diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/Makefile.in | 2 | ||||
| -rw-r--r-- | source3/auth/auth_domain.c | 2 | ||||
| -rw-r--r-- | source3/auth/auth_netlogond.c | 2 | ||||
| -rw-r--r-- | source3/configure.in | 2 | ||||
| -rw-r--r-- | source3/include/client.h | 2 | ||||
| -rw-r--r-- | source3/include/includes.h | 1 | ||||
| -rw-r--r-- | source3/include/ntdomain.h | 9 | ||||
| -rw-r--r-- | source3/include/proto.h | 31 | ||||
| -rw-r--r-- | source3/include/rpc_dce.h | 34 | ||||
| -rw-r--r-- | source3/lib/util_sock.c | 115 | ||||
| -rw-r--r-- | source3/libnet/libnet_join.c | 2 | ||||
| -rw-r--r-- | source3/libsmb/namequery.c | 128 | ||||
| -rw-r--r-- | source3/libsmb/passchange.c | 2 | ||||
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 92 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_prs.c | 16 | ||||
| -rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 4 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 70 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 2 | ||||
| -rw-r--r-- | source3/rpcclient/rpcclient.c | 12 | ||||
| -rw-r--r-- | source3/utils/net_rpc.c | 4 | ||||
| -rw-r--r-- | source3/utils/net_rpc_join.c | 4 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cm.c | 10 |
22 files changed, 127 insertions, 419 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 1908257c93..a89bbae6ab 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -455,7 +455,7 @@ LIBNBT_OBJ = ../libcli/nbt/nbtname.o \ ../librpc/ndr/ndr_svcctl.o LIBNMB_OBJ = libsmb/unexpected.o libsmb/namecache.o libsmb/nmblib.o \ - libsmb/namequery.o libsmb/conncache.o libads/dns.o + libsmb/namequery.o ../libcli/nbt/lmhosts.o libsmb/conncache.o libads/dns.o NTERR_OBJ = libsmb/nterr.o libsmb/smberr.o DOSERR_OBJ = ../libcli/util/doserr.o diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 85210e6f70..7dec6ad84b 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -177,7 +177,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, /* We also setup the creds chain in the open_schannel call. */ result = cli_rpc_pipe_open_schannel( *cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); + DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); } else { result = cli_rpc_pipe_open_noauth( *cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c index 3947873aaa..5f4d2f16e3 100644 --- a/source3/auth/auth_netlogond.c +++ b/source3/auth/auth_netlogond.c @@ -47,7 +47,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx, } status = rpccli_schannel_bind_data(p, lp_workgroup(), - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, schannel_key, &auth); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("rpccli_schannel_bind_data failed: %s\n", diff --git a/source3/configure.in b/source3/configure.in index 4eaebcab6d..a922e3fb7e 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -743,7 +743,7 @@ if test x$enable_cups != xno; then ac_save_PRINT_LIBS=$PRINT_LIBS CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`" LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`" - PRINT_LIBS="$PRINT_LIBS `$CUPS_CONFIG --libs`" + PRINT_LIBS="-lcups" AC_CHECK_HEADERS(cups/cups.h cups/language.h) if test x"$ac_cv_header_cups_cups_h" = xyes -a \ x"$ac_cv_header_cups_language_h" = xyes; then diff --git a/source3/include/client.h b/source3/include/client.h index 5b64b9be3a..e83927cfe5 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -48,7 +48,7 @@ struct print_job_info { struct cli_pipe_auth_data { enum pipe_auth_type auth_type; /* switch for the union below. Defined in ntdomain.h */ - enum pipe_auth_level auth_level; /* defined in ntdomain.h */ + enum dcerpc_AuthLevel auth_level; /* defined in ntdomain.h */ char *domain; char *user_name; diff --git a/source3/include/includes.h b/source3/include/includes.h index 31dfc00545..d1be3b06a8 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -612,6 +612,7 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx); /* Lists, trees, caching, database... */ #include "../lib/util/util.h" +#include "../lib/util/util_net.h" #include "../lib/util/xfile.h" #include "../lib/util/memory.h" #include "../lib/util/attr.h" diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 53e89a8751..1d303ca64a 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -132,13 +132,6 @@ typedef struct pipe_rpc_fns { enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL, PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 }; -/* Possible auth levels - keep these in sync with the wire values. */ -enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0, - PIPE_AUTH_LEVEL_CONNECT = 1, /* We treat as NONE. */ - PIPE_AUTH_LEVEL_INTEGRITY = 5, /* Sign. */ - PIPE_AUTH_LEVEL_PRIVACY = 6 /* Seal. */ -}; - /* auth state for krb5. */ struct kerberos_auth_struct { const char *service_principal; @@ -155,7 +148,7 @@ struct schannel_auth_struct { struct pipe_auth_data { enum pipe_auth_type auth_type; /* switch for union below. */ - enum pipe_auth_level auth_level; + enum dcerpc_AuthLevel auth_level; union { struct schannel_auth_struct *schannel_auth; AUTH_NTLMSSP_STATE *auth_ntlmssp_state; diff --git a/source3/include/proto.h b/source3/include/proto.h