From d3af0346c87390b72f6f1708019c7cd055ae047d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Mon, 14 Sep 2009 20:39:54 +0200 Subject: [PATCH] s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags. Guenther --- source3/auth/auth_domain.c | 2 +- source3/auth/auth_netlogond.c | 2 +- source3/include/client.h | 2 +- source3/include/ntdomain.h | 9 +--- source3/include/proto.h | 22 +++++----- source3/libnet/libnet_join.c | 2 +- source3/libsmb/passchange.c | 2 +- source3/rpc_client/cli_pipe.c | 70 +++++++++++++++--------------- source3/rpc_parse/parse_prs.c | 16 +++---- source3/rpc_server/srv_netlog_nt.c | 4 +- source3/rpc_server/srv_pipe.c | 30 ++++++------- source3/rpc_server/srv_samr_nt.c | 2 +- source3/rpcclient/rpcclient.c | 12 ++--- source3/utils/net_rpc.c | 4 +- source3/utils/net_rpc_join.c | 4 +- source3/winbindd/winbindd_cm.c | 10 ++--- 16 files changed, 93 insertions(+), 100 deletions(-) diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 85210e6f701..7dec6ad84bf 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -177,7 +177,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, /* We also setup the creds chain in the open_schannel call. */ result = cli_rpc_pipe_open_schannel( *cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); + DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); } else { result = cli_rpc_pipe_open_noauth( *cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c index 3947873aaab..5f4d2f16e39 100644 --- a/source3/auth/auth_netlogond.c +++ b/source3/auth/auth_netlogond.c @@ -47,7 +47,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx, } status = rpccli_schannel_bind_data(p, lp_workgroup(), - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, schannel_key, &auth); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("rpccli_schannel_bind_data failed: %s\n", diff --git a/source3/include/client.h b/source3/include/client.h index 5b64b9be3a7..e83927cfe54 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -48,7 +48,7 @@ struct print_job_info { struct cli_pipe_auth_data { enum pipe_auth_type auth_type; /* switch for the union below. Defined in ntdomain.h */ - enum pipe_auth_level auth_level; /* defined in ntdomain.h */ + enum dcerpc_AuthLevel auth_level; /* defined in ntdomain.h */ char *domain; char *user_name; diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 53e89a87514..1d303ca64a9 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -132,13 +132,6 @@ typedef struct pipe_rpc_fns { enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL, PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 }; -/* Possible auth levels - keep these in sync with the wire values. */ -enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0, - PIPE_AUTH_LEVEL_CONNECT = 1, /* We treat as NONE. */ - PIPE_AUTH_LEVEL_INTEGRITY = 5, /* Sign. */ - PIPE_AUTH_LEVEL_PRIVACY = 6 /* Seal. */ -}; - /* auth state for krb5. */ struct kerberos_auth_struct { const char *service_principal; @@ -155,7 +148,7 @@ struct schannel_auth_struct { struct pipe_auth_data { enum pipe_auth_type auth_type; /* switch for union below. */ - enum pipe_auth_level auth_level; + enum dcerpc_AuthLevel auth_level; union { struct schannel_auth_struct *schannel_auth; AUTH_NTLMSSP_STATE *auth_ntlmssp_state; diff --git a/source3/include/proto.h b/source3/include/proto.h index b037bf3ac06..35d1a9929db 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5291,17 +5291,17 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, struct cli_pipe_auth_data **presult); NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, struct cli_pipe_auth_data **presult); NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const uint8_t sess_key[16], struct cli_pipe_auth_data **presult); NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, @@ -5326,7 +5326,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -5334,7 +5334,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -5346,14 +5346,14 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct netlogon_creds_CredentialState **pdc, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -5361,12 +5361,12 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, const struct ndr_syntax_id *interface, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, @@ -5706,11 +5706,11 @@ bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uin bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len); bool prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str); bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size); -void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len); -bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len); bool prs_init_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx); diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 7794e0367af..5315fccff61 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1136,7 +1136,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, status = cli_rpc_pipe_open_schannel_with_key( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd); cli_shutdown(cli); diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index ab951618fe6..570a048502c 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -177,7 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam result = cli_rpc_pipe_open_ntlmssp(cli, &ndr_table_samr.