mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.
Guenther
This commit is contained in:
Günther Deschner
parent
668470c992
commit
d3af0346c8
@ -177,7 +177,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
|
|||||||
/* We also setup the creds chain in the open_schannel call. */
|
/* We also setup the creds chain in the open_schannel call. */
|
||||||
result = cli_rpc_pipe_open_schannel(
|
result = cli_rpc_pipe_open_schannel(
|
||||||
*cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
*cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
|
DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
|
||||||
} else {
|
} else {
|
||||||
result = cli_rpc_pipe_open_noauth(
|
result = cli_rpc_pipe_open_noauth(
|
||||||
*cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe);
|
*cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe);
|
||||||
|
|||||||
@ -47,7 +47,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
status = rpccli_schannel_bind_data(p, lp_workgroup(),
|
status = rpccli_schannel_bind_data(p, lp_workgroup(),
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
schannel_key, &auth);
|
schannel_key, &auth);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
DEBUG(10, ("rpccli_schannel_bind_data failed: %s\n",
|
DEBUG(10, ("rpccli_schannel_bind_data failed: %s\n",
|
||||||
|
|||||||
@ -48,7 +48,7 @@ struct print_job_info {
|
|||||||
|
|
||||||
struct cli_pipe_auth_data {
|
struct cli_pipe_auth_data {
|
||||||
enum pipe_auth_type auth_type; /* switch for the union below. Defined in ntdomain.h */
|
enum pipe_auth_type auth_type; /* switch for the union below. Defined in ntdomain.h */
|
||||||
enum pipe_auth_level auth_level; /* defined in ntdomain.h */
|
enum dcerpc_AuthLevel auth_level; /* defined in ntdomain.h */
|
||||||
|
|
||||||
char *domain;
|
char *domain;
|
||||||
char *user_name;
|
char *user_name;
|
||||||
|
|||||||
@ -132,13 +132,6 @@ typedef struct pipe_rpc_fns {
|
|||||||
enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL,
|
enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL,
|
||||||
PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 };
|
PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 };
|
||||||
|
|
||||||
/* Possible auth levels - keep these in sync with the wire values. */
|
|
||||||
enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0,
|
|
||||||
PIPE_AUTH_LEVEL_CONNECT = 1, /* We treat as NONE. */
|
|
||||||
PIPE_AUTH_LEVEL_INTEGRITY = 5, /* Sign. */
|
|
||||||
PIPE_AUTH_LEVEL_PRIVACY = 6 /* Seal. */
|
|
||||||
};
|
|
||||||
|
|
||||||
/* auth state for krb5. */
|
/* auth state for krb5. */
|
||||||
struct kerberos_auth_struct {
|
struct kerberos_auth_struct {
|
||||||
const char *service_principal;
|
const char *service_principal;
|
||||||
@ -155,7 +148,7 @@ struct schannel_auth_struct {
|
|||||||
|
|
||||||
struct pipe_auth_data {
|
struct pipe_auth_data {
|
||||||
enum pipe_auth_type auth_type; /* switch for union below. */
|
enum pipe_auth_type auth_type; /* switch for union below. */
|
||||||
enum pipe_auth_level auth_level;
|
enum dcerpc_AuthLevel auth_level;
|
||||||
union {
|
union {
|
||||||
struct schannel_auth_struct *schannel_auth;
|
struct schannel_auth_struct *schannel_auth;
|
||||||
AUTH_NTLMSSP_STATE *auth_ntlmssp_state;
|
AUTH_NTLMSSP_STATE *auth_ntlmssp_state;
|
||||||
|
|||||||
@ -5291,17 +5291,17 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
|
|||||||
struct cli_pipe_auth_data **presult);
|
struct cli_pipe_auth_data **presult);
|
||||||
NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
|
NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
|
||||||
enum pipe_auth_type auth_type,
|
enum pipe_auth_type auth_type,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
struct cli_pipe_auth_data **presult);
|
struct cli_pipe_auth_data **presult);
|
||||||
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
|
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const uint8_t sess_key[16],
|
const uint8_t sess_key[16],
|
||||||
struct cli_pipe_auth_data **presult);
|
struct cli_pipe_auth_data **presult);
|
||||||
NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
|
NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *service_princ,
|
const char *service_princ,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -5326,7 +5326,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
|
|||||||
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -5334,7 +5334,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
|
|||||||
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -5346,14 +5346,14 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli,
|
|||||||
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
struct netlogon_creds_CredentialState **pdc,
|
struct netlogon_creds_CredentialState **pdc,
|
||||||
struct rpc_pipe_client **presult);
|
struct rpc_pipe_client **presult);
|
||||||
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -5361,12 +5361,12 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
|
|||||||
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
struct rpc_pipe_client **presult);
|
struct rpc_pipe_client **presult);
|
||||||
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *service_princ,
|
