[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Thu Sep 19 13:00:03 CEST 2013
The branch, master has been updated
via 6965f91 s3-rpc_srv: remove unused schannel calls from srv_pipe.c
via 45949d7 s3-rpc_cli: remove unused schannel calls from cli_pipe.c
via 639f60b s3-rpc_cli: remove unused schannel calls from dcerpc_helpers.c
via 5a62849 s3-rpc: use gensec for schannel footer processing.
via a32a83b s3-rpc_srv: use gensec for schannel bind.
via 89d0b89 s3-rpc_cli: use gensec for schannel bind.
via 090671a s3-auth: register schannel gensec module in auth_generic_prepare() as well.
via 7b570b4 s3-rpc_cli: allow to pass down a netlogon CredentialState struct to gensec.
via 8fce75a s3-auth: also load schannel module from auth_generic_client_prepare().
via 4f97952 gensec: check for NULL gensec_security in gensec_security_by_auth_type().
via d433ad0 gensec: remove duplicate gensec_security_by_authtype() call.
via 4d2ec9e gensec: move schannel module to toplevel.
from d9bf88d Fix SEGV from improperly formed SUBSTRING/PRESENCE filter
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6965f918c04328535c55a0ef9b7fe6392fba193a
Author: Günther Deschner <gd at samba.org>
Date: Thu Sep 19 11:05:21 2013 +0200
s3-rpc_srv: remove unused schannel calls from srv_pipe.c
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Sep 19 12:59:04 CEST 2013 on sn-devel-104
commit 45949d721892a0e8a6b1a76e221c6b3bfd6a872f
Author: Günther Deschner <gd at samba.org>
Date: Thu Sep 19 11:04:19 2013 +0200
s3-rpc_cli: remove unused schannel calls from cli_pipe.c
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 639f60b1513a8c877d307ed86b7748250821fb3f
Author: Günther Deschner <gd at samba.org>
Date: Thu Sep 19 11:03:31 2013 +0200
s3-rpc_cli: remove unused schannel calls from dcerpc_helpers.c
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5a628490e46f428432cd9b32c2b4b3a34a3736ae
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 18:36:19 2013 +0200
s3-rpc: use gensec for schannel footer processing.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a32a83ba9d6c7b5bbe9077973e5402ba65c068e7
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 18:34:58 2013 +0200
s3-rpc_srv: use gensec for schannel bind.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 89d0b89b5d58ceef13bc10036d396b10f8a102ae
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 18:33:14 2013 +0200
s3-rpc_cli: use gensec for schannel bind.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 090671aca5234f47f390054de771198e3c177060
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 18:23:40 2013 +0200
s3-auth: register schannel gensec module in auth_generic_prepare() as well.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7b570b4128f9af212048ce56abd841a1f6fdc259
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 17:44:10 2013 +0200
s3-rpc_cli: allow to pass down a netlogon CredentialState struct to gensec.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 8fce75aa58ec70547ad218bde154e141f2d17303
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 17:27:28 2013 +0200
s3-auth: also load schannel module from auth_generic_client_prepare().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 4f979525e4137c536118a9c2b2b4ef798c270e27
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 17:25:55 2013 +0200
gensec: check for NULL gensec_security in gensec_security_by_auth_type().
We have equivalent checks in other gensec_security_by_X calls already.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d433ad077f354de4fc1d5a155d991f417ae9967c
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 17:24:49 2013 +0200
gensec: remove duplicate gensec_security_by_authtype() call.
