From 078cced5ec1026432f5df275a7023db70a62693e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Feb 2004 10:22:12 +0000 Subject: - modified the dcerpc client security code to be generic, so ntlmssp and schannel are both instances of possible security modules - added schannel sign and sign/seal support to the dcerpc client code. You select it with binding options of "schannel,sign" or "schannel,seal". (This used to be commit 05db0b9d942cad8f1dd574dc35b759e5e79d4195) --- source4/librpc/rpc/dcerpc_util.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'source4/librpc/rpc/dcerpc_util.c') diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 96f0b959e7..ba61f28c95 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -275,6 +275,7 @@ static const struct { } ncacn_options[] = { {"sign", DCERPC_SIGN}, {"seal", DCERPC_SEAL}, + {"schannel", DCERPC_SCHANNEL}, {"validate", DCERPC_DEBUG_VALIDATE_BOTH}, {"print", DCERPC_DEBUG_PRINT_BOTH}, {"bigendian", DCERPC_PUSH_BIGENDIAN} @@ -481,11 +482,23 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **p, (*p)->flags = binding->flags; - if (binding->flags & (DCERPC_SIGN | DCERPC_SEAL)) { + if (binding->flags & DCERPC_SCHANNEL) { + const char *trust_password = secrets_fetch_machine_password(); + if (!trust_password) { + DEBUG(0,("Unable to fetch machine password\n")); + goto done; + } + status = dcerpc_bind_auth_schannel(*p, pipe_uuid, pipe_version, + lp_workgroup(), + lp_netbios_name(), + trust_password); + } else if (binding->flags & (DCERPC_SIGN | DCERPC_SEAL)) { status = dcerpc_bind_auth_ntlm(*p, pipe_uuid, pipe_version, domain, username, password); } else { status = dcerpc_bind_auth_none(*p, pipe_uuid, pipe_version); } + +done: if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Failed to bind to uuid %s - %s\n", pipe_uuid, nt_errstr(status))); dcerpc_pipe_close(*p); -- cgit