const char *service_princ,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -5706,11 +5706,11 @@ bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uin
|
|||||||
bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len);
|
bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len);
|
||||||
bool prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str);
|
bool prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str);
|
||||||
bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size);
|
bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size);
|
||||||
void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
|
void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
|
||||||
enum schannel_direction direction,
|
enum schannel_direction direction,
|
||||||
struct NL_AUTH_SIGNATURE *verf,
|
struct NL_AUTH_SIGNATURE *verf,
|
||||||
char *data, size_t data_len);
|
char *data, size_t data_len);
|
||||||
bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
|
bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
|
||||||
enum schannel_direction direction,
|
enum schannel_direction direction,
|
||||||
struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len);
|
struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len);
|
||||||
bool prs_init_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx);
|
bool prs_init_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx);
|
||||||
|
|||||||
@ -1136,7 +1136,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
|
|||||||
|
|
||||||
status = cli_rpc_pipe_open_schannel_with_key(
|
status = cli_rpc_pipe_open_schannel_with_key(
|
||||||
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd);
|
netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd);
|
||||||
|
|
||||||
cli_shutdown(cli);
|
cli_shutdown(cli);
|
||||||
|
|||||||
@ -177,7 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
|
|||||||
result = cli_rpc_pipe_open_ntlmssp(cli,
|
result = cli_rpc_pipe_open_ntlmssp(cli,
|
||||||
&ndr_table_samr.syntax_id,
|
&ndr_table_samr.syntax_id,
|
||||||
NCACN_NP,
|
NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
domain, user,
|
domain, user,
|
||||||
old_passwd,
|
old_passwd,
|
||||||
&pipe_hnd);
|
&pipe_hnd);
|
||||||
|
|||||||
@ -559,8 +559,8 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr
|
|||||||
DATA_BLOB auth_blob;
|
DATA_BLOB auth_blob;
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
|
|
||||||
if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
|
if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
|
||||||
|| cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
|
|| cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
|
||||||
return NT_STATUS_OK;
|
return NT_STATUS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -605,7 +605,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr
|
|||||||
auth_blob.length = auth_len;
|
auth_blob.length = auth_len;
|
||||||
|
|
||||||
switch (cli->auth->auth_level) {
|
switch (cli->auth->auth_level) {
|
||||||
case PIPE_AUTH_LEVEL_PRIVACY:
|
case DCERPC_AUTH_LEVEL_PRIVACY:
|
||||||
/* Data is encrypted. */
|
/* Data is encrypted. */
|
||||||
status = ntlmssp_unseal_packet(ntlmssp_state,
|
status = ntlmssp_unseal_packet(ntlmssp_state,
|
||||||
data, data_len,
|
data, data_len,
|
||||||
@ -620,7 +620,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr
|
|||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case PIPE_AUTH_LEVEL_INTEGRITY:
|
case DCERPC_AUTH_LEVEL_INTEGRITY:
|
||||||
/* Data is signed. */
|
/* Data is signed. */
|
||||||
status = ntlmssp_check_packet(ntlmssp_state,
|
status = ntlmssp_check_packet(ntlmssp_state,
|
||||||
data, data_len,
|
data, data_len,
|
||||||
@ -679,8 +679,8 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
|
|||||||
enum ndr_err_code ndr_err;
|
enum ndr_err_code ndr_err;
|
||||||
DATA_BLOB blob;
|
DATA_BLOB blob;
|
||||||
|
|
||||||
if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
|
if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
|
||||||
|| cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
|
|| cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
|
||||||
return NT_STATUS_OK;
|
return NT_STATUS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1470,7 +1470,7 @@ static NTSTATUS rpc_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
|
|||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
|
static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
RPC_HDR_AUTH *pauth_out,
|
RPC_HDR_AUTH *pauth_out,
|
||||||
prs_struct *auth_data)
|
prs_struct *auth_data)
|
||||||
{
|
{
|
||||||
@ -1529,7 +1529,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
|
|||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
|
static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
RPC_HDR_AUTH *pauth_out,
|
RPC_HDR_AUTH *pauth_out,
|
||||||
prs_struct *auth_data)
|
prs_struct *auth_data)
|
||||||
{
|
{
|
||||||
@ -1576,7 +1576,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client
|
|||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
|
static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
RPC_HDR_AUTH *pauth_out,
|
RPC_HDR_AUTH *pauth_out,
|
||||||
prs_struct *auth_data)
|
prs_struct *auth_data)
|
||||||
{
|
{
|
||||||
@ -1617,7 +1617,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
|
|||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli,
|