We should use the equivalent gensec_security_by_auth_type() call which is
exposed in the public header.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 4d2ec9e37ee9dcf7b521806a1c0aabdffe524d47
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 18 17:24:10 2013 +0200
gensec: move schannel module to toplevel.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec_start.c | 35 +------
{source4/auth => auth}/gensec/schannel.c | 0
auth/gensec/wscript_build | 8 ++
source3/auth/auth_generic.c | 5 +-
source3/librpc/rpc/dcerpc.h | 3 -
source3/librpc/rpc/dcerpc_helpers.c | 159 +-----------------------------
source3/libsmb/auth_generic.c | 3 +-
source3/rpc_client/cli_pipe.c | 103 +++----------------
source3/rpc_server/srv_pipe.c | 125 ++----------------------
source4/auth/gensec/wscript_build | 10 --
10 files changed, 47 insertions(+), 404 deletions(-)
rename {source4/auth => auth}/gensec/schannel.c (100%)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 81b6abc..9487cfc 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -157,31 +157,6 @@ _PUBLIC_ const struct gensec_security_ops **gensec_security_mechs(
}
-static const struct gensec_security_ops *gensec_security_by_authtype(struct gensec_security *gensec_security,
- uint8_t auth_type)
-{
- int i;
- const struct gensec_security_ops **backends;
- const struct gensec_security_ops *backend;
- TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
- if (!mem_ctx) {
- return NULL;
- }
- backends = gensec_security_mechs(gensec_security, mem_ctx);
- for (i=0; backends && backends[i]; i++) {
- if (!gensec_security_ops_enabled(backends[i], gensec_security))
- continue;
- if (backends[i]->auth_type == auth_type) {
- backend = backends[i];
- talloc_free(mem_ctx);
- return backend;
- }
- }
- talloc_free(mem_ctx);
-
- return NULL;
-}
-
_PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid(
struct gensec_security *gensec_security,
const char *oid_string)
@@ -255,8 +230,10 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_type(
}
backends = gensec_security_mechs(gensec_security, mem_ctx);
for (i=0; backends && backends[i]; i++) {
- if (!gensec_security_ops_enabled(backends[i], gensec_security))
- continue;
+ if (gensec_security != NULL &&
+ !gensec_security_ops_enabled(backends[i], gensec_security)) {
+ continue;
+ }
if (backends[i]->auth_type == auth_type) {
backend = backends[i];
talloc_free(mem_ctx);
@@ -733,7 +710,7 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security,
_PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
uint8_t auth_type, uint8_t auth_level)
{
- gensec_security->ops = gensec_security_by_authtype(gensec_security, auth_type);
+ gensec_security->ops = gensec_security_by_auth_type(gensec_security, auth_type);
if (!gensec_security->ops) {
DEBUG(3, ("Could not find GENSEC backend for auth_type=%d\n", (int)auth_type));
return NT_STATUS_INVALID_PARAMETER;
@@ -760,7 +737,7 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s
_PUBLIC_ const char *gensec_get_name_by_authtype(struct gensec_security *gensec_security, uint8_t authtype)
{
const struct gensec_security_ops *ops;
- ops = gensec_security_by_authtype(gensec_security, authtype);
+ ops = gensec_security_by_auth_type(gensec_security, authtype);
if (ops) {
return ops->name;
}
diff --git a/source4/auth/gensec/schannel.c b/auth/gensec/schannel.c
similarity index 100%
rename from source4/auth/gensec/schannel.c
rename to auth/gensec/schannel.c
diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build
index 71222f7..7329eec 100755
--- a/auth/gensec/wscript_build
+++ b/auth/gensec/wscript_build
@@ -17,6 +17,14 @@ bld.SAMBA_MODULE('gensec_spnego',
deps='asn1util samba-credentials SPNEGO_PARSE'
)
+bld.SAMBA_MODULE('gensec_schannel',
+ source='schannel.c',
+ autoproto='schannel_proto.h',