index 5da13ca0d7..35d1a9929d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1342,20 +1342,11 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, /* The following definitions come from lib/util_sock.c */ -bool interpret_string_addr_internal(struct addrinfo **ppres, - const char *str, int flags); bool is_broadcast_addr(const struct sockaddr *pss); -bool interpret_string_addr(struct sockaddr_storage *pss, - const char *str, - int flags); -bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss, - const char *str, - int flags); bool is_loopback_ip_v4(struct in_addr ip); bool is_loopback_addr(const struct sockaddr *pss); bool is_zero_addr(const struct sockaddr *pss); void zero_ip_v4(struct in_addr *ip); -void zero_sockaddr(struct sockaddr_storage *pss); void in_addr_to_sockaddr_storage(struct sockaddr_storage *ss, struct in_addr ip); bool same_net(const struct sockaddr *ip1, @@ -5300,17 +5291,17 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, struct cli_pipe_auth_data **presult); NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, struct cli_pipe_auth_data **presult); NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const uint8_t sess_key[16], struct cli_pipe_auth_data **presult); NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, @@ -5335,7 +5326,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -5343,7 +5334,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -5355,14 +5346,14 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct netlogon_creds_CredentialState **pdc, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -5370,12 +5361,12 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, const struct ndr_syntax_id *interface, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, @@ -5715,11 +5706,11 @@ bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uin bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len); bool prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str); bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size); -void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len); -bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len); bool prs_init_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx); diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h index 7992658a72..fc2d8809b9 100644 --- a/source3/include/rpc_dce.h +++ b/source3/include/rpc_dce.h @@ -53,31 +53,6 @@ enum RPC_PKT_TYPE { #define RPC_FLG_LAST 0x02 #define RPC_FLG_NOCALL 0x20 - -#define SMBD_NTLMSSP_NEG_FLAGS 0x000082b1 /* ALWAYS_SIGN|NEG_NTLM|NEG_LM|NEG_SEAL|NEG_SIGN|NEG_UNICODE */ - -/* DCE RPC auth types - extended by Microsoft. */ -#define RPC_ANONYMOUS_AUTH_TYPE 0 -#define RPC_AUTH_TYPE_KRB5_1 1 -#define RPC_SPNEGO_AUTH_TYPE 9 -#define RPC_NTLMSSP_AUTH_TYPE 10 -#define RPC_KRB5_AUTH_TYPE 16 /* Not yet implemented. */ -#define RPC_SCHANNEL_AUTH_TYPE 68 /* 0x44 */ - -/* DCE-RPC standard identifiers to indicate - signing or sealing of an RPC pipe */ -#define RPC_AUTH_LEVEL_NONE 1 -#define RPC_AUTH_LEVEL_CONNECT 2 -#define RPC_AUTH_LEVEL_CALL 3 -#define RPC_AUTH_LEVEL_PACKET 4 -#define RPC_AUTH_LEVEL_INTEGRITY 5 -#define RPC_AUTH_LEVEL_PRIVACY 6 - -#if 0 -#define RPC_PIPE_AUTH_SIGN_LEVEL 0x5 -#define RPC_PIPE_AUTH_SEAL_LEVEL 0x6 -#endif - /* Netlogon schannel auth type and level */ #define SCHANNEL_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } #define SCHANNEL_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } @@ -174,15 +149,6 @@ typedef struct rpc_hdr_auth_info { #define RPC_HDR_AUTH_LEN 8 -/* attached to the end of encrypted rpc requests and responses */ -/* RPC_AUTH_SCHANNEL_CHK */ -typedef struct rpc_auth_schannel_chk_info { - uint8 sig [8]; /* 77 00 7a 00 ff ff 00 00 */ - uint8 packet_digest[8]; /* checksum over the packet, MD5'ed with session key */ - uint8 seq_num[8]; /* verifier, seq num */ - uint8 confounder[8]; /* random 8-byte nonce */ -} RPC_AUTH_SCHANNEL_CHK; - typedef struct rpc_context { uint16 context_id; /* presentation context identifier. */ uint8 num_transfer_syntaxes; /* the number of syntaxes */ diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 6cc2e53811..08cbced1e5 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -21,121 +21,6 @@ #include "includes.h" -/******************************************************************* - Map a text hostname or IP address (IPv4 or IPv6) into a - struct sockaddr_storage. Takes a flag which allows it to - prefer an IPv4 address (needed for DC's). -******************************************************************/ - -static bool interpret_string_addr_pref(struct sockaddr_storage *pss, - const char *str, - int flags, - bool prefer_ipv4) -{ - struct addrinfo *res = NULL; -#if defined(HAVE_IPV6) - char addr[INET6_ADDRSTRLEN]; - unsigned int scope_id = 0; - - if (strchr_m(str, ':')) { - char *p = strchr_m(str, '%'); - - /* - * Cope with link-local. - * This is IP:v6:addr%ifname. - */ - - if (p && (p > str) && ((scope_id = if_nametoindex(p+1)) != 0)) { - strlcpy(addr, str, - MIN(PTR_DIFF(p,str)+1, - sizeof(addr))); - str = addr; - } - } -#endif - - zero_sockaddr(pss); - - if (!interpret_string_addr_internal(&res, str, flags|AI_ADDRCONFIG)) { - return