static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
RPC_HDR_AUTH *pauth_out,
|
RPC_HDR_AUTH *pauth_out,
|
||||||
prs_struct *auth_data)
|
prs_struct *auth_data)
|
||||||
{
|
{
|
||||||
@ -1760,7 +1760,7 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli,
|
|||||||
const struct ndr_syntax_id *abstract,
|
const struct ndr_syntax_id *abstract,
|
||||||
const struct ndr_syntax_id *transfer,
|
const struct ndr_syntax_id *transfer,
|
||||||
enum pipe_auth_type auth_type,
|
enum pipe_auth_type auth_type,
|
||||||
enum pipe_auth_level auth_level)
|
enum dcerpc_AuthLevel auth_level)
|
||||||
{
|
{
|
||||||
RPC_HDR_AUTH hdr_auth;
|
RPC_HDR_AUTH hdr_auth;
|
||||||
prs_struct auth_info;
|
prs_struct auth_info;
|
||||||
@ -1856,7 +1856,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch (cli->auth->auth_level) {
|
switch (cli->auth->auth_level) {
|
||||||
case PIPE_AUTH_LEVEL_PRIVACY:
|
case DCERPC_AUTH_LEVEL_PRIVACY:
|
||||||
/* Data portion is encrypted. */
|
/* Data portion is encrypted. */
|
||||||
status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
|
status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
|
||||||
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
|
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
|
||||||
@ -1870,7 +1870,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case PIPE_AUTH_LEVEL_INTEGRITY:
|
case DCERPC_AUTH_LEVEL_INTEGRITY:
|
||||||
/* Data is signed. */
|
/* Data is signed. */
|
||||||
status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
|
status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
|
||||||
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
|
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
|
||||||
@ -1938,8 +1938,8 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch (cli->auth->auth_level) {
|
switch (cli->auth->auth_level) {
|
||||||
case PIPE_AUTH_LEVEL_PRIVACY:
|
case DCERPC_AUTH_LEVEL_PRIVACY:
|
||||||
case PIPE_AUTH_LEVEL_INTEGRITY:
|
case DCERPC_AUTH_LEVEL_INTEGRITY:
|
||||||
DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
|
DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
|
||||||
sas->seq_num));
|
sas->seq_num));
|
||||||
|
|
||||||
@ -1998,8 +1998,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
switch (cli->auth->auth_level) {
|
switch (cli->auth->auth_level) {
|
||||||
case PIPE_AUTH_LEVEL_NONE:
|
case DCERPC_AUTH_LEVEL_NONE:
|
||||||
case PIPE_AUTH_LEVEL_CONNECT:
|
case DCERPC_AUTH_LEVEL_CONNECT:
|
||||||
data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN;
|
data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN;
|
||||||
data_len = MIN(data_space, data_left);
|
data_len = MIN(data_space, data_left);
|
||||||
*p_ss_padding = 0;
|
*p_ss_padding = 0;
|
||||||
@ -2007,8 +2007,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli,
|
|||||||
*p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + data_len;
|
*p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + data_len;
|
||||||
return data_len;
|
return data_len;
|
||||||
|
|
||||||
case PIPE_AUTH_LEVEL_INTEGRITY:
|
case DCERPC_AUTH_LEVEL_INTEGRITY:
|
||||||
case PIPE_AUTH_LEVEL_PRIVACY:
|
case DCERPC_AUTH_LEVEL_PRIVACY:
|
||||||
/* Treat the same for all authenticated rpc requests. */
|
/* Treat the same for all authenticated rpc requests. */
|
||||||
switch(cli->auth->auth_type) {
|
switch(cli->auth->auth_type) {
|
||||||
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
|
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
|
||||||
@ -2404,7 +2404,7 @@ static bool check_bind_response(RPC_HDR_BA *hdr_ba,
|
|||||||
static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
|
static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
|
||||||
uint32 rpc_call_id,
|
uint32 rpc_call_id,
|
||||||
enum pipe_auth_type auth_type,
|
enum pipe_auth_type auth_type,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
DATA_BLOB *pauth_blob,
|
DATA_BLOB *pauth_blob,
|
||||||
prs_struct *rpc_out)
|
prs_struct *rpc_out)
|
||||||
{
|
{
|
||||||
@ -2464,7 +2464,7 @@ static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
|
|||||||
static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id,
|
static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id,
|
||||||
const struct ndr_syntax_id *abstract,
|
const struct ndr_syntax_id *abstract,
|
||||||
const struct ndr_syntax_id *transfer,
|
const struct ndr_syntax_id *transfer,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */
|
const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */
|
||||||
prs_struct *rpc_out)
|
prs_struct *rpc_out)
|
||||||
{
|
{
|
||||||
@ -2980,7 +2980,7 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
result->auth_type = PIPE_AUTH_TYPE_NONE;
|
result->auth_type = PIPE_AUTH_TYPE_NONE;
|
||||||
result->auth_level = PIPE_AUTH_LEVEL_NONE;
|
result->auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||||
|
|
||||||
result->user_name = talloc_strdup(result, "");
|
result->user_name = talloc_strdup(result, "");
|
||||||
result->domain = talloc_strdup(result, "");
|
result->domain = talloc_strdup(result, "");
|
||||||
@ -3001,7 +3001,7 @@ static int cli_auth_ntlmssp_data_destructor(struct cli_pipe_auth_data *auth)
|
|||||||
|
|
||||||
NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
|
NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
