1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.

Guenther
This commit is contained in:
Günther Deschner 2009-09-14 20:39:54 +02:00
parent 668470c992
commit d3af0346c8
16 changed files with 93 additions and 100 deletions

View File

@ -177,7 +177,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
/* We also setup the creds chain in the open_schannel call. */
result = cli_rpc_pipe_open_schannel(
*cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
DCERPC_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
} else {
result = cli_rpc_pipe_open_noauth(
*cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe);

View File

@ -47,7 +47,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
}
status = rpccli_schannel_bind_data(p, lp_workgroup(),
PIPE_AUTH_LEVEL_PRIVACY,
DCERPC_AUTH_LEVEL_PRIVACY,
schannel_key, &auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpccli_schannel_bind_data failed: %s\n",

View File

@ -48,7 +48,7 @@ struct print_job_info {
struct cli_pipe_auth_data {
enum pipe_auth_type auth_type; /* switch for the union below. Defined in ntdomain.h */
enum pipe_auth_level auth_level; /* defined in ntdomain.h */
enum dcerpc_AuthLevel auth_level; /* defined in ntdomain.h */
char *domain;
char *user_name;

View File

@ -132,13 +132,6 @@ typedef struct pipe_rpc_fns {
enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL,
PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 };
/* Possible auth levels - keep these in sync with the wire values. */
enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0,
PIPE_AUTH_LEVEL_CONNECT = 1, /* We treat as NONE. */
PIPE_AUTH_LEVEL_INTEGRITY = 5, /* Sign. */
PIPE_AUTH_LEVEL_PRIVACY = 6 /* Seal. */
};
/* auth state for krb5. */
struct kerberos_auth_struct {
const char *service_principal;
@ -155,7 +148,7 @@ struct schannel_auth_struct {
struct pipe_auth_data {
enum pipe_auth_type auth_type; /* switch for union below. */
enum pipe_auth_level auth_level;
enum dcerpc_AuthLevel auth_level;
union {
struct schannel_auth_struct *schannel_auth;
AUTH_NTLMSSP_STATE *auth_ntlmssp_state;

View File

@ -5291,17 +5291,17 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
struct cli_pipe_auth_data **presult);
NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum pipe_auth_type auth_type,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
struct cli_pipe_auth_data **presult);
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const uint8_t sess_key[16],
struct cli_pipe_auth_data **presult);
NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
@ -5326,7 +5326,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@ -5334,7 +5334,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@ -5346,14 +5346,14 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
struct netlogon_creds_CredentialState **pdc,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@ -5361,12 +5361,12 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
@ -5706,11 +5706,11 @@ bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uin
bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len);
bool prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str);
bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_buf_size);
void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
enum schannel_direction direction,
struct NL_AUTH_SIGNATURE *verf,
char *data, size_t data_len);
bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
enum schannel_direction direction,
struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len);
bool prs_init_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx);

View File

@ -1136,7 +1136,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
status = cli_rpc_pipe_open_schannel_with_key(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
DCERPC_AUTH_LEVEL_PRIVACY,
netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd);
cli_shutdown(cli);

View File

@ -177,7 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
result = cli_rpc_pipe_open_ntlmssp(cli,
&ndr_table_samr.syntax_id,
NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
DCERPC_AUTH_LEVEL_PRIVACY,
domain, user,
old_passwd,
&pipe_hnd);

