2025-02-25 17:57:42 +03:00 · 2014-01-13 10:16:40 +01:00 · 2014-01-13 10:16:40 +01:00 · dd42daa98d
commit dd42daa98d
parent 9b2dc0e46c
2 changed files with 11 additions and 21 deletions
--- a/selftest/knownfail
+++ b/selftest/knownfail
@ -33,15 +33,6 @@
 # see bug 8412
 ^samba3.smb2.rename.*.simple_nodelete
 ^samba3.smb2.rename.*.no_share_delete_no_delete_access
-#These rpcclient combinations (pipe-level authentication but without sign or seal) need fixing in s3
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,bigendian\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,connect\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,connect,bigendian\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,smb2\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,smb2,bigendian\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,connect,smb2\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,connect,smb2,bigendian\]
 ^samba3.blackbox.smbclient_machine_auth.plain \(s3dc:local\)# the S3dc does not currently set up a self-join
 ^samba3.raw.samba3hide.samba3hide\((s3dc|plugin_s4_dc)\) # This test fails against an smbd environment with NT ACLs enabled
 ^samba3.raw.samba3closeerr.samba3closeerr\(s3dc\) # This test fails against an smbd environment with NT ACLs enabled
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@ -1065,6 +1065,10 @@ out_free:
 		binding->transport = NCACN_NP;
 	}

+	if (binding->flags & DCERPC_CONNECT) {
+		pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+		pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+	}
 	if (binding->flags & DCERPC_SIGN) {
 		pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
 		pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
@ -1078,12 +1082,6 @@ out_free:
 		pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
 	}
 	if (binding->flags & DCERPC_AUTH_NTLM) {
-		/* If neither Integrity or Privacy are requested then
-		 * Use just Connect level */
-		if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
-			pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
-		}
-
 		if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
 			pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
 		} else {
@ -1091,18 +1089,19 @@ out_free:
 		}
 	}
 	if (binding->flags & DCERPC_AUTH_KRB5) {
-		/* If neither Integrity or Privacy are requested then
-		 * Use just Connect level */
-		if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
-			pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
-		}
-
 		if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
 			pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
 		} else {
 			pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
 		}
 	}
+	if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) {
+		/* If neither Integrity or Privacy are requested then
+		 * Use just Connect level */
+		if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
+			pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+		}
+	}

 	if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) {
 		flags |= CLI_FULL_CONNECTION_USE_KERBEROS |