|
||||||
enum pipe_auth_type auth_type,
|
enum pipe_auth_type auth_type,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -3053,9 +3053,9 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
|
|||||||
result->a_u.ntlmssp_state->neg_flags &=
|
result->a_u.ntlmssp_state->neg_flags &=
|
||||||
~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
|
~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
|
||||||
|
|
||||||
if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
|
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
|
||||||
result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
|
result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
|
||||||
} else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
|
} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||||
result->a_u.ntlmssp_state->neg_flags
|
result->a_u.ntlmssp_state->neg_flags
|
||||||
|= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN;
|
|= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN;
|
||||||
}
|
}
|
||||||
@ -3069,7 +3069,7 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
|
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const uint8_t sess_key[16],
|
const uint8_t sess_key[16],
|
||||||
struct cli_pipe_auth_data **presult)
|
struct cli_pipe_auth_data **presult)
|
||||||
{
|
{
|
||||||
@ -3116,7 +3116,7 @@ static int cli_auth_kerberos_data_destructor(struct kerberos_auth_struct *auth)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
|
NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *service_princ,
|
const char *service_princ,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -3702,7 +3702,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
|
|||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_type auth_type,
|
enum pipe_auth_type auth_type,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -3755,7 +3755,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
|
|||||||
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -3780,7 +3780,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
|
|||||||
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -3889,7 +3889,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli,
|
|||||||
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
struct netlogon_creds_CredentialState **pdc,
|
struct netlogon_creds_CredentialState **pdc,
|
||||||
struct rpc_pipe_client **presult)
|
struct rpc_pipe_client **presult)
|
||||||
@ -3959,7 +3959,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
|
|||||||
|
|
||||||
status = cli_rpc_pipe_open_spnego_ntlmssp(
|
status = cli_rpc_pipe_open_spnego_ntlmssp(
|
||||||
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
domain, username, password, &netlogon_pipe);
|
domain, username, password, &netlogon_pipe);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
return status;
|
return status;
|
||||||
@ -3985,7 +3985,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
|
|||||||
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
@ -4026,7 +4026,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
|
|||||||
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum dcerpc_transport_t transport,
|
enum dcerpc_transport_t transport,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *domain,
|
const char *domain,
|
||||||
struct rpc_pipe_client **presult)
|
struct rpc_pipe_client **presult)
|
||||||
{
|
{
|
||||||
@ -4066,7 +4066,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
|
|||||||
|
|
||||||
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
|
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
|
||||||
const struct ndr_syntax_id *interface,
|
const struct ndr_syntax_id *interface,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
const char *service_princ,
|
const char *service_princ,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *password,
|
const char *password,
|
||||||
|
|||||||
@ -1071,7 +1071,7 @@ bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_
|
|||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
static void schannel_digest(struct schannel_auth_struct *a,
|
static void schannel_digest(struct schannel_auth_struct *a,
|
||||||
enum pipe_auth_level auth_level,
|
enum dcerpc_AuthLevel auth_level,
|
||||||
struct NL_AUTH_SIGNATURE *verf,
|
struct NL_AUTH_SIGNATURE *verf,
|
||||||
char *data, size_t data_len,
|
char *data, size_t data_len,
|
||||||
uchar digest_final[16])
|
uchar digest_final[16])
|
||||||
@ -1095,7 +1095,7 @@ static void schannel_digest(struct schannel_auth_struct *a,
|
|||||||
out of order */
|
out of order */
|
||||||
MD5Update(&ctx3, zeros, sizeof(zeros));
|
MD5Update(&ctx3, zeros, sizeof(zeros));
|
||||||
MD5Update(&ctx3, sig, 8);
|
MD5Update(&ctx3, sig, 8);
|
||||||
if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
|
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||||
MD5Update(&ctx3, verf->Confounder, sizeof(verf->Confounder));
|
MD5Update(&ctx3, verf->Confounder, sizeof(verf->Confounder));
|
||||||
}
|
}
|
||||||
MD5Update(&ctx3, (const unsigned char *)data, data_len);
|
MD5Update(&ctx3, (const unsigned char *)data, data_len);
|
||||||
@ -1169,7 +1169,7 @@ static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
|
|||||||
quite compatible with what MS does.
|
quite compatible with what MS does.
