From 9a747d500fad699038ecf75615c680a9fd9e4cc7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 2 Jun 2010 22:52:56 +1000
Subject: s3:auth add hooks to indicate if signing or sealing is desired with
 NTLMSSP

This allows the right hooks to be called in GENSEC when s3compat
implements the auth_ntlmssp interface.  Otherwise, we can't do the
signing or sealing as we have not negoitated it's use.

Andrew Bartlett
---
 source3/auth/auth_ntlmssp.c   | 10 ++++++++++
 source3/include/proto.h       |  2 ++
 source3/rpc_server/srv_pipe.c | 21 +++++++++++++++++++++
 3 files changed, 33 insertions(+)

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 1b48ba022d..7184fa6b95 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -74,6 +74,16 @@ bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
 	return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
 }
 
+void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state)
+{
+
+}
+
+void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
+{
+
+}
+
 NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
 				  struct auth_ntlmssp_state *auth_ntlmssp_state,
 				  struct auth_serversupplied_info **_server_info)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 268e2b50aa..9582884c2f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -63,6 +63,8 @@ const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_stat
 const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *auth_ntlmssp_state);
 bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *auth_ntlmssp_state);
 bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state);
+void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state);
+void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state);
 NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state);
 void auth_ntlmssp_end(struct auth_ntlmssp_state **auth_ntlmssp_state);
 NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state,
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 0f60cdff1c..4678aeb698 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1189,6 +1189,16 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
 			goto err;
 		}
 
+		switch (auth_info.auth_level) {
+			case DCERPC_AUTH_LEVEL_INTEGRITY:
+				auth_ntlmssp_want_sign(a);
+				break;
+			case DCERPC_AUTH_LEVEL_PRIVACY:
+				auth_ntlmssp_want_seal(a);
+				break;
+			default:
+				break;
+		}
 		/*
 		 * Pass the first security blob of data to it.
 		 * This can return an error or NT_STATUS_MORE_PROCESSING_REQUIRED
@@ -1524,6 +1534,17 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
 		goto err;
 	}
 
+	switch (pauth_info->auth_level) {
+	case DCERPC_AUTH_LEVEL_INTEGRITY:
+		auth_ntlmssp_want_sign(a);
+		break;
+	case DCERPC_AUTH_LEVEL_PRIVACY:
+		auth_ntlmssp_want_seal(a);
+		break;
+	default:
+		break;
+	}
+
 	status = auth_ntlmssp_update(a, blob, &response);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		DEBUG(0,("pipe_ntlmssp_auth_bind: auth_ntlmssp_update failed: %s\n",
-- 
cgit