+ subsystem='gensec',
+ init_function='gensec_schannel_init',
+ deps='COMMON_SCHANNEL NDR_SCHANNEL samba-credentials auth_session'
+ )
+
bld.SAMBA_MODULE('gensec_external',
source='external.c',
autoproto='external_proto.h',
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index e15c87e..e07d3b7 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -32,6 +32,7 @@
#include "librpc/crypto/gse.h"
#include "auth/credentials/credentials.h"
#include "lib/param/loadparm.h"
+#include "librpc/gen_ndr/dcerpc.h"
static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
@@ -261,7 +262,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
}
backends = talloc_zero_array(gensec_settings,
- const struct gensec_security_ops *, 4);
+ const struct gensec_security_ops *, 5);
if (backends == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
@@ -279,6 +280,8 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
+ backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
+
/*
* This is anonymous for now, because we just use it
* to set the kerberos state at the moment
diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
index b3ae3b4..38d59cd 100644
--- a/source3/librpc/rpc/dcerpc.h
+++ b/source3/librpc/rpc/dcerpc.h
@@ -60,9 +60,6 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
const DATA_BLOB *blob,
struct ncacn_packet *r,
bool bigendian);
-NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx,
- struct NL_AUTH_MESSAGE *r,
- DATA_BLOB *blob);
NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 06b0f68..28222f4 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -21,9 +21,6 @@
#include "includes.h"
#include "librpc/rpc/dcerpc.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
-#include "librpc/gen_ndr/ndr_schannel.h"
-#include "../libcli/auth/schannel.h"
-#include "../libcli/auth/spnego.h"
#include "librpc/crypto/gse.h"
#include "auth/gensec/gensec.h"
@@ -131,34 +128,6 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
}
/**
-* @brief NDR Encodes a NL_AUTH_MESSAGE
-*
-* @param mem_ctx The memory context the blob will be allocated on
-* @param r The NL_AUTH_MESSAGE to encode
-* @param blob [out] The encoded blob if successful
-*
-* @return a NTSTATUS error code
-*/
-NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx,
- struct NL_AUTH_MESSAGE *r,
- DATA_BLOB *blob)
-{
- enum ndr_err_code ndr_err;
-
- ndr_err = ndr_push_struct_blob(blob, mem_ctx, r,
- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return ndr_map_error2ntstatus(ndr_err);
- }
-
- if (DEBUGLEVEL >= 10) {
- NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, r);
- }
-
- return NT_STATUS_OK;
-}
-
-/**
* @brief NDR Encodes a dcerpc_auth structure
*
* @param mem_ctx The memory context the blob will be allocated on
@@ -269,7 +238,6 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
size_t max_len;
size_t mod_len;
struct gensec_security *gensec_security;
- struct schannel_state *schannel_auth;
/* no auth token cases first */
switch (auth->auth_level) {
@@ -303,16 +271,11 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
case DCERPC_AUTH_TYPE_SPNEGO:
case DCERPC_AUTH_TYPE_NTLMSSP:
case DCERPC_AUTH_TYPE_KRB5:
+ case DCERPC_AUTH_TYPE_SCHANNEL:
gensec_security = talloc_get_type_abort(auth->auth_ctx,
struct gensec_security);
*auth_len = gensec_sig_size(gensec_security, max_len);
break;
-
- case DCERPC_AUTH_TYPE_SCHANNEL:
- schannel_auth = talloc_get_type_abort(auth->auth_ctx,
- struct schannel_state);
- *auth_len = netsec_outgoing_sig_size(schannel_auth);
- break;
default:
return NT_STATUS_INVALID_PARAMETER;
}
@@ -439,99 +402,6 @@ static NTSTATUS get_generic_auth_footer(struct gensec_security *gensec_security,
}
}
-/*******************************************************************
- Create and add the schannel sign/seal auth data.