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
|
void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
|
||||||
enum schannel_direction direction,
|
enum schannel_direction direction,
|
||||||
struct NL_AUTH_SIGNATURE *verf,
|
struct NL_AUTH_SIGNATURE *verf,
|
||||||
char *data, size_t data_len)
|
char *data, size_t data_len)
|
||||||
@ -1199,7 +1199,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
|
|||||||
|
|
||||||
dump_data_pw("verf->SequenceNumber:\n", verf->SequenceNumber, sizeof(verf->SequenceNumber));
|
dump_data_pw("verf->SequenceNumber:\n", verf->SequenceNumber, sizeof(verf->SequenceNumber));
|
||||||
|
|
||||||
if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
|
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||||
verf->SealAlgorithm = NL_SEAL_RC4;
|
verf->SealAlgorithm = NL_SEAL_RC4;
|
||||||
} else {
|
} else {
|
||||||
verf->SealAlgorithm = NL_SEAL_NONE;
|
verf->SealAlgorithm = NL_SEAL_NONE;
|
||||||
@ -1217,7 +1217,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
|
|||||||
schannel_digest(a, auth_level, verf, data, data_len, digest_final);
|
schannel_digest(a, auth_level, verf, data, data_len, digest_final);
|
||||||
memcpy(verf->Checksum, digest_final, sizeof(verf->Checksum));
|
memcpy(verf->Checksum, digest_final, sizeof(verf->Checksum));
|
||||||
|
|
||||||
if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
|
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||||
uchar sealing_key[16];
|
uchar sealing_key[16];
|
||||||
|
|
||||||
/* get the key to encode the data with */
|
/* get the key to encode the data with */
|
||||||
@ -1249,7 +1249,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
|
|||||||
as well as decode sealed messages
|
as well as decode sealed messages
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
|
bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
|
||||||
enum schannel_direction direction,
|
enum schannel_direction direction,
|
||||||
struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len)
|
struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len)
|
||||||
{
|
{
|
||||||
@ -1263,7 +1263,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
|
|||||||
|
|
||||||
DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
|
DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
|
||||||
|
|
||||||
if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
|
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||||
schannel_sig = schannel_seal_sig;
|
schannel_sig = schannel_seal_sig;
|
||||||
} else {
|
} else {
|
||||||
schannel_sig = schannel_sign_sig;
|
schannel_sig = schannel_sign_sig;
|
||||||
@ -1317,7 +1317,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
|
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||||
uchar sealing_key[16];
|
uchar sealing_key[16];
|
||||||
|
|
||||||
/* get the key to extract the data with */
|
/* get the key to extract the data with */
|
||||||
|
|||||||
@ -595,8 +595,8 @@ static NTSTATUS netr_creds_server_step_check(pipes_struct *p,
|
|||||||
struct tdb_context *tdb;
|
struct tdb_context *tdb;
|
||||||
bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
|
bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
|
||||||
bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* &&
|
bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* &&
|
||||||
(p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY ||
|
(p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY ||
|
||||||
p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY); */
|
p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY); */
|
||||||
|
|
||||||
tdb = open_schannel_session_store(mem_ctx);
|
tdb = open_schannel_session_store(mem_ctx);
|
||||||
if (!tdb) {
|
if (!tdb) {
|
||||||
|
|||||||
@ -196,7 +196,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
|
|||||||
} else {
|
} else {
|
||||||
auth_type = RPC_SPNEGO_AUTH_TYPE;
|
auth_type = RPC_SPNEGO_AUTH_TYPE;
|
||||||
}
|
}
|
||||||
if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
|
if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||||
auth_level = RPC_AUTH_LEVEL_PRIVACY;
|
auth_level = RPC_AUTH_LEVEL_PRIVACY;
|
||||||
} else {
|
} else {
|
||||||
auth_level = RPC_AUTH_LEVEL_INTEGRITY;
|
auth_level = RPC_AUTH_LEVEL_INTEGRITY;
|
||||||
@ -213,7 +213,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
|
|||||||
/* Generate the sign blob. */
|
/* Generate the sign blob. */
|
||||||
|
|
||||||
switch (p->auth.auth_level) {
|
switch (p->auth.auth_level) {
|
||||||
case PIPE_AUTH_LEVEL_PRIVACY:
|
case DCERPC_AUTH_LEVEL_PRIVACY:
|
||||||
/* Data portion is encrypted. */
|
/* Data portion is encrypted. */
|
||||||
status = ntlmssp_seal_packet(
|
status = ntlmssp_seal_packet(
|
||||||
a->ntlmssp_state,
|
a->ntlmssp_state,
|
||||||
@ -229,7 +229,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case PIPE_AUTH_LEVEL_INTEGRITY:
|
case DCERPC_AUTH_LEVEL_INTEGRITY:
|
||||||
/* Data is signed. */
|
/* Data is signed. */
|
||||||
status = ntlmssp_sign_packet(
|
status = ntlmssp_sign_packet(
|
||||||
a->ntlmssp_state,
|
a->ntlmssp_state,
|
||||||
@ -415,7 +415,7 @@ static bool create_next_pdu_schannel(pipes_struct *p)
|
|||||||
|
|
||||||
init_rpc_hdr_auth(&auth_info,
|
init_rpc_hdr_auth(&auth_info,
|
||||||
RPC_SCHANNEL_AUTH_TYPE,
|
RPC_SCHANNEL_AUTH_TYPE,
|
||||||
p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY ?
