diff options
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 1 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 11 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_connect.c | 24 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 17 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 18 |
5 files changed, 37 insertions, 34 deletions
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index cbfe8478b2..df70580db3 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -100,6 +100,7 @@ struct dcerpc_pipe { struct dcerpc_syntax_id transfer_syntax; struct dcerpc_connection *conn; + struct dcerpc_binding *binding; /* the last fault code from a DCERPC fault */ uint32_t last_fault_code; diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index bffa994abe..f0a7dc8ffe 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -168,7 +168,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p, const struct dcerpc_interface_table *table, struct cli_credentials *credentials, - uint8_t auth_type, + uint8_t auth_type, uint8_t auth_level, const char *service) { struct composite_context *c, *creq; @@ -233,8 +233,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, } c->status = gensec_start_mech_by_authtype(sec->generic_state, - auth_type, - dcerpc_auth_level(p->conn)); + auth_type, auth_level); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n", gensec_get_name_by_authtype(auth_type), @@ -249,7 +248,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, } sec->auth_info->auth_type = auth_type; - sec->auth_info->auth_level = dcerpc_auth_level(p->conn); + sec->auth_info->auth_level = auth_level, sec->auth_info->auth_pad_length = 0; sec->auth_info->auth_reserved = 0; sec->auth_info->auth_context_id = random(); @@ -323,11 +322,11 @@ NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq) NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, const struct dcerpc_interface_table *table, struct cli_credentials *credentials, - uint8_t auth_type, + uint8_t auth_type, uint8_t auth_level, const char *service) { struct composite_context *creq; creq = dcerpc_bind_auth_send(p, p, table, credentials, - auth_type, service); + auth_type, auth_level, service); return dcerpc_bind_auth_recv(creq); } diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 1c9ab8c0ed..67dfda6d7a 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -131,29 +131,19 @@ struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CTX *mem_ conn->in.called_name = strupper_talloc(mem_ctx, s->io.binding->host); conn->in.service = "IPC$"; conn->in.service_type = NULL; - conn->in.fallback_to_anonymous = False; conn->in.workgroup = lp_workgroup(); /* - * provide proper credentials - user supplied or anonymous in case this is - * schannel connection + * provide proper credentials - user supplied, but allow a + * fallback to anonymous if this is an schannel connection + * (might be NT4 not allowing machine logins at session + * setup). */ + s->conn.in.credentials = s->io.creds; if (s->io.binding->flags & DCERPC_SCHANNEL) { - struct cli_credentials *anon_creds; - - anon_creds = cli_credentials_init(mem_ctx); - if (!anon_creds) { - composite_error(c, NT_STATUS_NO_MEMORY); - goto done; - } - - cli_credentials_set_anonymous(anon_creds); - cli_credentials_guess(anon_creds); - - s->conn.in.credentials = anon_creds; - + conn->in.fallback_to_anonymous = True; } else { - s->conn.in.credentials = s->io.creds; + conn->in.fallback_to_anonymous = False; } /* send smb connect request */ diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 108b678188..64cf6748e8 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -55,16 +55,15 @@ static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx, step 1 - establish a netlogon connection, with no authentication */ - /* Find the original binding string */ - status = dcerpc_parse_binding(tmp_ctx, p->conn->binding_string, &b); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("Failed to parse dcerpc binding '%s'\n", p->conn->binding_string)); - return status; + b = talloc(tmp_ctx, struct dcerpc_binding); + if (!b) { + return NT_STATUS_NO_MEMORY; } + *b = *p->binding; /* Make binding string for netlogon, not the other pipe */ status = dcerpc_epm_map_binding(tmp_ctx, b, - &dcerpc_table_netlogon, + &dcerpc_table_netlogon, p->conn->event_ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Failed to map DCERPC/TCP NCACN_NP pipe for '%s' - %s\n", @@ -141,7 +140,8 @@ static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx, NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx, struct dcerpc_pipe *p, const struct dcerpc_interface_table *table, - struct cli_credentials *credentials) + struct cli_credentials *credentials, + uint8_t auth_level) { NTSTATUS status; @@ -156,7 +156,8 @@ NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx, return status; } - return dcerpc_bind_auth(p, table, credentials, DCERPC_AUTH_TYPE_SCHANNEL, + return dcerpc_bind_auth(p, table, credentials, + DCERPC_AUTH_TYPE_SCHANNEL, auth_level, NULL); } diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 15a45ed3f0..6ef91b87b0 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -889,9 +889,10 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, /* If we don't already have netlogon credentials for * the schannel bind, then we have to get these * first */ - status = dcerpc_bind_auth_schannel(tmp_ctx, p, table, credentials); + status = dcerpc_bind_auth_schannel(tmp_ctx, p, table, credentials, + dcerpc_auth_level(p->conn)); } else if (!cli_credentials_is_anonymous(credentials) && - !(binding->transport == NCACN_NP && + !(p->conn->transport.transport == NCACN_NP && !(binding->flags & DCERPC_SIGN) && !(binding->flags & DCERPC_SEAL))) { @@ -925,7 +926,9 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, } status = dcerpc_bind_auth(p, table, - credentials, auth_type, table->authservices->names[0]); + credentials, auth_type, + dcerpc_auth_level(p->conn), + table->authservices->names[0]); } else { status = dcerpc_bind_auth_none(p, table); } @@ -1099,6 +1102,11 @@ NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx, return status; } + p->binding = binding; + if (!talloc_reference(p, binding)) { + return NT_STATUS_NO_MEMORY; + } + status = dcerpc_pipe_auth(p, binding, table, credentials); if (!NT_STATUS_IS_OK(status)) { talloc_free(p); @@ -1195,6 +1203,10 @@ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p, struct dcerpc_pipe * } (*p2)->conn->flags = p->conn->flags; + (*p2)->binding = b; + if (!talloc_reference(*p2, b)) { + return NT_STATUS_NO_MEMORY; + } return NT_STATUS_OK; } |