View File

@ -559,8 +559,8 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr
DATA_BLOB auth_blob;
NTSTATUS status;
if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
|| cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
|| cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
@ -605,7 +605,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr
auth_blob.length = auth_len;
switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data is encrypted. */
status = ntlmssp_unseal_packet(ntlmssp_state,
data, data_len,
@ -620,7 +620,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr
return status;
}
break;
case PIPE_AUTH_LEVEL_INTEGRITY:
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_check_packet(ntlmssp_state,
data, data_len,
@ -679,8 +679,8 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
enum ndr_err_code ndr_err;
DATA_BLOB blob;
if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
|| cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
|| cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
@ -1470,7 +1470,7 @@ static NTSTATUS rpc_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
********************************************************************/
static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
@ -1529,7 +1529,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
********************************************************************/
static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
@ -1576,7 +1576,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client
********************************************************************/
static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
@ -1617,7 +1617,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
********************************************************************/
static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
@ -1760,7 +1760,7 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli,
const struct ndr_syntax_id *abstract,
const struct ndr_syntax_id *transfer,
enum pipe_auth_type auth_type,
enum pipe_auth_level auth_level)
enum dcerpc_AuthLevel auth_level)
{
RPC_HDR_AUTH hdr_auth;
prs_struct auth_info;
@ -1856,7 +1856,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
}
switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
@ -1870,7 +1870,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
}
break;
case PIPE_AUTH_LEVEL_INTEGRITY:
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
@ -1938,8 +1938,8 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
}
switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
case PIPE_AUTH_LEVEL_INTEGRITY:
case DCERPC_AUTH_LEVEL_PRIVACY:
case DCERPC_AUTH_LEVEL_INTEGRITY:
DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
sas->seq_num));
@ -1998,8 +1998,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli,
#endif
switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_NONE:
case PIPE_AUTH_LEVEL_CONNECT:
case DCERPC_AUTH_LEVEL_NONE:
case DCERPC_AUTH_LEVEL_CONNECT:
data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN;
data_len = MIN(data_space, data_left);
*p_ss_padding = 0;
@ -2007,8 +2007,8 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli,
*p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + data_len;
return data_len;
case PIPE_AUTH_LEVEL_INTEGRITY:
case PIPE_AUTH_LEVEL_PRIVACY:
case DCERPC_AUTH_LEVEL_INTEGRITY:
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Treat the same for all authenticated rpc requests. */
switch(cli->auth->auth_type) {
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
@ -2404,7 +2404,7 @@ static bool check_bind_response(RPC_HDR_BA *hdr_ba,
static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
uint32 rpc_call_id,
enum pipe_auth_type auth_type,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
DATA_BLOB *pauth_blob,
prs_struct *rpc_out)
{
@ -2464,7 +2464,7 @@ static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id,
const struct ndr_syntax_id *abstract,
const struct ndr_syntax_id *transfer,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */
prs_struct *rpc_out)
{
@ -2980,7 +2980,7 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
}
result->auth_type = PIPE_AUTH_TYPE_NONE;
result->auth_level = PIPE_AUTH_LEVEL_NONE;
result->auth_level = DCERPC_AUTH_LEVEL_NONE;
result->user_name = talloc_strdup(result, "");
result->domain = talloc_strdup(result, "");
@ -3001,7 +3001,7 @@ static int cli_auth_ntlmssp_data_destructor(struct cli_pipe_auth_data *auth)
NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum pipe_auth_type auth_type,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@ -3053,9 +3053,9 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
result->a_u.ntlmssp_state->neg_flags &=
~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
} else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
result->a_u.ntlmssp_state->neg_flags
|= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN;
}
@ -3069,7 +3069,7 @@ NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
}
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const uint8_t sess_key[16],
struct cli_pipe_auth_data **presult)
{
@ -3116,7 +3116,7 @@ static int cli_auth_kerberos_data_destructor(struct kerberos_auth_struct *auth)
#endif
NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
@ -3702,7 +3702,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_type auth_type,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@ -3755,7 +3755,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@ -3780,7 +3780,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@ -3889,7 +3889,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
struct netlogon_creds_CredentialState **pdc,
struct rpc_pipe_client **presult)
@ -3959,7 +3959,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
status = cli_rpc_pipe_open_spnego_ntlmssp(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
DCERPC_AUTH_LEVEL_PRIVACY,
domain, username, password, &netlogon_pipe);
if (!NT_STATUS_IS_OK(status)) {
return status;
@ -3985,7 +3985,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
@ -4026,7 +4026,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *domain,
struct rpc_pipe_client **presult)
{
@ -4066,7 +4066,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,