|
p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY ?
|
||||||
RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY,
|
RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY,
|
||||||
ss_padding_len, 1);
|
ss_padding_len, 1);
|
||||||
|
|
||||||
@ -589,8 +589,8 @@ static bool create_next_pdu_noauth(pipes_struct *p)
|
|||||||
bool create_next_pdu(pipes_struct *p)
|
bool create_next_pdu(pipes_struct *p)
|
||||||
{
|
{
|
||||||
switch(p->auth.auth_level) {
|
switch(p->auth.auth_level) {
|
||||||
case PIPE_AUTH_LEVEL_NONE:
|
case DCERPC_AUTH_LEVEL_NONE:
|
||||||
case PIPE_AUTH_LEVEL_CONNECT:
|
case DCERPC_AUTH_LEVEL_CONNECT:
|
||||||
/* This is incorrect for auth level connect. Fixme. JRA */
|
/* This is incorrect for auth level connect. Fixme. JRA */
|
||||||
return create_next_pdu_noauth(p);
|
return create_next_pdu_noauth(p);
|
||||||
|
|
||||||
@ -647,7 +647,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
|
|||||||
ensure the underlying NTLMSSP flags are also set. If not we should
|
ensure the underlying NTLMSSP flags are also set. If not we should
|
||||||
refuse the bind. */
|
refuse the bind. */
|
||||||
|
|
||||||
if (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
|
if (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
|
||||||
if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
|
if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
|
||||||
DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested "
|
DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested "
|
||||||
"but client declined signing.\n",
|
"but client declined signing.\n",
|
||||||
@ -655,7 +655,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
|
if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||||
if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
|
if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
|
||||||
DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested "
|
DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested "
|
||||||
"but client declined sealing.\n",
|
"but client declined sealing.\n",
|
||||||
@ -840,7 +840,7 @@ static bool setup_bind_nak(pipes_struct *p)
|
|||||||
if (p->auth.auth_data_free_func) {
|
if (p->auth.auth_data_free_func) {
|
||||||
(*p->auth.auth_data_free_func)(&p->auth);
|
(*p->auth.auth_data_free_func)(&p->auth);
|
||||||
}
|
}
|
||||||
p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
|
p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||||
p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
|
p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
|
||||||
p->pipe_bound = False;
|
p->pipe_bound = False;
|
||||||
|
|
||||||
@ -1690,10 +1690,10 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
|
|||||||
/* Work out if we have to sign or seal etc. */
|
/* Work out if we have to sign or seal etc. */
|
||||||
switch (auth_info.auth_level) {
|
switch (auth_info.auth_level) {
|
||||||
case RPC_AUTH_LEVEL_INTEGRITY:
|
case RPC_AUTH_LEVEL_INTEGRITY:
|
||||||
p->auth.auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
|
p->auth.auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
|
||||||
break;
|
break;
|
||||||
case RPC_AUTH_LEVEL_PRIVACY:
|
case RPC_AUTH_LEVEL_PRIVACY:
|
||||||
p->auth.auth_level = PIPE_AUTH_LEVEL_PRIVACY;
|
p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
DEBUG(0,("api_pipe_bind_req: unexpected auth level (%u).\n",
|
DEBUG(0,("api_pipe_bind_req: unexpected auth level (%u).\n",
|
||||||
@ -1731,7 +1731,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
|
|||||||
/* We're finished - no more packets. */
|
/* We're finished - no more packets. */
|
||||||
p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
|
p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
|
||||||
/* We must set the pipe auth_level here also. */
|
/* We must set the pipe auth_level here also. */
|
||||||
p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
|
p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||||
p->pipe_bound = True;
|
p->pipe_bound = True;
|
||||||
/* The session key was initialized from the SMB
|
/* The session key was initialized from the SMB
|
||||||
* session in make_internal_rpc_pipe_p */
|
* session in make_internal_rpc_pipe_p */
|
||||||
@ -2042,7 +2042,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
|
|||||||
|
|
||||||
*pstatus = NT_STATUS_OK;
|
*pstatus = NT_STATUS_OK;
|
||||||
|
|
||||||
if (p->auth.auth_level == PIPE_AUTH_LEVEL_NONE || p->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) {
|
if (p->auth.auth_level == DCERPC_AUTH_LEVEL_NONE || p->auth.auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
|
||||||
return True;
|
return True;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2091,7 +2091,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
|
|||||||
auth_blob.length = auth_len;
|
auth_blob.length = auth_len;
|
||||||
|
|
||||||
switch (p->auth.auth_level) {
|
switch (p->auth.auth_level) {
|
||||||
case PIPE_AUTH_LEVEL_PRIVACY:
|
case DCERPC_AUTH_LEVEL_PRIVACY:
|
||||||
/* Data is encrypted. */
|
