diff options
Diffstat (limited to 'source4/librpc/rpc/dcerpc_auth.c')
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 3faf0603ce..021249847a 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -41,3 +41,102 @@ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p, return status; } + +const struct dcesrv_security_ops *dcerpc_security_by_authtype(uint8_t auth_type) +{ + switch (auth_type) { + case DCERPC_AUTH_TYPE_SCHANNEL: + return dcerpc_schannel_security_get_ops(); + + case DCERPC_AUTH_TYPE_NTLMSSP: + return dcerpc_ntlmssp_security_get_ops(); + } + + return NULL; +} + +NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, uint8_t auth_type, + const char *uuid, uint_t version, + const char *domain, + const char *username, + const char *password) +{ + NTSTATUS status; + TALLOC_CTX *mem_ctx; + DATA_BLOB credentials; + + mem_ctx = talloc_init("dcerpc_bind_auth"); + if (!mem_ctx) { + return NT_STATUS_NO_MEMORY; + } + + p->security_state.ops = dcerpc_security_by_authtype(auth_type); + if (!p->security_state.ops) { + status = NT_STATUS_INVALID_PARAMETER; + goto done; + } + + p->security_state.user.domain = domain; + p->security_state.user.name = username; + p->security_state.user.password = password; + + status = p->security_state.ops->start(p, &p->security_state); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + p->security_state.auth_info = talloc(p->mem_ctx, sizeof(*p->security_state.auth_info)); + if (!p->security_state.auth_info) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + p->security_state.auth_info->auth_type = auth_type; + p->security_state.auth_info->auth_pad_length = 0; + p->security_state.auth_info->auth_reserved = 0; + p->security_state.auth_info->auth_context_id = random(); + p->security_state.auth_info->credentials = data_blob(NULL, 0); + + if (p->flags & DCERPC_SEAL) { + p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY; + } else if (p->flags & DCERPC_SIGN) { + p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; + } else { + p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE; + } + + status = p->security_state.ops->update(&p->security_state, mem_ctx, + p->security_state.auth_info->credentials, + &credentials); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto done; + } + + p->security_state.auth_info->credentials = credentials; + + status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = p->security_state.ops->update(&p->security_state, mem_ctx, + p->security_state.auth_info->credentials, + &credentials); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto done; + } + + p->security_state.auth_info->credentials = credentials; + + status = dcerpc_auth3(p, mem_ctx); +done: + talloc_destroy(mem_ctx); + + if (!NT_STATUS_IS_OK(status)) { + ZERO_STRUCT(p->security_state); + } + + return status; +} |