sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-25 17:57:42 +03:00
Code

s4:librpc: use authenticated epmapping for ncacn_http

Browse Source 
We need to authenticate against the RpcProxy.
In future we could have a way to specify alternative credentials
for the RpcProxy and HttpProxy.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 23 01:34:05 CEST 2014 on sn-devel-104
This commit is contained in:
Stefan Metzmacher 2014-09-21 09:20:26 +02:00
parent 3b18dea131
commit f65c1f0e2f
4 changed files with 38 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
source4/libnet/libnet_rpc.c
View File

@ -25,7 +25,7 @@
#include "librpc/rpc/dcerpc_proto.h"
#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "librpc/gen_ndr/ndr_samr.h"
#include "auth/credentials/credentials.h"
struct rpc_connect_srv_state {
struct libnet_context *ctx;
@ -783,13 +783,19 @@ static void continue_epm_map_binding_send(struct composite_context *c)
{
struct rpc_connect_dci_state *s;
struct composite_context *epm_map_req;
struct cli_credentials *epm_creds = NULL;
s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
/* prepare to get endpoint mapping for the requested interface */
s->final_binding = dcerpc_binding_dup(s, s->lsa_pipe->binding);
if (composite_nomem(s->final_binding, c)) return;
epm_creds = cli_credentials_init_anon(s);
if (composite_nomem(epm_creds, c)) return;
epm_map_req = dcerpc_epm_map_binding_send(c, s->final_binding, s->r.in.dcerpc_iface,
epm_creds,
s->ctx->event_ctx, s->ctx->lp_ctx);
if (composite_nomem(epm_map_req, c)) return;

12
source4/librpc/rpc/dcerpc_connect.c
View File

@ -1005,6 +1005,7 @@ _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent
struct pipe_connect_state *s;
enum dcerpc_transport_t transport;
const char *endpoint = NULL;
struct cli_credentials *epm_creds = NULL;
/* composite context allocation and setup */
c = composite_create(parent_ctx, ev);
@ -1042,9 +1043,17 @@ _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent
switch (transport) {
case NCACN_NP:
case NCACN_IP_TCP:
case NCACN_HTTP:
case NCALRPC:
endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
/* anonymous credentials for rpc connection used to get endpoint mapping */
epm_creds = cli_credentials_init_anon(s);
if (composite_nomem(epm_creds, c)) return c;
break;
case NCACN_HTTP:
endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
epm_creds = credentials;
break;
default:
break;
@ -1054,6 +1063,7 @@ _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent
struct composite_context *binding_req;
binding_req = dcerpc_epm_map_binding_send(c, s->binding, s->table,
epm_creds,
s->pipe->conn->event_ctx,
s->lp_ctx);
composite_continue(c, binding_req, continue_map_binding, c);

7
source4/librpc/rpc/dcerpc_schannel.c
View File

@ -312,7 +312,8 @@ static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
struct schannel_key_state *s;
struct composite_context *epm_map_req;
enum netr_SchannelType schannel_type = cli_credentials_get_secure_channel_type(credentials);
struct cli_credentials *epm_creds = NULL;
/* composite context allocation and setup */
c = composite_create(mem_ctx, p->conn->event_ctx);
if (c == NULL) return NULL;
@ -345,6 +346,9 @@ static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
s->local_negotiate_flags |= NETLOGON_NEG_RODC_PASSTHROUGH;
}
epm_creds = cli_credentials_init_anon(s);
if (composite_nomem(epm_creds, c)) return c;
/* allocate binding structure */
s->binding = dcerpc_binding_dup(s, s->pipe->binding);
if (composite_nomem(s->binding, c)) return c;
@ -352,6 +356,7 @@ static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
/* request the netlogon endpoint mapping */
epm_map_req = dcerpc_epm_map_binding_send(c, s->binding,
&ndr_table_netlogon,
epm_creds,
s->pipe->conn->event_ctx,
lp_ctx);
if (composite_nomem(epm_map_req, c)) return c;

20
source4/librpc/rpc/dcerpc_util.c
View File

@ -222,13 +222,13 @@ static void continue_epm_map(struct tevent_req *subreq)
struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx,
struct dcerpc_binding *binding,
const struct ndr_interface_table *table,
struct cli_credentials *creds,
struct tevent_context *ev,
struct loadparm_context *lp_ctx)
{
struct composite_context *c;
struct epm_map_binding_state *s;
struct composite_context *pipe_connect_req;
struct cli_credentials *anon_creds;
NTSTATUS status;
struct dcerpc_binding *epmapper_binding;
int i;
@ -308,10 +308,6 @@ struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx,
return c;
}
/* anonymous credentials for rpc connection used to get endpoint mapping */
anon_creds = cli_credentials_init_anon(s);
if (composite_nomem(anon_creds, c)) return c;
epmapper_binding = dcerpc_binding_dup(s, binding);
if (composite_nomem(epmapper_binding, c)) return c;
@ -337,7 +333,7 @@ struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx,
/* initiate rpc pipe connection */
pipe_connect_req = dcerpc_pipe_connect_b_send(s, epmapper_binding,
&ndr_table_epmapper,
anon_creds, c->event_ctx,
creds, c->event_ctx,
lp_ctx);
if (composite_nomem(pipe_connect_req, c)) return c;
@ -366,8 +362,18 @@ _PUBLIC_ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_bind
struct loadparm_context *lp_ctx)
{
struct composite_context *c;
struct cli_credentials *epm_creds;
c = dcerpc_epm_map_binding_send(mem_ctx, binding, table, ev, lp_ctx);
epm_creds = cli_credentials_init_anon(mem_ctx);
if (epm_creds == NULL) {
return NT_STATUS_NO_MEMORY;
}
c = dcerpc_epm_map_binding_send(mem_ctx, binding, table, epm_creds, ev, lp_ctx);
if (c == NULL) {
talloc_free(epm_creds);
return NT_STATUS_NO_MEMORY;
}
talloc_steal(c, epm_creds);
return dcerpc_epm_map_binding_recv(c);
}