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain, user, old_passwd, &pipe_hnd); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index ab9b5fee335..9fa33cc7c6f 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -559,8 +559,8 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr DATA_BLOB auth_blob; NTSTATUS status; - if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE - || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE + || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) { return NT_STATUS_OK; } @@ -605,7 +605,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr auth_blob.length = auth_len; switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data is encrypted. */ status = ntlmssp_unseal_packet(ntlmssp_state, data, data_len, @@ -620,7 +620,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr return status; } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = ntlmssp_check_packet(ntlmssp_state, data, data_len, @@ -679,8 +679,8 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p enum ndr_err_code ndr_err; DATA_BLOB blob; - if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE - || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE + || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) { return NT_STATUS_OK; } @@ -1470,7 +1470,7 @@ static NTSTATUS rpc_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, ********************************************************************/ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1529,7 +1529,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, ********************************************************************/ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1576,7 +1576,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client ********************************************************************/ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1617,7 +1617,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, ********************************************************************/ static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, RPC_HDR_AUTH *pauth_out, prs_struct *auth_data) { @@ -1760,7 +1760,7 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli, const struct ndr_syntax_id *abstract, const struct ndr_syntax_id *transfer, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level) + enum dcerpc_AuthLevel auth_level) { RPC_HDR_AUTH hdr_auth; prs_struct auth_info; @@ -1856,7 +1856,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, } switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state, (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, @@ -1870,7 +1870,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state, (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, @@ -1938,8 +1938,8 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, } switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n", sas->seq_num)); @@ -1998,8 +1998,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli, #endif switch (cli->auth->auth_level) { - case PIPE_AUTH_LEVEL_NONE: - case PIPE_AUTH_LEVEL_CONNECT: + case DCERPC_AUTH_LEVEL_NONE: + case DCERPC_AUTH_LEVEL_CONNECT: data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN; data_len = MIN(data_space, data_left); *p_ss_padding = 0; @@ -2007,8 +2007,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli, *p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + data_len; return data_len; - case PIPE_AUTH_LEVEL_INTEGRITY: - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Treat the same for all authenticated rpc requests. */ switch(cli->auth->auth_type) { case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: @@ -2404,7 +2404,7 @@ static bool check_bind_response(RPC_HDR_BA *hdr_ba, static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli, uint32 rpc_call_id, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, DATA_BLOB *pauth_blob, prs_struct *rpc_out) { @@ -2464,7 +2464,7 @@ static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli, static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id, const struct ndr_syntax_id *abstract, const struct ndr_syntax_id *transfer, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */ prs_struct *rpc_out) { @@ -2980,7 +2980,7 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, } result->auth_type = PIPE_AUTH_TYPE_NONE; - result->auth_level = PIPE_AUTH_LEVEL_NONE; + result->auth_level = DCERPC_AUTH_LEVEL_NONE; result->user_name = talloc_strdup(result, ""); result->domain = talloc_strdup(result, ""); @@ -3001,7 +3001,7 @@ static int cli_auth_ntlmssp_data_destructor(struct cli_pipe_auth_data *auth) NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3053,9 +3053,9 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, result->a_u.ntlmssp_state->neg_flags &= ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL); - if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { + if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; - } else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN; } @@ -3069,7 +3069,7 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, } NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const uint8_t sess_key[16], struct cli_pipe_auth_data **presult) { @@ -3116,7 +3116,7 @@ static int cli_auth_kerberos_data_destructor(struct kerberos_auth_struct *auth) #endif NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, @@ -3702,7 +3702,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3755,7 +3755,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3780,7 +3780,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -3889,7 +3889,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct netlogon_creds_CredentialState **pdc, struct rpc_pipe_client **presult) @@ -3959,7 +3959,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, status = cli_rpc_pipe_open_spnego_ntlmssp( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain, username, password, &netlogon_pipe); if (!NT_STATUS_IS_OK(status)) { return status; @@ -3985,7 +3985,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, const char *username, const char *password, @@ -4026,7 +4026,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, const struct ndr_syntax_id *interface, enum dcerpc_transport_t transport, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *domain, struct rpc_pipe_client **presult) { @@ -4066,7 +4066,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, const struct ndr_syntax_id *interface, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, const char *service_princ, const char *username, const char *password, diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index