/* Data is encrypted. */
|
||||||
*pstatus = ntlmssp_unseal_packet(a->ntlmssp_state,
|
*pstatus = ntlmssp_unseal_packet(a->ntlmssp_state,
|
||||||
data, data_len,
|
data, data_len,
|
||||||
@ -2102,7 +2102,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case PIPE_AUTH_LEVEL_INTEGRITY:
|
case DCERPC_AUTH_LEVEL_INTEGRITY:
|
||||||
/* Data is signed. */
|
/* Data is signed. */
|
||||||
*pstatus = ntlmssp_check_packet(a->ntlmssp_state,
|
*pstatus = ntlmssp_check_packet(a->ntlmssp_state,
|
||||||
data, data_len,
|
data, data_len,
|
||||||
|
|||||||
@ -2741,7 +2741,7 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
|
|||||||
return NT_STATUS_ACCESS_DENIED;
|
return NT_STATUS_ACCESS_DENIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (p->auth.auth_level != PIPE_AUTH_LEVEL_PRIVACY) {
|
if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||||
return NT_STATUS_ACCESS_DENIED;
|
return NT_STATUS_ACCESS_DENIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -26,7 +26,7 @@
|
|||||||
DOM_SID domain_sid;
|
DOM_SID domain_sid;
|
||||||
|
|
||||||
static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
|
static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
|
||||||
static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
|
static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||||
static unsigned int timeout = 0;
|
static unsigned int timeout = 0;
|
||||||
static enum dcerpc_transport_t default_transport = NCACN_NP;
|
static enum dcerpc_transport_t default_transport = NCACN_NP;
|
||||||
|
|
||||||
@ -380,7 +380,7 @@ static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
|||||||
{
|
{
|
||||||
const char *type = "NTLMSSP";
|
const char *type = "NTLMSSP";
|
||||||
|
|
||||||
pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
|
pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
|
||||||
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
|
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
|
||||||
|
|
||||||
if (argc > 2) {
|
if (argc > 2) {
|
||||||
@ -412,7 +412,7 @@ static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
|||||||
{
|
{
|
||||||
const char *type = "NTLMSSP";
|
const char *type = "NTLMSSP";
|
||||||
|
|
||||||
pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
|
pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
|
||||||
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
|
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
|
||||||
|
|
||||||
if (argc > 2) {
|
if (argc > 2) {
|
||||||
@ -475,7 +475,7 @@ static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
|||||||
static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
||||||
int argc, const char **argv)
|
int argc, const char **argv)
|
||||||
{
|
{
|
||||||
pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
|
pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||||
pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
|
pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
|
||||||
|
|
||||||
return cmd_set_ss_level();
|
return cmd_set_ss_level();
|
||||||
@ -485,7 +485,7 @@ static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
|
|||||||
int argc, const char **argv)
|
int argc, const char **argv)
|
||||||
{
|
{
|
||||||
d_printf("Setting schannel - sign and seal\n");
|
d_printf("Setting schannel - sign and seal\n");
|
||||||
pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
|
pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
|
||||||
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
|
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
|
||||||
|
|
||||||
return cmd_set_ss_level();
|
return cmd_set_ss_level();
|
||||||
@ -495,7 +495,7 @@ static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c
|
|||||||
int argc, const char **argv)
|
int argc, const char **argv)
|
||||||
{
|
{
|
||||||
d_printf("Setting schannel - sign only\n");
|
d_printf("Setting schannel - sign only\n");
|
||||||
pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
|
pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
|
||||||
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
|
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
|
||||||
|
|
||||||
return cmd_set_ss_level();
|
return cmd_set_ss_level();
|
||||||
|
|||||||
@ -159,7 +159,7 @@ int run_rpc_command(struct net_context *c,
|
|||||||
/* Always try and create an schannel netlogon pipe. */
|
/* Always try and create an schannel netlogon pipe. */
|
||||||
nt_status = cli_rpc_pipe_open_schannel(
|
nt_status = cli_rpc_pipe_open_schannel(
|
||||||
cli, interface, NCACN_NP,
|
cli, interface, NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY, domain_name,
|
DCERPC_AUTH_LEVEL_PRIVACY, domain_name,
|
||||||
&pipe_hnd);
|
&pipe_hnd);
|
||||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||||
DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
|
DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
|
||||||
@ -172,7 +172,7 @@ int run_rpc_command(struct net_context *c,
|
|||||||
cli, interface,
|
cli, interface,
|
||||||
(conn_flags & NET_FLAGS_TCP) ?