View File

@ -1071,7 +1071,7 @@ bool prs_string(const char *name, prs_struct *ps, int depth, char *str, int max_
********************************************************************/
static void schannel_digest(struct schannel_auth_struct *a,
enum pipe_auth_level auth_level,
enum dcerpc_AuthLevel auth_level,
struct NL_AUTH_SIGNATURE *verf,
char *data, size_t data_len,
uchar digest_final[16])
@ -1095,7 +1095,7 @@ static void schannel_digest(struct schannel_auth_struct *a,
out of order */
MD5Update(&ctx3, zeros, sizeof(zeros));
MD5Update(&ctx3, sig, 8);
if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
MD5Update(&ctx3, verf->Confounder, sizeof(verf->Confounder));
}
MD5Update(&ctx3, (const unsigned char *)data, data_len);
@ -1169,7 +1169,7 @@ static void schannel_deal_with_seq_num(struct schannel_auth_struct *a,
quite compatible with what MS does.
********************************************************************/
void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
void schannel_encode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
enum schannel_direction direction,
struct NL_AUTH_SIGNATURE *verf,
char *data, size_t data_len)
@ -1199,7 +1199,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
dump_data_pw("verf->SequenceNumber:\n", verf->SequenceNumber, sizeof(verf->SequenceNumber));
if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
verf->SealAlgorithm = NL_SEAL_RC4;
} else {
verf->SealAlgorithm = NL_SEAL_NONE;
@ -1217,7 +1217,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
schannel_digest(a, auth_level, verf, data, data_len, digest_final);
memcpy(verf->Checksum, digest_final, sizeof(verf->Checksum));
if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
uchar sealing_key[16];
/* get the key to encode the data with */
@ -1249,7 +1249,7 @@ void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
as well as decode sealed messages
********************************************************************/
bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
bool schannel_decode(struct schannel_auth_struct *a, enum dcerpc_AuthLevel auth_level,
enum schannel_direction direction,
struct NL_AUTH_SIGNATURE *verf, char *data, size_t data_len)
{
@ -1263,7 +1263,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
schannel_sig = schannel_seal_sig;
} else {
schannel_sig = schannel_sign_sig;
@ -1317,7 +1317,7 @@ bool schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_l
return False;
}
if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
uchar sealing_key[16];
/* get the key to extract the data with */

View File

@ -595,8 +595,8 @@ static NTSTATUS netr_creds_server_step_check(pipes_struct *p,
struct tdb_context *tdb;
bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* &&
(p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY ||
p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY); */
(p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY ||
p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY); */
tdb = open_schannel_session_store(mem_ctx);
if (!tdb) {

View File

@ -196,7 +196,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
} else {
auth_type = RPC_SPNEGO_AUTH_TYPE;
}
if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
auth_level = RPC_AUTH_LEVEL_PRIVACY;
} else {
auth_level = RPC_AUTH_LEVEL_INTEGRITY;
@ -213,7 +213,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
/* Generate the sign blob. */
switch (p->auth.auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
status = ntlmssp_seal_packet(
a->ntlmssp_state,
@ -229,7 +229,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
return False;
}
break;
case PIPE_AUTH_LEVEL_INTEGRITY:
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_sign_packet(
a->ntlmssp_state,
@ -415,7 +415,7 @@ static bool create_next_pdu_schannel(pipes_struct *p)
init_rpc_hdr_auth(&auth_info,
RPC_SCHANNEL_AUTH_TYPE,
p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY ?
p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY ?
RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY,
ss_padding_len, 1);
@ -589,8 +589,8 @@ static bool create_next_pdu_noauth(pipes_struct *p)
bool create_next_pdu(pipes_struct *p)
{
switch(p->auth.auth_level) {
case PIPE_AUTH_LEVEL_NONE:
case PIPE_AUTH_LEVEL_CONNECT:
case DCERPC_AUTH_LEVEL_NONE:
case DCERPC_AUTH_LEVEL_CONNECT:
/* This is incorrect for auth level connect. Fixme. JRA */
return create_next_pdu_noauth(p);
@ -647,7 +647,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
ensure the underlying NTLMSSP flags are also set. If not we should
refuse the bind. */
if (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
if (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested "
"but client declined signing.\n",
@ -655,7 +655,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
return False;
}
}
if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested "
"but client declined sealing.\n",
@ -840,7 +840,7 @@ static bool setup_bind_nak(pipes_struct *p)
if (p->auth.auth_data_free_func) {
(*p->auth.auth_data_free_func)(&p->auth);
}
p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
p->pipe_bound = False;
@ -1690,10 +1690,10 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
/* Work out if we have to sign or seal etc. */
switch (auth_info.auth_level) {
case RPC_AUTH_LEVEL_INTEGRITY:
p->auth.auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
p->auth.auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
break;
case RPC_AUTH_LEVEL_PRIVACY:
p->auth.auth_level = PIPE_AUTH_LEVEL_PRIVACY;
p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
break;
default:
DEBUG(0,("api_pipe_bind_req: unexpected auth level (%u).\n",
@ -1731,7 +1731,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
/* We're finished - no more packets. */
p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
/* We must set the pipe auth_level here also. */
p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
p->pipe_bound = True;
/* The session key was initialized from the SMB
* session in make_internal_rpc_pipe_p */
@ -2042,7 +2042,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
*pstatus = NT_STATUS_OK;
if (p->auth.auth_level == PIPE_AUTH_LEVEL_NONE || p->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) {
if (p->auth.auth_level == DCERPC_AUTH_LEVEL_NONE || p->auth.auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
return True;
}
@ -2091,7 +2091,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
auth_blob.length = auth_len;
switch (p->auth.auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data is encrypted. */
*pstatus = ntlmssp_unseal_packet(a->ntlmssp_state,
data, data_len,
@ -2102,7 +2102,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
return False;
}
break;
case PIPE_AUTH_LEVEL_INTEGRITY:
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
*pstatus = ntlmssp_check_packet(a->ntlmssp_state,
data, data_len,

