diff options
Diffstat (limited to 'source4/winbind')
-rw-r--r-- | source4/winbind/wb_connect_lsa.c | 14 | ||||
-rw-r--r-- | source4/winbind/wb_connect_sam.c | 14 | ||||
-rw-r--r-- | source4/winbind/wb_init_domain.c | 3 |
3 files changed, 24 insertions, 7 deletions
diff --git a/source4/winbind/wb_connect_lsa.c b/source4/winbind/wb_connect_lsa.c index 76f75eb0a4..1c9cb5f39a 100644 --- a/source4/winbind/wb_connect_lsa.c +++ b/source4/winbind/wb_connect_lsa.c @@ -95,24 +95,32 @@ static void init_lsa_recv_pipe(struct composite_context *ctx) switch (state->auth_type) { case DCERPC_AUTH_TYPE_NONE: ctx = dcerpc_bind_auth_none_send(state, state->lsa_pipe, - &dcerpc_table_lsarpc); + &dcerpc_table_lsarpc); composite_continue(state->ctx, ctx, init_lsa_recv_anon_bind, state); break; case DCERPC_AUTH_TYPE_NTLMSSP: case DCERPC_AUTH_TYPE_SCHANNEL: + { + uint8_t auth_type; + if (lp_winbind_sealed_pipes()) { + auth_type = DCERPC_AUTH_LEVEL_PRIVACY; + } else { + auth_type = DCERPC_AUTH_LEVEL_INTEGRITY; + } if (state->creds == NULL) { composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR); return; } - state->lsa_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL); ctx = dcerpc_bind_auth_send(state, state->lsa_pipe, - &dcerpc_table_lsarpc, + &dcerpc_table_lsarpc, state->creds, state->auth_type, + auth_type, NULL); composite_continue(state->ctx, ctx, init_lsa_recv_auth_bind, state); break; + } default: composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR); } diff --git a/source4/winbind/wb_connect_sam.c b/source4/winbind/wb_connect_sam.c index e3b9c82310..1817785508 100644 --- a/source4/winbind/wb_connect_sam.c +++ b/source4/winbind/wb_connect_sam.c @@ -102,24 +102,32 @@ static void connect_samr_recv_pipe(struct composite_context *ctx) switch (state->auth_type) { case DCERPC_AUTH_TYPE_NONE: ctx = dcerpc_bind_auth_none_send(state, state->samr_pipe, - &dcerpc_table_samr); + &dcerpc_table_samr); composite_continue(state->ctx, ctx, connect_samr_recv_anon_bind, state); break; case DCERPC_AUTH_TYPE_NTLMSSP: case DCERPC_AUTH_TYPE_SCHANNEL: + { + uint8_t auth_type; + if (lp_winbind_sealed_pipes()) { + auth_type = DCERPC_AUTH_LEVEL_PRIVACY; + } else { + auth_type = DCERPC_AUTH_LEVEL_INTEGRITY; + } if (state->creds == NULL) { composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR); return; } - state->samr_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL); ctx = dcerpc_bind_auth_send(state, state->samr_pipe, - &dcerpc_table_samr, + &dcerpc_table_samr, state->creds, state->auth_type, + auth_type, NULL); composite_continue(state->ctx, ctx, connect_samr_recv_auth_bind, state); break; + } default: composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR); } diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index c9d99ff0b9..b10b5458ba 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -205,9 +205,10 @@ static void init_domain_recv_netlogonpipe(struct composite_context *ctx) state->domain->netlogon_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL); ctx = dcerpc_bind_auth_send(state, state->domain->netlogon_pipe, - &dcerpc_table_netlogon, + &dcerpc_table_netlogon, state->domain->schannel_creds, DCERPC_AUTH_TYPE_SCHANNEL, + DCERPC_AUTH_LEVEL_PRIVACY, NULL); composite_continue(state->ctx, ctx, init_domain_recv_schannel, state); } |