false; - } - if (!res) { - return false; - } - - if (prefer_ipv4) { - struct addrinfo *p; - - for (p = res; p; p = p->ai_next) { - if (p->ai_family == AF_INET) { - memcpy(pss, p->ai_addr, p->ai_addrlen); - break; - } - } - if (p == NULL) { - /* Copy the first sockaddr. */ - memcpy(pss, res->ai_addr, res->ai_addrlen); - } - } else { - /* Copy the first sockaddr. */ - memcpy(pss, res->ai_addr, res->ai_addrlen); - } - -#if defined(HAVE_IPV6) - if (pss->ss_family == AF_INET6 && scope_id) { - struct sockaddr_in6 *ps6 = (struct sockaddr_in6 *)pss; - if (IN6_IS_ADDR_LINKLOCAL(&ps6->sin6_addr) && - ps6->sin6_scope_id == 0) { - ps6->sin6_scope_id = scope_id; - } - } -#endif - - freeaddrinfo(res); - return true; -} - -/******************************************************************* - Map a text hostname or IP address (IPv4 or IPv6) into a - struct sockaddr_storage. Address agnostic version. -******************************************************************/ - -bool interpret_string_addr(struct sockaddr_storage *pss, - const char *str, - int flags) -{ - return interpret_string_addr_pref(pss, - str, - flags, - false); -} - -/******************************************************************* - Map a text hostname or IP address (IPv4 or IPv6) into a - struct sockaddr_storage. Version that prefers IPv4. -******************************************************************/ - -bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss, - const char *str, - int flags) -{ - return interpret_string_addr_pref(pss, - str, - flags, - true); -} - -/******************************************************************* - Set an address to INADDR_ANY. -******************************************************************/ - -void zero_sockaddr(struct sockaddr_storage *pss) -{ - memset(pss, '\0', sizeof(*pss)); - /* Ensure we're at least a valid sockaddr-storage. */ - pss->ss_family = AF_INET; -} - /**************************************************************************** Get a port number in host byte order from a sockaddr_storage. ****************************************************************************/ diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 7794e0367a..5315fccff6 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1136,7 +1136,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, status = cli_rpc_pipe_open_schannel_with_key( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd); cli_shutdown(cli); diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 1a641ac791..930f0a54f4 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -847,134 +847,6 @@ struct sockaddr_storage *name_query(int fd, } /******************************************************** - Start parsing the lmhosts file. -*********************************************************/ - -XFILE *startlmhosts(const char *fname) -{ - XFILE *fp = x_fopen(fname,O_RDONLY, 0); - if (!fp) { - DEBUG(4,("startlmhosts: Can't open lmhosts file %s. " - "Error was %s\n", - fname, strerror(errno))); - return NULL; - } - return fp; -} - -/******************************************************** - Parse the next line in the lmhosts file. -*********************************************************/ - -bool getlmhostsent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, int *name_type, - struct sockaddr_storage *pss) -{ - char line[1024]; - - *pp_name = NULL; - - while(!x_feof(fp) && !x_ferror(fp)) { - char *ip = NULL; - char *flags = NULL; - char *extra = NULL; - char *name = NULL; - const char *ptr; - char *ptr1 = NULL; - int count = 0; - - *name_type = -1; - - if (!fgets_slash(line,sizeof(line),fp)) { - continue; - } - - if (*line == '#') { - continue; - } - - ptr = line; - - if (next_token_talloc(ctx, &ptr, &ip, NULL)) - ++count; - if (next_token_talloc(ctx, &ptr, &name, NULL)) - ++count; - if (next_token_talloc(ctx, &ptr, &flags, NULL)) - ++count; - if (next_token_talloc(ctx, &ptr, &extra, NULL)) - ++count; - - if (count <= 0) - continue; - - if (count > 0 && count < 2) { - DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n", - line)); - continue; - } - - if (count >= 4) { - DEBUG(0,("getlmhostsent: too many columns " - "in lmhosts file (obsolete syntax)\n")); - continue; - } - - if (!flags) { - flags = talloc_strdup(ctx, ""); - if (!flags) { - continue; - } - } - - DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n", - ip, name, flags)); - - if (strchr_m(flags,'G') || strchr_m(flags,'S')) { - DEBUG(0,("getlmhostsent: group flag " - "in lmhosts ignored (obsolete)\n")); - continue; - } - - if (!interpret_string_addr(pss, ip, AI_NUMERICHOST)) { - DEBUG(0,("getlmhostsent: invalid address " - "%s.\n", ip)); - } - - /* Extra feature. If the name ends in '#XX', - * where XX is a hex number, then only add that name type. */ - if((ptr1 = strchr_m(name, '#')) != NULL) { - char *endptr; - ptr1++; - - *name_type = (int)strtol(ptr1, &endptr, 16); - if(!*ptr1 || (endptr == ptr1)) { - DEBUG(0,("getlmhostsent: invalid name " - "%s containing '#'.\n", name)); - continue; - } - - *(--ptr1) = '\0'; /* Truncate at the '#' */ - } - - *pp_name = talloc_strdup(ctx, name); - if (!