c5c0c02090d..09263b45d44 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -1071,7 +1071,7 @@ bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_ ********************************************************************/ static void schannel_digest(struct schannel_auth_struct *a, - enum pipe_auth_level auth_level, + enum dcerpc_AuthLevel auth_level, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len, uchar digest_final[16]) @@ -1095,7 +1095,7 @@ static void schannel_digest(struct schannel_auth_struct *a, out of order */ MD5Update(&ctx3, zeros, sizeof(zeros)); MD5Update(&ctx3, sig, 8); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { MD5Update(&ctx3, verf->Confounder, sizeof(verf->Confounder)); } MD5Update(&ctx3, (const unsigned char *)data, data_len); @@ -1169,7 +1169,7 @@ static void schannel_deal_with_seq_num(struct schannel_auth_struct *a, quite compatible with what MS does. ********************************************************************/ -void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len) @@ -1199,7 +1199,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l dump_data_pw("verf->SequenceNumber:\n", verf->SequenceNumber, sizeof(verf->SequenceNumber)); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { verf->SealAlgorithm = NL_SEAL_RC4; } else { verf->SealAlgorithm = NL_SEAL_NONE; @@ -1217,7 +1217,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l schannel_digest(a, auth_level, verf, data, data_len, digest_final); memcpy(verf->Checksum, digest_final, sizeof(verf->Checksum)); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { uchar sealing_key[16]; /* get the key to encode the data with */ @@ -1249,7 +1249,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l as well as decode sealed messages ********************************************************************/ -bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level, +bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level, enum schannel_direction direction, struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len) { @@ -1263,7 +1263,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len)); - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { schannel_sig = schannel_seal_sig; } else { schannel_sig = schannel_sign_sig; @@ -1317,7 +1317,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l return False; } - if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { uchar sealing_key[16]; /* get the key to extract the data with */ diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 07a0b971a08..06d4937261e 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -595,8 +595,8 @@ static NTSTATUS netr_creds_server_step_check(pipes_struct *p, struct tdb_context *tdb; bool schannel_global_required = (lp_server_schannel() == true) ? true:false; bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* && - (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY || - p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY); */ + (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY || + p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY); */ tdb = open_schannel_session_store(mem_ctx); if (!tdb) { diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index ce7df63972a..fee37ba6e30 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -196,7 +196,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) } else { auth_type = RPC_SPNEGO_AUTH_TYPE; } - if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { auth_level = RPC_AUTH_LEVEL_PRIVACY; } else { auth_level = RPC_AUTH_LEVEL_INTEGRITY; @@ -213,7 +213,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) /* Generate the sign blob. */ switch (p->auth.auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ status = ntlmssp_seal_packet( a->ntlmssp_state, @@ -229,7 +229,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) return False; } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ status = ntlmssp_sign_packet( a->ntlmssp_state, @@ -415,7 +415,7 @@ static bool create_next_pdu_schannel(pipes_struct *p) init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, - p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY ? + p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY ? RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY, ss_padding_len, 1); @@ -589,8 +589,8 @@ static bool create_next_pdu_noauth(pipes_struct *p) bool create_next_pdu(pipes_struct *p) { switch(p->auth.auth_level) { - case PIPE_AUTH_LEVEL_NONE: - case PIPE_AUTH_LEVEL_CONNECT: + case DCERPC_AUTH_LEVEL_NONE: + case DCERPC_AUTH_LEVEL_CONNECT: /* This is incorrect for auth level connect. Fixme. JRA */ return create_next_pdu_noauth(p); @@ -647,7 +647,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) ensure the underlying NTLMSSP flags are also set. If not we should refuse the bind. */ - if (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) { DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested " "but client declined signing.\n", @@ -655,7 +655,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) return False; } } - if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested " "but client declined sealing.\n", @@ -840,7 +840,7 @@ static bool setup_bind_nak(pipes_struct *p) if (p->auth.auth_data_free_func) { (*p->auth.auth_data_free_func)(&p->auth); } - p->auth.auth_level = PIPE_AUTH_LEVEL_NONE; + p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; p->auth.auth_type = PIPE_AUTH_TYPE_NONE; p->pipe_bound = False; @@ -1690,10 +1690,10 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) /* Work out if we have to sign or seal etc. */ switch (auth_info.auth_level) { case RPC_AUTH_LEVEL_INTEGRITY: - p->auth.auth_level = PIPE_AUTH_LEVEL_INTEGRITY; + p->auth.auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; break; case RPC_AUTH_LEVEL_PRIVACY: - p->auth.auth_level = PIPE_AUTH_LEVEL_PRIVACY; + p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY; break; default: DEBUG(0,("api_pipe_bind_req: unexpected auth level (%u).