From fa5a99b7a6e4f9bffa82eed1393e8e5e1f6404dc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 25 Aug 2004 02:25:20 +0000 Subject: r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server. The bug (found by tridge) is that Win2k3 is being tighter about the NTLMSSP flags. If we don't negotiate sealing, we can't use it. We now have a way to indicate to the GENSEC implementation mechanisms what things we want for a connection. Andrew Bartlett (This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c) --- source4/librpc/rpc/dcerpc_auth.c | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) (limited to 'source4/librpc/rpc/dcerpc_auth.c') diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 43b2212d60..6ae6a80596 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -44,7 +44,7 @@ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p, return status; } -NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, +NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level, const char *uuid, uint_t version) { NTSTATUS status; @@ -63,7 +63,7 @@ NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, return status; } - status = gensec_start_mech_by_authtype(p->security_state.generic_state, auth_type); + status = gensec_start_mech_by_authtype(p->security_state.generic_state, auth_type, auth_level); if (!NT_STATUS_IS_OK(status)) { return status; @@ -77,19 +77,12 @@ NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, } p->security_state.auth_info->auth_type = auth_type; + p->security_state.auth_info->auth_level = auth_level; p->security_state.auth_info->auth_pad_length = 0; p->security_state.auth_info->auth_reserved = 0; p->security_state.auth_info->auth_context_id = random(); p->security_state.auth_info->credentials = null_data_blob; - if (p->flags & DCERPC_SEAL) { - p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY; - } else if (p->flags & DCERPC_SIGN) { - p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; - } else { - p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE; - } - status = gensec_update(p->security_state.generic_state, mem_ctx, null_data_blob, &credentials); @@ -126,7 +119,7 @@ done: return status; } -NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, +NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level, const char *uuid, uint_t version) { NTSTATUS status; @@ -145,7 +138,8 @@ NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, return status; } - status = gensec_start_mech_by_authtype(p->security_state.generic_state, auth_type); + status = gensec_start_mech_by_authtype(p->security_state.generic_state, + auth_type, auth_level); if (!NT_STATUS_IS_OK(status)) { return status; @@ -159,19 +153,12 @@ NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, } p->security_state.auth_info->auth_type = auth_type; + p->security_state.auth_info->auth_level = auth_level; p->security_state.auth_info->auth_pad_length = 0; p->security_state.auth_info->auth_reserved = 0; p->security_state.auth_info->auth_context_id = random(); p->security_state.auth_info->credentials = null_data_blob; - if (p->flags & DCERPC_SEAL) { - p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY; - } else if (p->flags & DCERPC_SIGN) { - p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; - } else { - p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE; - } - status = gensec_update(p->security_state.generic_state, mem_ctx, null_data_blob, &credentials); -- cgit