summaryrefslogtreecommitdiff
path: root/source4/librpc/rpc/dcerpc_auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/librpc/rpc/dcerpc_auth.c')
-rw-r--r--source4/librpc/rpc/dcerpc_auth.c99
1 files changed, 99 insertions, 0 deletions
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 3faf0603ce..021249847a 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -41,3 +41,102 @@ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
return status;
}
+
+const struct dcesrv_security_ops *dcerpc_security_by_authtype(uint8_t auth_type)
+{
+ switch (auth_type) {
+ case DCERPC_AUTH_TYPE_SCHANNEL:
+ return dcerpc_schannel_security_get_ops();
+
+ case DCERPC_AUTH_TYPE_NTLMSSP:
+ return dcerpc_ntlmssp_security_get_ops();
+ }
+
+ return NULL;
+}
+
+NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, uint8_t auth_type,
+ const char *uuid, uint_t version,
+ const char *domain,
+ const char *username,
+ const char *password)
+{
+ NTSTATUS status;
+ TALLOC_CTX *mem_ctx;
+ DATA_BLOB credentials;
+
+ mem_ctx = talloc_init("dcerpc_bind_auth");
+ if (!mem_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ p->security_state.ops = dcerpc_security_by_authtype(auth_type);
+ if (!p->security_state.ops) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
+ p->security_state.user.domain = domain;
+ p->security_state.user.name = username;
+ p->security_state.user.password = password;
+
+ status = p->security_state.ops->start(p, &p->security_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ p->security_state.auth_info = talloc(p->mem_ctx, sizeof(*p->security_state.auth_info));
+ if (!p->security_state.auth_info) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ p->security_state.auth_info->auth_type = auth_type;
+ p->security_state.auth_info->auth_pad_length = 0;
+ p->security_state.auth_info->auth_reserved = 0;
+ p->security_state.auth_info->auth_context_id = random();
+ p->security_state.auth_info->credentials = data_blob(NULL, 0);
+
+ if (p->flags & DCERPC_SEAL) {
+ p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
+ } else if (p->flags & DCERPC_SIGN) {
+ p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
+ } else {
+ p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE;
+ }
+
+ status = p->security_state.ops->update(&p->security_state, mem_ctx,
+ p->security_state.auth_info->credentials,
+ &credentials);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ goto done;
+ }
+
+ p->security_state.auth_info->credentials = credentials;
+
+ status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = p->security_state.ops->update(&p->security_state, mem_ctx,
+ p->security_state.auth_info->credentials,
+ &credentials);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ goto done;
+ }
+
+ p->security_state.auth_info->credentials = credentials;
+
+ status = dcerpc_auth3(p, mem_ctx);
+done:
+ talloc_destroy(mem_ctx);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ ZERO_STRUCT(p->security_state);
+ }
+
+ return status;
+}