|
(conn_flags & NET_FLAGS_TCP) ?
|
||||||
NCACN_IP_TCP : NCACN_NP,
|
NCACN_IP_TCP : NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
lp_workgroup(), c->opt_user_name,
|
lp_workgroup(), c->opt_user_name,
|
||||||
c->opt_password, &pipe_hnd);
|
c->opt_password, &pipe_hnd);
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -102,7 +102,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain,
|
|||||||
|
|
||||||
ntret = cli_rpc_pipe_open_schannel_with_key(
|
ntret = cli_rpc_pipe_open_schannel_with_key(
|
||||||
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
domain, &netlogon_pipe->dc, &pipe_hnd);
|
domain, &netlogon_pipe->dc, &pipe_hnd);
|
||||||
|
|
||||||
if (!NT_STATUS_IS_OK(ntret)) {
|
if (!NT_STATUS_IS_OK(ntret)) {
|
||||||
@ -420,7 +420,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
|
|||||||
|
|
||||||
result = cli_rpc_pipe_open_schannel_with_key(
|
result = cli_rpc_pipe_open_schannel_with_key(
|
||||||
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc,
|
DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc,
|
||||||
&netlogon_schannel_pipe);
|
&netlogon_schannel_pipe);
|
||||||
|
|
||||||
if (!NT_STATUS_IS_OK(result)) {
|
if (!NT_STATUS_IS_OK(result)) {
|
||||||
|
|||||||
@ -2056,7 +2056,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
|
|||||||
result = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli,
|
result = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli,
|
||||||
&ndr_table_samr.syntax_id,
|
&ndr_table_samr.syntax_id,
|
||||||
NCACN_NP,
|
NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
domain_name,
|
domain_name,
|
||||||
machine_account,
|
machine_account,
|
||||||
machine_password,
|
machine_password,
|
||||||
@ -2100,7 +2100,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
|
|||||||
}
|
}
|
||||||
result = cli_rpc_pipe_open_schannel_with_key
|
result = cli_rpc_pipe_open_schannel_with_key
|
||||||
(conn->cli, &ndr_table_samr.syntax_id, NCACN_NP,
|
(conn->cli, &ndr_table_samr.syntax_id, NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
domain->name, &p_creds, &conn->samr_pipe);
|
domain->name, &p_creds, &conn->samr_pipe);
|
||||||
|
|
||||||
if (!NT_STATUS_IS_OK(result)) {
|
if (!NT_STATUS_IS_OK(result)) {
|
||||||
@ -2196,7 +2196,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
|
|||||||
* authenticated LSA pipe with sign & seal. */
|
* authenticated LSA pipe with sign & seal. */
|
||||||
result = cli_rpc_pipe_open_spnego_ntlmssp
|
result = cli_rpc_pipe_open_spnego_ntlmssp
|
||||||
(conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
|
(conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
conn->cli->domain, conn->cli->user_name, conn->cli->password,
|
conn->cli->domain, conn->cli->user_name, conn->cli->password,
|
||||||
&conn->lsa_pipe);
|
&conn->lsa_pipe);
|
||||||
|
|
||||||
@ -2237,7 +2237,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
|
|||||||
}
|
}
|
||||||
result = cli_rpc_pipe_open_schannel_with_key
|
result = cli_rpc_pipe_open_schannel_with_key
|
||||||
(conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
|
(conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||||
domain->name, &p_creds, &conn->lsa_pipe);
|
domain->name, &p_creds, &conn->lsa_pipe);
|
||||||
|
|
||||||
if (!NT_STATUS_IS_OK(result)) {
|
if (!NT_STATUS_IS_OK(result)) {
|
||||||
@ -2384,7 +2384,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
|
|||||||
|
|
||||||
result = cli_rpc_pipe_open_schannel_with_key(
|
result = cli_rpc_pipe_open_schannel_with_key(
|
||||||
conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc,
|
DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc,
|
||||||
&conn->netlogon_pipe);
|
&conn->netlogon_pipe);
|
||||||
|
|
||||||
/* We can now close the initial netlogon pipe. */
|
/* We can now close the initial netlogon pipe. */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user