*pp_name) { - return false; - } - return true; - } - - return false; -} - -/******************************************************** - Finish parsing the lmhosts file. -*********************************************************/ - -void endlmhosts(XFILE *fp) -{ - x_fclose(fp); -} - -/******************************************************** convert an array if struct sockaddr_storage to struct ip_service return false on failure. Port is set to PORT_NONE; *********************************************************/ diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index ab951618fe..570a048502 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -177,7 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam result = cli_rpc_pipe_open_ntlmssp(cli, &ndr_table_samr.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain, user, old_passwd, &pipe_hnd); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index ab9b5fee33..a667a9fb13 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -123,20 +123,20 @@ static int map_pipe_auth_type_to_rpc_auth_type(enum pipe_auth_type auth_type) switch (auth_type) { case PIPE_AUTH_TYPE_NONE: - return RPC_ANONYMOUS_AUTH_TYPE; + return DCERPC_AUTH_TYPE_NONE; case PIPE_AUTH_TYPE_NTLMSSP: - return RPC_NTLMSSP_AUTH_TYPE; + return DCERPC_AUTH_TYPE_NTLMSSP; case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: case PIPE_AUTH_TYPE_SPNEGO_KRB5: - return RPC_SPNEGO_AUTH_TYPE; + return DCERPC_AUTH_TYPE_SPNEGO; case PIPE_AUTH_TYPE_SCHANNEL: - return RPC_SCHANNEL_AUTH_TYPE; + return DCERPC_AUTH_TYPE_SCHANNEL; case PIPE_AUTH_TYPE_KRB5: - return RPC_KRB5_AUTH_TYPE; + return DCERPC_AUTH_TYPE_KRB5; default: DEBUG(0,("map_pipe_auth_type_to_rpc_type: unknown pipe " @@ -559,8 +559,8 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr DATA_BLOB auth_blob; NTSTATUS status; - if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE - || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE + || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) { return NT_STATUS_OK; } @@ -605,7 +605,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr auth_blob.length = auth_len; switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data is encrypted. */ status = ntlmssp_unseal_packet(ntlmssp_state, data, data_len, @@ -620,7 +620,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr return status; } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = ntlmssp_check_packet(ntlmssp_state, data, data_len, @@ -679,8 +679,8 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p enum ndr_err_code ndr_err; DATA_BLOB blob; - if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE - || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE + || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) { return NT_STATUS_OK; } @@ -714,7 +714,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p return NT_STATUS_BUFFER_TOO_SMALL; } - if (auth_info.auth_type != RPC_SCHANNEL_AUTH_TYPE) { + if (auth_info.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { DEBUG(0,("cli_pipe_verify_schannel: Invalid auth info %d on schannel\n", auth_info.auth_type)); return NT_STATUS_BUFFER_TOO_SMALL; @@ -1470,7 +1470,7 @@ static NTSTATUS rpc_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, ********************************************************************/ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1481,7 +1481,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, DATA_BLOB tkt_wrapped = data_blob_null; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_KRB5_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_KRB5, (int)auth_level, 0, 1); DEBUG(5, ("create_krb5_auth_bind_req: creating a service ticket for principal %s\n", a->service_principal )); @@ -1529,7 +1529,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, ********************************************************************/ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1539,7 +1539,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client DATA_BLOB spnego_msg = data_blob_null; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1); DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n")); nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, @@ -1576,7 +1576,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client ********************************************************************/ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1585,7 +1585,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, DATA_BLOB request = data_blob_null; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_NTLMSSP_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_NTLMSSP, (int)auth_level, 0, 1); DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n")); nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, @@ -1617,7 +1617,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, ********************************************************************/ static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1626,7 +1626,7 @@ static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli, DATA_BLOB blob; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_SCHANNEL_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SCHANNEL, (int)auth_level, 