View File

@ -2741,7 +2741,7 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
if (p->auth.auth_level != PIPE_AUTH_LEVEL_PRIVACY) {
if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
return NT_STATUS_ACCESS_DENIED;
}

View File

@ -26,7 +26,7 @@
DOM_SID domain_sid;
static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
static unsigned int timeout = 0;
static enum dcerpc_transport_t default_transport = NCACN_NP;
@ -380,7 +380,7 @@ static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
{
const char *type = "NTLMSSP";
pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
@ -412,7 +412,7 @@ static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
{
const char *type = "NTLMSSP";
pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
@ -475,7 +475,7 @@ static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
return cmd_set_ss_level();
@ -485,7 +485,7 @@ static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
d_printf("Setting schannel - sign and seal\n");
pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
return cmd_set_ss_level();
@ -495,7 +495,7 @@ static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c
int argc, const char **argv)
{
d_printf("Setting schannel - sign only\n");
pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
return cmd_set_ss_level();

View File

@ -159,7 +159,7 @@ int run_rpc_command(struct net_context *c,
/* Always try and create an schannel netlogon pipe. */
nt_status = cli_rpc_pipe_open_schannel(
cli, interface, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY, domain_name,
DCERPC_AUTH_LEVEL_PRIVACY, domain_name,
&pipe_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
@ -172,7 +172,7 @@ int run_rpc_command(struct net_context *c,
cli, interface,
(conn_flags & NET_FLAGS_TCP) ?
NCACN_IP_TCP : NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
DCERPC_AUTH_LEVEL_PRIVACY,
lp_workgroup(), c->opt_user_name,
c->opt_password, &pipe_hnd);
} else {

View File

@ -102,7 +102,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain,
ntret = cli_rpc_pipe_open_schannel_with_key(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
DCERPC_AUTH_LEVEL_PRIVACY,
domain, &netlogon_pipe->dc, &pipe_hnd);
if (!NT_STATUS_IS_OK(ntret)) {
@ -420,7 +420,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
result = cli_rpc_pipe_open_schannel_with_key(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc,
DCERPC_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc,
&netlogon_schannel_pipe);
if (!NT_STATUS_IS_OK(result)) {

View File

@ -2056,7 +2056,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
result = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli,
&ndr_table_samr.syntax_id,
NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
DCERPC_AUTH_LEVEL_PRIVACY,
domain_name,
machine_account,
machine_password,
@ -2100,7 +2100,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
}
result = cli_rpc_pipe_open_schannel_with_key
(conn->cli, &ndr_table_samr.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
DCERPC_AUTH_LEVEL_PRIVACY,
domain->name, &p_creds, &conn->samr_pipe);
if (!NT_STATUS_IS_OK(result)) {
@ -2196,7 +2196,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
* authenticated LSA pipe with sign & seal. */
result = cli_rpc_pipe_open_spnego_ntlmssp
(conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
DCERPC_AUTH_LEVEL_PRIVACY,
conn->cli->domain, conn->cli->user_name, conn->cli->password,
&conn->lsa_pipe);
@ -2237,7 +2237,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
}
result = cli_rpc_pipe_open_schannel_with_key
(conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
DCERPC_AUTH_LEVEL_PRIVACY,
domain->name, &p_creds, &conn->lsa_pipe);
if (!NT_STATUS_IS_OK(result)) {
@ -2384,7 +2384,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
result = cli_rpc_pipe_open_schannel_with_key(
conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc,
DCERPC_AUTH_LEVEL_PRIVACY, domain->name, &netlogon_pipe->dc,
&conn->netlogon_pipe);
/* We can now close the initial netlogon pipe. */