\n", @@ -1731,7 +1731,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) /* We're finished - no more packets. */ p->auth.auth_type = PIPE_AUTH_TYPE_NONE; /* We must set the pipe auth_level here also. */ - p->auth.auth_level = PIPE_AUTH_LEVEL_NONE; + p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; p->pipe_bound = True; /* The session key was initialized from the SMB * session in make_internal_rpc_pipe_p */ @@ -2042,7 +2042,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, *pstatus = NT_STATUS_OK; - if (p->auth.auth_level == PIPE_AUTH_LEVEL_NONE || p->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (p->auth.auth_level == DCERPC_AUTH_LEVEL_NONE || p->auth.auth_level == DCERPC_AUTH_LEVEL_CONNECT) { return True; } @@ -2091,7 +2091,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, auth_blob.length = auth_len; switch (p->auth.auth_level) { - case PIPE_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_PRIVACY: /* Data is encrypted. */ *pstatus = ntlmssp_unseal_packet(a->ntlmssp_state, data, data_len, @@ -2102,7 +2102,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, return False; } break; - case PIPE_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ *pstatus = ntlmssp_check_packet(a->ntlmssp_state, data, data_len, diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 058bd12f610..9e95c480330 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2741,7 +2741,7 @@ static NTSTATUS get_user_info_18(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - if (p->auth.auth_level != PIPE_AUTH_LEVEL_PRIVACY) { + if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index c0268f348e6..7a20e487f27 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -26,7 +26,7 @@ DOM_SID domain_sid; static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; -static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE; +static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE; static unsigned int timeout = 0; static enum dcerpc_transport_t default_transport = NCACN_NP; @@ -380,7 +380,7 @@ static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, { const char *type = "NTLMSSP"; - pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; if (argc > 2) { @@ -412,7 +412,7 @@ static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, { const char *type = "NTLMSSP"; - pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; if (argc > 2) { @@ -475,7 +475,7 @@ static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { - pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE; pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; return cmd_set_ss_level(); @@ -485,7 +485,7 @@ static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { d_printf("Setting schannel - sign and seal\n"); - pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL; return cmd_set_ss_level(); @@ -495,7 +495,7 @@ static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c int argc, const char **argv) { d_printf("Setting schannel - sign only\n"); - pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL; return cmd_set_ss_level(); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 549539298f0..b4505347b1f 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -159,7 +159,7 @@ int run_rpc_command(struct net_context *c, /* Always try and create an schannel netlogon pipe. */ nt_status = cli_rpc_pipe_open_schannel( cli, interface, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain_name, + DCERPC_AUTH_LEVEL_PRIVACY, domain_name, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n", @@ -172,7 +172,7 @@ int run_rpc_command(struct net_context *c, cli, interface, (conn_flags & NET_FLAGS_TCP) ? NCACN_IP_TCP : NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, lp_workgroup(), c->opt_user_name, c->opt_password, &pipe_hnd); } else { diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index dbe77355c83..23913812b05 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -102,7 +102,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, ntret = cli_rpc_pipe_open_schannel_with_key( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe->dc, &pipe_hnd); if (!NT_STATUS_IS_OK(ntret)) { @@ -420,7 +420,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) result = cli_rpc_pipe_open_schannel_with_key( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc, + DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc, &netlogon_schannel_pipe); if (!NT_STATUS_IS_OK(result)) { diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 3418022c624..450bb1bc06c 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2056,7 +2056,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, result = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli, &ndr_table_samr.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain_name, machine_account, machine_password, @@ -2100,7 +2100,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } result = cli_rpc_pipe_open_schannel_with_key (conn->cli, &ndr_table_samr.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &p_creds, &conn->samr_pipe); if (!NT_STATUS_IS_OK(result)) { @@ -2196,7 +2196,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, * authenticated LSA pipe with sign & seal. */ result = cli_rpc_pipe_open_spnego_ntlmssp (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, conn->cli->domain, conn->cli->user_name, conn->cli->password, &conn->lsa_pipe); @@ -2237,7 +2237,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } result = cli_rpc_pipe_open_schannel_with_key (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &p_creds, &conn->lsa_pipe); if (!NT_STATUS_IS_OK(result)) { @@ -2384,7 +2384,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, result = cli_rpc_pipe_open_schannel_with_key( conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc, + DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc, &conn->netlogon_pipe); /* We can now close the initial netlogon pipe. */