sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code

r4962: add infrastructure to use raw krb5 auth in dcerpc client code

Browse Source 
Note this doesn't work currently because the gensec_modules are not ready for that yet

metze
This commit is contained in:
Stefan Metzmacher 2005-01-24 14:44:15 +00:00 committed by Gerald (Jerry) Carter
parent e849db13dc
commit 7b09a3f725
4 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
prog_guide.txt
View File

@ -542,6 +542,7 @@ other recognised flags are:
sign : enable ntlmssp signing
seal : enable ntlmssp sealing
spnego : use SPNEGO instead of NTLMSSP authentication
krb5 : use KRB5 instead of NTLMSSP authentication
connect : enable rpc connect level auth (auth, but no sign or seal)
validate : enable the NDR validator
print : enable debugging of the packets

11
source/librpc/idl/dcerpc.idl
View File

@ -110,18 +110,19 @@ interface dcerpc
uint32 status;
} dcerpc_fault;
/* the auth types we know about
const uint8 DCERPC_AUTH_TYPE_NONE = 0;
const uint8 DCERPC_AUTH_TYPE_KRB5 = 1;
/* this seems to be not krb5! */
const uint8 DCERPC_AUTH_TYPE_KRB5_1 = 1;
const uint8 DCERPC_AUTH_TYPE_SPNEGO = 9;
const uint8 DCERPC_AUTH_TYPE_NTLMSSP = 10;
/* I'm not 100% sure but type 16(0x10)
* seems to be raw krb5 --metze
*/
const uint8 DCERPC_AUTH_TYPE_KRB5_16 = 16;
const uint8 DCERPC_AUTH_TYPE_KRB5 = 16;
const uint8 DCERPC_AUTH_TYPE_SCHANNEL = 68;
const uint8 DCERPC_AUTH_TYPE_MSMQ = 100;
const uint8 DCERPC_AUTH_TYPE_MSMQ = 100;
const uint8 DCERPC_AUTH_LEVEL_DEFAULT = DCERPC_AUTH_LEVEL_CONNECT;
const uint8 DCERPC_AUTH_LEVEL_NONE = 1;
const uint8 DCERPC_AUTH_LEVEL_CONNECT = 2;

5
source/librpc/rpc/dcerpc.h
View File

@ -129,11 +129,14 @@ struct dcerpc_pipe {
/* set LIBNDR_FLAG_REF_ALLOC flag when decoding NDR */
#define DCERPC_NDR_REF_ALLOC (1<<14)
#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO)
#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5)
/* enable spnego auth */
#define DCERPC_AUTH_SPNEGO (1<<15)
/* enable krb5 auth */
#define DCERPC_AUTH_KRB5 (1<<16)
/*
this is used to find pointers to calls
*/

3
source/librpc/rpc/dcerpc_util.c
View File

@ -177,6 +177,7 @@ static const struct {
{"seal", DCERPC_SEAL},
{"connect", DCERPC_CONNECT},
{"spnego", DCERPC_AUTH_SPNEGO},
{"krb5", DCERPC_AUTH_KRB5},
{"validate", DCERPC_DEBUG_VALIDATE_BOTH},
{"print", DCERPC_DEBUG_PRINT_BOTH},
{"padcheck", DCERPC_DEBUG_PAD_CHECK},
@ -797,6 +798,8 @@ static NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
uint8_t auth_type;
if (binding->flags & DCERPC_AUTH_SPNEGO) {
auth_type = DCERPC_AUTH_TYPE_SPNEGO;
} else if (binding->flags & DCERPC_AUTH_KRB5) {
auth_type = DCERPC_AUTH_TYPE_KRB5;
} else {
auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
}