name;
- bool spnego_wrap;
bool more_processing;
bool authenticated;
};
@@ -142,8 +141,7 @@ static int gse_context_destructor(void *ptr)
}
static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
- enum dcerpc_AuthType auth_type,
- enum dcerpc_AuthLevel auth_level,
+ bool do_sign, bool do_seal,
const char *ccache_name,
uint32_t add_gss_c_flags,
struct gse_context **_gse_ctx)
@@ -160,32 +158,16 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
memcpy(&gse_ctx->gss_mech, gss_mech_krb5, sizeof(gss_OID_desc));
- switch (auth_type) {
- case DCERPC_AUTH_TYPE_SPNEGO:
- gse_ctx->spnego_wrap = true;
- break;
- case DCERPC_AUTH_TYPE_KRB5:
- gse_ctx->spnego_wrap = false;
- break;
- default:
- status = NT_STATUS_INVALID_PARAMETER;
- goto err_out;
- }
-
gse_ctx->gss_c_flags = GSS_C_MUTUAL_FLAG |
GSS_C_DELEG_FLAG |
GSS_C_DELEG_POLICY_FLAG |
GSS_C_REPLAY_FLAG |
GSS_C_SEQUENCE_FLAG;
- switch (auth_level) {
- case DCERPC_AUTH_LEVEL_INTEGRITY:
+ if (do_sign) {
gse_ctx->gss_c_flags |= GSS_C_INTEG_FLAG;
- break;
- case DCERPC_AUTH_LEVEL_PRIVACY:
+ }
+ if (do_seal) {
gse_ctx->gss_c_flags |= GSS_C_CONF_FLAG;
- break;
- default:
- break;
}
gse_ctx->gss_c_flags |= add_gss_c_flags;
@@ -226,8 +208,7 @@ err_out:
}
NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
- enum dcerpc_AuthType auth_type,
- enum dcerpc_AuthLevel auth_level,
+ bool do_sign, bool do_seal,
const char *ccache_name,
const char *server,
const char *service,
@@ -246,7 +227,7 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- status = gse_context_init(mem_ctx, auth_type, auth_level,
+ status = gse_context_init(mem_ctx, do_sign, do_seal,
ccache_name, add_gss_c_flags,
&gse_ctx);
if (!NT_STATUS_IS_OK(status)) {
@@ -357,8 +338,7 @@ done:
}
NTSTATUS gse_init_server(TALLOC_CTX *mem_ctx,
- enum dcerpc_AuthType auth_type,
- enum dcerpc_AuthLevel auth_level,
+ bool do_sign, bool do_seal,
uint32_t add_gss_c_flags,
const char *server,
const char *keytab_name,
@@ -371,7 +351,7 @@ NTSTATUS gse_init_server(TALLOC_CTX *mem_ctx,
const char *ktname;
NTSTATUS status;
- status = gse_context_init(mem_ctx, auth_type, auth_level,
+ status = gse_context_init(mem_ctx, do_sign, do_seal,
NULL, add_gss_c_flags, &gse_ctx);
if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_NO_MEMORY;
@@ -928,8 +908,7 @@ done:
#else
NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
- enum dcerpc_AuthType auth_type,
- enum dcerpc_AuthLevel auth_level,
+ bool do_sign, bool do_seal,
const char *ccache_name,
const char *server,
const char *service,
@@ -950,8 +929,7 @@ NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx,
}
NTSTATUS gse_init_server(TALLOC_CTX *mem_ctx,
- enum dcerpc_AuthType auth_type,
- enum dcerpc_AuthLevel auth_level,
+ bool do_sign, bool do_seal,
uint32_t add_gss_c_flags,
const char *server,
const char *keytab,
diff --git a/source3/librpc/crypto/gse.h b/source3/librpc/crypto/gse.h
index 6f8b6735ad..c0fa354b4b 100644
--- a/source3/librpc/crypto/gse.h
+++ b/source3/librpc/crypto/gse.h
@@ -1,6 +1,5 @@
/*
* GSSAPI Security Extensions
- * RPC Pipe client routines
* Copyright (C) Simo Sorce 2010.
*
* This program is free software; you can redistribute it and/or modify
@@ -27,8 +26,7 @@ struct gse_context;
#endif
NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
- enum dcerpc_AuthType auth_type,
- enum dcerpc_AuthLevel auth_level,
+ bool do_sign, bool do_seal,
const char *ccache_name,
const char *server,
const char *service,
@@ -42,8 +40,7 @@ NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx,
DATA_BLOB *token_out);
NTSTATUS gse_init_server(TALLOC_CTX *mem_ctx,
- enum dcerpc_AuthType auth_type,
- enum dcerpc_AuthLevel auth_level,
+ bool do_sign, bool do_seal,
uint32_t add_gss_c_flags,
const char *server,
const char *keytab,
diff --git a/source3/librpc/rpc/dcerpc_spnego.c b/source3/librpc/rpc/dcerpc_spnego.c
index 9ea2a561da..83c2137a1f 100644
--- a/source3/librpc/rpc/dcerpc_spnego.c
+++ b/source3/librpc/rpc/dcerpc_spnego.c
@@ -77,7 +77,9 @@ NTSTATUS spnego_gssapi_init_client(TALLOC_CTX *mem_ctx,
return status;
}
- status = gse_init_client(sp_ctx, DCERPC_AUTH_TYPE_KRB5, auth_level,
+ status = gse_init_client(sp_ctx,
+ (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY),
+ (auth_level == DCERPC_AUTH_LEVEL_PRIVACY),
ccache_name, server, service,
username, password, add_gss_c_flags,
&sp_ctx->mech_ctx.gssapi_state);
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 21f7c4bf31..077a08a770 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3012,7 +3012,9 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
goto err_out;
}
- status = gse_init_client(auth, auth->auth_type, auth->auth_level,
+ status = gse_init_client(auth,
+ (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY),
+ (auth_level == DCERPC_AUTH_LEVEL_PRIVACY),
NULL, server, "cifs", username, password,
GSS_C_DCE_STYLE, &auth->a_u.gssapi_state);
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 4a159ce997..15aaa8254a 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1027,8 +1027,10 @@ static bool pipe_gssapi_auth_bind(struct pipes_struct *p,
/* by passing NULL, the code will attempt to set a default
* keytab based on configuration options */
status = gse_init_server(p,
- DCERPC_AUTH_TYPE_KRB5,
- auth_info->auth_level,
+ (auth_info->auth_level ==
+ DCERPC_AUTH_LEVEL_INTEGRITY),
+ (auth_info->auth_level ==
+ DCERPC_AUTH_LEVEL_PRIVACY),
GSS_C_DCE_STYLE,
NULL, NULL,
&gse_ctx);