0, 1); /* Use lp_workgroup() if domain not specified */ @@ -1760,7 +1760,7 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli, const struct ndr_syntax_id *abstract, const struct ndr_syntax_id *transfer, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level) + enum dcerpc_AuthLevel auth_level) { RPC_HDR_AUTH hdr_auth; prs_struct auth_info; @@ -1856,7 +1856,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, } switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state, (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, @@ -1870,7 +1870,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state, (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, @@ -1938,8 +1938,8 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, } switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n", sas->seq_num)); @@ -1998,8 +1998,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli, #endif switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_NONE: - case PIPE_AUTH_LEVEL_CONNECT: + case DCERPC_AUTH_LEVEL_NONE: + case DCERPC_AUTH_LEVEL_CONNECT: data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN; data_len = MIN(data_space, data_left); *p_ss_padding = 0; @@ -2007,8 +2007,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli, *p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + data_len; return data_len; - case PIPE_AUTH_LEVEL_INTEGRITY: - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Treat the same for all authenticated rpc requests. */ switch(cli->auth->auth_type) { case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: @@ -2404,7 +2404,7 @@ static bool check_bind_response(RPC_HDR_BA *hdr_ba, static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli, uint32 rpc_call_id, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, DATA_BLOB *pauth_blob, prs_struct *rpc_out) { @@ -2464,7 +2464,7 @@ static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli, static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id, const struct ndr_syntax_id *abstract, const struct ndr_syntax_id *transfer, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */ prs_struct *rpc_out) { @@ -2477,7 +2477,7 @@ static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id, return NT_STATUS_NO_MEMORY; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(&hdr_auth, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(&hdr_auth, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1); if (pauth_blob->length) { if (!prs_copy_data_in(&auth_info, (const char *)pauth_blob->data, pauth_blob->length)) { @@ -2980,7 +2980,7 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, } result->auth_type = PIPE_AUTH_TYPE_NONE; - result->auth_level = PIPE_AUTH_LEVEL_NONE; + result->auth_level = DCERPC_AUTH_LEVEL_NONE; result->user_name = talloc_strdup(result, ""); result->domain = talloc_strdup(result, ""); @@ -3001,7 +3001,7 @@ static int cli_auth_ntlmssp_data_destructor(struct cli_pipe_auth_data *auth) NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3053,9 +3053,9 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, result->a_u.ntlmssp_state->neg_flags &= ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL); - if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { + if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; - } else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN; } @@ -3069,7 +3069,7 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, } NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const uint8_t sess_key[16], struct cli_pipe_auth_data **presult) { @@ -3116,7 +3116,7 @@ static int cli_auth_kerberos_data_destructor(struct kerberos_auth_struct *auth) #endif NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, @@ -3702,7 +3702,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3755,7 +3755,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3780,7 +3780,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3889,7 +3889,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct netlogon_creds_CredentialState **pdc, struct rpc_pipe_client **presult) @@ -3959,7 +3959,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, status = cli_rpc_pipe_open_spnego_ntlmssp( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain, username, password, &netlogon_pipe); if (!NT_STATUS_IS_OK(status)) { return status; @@ -3985,7 +3985,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -4026,7 +4026,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct rpc_pipe_client **presult) { @@ -4066,7 +4066,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, const struct ndr_syntax_id *interface, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index c5c0c02090..09263b45d4 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -1071,7 +1071,7 @@ bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_ ********************************************************************/ static void schannel_digest(struct schannel_auth_struct *a, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len, uchar digest_final[16]) @@ -1095,7 +1095,7 @@ static void schannel_digest(struct schannel_auth_struct *a, out of order */ MD5Update(&ctx3, zeros, sizeof(zeros)); MD5Update(&ctx3, sig, 8); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { MD5Update(&ctx3, verf->Confounder, sizeof(verf->Confounder)); } MD5Update(&ctx3, (const unsigned char *)data, data_len); @@ -1169,7 +1169,7 @@ static void schannel_deal_with_seq_num(struct schannel_auth_struct *a, quite compatible with what MS does. ********************************************************************/ -void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len) @@ -1199,7 +1199,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l dump_data_pw("verf->SequenceNumber:\n", verf->SequenceNumber, sizeof(verf->SequenceNumber)); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { verf->SealAlgorithm = NL_SEAL_RC4; } else { verf->SealAlgorithm = NL_SEAL_NONE; @@ -1217,7 +1217,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l schannel_digest(a, auth_level, verf, data, data_len, digest_final); memcpy(verf->Checksum, digest_final, sizeof(verf->Checksum)); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { uchar sealing_key[16]; /* get the key to encode the data with */ @@ -1249,7 +1249,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l as well as decode sealed messages ********************************************************************/ -bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len) { @@ -1263,7 +1263,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len)); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { schannel_sig = schannel_seal_sig; } else { schannel_sig = schannel_sign_sig; @@ -1317,7 +1317,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l return False; } - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { uchar sealing_key[16]; /* get the key to extract the data with */ diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 07a0b971a0..06d4937261 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -595,8 +595,8 @@ static NTSTATUS netr_creds_server_step_check(pipes_struct *p, struct tdb_context *tdb; bool schannel_global_required = (lp_server_schannel() == true) ? true:false; bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* && - (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY || - p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY); */ + (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY || + p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY); */ tdb = open_schannel_session_store(mem_ctx); if (!tdb) { diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index ce7df63972..3bd68c4e72 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -192,14 +192,14 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) /* Now write out the auth header and null blob. */ if (p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) { - auth_type = RPC_NTLMSSP_AUTH_TYPE; + auth_type = DCERPC_AUTH_TYPE_NTLMSSP; } else { - auth_type = RPC_SPNEGO_AUTH_TYPE; + auth_type = DCERPC_AUTH_TYPE_SPNEGO; } - if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) { - auth_level = RPC_AUTH_LEVEL_PRIVACY; + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { + auth_level = DCERPC_AUTH_LEVEL_PRIVACY; } else { - auth_level = RPC_AUTH_LEVEL_INTEGRITY; + auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; } init_rpc_hdr_auth(&auth_info, auth_type, auth_level, ss_padding_len, 1 /* context id. */); @@ -213,7 +213,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) /* Generate the sign blob. */ switch (p->auth.auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ status = ntlmssp_seal_packet( a->ntlmssp_state, @@ -229,7 +229,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) return False; } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = ntlmssp_sign_packet( a->ntlmssp_state, @@ -414,9 +414,9 @@ static bool create_next_pdu_schannel(pipes_struct *p) /* Check it's the type of reply we were expecting to decode */ init_rpc_hdr_auth(&auth_info, - RPC_SCHANNEL_AUTH_TYPE, - p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY ? - RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY, + DCERPC_AUTH_TYPE_SCHANNEL, + p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY ? + DCERPC_AUTH_LEVEL_PRIVACY : DCERPC_AUTH_LEVEL_INTEGRITY, ss_padding_len, 1); if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, @@ -589,8 +589,8 @@ static bool create_next_pdu_noauth(pipes_struct *p) bool create_next_pdu(pipes_struct *p) { switch(p->auth.auth_level) { - case PIPE_AUTH_LEVEL_NONE: - case PIPE_AUTH_LEVEL_CONNECT: + case DCERPC_AUTH_LEVEL_NONE: + case DCERPC_AUTH_LEVEL_CONNECT: /* This is incorrect for auth level connect. Fixme. JRA */ return create_next_pdu_noauth(p); @@ -647,7 +647,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) ensure the underlying NTLMSSP flags are also set. If not we should refuse the bind. */ - if (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) { DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested " "but client declined signing.\n", @@ -655,7 +655,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) return False; } } - if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested " "but client declined sealing.