summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/librpc/crypto/cli_spnego.c16
-rw-r--r--source3/librpc/crypto/spnego.h3
-rw-r--r--source3/rpc_client/cli_pipe.c3
3 files changed, 17 insertions, 5 deletions
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index 54ea99b8e8..f64a537e20 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -84,7 +84,8 @@ NTSTATUS spnego_gssapi_init_client(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
+NTSTATUS spnego_generic_init_client(TALLOC_CTX *mem_ctx,
+ const char *oid,
bool do_sign, bool do_seal,
bool is_dcerpc,
const char *domain,
@@ -100,7 +101,11 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- sp_ctx->mech = SPNEGO_NTLMSSP;
+ if (strcmp(oid, GENSEC_OID_NTLMSSP) == 0) {
+ sp_ctx->mech = SPNEGO_NTLMSSP;
+ } else {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
status = auth_generic_client_prepare(sp_ctx,
&auth_generic_state);
@@ -138,7 +143,12 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
GENSEC_FEATURE_SEAL);
}
- status = auth_generic_client_start(auth_generic_state, GENSEC_OID_NTLMSSP);
+ if (is_dcerpc) {
+ gensec_want_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_DCE_STYLE);
+ }
+
+ status = auth_generic_client_start(auth_generic_state, oid);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(sp_ctx);
return status;
diff --git a/source3/librpc/crypto/spnego.h b/source3/librpc/crypto/spnego.h
index 2605169bb0..7e0f1590ab 100644
--- a/source3/librpc/crypto/spnego.h
+++ b/source3/librpc/crypto/spnego.h
@@ -61,7 +61,8 @@ NTSTATUS spnego_gssapi_init_client(TALLOC_CTX *mem_ctx,
const char *username,
const char *password,
struct spnego_context **spengo_ctx);
-NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
+NTSTATUS spnego_generic_init_client(TALLOC_CTX *mem_ctx,
+ const char *oid,
bool do_sign, bool do_seal,
bool is_dcerpc,
const char *domain,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index a87cb6d5ee..49053c980e 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3175,7 +3175,8 @@ NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
goto err_out;
}
- status = spnego_ntlmssp_init_client(auth,
+ status = spnego_generic_init_client(auth,
+ GENSEC_OID_NTLMSSP,
(auth->auth_level ==
DCERPC_AUTH_LEVEL_INTEGRITY),
(auth->auth_level ==