From 3ae4d872f5292f5620fc2d75b3c5434c52d726a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 10 Apr 2005 10:13:57 +0000 Subject: r6272: For 'programmed' use of an anonymous account, we should use cli_credentials_set_conf(), not cli_credentials_guess(). Also, clarify why for particular flags, we don't do a DCERPC-level authentication. Andrew Bartlett (This used to be commit 838925761d004a1426107f4c5c84d0276fddb2c0) --- source4/librpc/rpc/dcerpc_util.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'source4/librpc') diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index f45ae92bab..d1d9977b39 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -806,8 +806,8 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind struct cli_credentials *anon_creds = cli_credentials_init(mem_ctx); + cli_credentials_set_conf(anon_creds); cli_credentials_set_anonymous(anon_creds); - cli_credentials_guess(anon_creds); /* First, check if there is a default endpoint specified in the IDL */ @@ -939,7 +939,14 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, } else if (!cli_credentials_is_anonymous(credentials) && !(binding->transport == NCACN_NP && !(binding->flags & DCERPC_SIGN) && - !(binding->flags & DCERPC_SEAL))) { + !(binding->flags & DCERPC_SEAL))) { + + /* Perform an authenticated DCE-RPC bind, except where + * we ask for a connection on NCACN_NP, and that + * connection is not signed or sealed. For that case + * we rely on the already authenicated CIFS connection + */ + uint8_t auth_type; if (binding->flags & DCERPC_AUTH_SPNEGO) { auth_type = DCERPC_AUTH_TYPE_SPNEGO; -- cgit