1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

r5603: add "authservice()" property to the interface property list

so we can specify allowed target service names in the idl file

the default is "host"

metze
(This used to be commit bf40d5321f)
This commit is contained in:
Stefan Metzmacher 2005-03-01 16:08:36 +00:00 committed by Gerald (Jerry) Carter
parent 70f7c56168
commit 4a3ca96fb4
5 changed files with 63 additions and 20 deletions

View File

@ -2008,18 +2008,40 @@ sub FunctionTable($)
pidl "";
pidl "static const struct dcerpc_endpoint_list $interface->{NAME}\_endpoints = {";
pidl "\t$endpoint_count, $interface->{NAME}\_endpoint_strings";
pidl "\t.count\t= $endpoint_count,";
pidl "\t.names\t= $interface->{NAME}\_endpoint_strings";
pidl "};";
pidl "";
if (! defined $interface->{PROPERTIES}->{authservice}) {
$interface->{PROPERTIES}->{authservice} = "\"host\"";
}
my @a = split / /, $interface->{PROPERTIES}->{authservice};
my $authservice_count = $#a + 1;
pidl "static const char * const $interface->{NAME}\_authservice_strings[] = {";
foreach my $ap (@a) {
pidl "\t$ap, ";
}
pidl "};";
pidl "";
pidl "static const struct dcerpc_authservice_list $interface->{NAME}\_authservices = {";
pidl "\t.count\t= $endpoint_count,";
pidl "\t.names\t= $interface->{NAME}\_authservice_strings";
pidl "};";
pidl "";
pidl "\nconst struct dcerpc_interface_table dcerpc_table_$interface->{NAME} = {";
pidl "\t\"$interface->{NAME}\",";
pidl "\tDCERPC_$uname\_UUID,";
pidl "\tDCERPC_$uname\_VERSION,";
pidl "\tDCERPC_$uname\_HELPSTRING,";
pidl "\t$count,";
pidl "\t$interface->{NAME}\_calls,";
pidl "\t&$interface->{NAME}\_endpoints";
pidl "\t.name\t\t= \"$interface->{NAME}\",";
pidl "\t.uuid\t\t= DCERPC_$uname\_UUID,";
pidl "\t.if_version\t= DCERPC_$uname\_VERSION,";
pidl "\t.helpstring\t= DCERPC_$uname\_HELPSTRING,";
pidl "\t.num_calls\t= $count,";
pidl "\t.calls\t\t= $interface->{NAME}\_calls,";
pidl "\t.endpoints\t= &$interface->{NAME}\_endpoints,";
pidl "\t.authservices\t= &$interface->{NAME}\_authservices";
pidl "};";
pidl "";

View File

@ -153,6 +153,11 @@ struct dcerpc_endpoint_list {
const char * const *names;
};
struct dcerpc_authservice_list {
uint32_t count;
const char * const *names;
};
struct dcerpc_interface_table {
const char *name;
const char *uuid;
@ -161,6 +166,7 @@ struct dcerpc_interface_table {
uint32_t num_calls;
const struct dcerpc_interface_call *calls;
const struct dcerpc_endpoint_list *endpoints;
const struct dcerpc_authservice_list *authservices;
};
struct dcerpc_interface_list {
@ -175,6 +181,7 @@ struct dcerpc_binding {
uint16_t object_version;
const char *host;
const char *endpoint;
const char *authservice;
const char **options;
uint32_t flags;
};

View File

@ -146,7 +146,8 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p,
const char *domain,
const char *username,
const char *password,
uint8_t auth_type)
uint8_t auth_type,
const char *service)
{
NTSTATUS status;
@ -189,6 +190,15 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p,
return status;
}
if (service) {
status = gensec_set_target_service(p->conn->security_state.generic_state, service);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start set GENSEC target service: %s\n",
nt_errstr(status)));
return status;
}
}
status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state,
auth_type,
dcerpc_auth_level(p->conn));

View File

@ -789,13 +789,15 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
if (table) {
struct dcerpc_binding default_binding;
binding->authservice = talloc_strdup(mem_ctx, table->authservices->names[0]);
/* Find one of the default pipes for this interface */
for (i = 0; i < table->endpoints->count; i++) {
status = dcerpc_parse_binding(mem_ctx, table->endpoints->names[i], &default_binding);
if (NT_STATUS_IS_OK(status) && default_binding.transport == binding->transport && default_binding.endpoint) {
binding->endpoint = talloc_strdup(mem_ctx, default_binding.endpoint);
binding->endpoint = talloc_strdup(mem_ctx, default_binding.endpoint);
return NT_STATUS_OK;
}
}
@ -808,6 +810,7 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
epmapper_binding.options = NULL;
epmapper_binding.flags = 0;
epmapper_binding.endpoint = NULL;
epmapper_binding.authservice = NULL;
status = dcerpc_pipe_connect_b(&p,
&epmapper_binding,
@ -903,8 +906,9 @@ static NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version,
domain, username, password,
auth_type);
} else {
auth_type,
binding->authservice);
} else {
status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version);
}

View File

@ -53,7 +53,7 @@ BOOL torture_multi_bind(void)
status = dcerpc_parse_binding(mem_ctx, binding_string, &b);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to parse dcerpc binding '%s'\n", binding_string));
printf("Failed to parse dcerpc binding '%s'\n", binding_string);
talloc_free(mem_ctx);
return False;
}
@ -82,21 +82,21 @@ BOOL torture_multi_bind(void)
status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version,
domain, username, password,
auth_type);
} else {
auth_type,
binding->authservice);
} else {
status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version);
}
if (NT_STATUS_IS_OK(status)) {
DEBUG(0,("(incorrectly) allowed re-bind to uuid %s - %s\n",
pipe_uuid, nt_errstr(status)));
printf("(incorrectly) allowed re-bind to uuid %s - %s\n",
pipe_uuid, nt_errstr(status));
ret = False;
} else {
printf("\n");
ret = True;
}
printf("\n");
talloc_free(mem_ctx);
torture_rpc_close(p);