sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-11-16 20:23:50 +03:00
Code Activity

r1068: make the dcerpc client side auth/crypto code much more generic

Browse Source 
metze
This commit is contained in:
Stefan Metzmacher
2004-06-07 12:30:22 +00:00
committed by Gerald (Jerry) Carter
parent e5d338821e
commit 1706ff88a7
6 changed files with 380 additions and 292 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
source/librpc/rpc/dcerpc_auth.c
View File

@@ -41,3 +41,102 @@ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
return status;
}
const struct dcesrv_security_ops *dcerpc_security_by_authtype(uint8_t auth_type)
{
switch (auth_type) {
case DCERPC_AUTH_TYPE_SCHANNEL:
return dcerpc_schannel_security_get_ops();
case DCERPC_AUTH_TYPE_NTLMSSP:
return dcerpc_ntlmssp_security_get_ops();
}
return NULL;
}
NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, uint8_t auth_type,
const char *uuid, uint_t version,
const char *domain,
const char *username,
const char *password)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx;
DATA_BLOB credentials;
mem_ctx = talloc_init("dcerpc_bind_auth");
if (!mem_ctx) {
return NT_STATUS_NO_MEMORY;
}
p->security_state.ops = dcerpc_security_by_authtype(auth_type);
if (!p->security_state.ops) {
status = NT_STATUS_INVALID_PARAMETER;
goto done;
}
p->security_state.user.domain = domain;
p->security_state.user.name = username;
p->security_state.user.password = password;
status = p->security_state.ops->start(p, &p->security_state);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
p->security_state.auth_info = talloc(p->mem_ctx, sizeof(*p->security_state.auth_info));
if (!p->security_state.auth_info) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
p->security_state.auth_info->auth_type = auth_type;
p->security_state.auth_info->auth_pad_length = 0;
p->security_state.auth_info->auth_reserved = 0;
p->security_state.auth_info->auth_context_id = random();
p->security_state.auth_info->credentials = data_blob(NULL, 0);
if (p->flags & DCERPC_SEAL) {
p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
} else if (p->flags & DCERPC_SIGN) {
p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
} else {
p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE;
}
status = p->security_state.ops->update(&p->security_state, mem_ctx,
p->security_state.auth_info->credentials,
&credentials);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
goto done;
}
p->security_state.auth_info->credentials = credentials;
status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
status = p->security_state.ops->update(&p->security_state, mem_ctx,
p->security_state.auth_info->credentials,
&credentials);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
goto done;
}
p->security_state.auth_info->credentials = credentials;
status = dcerpc_auth3(p, mem_ctx);
done:
talloc_destroy(mem_ctx);
if (!NT_STATUS_IS_OK(status)) {
ZERO_STRUCT(p->security_state);
}
return status;
}