- ********************************************************************/
-
-static NTSTATUS add_schannel_auth_footer(struct schannel_state *sas,
- enum dcerpc_AuthLevel auth_level,
- DATA_BLOB *rpc_out)
-{
- uint8_t *data_p = rpc_out->data + DCERPC_RESPONSE_LENGTH;
- size_t data_and_pad_len = rpc_out->length
- - DCERPC_RESPONSE_LENGTH
- - DCERPC_AUTH_TRAILER_LENGTH;
- DATA_BLOB auth_blob;
- NTSTATUS status;
-
- if (!sas) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- switch (auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- status = netsec_outgoing_packet(sas,
- rpc_out->data,
- true,
- data_p,
- data_and_pad_len,
- &auth_blob);
- break;
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = netsec_outgoing_packet(sas,
- rpc_out->data,
- false,
- data_p,
- data_and_pad_len,
- &auth_blob);
- break;
- default:
- status = NT_STATUS_INTERNAL_ERROR;
- break;
- }
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1,("add_schannel_auth_footer: failed to process packet: %s\n",
- nt_errstr(status)));
- return status;
- }
-
- if (DEBUGLEVEL >= 10) {
- dump_NL_AUTH_SIGNATURE(talloc_tos(), &auth_blob);
- }
-
- /* Finally attach the blob. */
- if (!data_blob_append(NULL, rpc_out,
- auth_blob.data, auth_blob.length)) {
- return NT_STATUS_NO_MEMORY;
- }
- data_blob_free(&auth_blob);
-
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
- Check/unseal the Schannel auth data. (Unseal in place).
- ********************************************************************/
-
-static NTSTATUS get_schannel_auth_footer(TALLOC_CTX *mem_ctx,
- struct schannel_state *auth_state,
- enum dcerpc_AuthLevel auth_level,
- DATA_BLOB *data, DATA_BLOB *full_pkt,
- DATA_BLOB *auth_token)
-{
- switch (auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- /* Data portion is encrypted. */
- return netsec_incoming_packet(auth_state,
- true,
- data->data,
- data->length,
- auth_token);
-
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- /* Data is signed. */
- return netsec_incoming_packet(auth_state,
- false,
- data->data,
- data->length,
- auth_token);
-
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
-}
-
/**
* @brief Append an auth footer according to what is the current mechanism
*
@@ -544,7 +414,6 @@ static NTSTATUS get_schannel_auth_footer(TALLOC_CTX *mem_ctx,
NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
size_t pad_len, DATA_BLOB *rpc_out)
{
- struct schannel_state *schannel_auth;
struct gensec_security *gensec_security;
char pad[CLIENT_NDR_PADDING_SIZE] = { 0, };
DATA_BLOB auth_info;
@@ -596,19 +465,13 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
case DCERPC_AUTH_TYPE_SPNEGO:
case DCERPC_AUTH_TYPE_KRB5:
case DCERPC_AUTH_TYPE_NTLMSSP:
+ case DCERPC_AUTH_TYPE_SCHANNEL:
gensec_security = talloc_get_type_abort(auth->auth_ctx,
struct gensec_security);
status = add_generic_auth_footer(gensec_security,
auth->auth_level,
rpc_out);
break;
- case DCERPC_AUTH_TYPE_SCHANNEL:
- schannel_auth = talloc_get_type_abort(auth->auth_ctx,
- struct schannel_state);
- status = add_schannel_auth_footer(schannel_auth,
- auth->auth_level,
- rpc_out);
- break;
default:
status = NT_STATUS_INVALID_PARAMETER;
break;
@@ -636,7 +499,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
DATA_BLOB *raw_pkt,
size_t *pad_len)
{
- struct schannel_state *schannel_auth;
struct gensec_security *gensec_security;
NTSTATUS status;
struct dcerpc_auth auth_info;
@@ -706,6 +568,7 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
case DCERPC_AUTH_TYPE_SPNEGO:
case DCERPC_AUTH_TYPE_KRB5:
case DCERPC_AUTH_TYPE_NTLMSSP:
+ case DCERPC_AUTH_TYPE_SCHANNEL:
DEBUG(10, ("GENSEC auth\n"));
@@ -719,22 +582,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
return status;
}
break;
-
- case DCERPC_AUTH_TYPE_SCHANNEL:
-
- DEBUG(10, ("SCHANNEL auth\n"));
-