\n", @@ -750,7 +750,7 @@ bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p) goto err; } - if (auth_info.auth_type != RPC_NTLMSSP_AUTH_TYPE) { + if (auth_info.auth_type != DCERPC_AUTH_TYPE_NTLMSSP) { DEBUG(0,("api_pipe_bind_auth3: incorrect auth type (%u).\n", (unsigned int)auth_info.auth_type )); return False; @@ -840,7 +840,7 @@ static bool setup_bind_nak(pipes_struct *p) if (p->auth.auth_data_free_func) { (*p->auth.auth_data_free_func)(&p->auth); } - p->auth.auth_level = PIPE_AUTH_LEVEL_NONE; + p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; p->auth.auth_type = PIPE_AUTH_TYPE_NONE; p->pipe_bound = False; @@ -1204,7 +1204,7 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_ } /* Copy the blob into the pout_auth parse struct */ - init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); + init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SPNEGO, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { DEBUG(0,("pipe_spnego_auth_bind_negotiate: marshalling of RPC_HDR_AUTH failed.\n")); goto err; @@ -1302,7 +1302,7 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p response = spnego_gen_auth_response(&auth_reply, NT_STATUS_OK, OID_NTLMSSP); /* Copy the blob into the pout_auth parse struct */ - init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); + init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SPNEGO, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { DEBUG(0,("pipe_spnego_auth_bind_continue: marshalling of RPC_HDR_AUTH failed.\n")); goto err; @@ -1427,7 +1427,7 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, return false; } - init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); + init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SCHANNEL, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { DEBUG(0,("pipe_schannel_auth_bind: marshalling of RPC_HDR_AUTH failed.\n")); return False; @@ -1516,7 +1516,7 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, data_blob_free(&blob); /* Copy the blob into the pout_auth parse struct */ - init_rpc_hdr_auth(&auth_info, RPC_NTLMSSP_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); + init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_NTLMSSP, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { DEBUG(0,("pipe_ntlmssp_auth_bind: marshalling of RPC_HDR_AUTH failed.\n")); goto err; @@ -1564,7 +1564,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) prs_struct out_auth; int i = 0; int auth_len = 0; - unsigned int auth_type = RPC_ANONYMOUS_AUTH_TYPE; + unsigned int auth_type = DCERPC_AUTH_TYPE_NONE; /* No rebinds on a bound pipe - use alter context. */ if (p->pipe_bound) { @@ -1689,11 +1689,11 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) /* Work out if we have to sign or seal etc. */ switch (auth_info.auth_level) { - case RPC_AUTH_LEVEL_INTEGRITY: - p->auth.auth_level = PIPE_AUTH_LEVEL_INTEGRITY; + case DCERPC_AUTH_LEVEL_INTEGRITY: + p->auth.auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; break; - case RPC_AUTH_LEVEL_PRIVACY: - p->auth.auth_level = PIPE_AUTH_LEVEL_PRIVACY; + case DCERPC_AUTH_LEVEL_PRIVACY: + p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY; break; default: DEBUG(0,("api_pipe_bind_req: unexpected auth level (%u).\n", @@ -1707,31 +1707,31 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0; switch(auth_type) { - case RPC_NTLMSSP_AUTH_TYPE: + case DCERPC_AUTH_TYPE_NTLMSSP: if (!pipe_ntlmssp_auth_bind(p, rpc_in_p, &auth_info, &out_auth)) { goto err_exit; } assoc_gid = 0x7a77; break; - case RPC_SCHANNEL_AUTH_TYPE: + case DCERPC_AUTH_TYPE_SCHANNEL: if (!pipe_schannel_auth_bind(p, rpc_in_p, &auth_info, &out_auth)) { goto err_exit; } break; - case RPC_SPNEGO_AUTH_TYPE: + case DCERPC_AUTH_TYPE_SPNEGO: if (!pipe_spnego_auth_bind_negotiate(p, rpc_in_p, &auth_info, &out_auth)) { goto err_exit; } break; - case RPC_ANONYMOUS_AUTH_TYPE: + case DCERPC_AUTH_TYPE_NONE: /* Unauthenticated bind request. */ /* We're finished - no more packets. */ p->auth.auth_type = PIPE_AUTH_TYPE_NONE; /* We must set the pipe auth_level here also. */ - p->auth.auth_level = PIPE_AUTH_LEVEL_NONE; + p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; p->pipe_bound = True; /* The session key was initialized from the SMB * session in make_internal_rpc_pipe_p */ @@ -1914,7 +1914,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p) * response in place of the NTLMSSP auth3 type. */ - if (auth_info.auth_type == RPC_SPNEGO_AUTH_TYPE) { + if (auth_info.auth_type == DCERPC_AUTH_TYPE_SPNEGO) { /* We can only finish if the pipe is unbound. */ if (!p->pipe_bound) { if (!pipe_spnego_auth_bind_continue(p, rpc_in_p, &auth_info, &out_auth)) { @@ -2042,7 +2042,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, *pstatus = NT_STATUS_OK; - if (p->auth.auth_level == PIPE_AUTH_LEVEL_NONE || p->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_NONE || p->auth.auth_level == DCERPC_AUTH_LEVEL_CONNECT) { return True; } @@ -2091,7 +2091,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, auth_blob.length = auth_len; switch (p->auth.auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data is encrypted. */ *pstatus = ntlmssp_unseal_packet(a->ntlmssp_state, data, data_len, @@ -2102,7 +2102,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, return False; } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ *pstatus = ntlmssp_check_packet(a->ntlmssp_state, data, data_len, @@ -2193,7 +2193,7 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss return False; } - if (auth_info.auth_type != RPC_SCHANNEL_AUTH_TYPE) { + if (auth_info.