svn commit: samba r4962 - in branches/SAMBA_4_0: .
source/librpc/idl source/librpc/rpc
metze at samba.org
metze at samba.org
Mon Jan 24 14:44:15 GMT 2005
Author: metze
Date: 2005-01-24 14:44:15 +0000 (Mon, 24 Jan 2005)
New Revision: 4962
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4962
Log:
add infrastructure to use raw krb5 auth in dcerpc client code
Note this doesn't work currently because the gensec_modules are not ready for that yet
metze
Modified:
branches/SAMBA_4_0/prog_guide.txt
branches/SAMBA_4_0/source/librpc/idl/dcerpc.idl
branches/SAMBA_4_0/source/librpc/rpc/dcerpc.h
branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c
Changeset:
Modified: branches/SAMBA_4_0/prog_guide.txt
===================================================================
--- branches/SAMBA_4_0/prog_guide.txt 2005-01-24 14:33:55 UTC (rev 4961)
+++ branches/SAMBA_4_0/prog_guide.txt 2005-01-24 14:44:15 UTC (rev 4962)
@@ -542,6 +542,7 @@
sign : enable ntlmssp signing
seal : enable ntlmssp sealing
spnego : use SPNEGO instead of NTLMSSP authentication
+ krb5 : use KRB5 instead of NTLMSSP authentication
connect : enable rpc connect level auth (auth, but no sign or seal)
validate : enable the NDR validator
print : enable debugging of the packets
Modified: branches/SAMBA_4_0/source/librpc/idl/dcerpc.idl
===================================================================
--- branches/SAMBA_4_0/source/librpc/idl/dcerpc.idl 2005-01-24 14:33:55 UTC (rev 4961)
+++ branches/SAMBA_4_0/source/librpc/idl/dcerpc.idl 2005-01-24 14:44:15 UTC (rev 4962)
@@ -110,18 +110,19 @@
uint32 status;
} dcerpc_fault;
-
+ /* the auth types we know about
const uint8 DCERPC_AUTH_TYPE_NONE = 0;
- const uint8 DCERPC_AUTH_TYPE_KRB5 = 1;
+ /* this seems to be not krb5! */
+ const uint8 DCERPC_AUTH_TYPE_KRB5_1 = 1;
const uint8 DCERPC_AUTH_TYPE_SPNEGO = 9;
const uint8 DCERPC_AUTH_TYPE_NTLMSSP = 10;
/* I'm not 100% sure but type 16(0x10)
* seems to be raw krb5 --metze
*/
- const uint8 DCERPC_AUTH_TYPE_KRB5_16 = 16;
+ const uint8 DCERPC_AUTH_TYPE_KRB5 = 16;
const uint8 DCERPC_AUTH_TYPE_SCHANNEL = 68;
- const uint8 DCERPC_AUTH_TYPE_MSMQ = 100;
-
+ const uint8 DCERPC_AUTH_TYPE_MSMQ = 100;
+
const uint8 DCERPC_AUTH_LEVEL_DEFAULT = DCERPC_AUTH_LEVEL_CONNECT;
const uint8 DCERPC_AUTH_LEVEL_NONE = 1;
const uint8 DCERPC_AUTH_LEVEL_CONNECT = 2;
Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.h
===================================================================
--- branches/SAMBA_4_0/source/librpc/rpc/dcerpc.h 2005-01-24 14:33:55 UTC (rev 4961)
+++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc.h 2005-01-24 14:44:15 UTC (rev 4962)
@@ -129,11 +129,14 @@
/* set LIBNDR_FLAG_REF_ALLOC flag when decoding NDR */
#define DCERPC_NDR_REF_ALLOC (1<<14)
-#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO)
+#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5)
/* enable spnego auth */
#define DCERPC_AUTH_SPNEGO (1<<15)
+/* enable krb5 auth */
+#define DCERPC_AUTH_KRB5 (1<<16)
+
/*
this is used to find pointers to calls
*/
Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c
===================================================================
--- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c 2005-01-24 14:33:55 UTC (rev 4961)
+++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c 2005-01-24 14:44:15 UTC (rev 4962)
@@ -177,6 +177,7 @@
{"seal", DCERPC_SEAL},
{"connect", DCERPC_CONNECT},
{"spnego", DCERPC_AUTH_SPNEGO},
+ {"krb5", DCERPC_AUTH_KRB5},
{"validate", DCERPC_DEBUG_VALIDATE_BOTH},
{"print", DCERPC_DEBUG_PRINT_BOTH},
{"padcheck", DCERPC_DEBUG_PAD_CHECK},
@@ -797,6 +798,8 @@
uint8_t auth_type;
if (binding->flags & DCERPC_AUTH_SPNEGO) {
auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ } else if (binding->flags & DCERPC_AUTH_KRB5) {
+ auth_type = DCERPC_AUTH_TYPE_KRB5;
} else {
auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
}
More information about the samba-cvs
mailing list