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { DEBUG(0,("Invalid auth info %d on schannel\n", auth_info.auth_type)); return False; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 058bd12f61..9e95c48033 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2741,7 +2741,7 @@ static NTSTATUS get_user_info_18(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - if (p->auth.auth_level != PIPE_AUTH_LEVEL_PRIVACY) { + if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index c0268f348e..7a20e487f2 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -26,7 +26,7 @@ DOM_SID domain_sid; static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; -static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE; +static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE; static unsigned int timeout = 0; static enum dcerpc_transport_t default_transport = NCACN_NP; @@ -380,7 +380,7 @@ static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, { const char *type = "NTLMSSP"; - pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; if (argc > 2) { @@ -412,7 +412,7 @@ static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, { const char *type = "NTLMSSP"; - pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; if (argc > 2) { @@ -475,7 +475,7 @@ static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { - pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE; pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; return cmd_set_ss_level(); @@ -485,7 +485,7 @@ static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { d_printf("Setting schannel - sign and seal\n"); - pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL; return cmd_set_ss_level(); @@ -495,7 +495,7 @@ static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c int argc, const char **argv) { d_printf("Setting schannel - sign only\n"); - pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL; return cmd_set_ss_level(); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 549539298f..b4505347b1 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -159,7 +159,7 @@ int run_rpc_command(struct net_context *c, /* Always try and create an schannel netlogon pipe. */ nt_status = cli_rpc_pipe_open_schannel( cli, interface, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain_name, + DCERPC_AUTH_LEVEL_PRIVACY, domain_name, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n", @@ -172,7 +172,7 @@ int run_rpc_command(struct net_context *c, cli, interface, (conn_flags & NET_FLAGS_TCP) ? NCACN_IP_TCP : NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, lp_workgroup(), c->opt_user_name, c->opt_password, &pipe_hnd); } else { diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index dbe77355c8..23913812b0 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -102,7 +102,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, ntret = cli_rpc_pipe_open_schannel_with_key( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe->dc, &pipe_hnd); if (!NT_STATUS_IS_OK(ntret)) { @@ -420,7 +420,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) result = cli_rpc_pipe_open_schannel_with_key( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc, + DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc, &netlogon_schannel_pipe); if (!NT_STATUS_IS_OK(result)) { diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 3418022c62..450bb1bc06 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2056,7 +2056,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, result = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli, &ndr_table_samr.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain_name, machine_account, machine_password, @@ -2100,7 +2100,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } result = cli_rpc_pipe_open_schannel_with_key (conn->cli, &ndr_table_samr.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &p_creds, &conn->samr_pipe); if (!NT_STATUS_IS_OK(result)) { @@ -2196,7 +2196,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, * authenticated LSA pipe with sign & seal. */ result = cli_rpc_pipe_open_spnego_ntlmssp (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, conn->cli->domain, conn->cli->user_name, conn->cli->password, &conn->lsa_pipe); @@ -2237,7 +2237,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } result = cli_rpc_pipe_open_schannel_with_key (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &p_creds, &conn->lsa_pipe); if (!NT_STATUS_IS_OK(result)) { @@ -2384,7 +2384,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, result = cli_rpc_pipe_open_schannel_with_key( conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc, + DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc, &conn->netlogon_pipe); /* We can now close the initial netlogon pipe. */ |