- schannel_auth = talloc_get_type_abort(auth->auth_ctx,
- struct schannel_state);
- status = get_schannel_auth_footer(pkt, schannel_auth,
- auth->auth_level,
- &data, &full_pkt,
- &auth_info.credentials);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- break;
-
default:
DEBUG(0, ("process_request_pdu: "
"unknown auth type %u set.\n",
diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
index e30c1b7..3130dec 100644
--- a/source3/libsmb/auth_generic.c
+++ b/source3/libsmb/auth_generic.c
@@ -78,7 +78,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
}
backends = talloc_zero_array(gensec_settings,
- const struct gensec_security_ops *, 4);
+ const struct gensec_security_ops *, 5);
if (backends == NULL) {
TALLOC_FREE(ans);
return NT_STATUS_NO_MEMORY;
@@ -95,6 +95,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
backends[idx++] = &gensec_ntlmssp3_client_ops;
backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
+ backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index ca0473c..1376973 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -22,11 +22,8 @@
#include "includes.h"
#include "../lib/util/tevent_ntstatus.h"
#include "librpc/gen_ndr/ndr_epmapper_c.h"
-#include "../librpc/gen_ndr/ndr_schannel.h"
#include "../librpc/gen_ndr/ndr_dssetup.h"
#include "../libcli/auth/schannel.h"
-#include "../libcli/auth/spnego.h"
-#include "../auth/ntlmssp/ntlmssp.h"
#include "auth_generic.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "librpc/gen_ndr/ndr_netlogon_c.h"
@@ -994,42 +991,6 @@ static NTSTATUS create_generic_auth_rpc_bind_req(struct rpc_pipe_client *cli,
}
/*******************************************************************
- Creates schannel auth bind.
- ********************************************************************/
-
-static NTSTATUS create_schannel_auth_rpc_bind_req(struct rpc_pipe_client *cli,
- DATA_BLOB *auth_token)
-{
- NTSTATUS status;
- struct NL_AUTH_MESSAGE r;
-
- if (!cli->auth->user_name || !cli->auth->user_name[0]) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
-
- if (!cli->auth->domain || !cli->auth->domain[0]) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
-
- /*
- * Now marshall the data into the auth parse_struct.
- */
-
- r.MessageType = NL_NEGOTIATE_REQUEST;
- r.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
- NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
- r.oem_netbios_domain.a = cli->auth->domain;
- r.oem_netbios_computer.a = cli->auth->user_name;
-
- status = dcerpc_push_schannel_bind(cli, &r, auth_token);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
Creates the internals of a DCE/RPC bind request or alter context PDU.
********************************************************************/
@@ -1096,12 +1057,6 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx,
switch (auth->auth_type) {
case DCERPC_AUTH_TYPE_SCHANNEL:
- ret = create_schannel_auth_rpc_bind_req(cli, &auth_token);
- if (!NT_STATUS_IS_OK(ret)) {
- return ret;
- }
- break;
-
case DCERPC_AUTH_TYPE_NTLMSSP:
case DCERPC_AUTH_TYPE_KRB5:
case DCERPC_AUTH_TYPE_SPNEGO:
@@ -2150,6 +2105,7 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
const char *username,
const char *password,
enum credentials_use_kerberos use_kerberos,
+ struct netlogon_creds_CredentialState *creds,
struct pipe_auth_data **presult)
{
struct auth_generic_state *auth_generic_ctx;
@@ -2203,6 +2159,7 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
}
cli_credentials_set_kerberos_state(auth_generic_ctx->credentials, use_kerberos);
+ cli_credentials_set_netlogon_creds(auth_generic_ctx->credentials, creds);
status = auth_generic_client_start_by_authtype(auth_generic_ctx, auth_type, auth_level);
if (!NT_STATUS_IS_OK(status)) {
@@ -2219,43 +2176,6 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
return status;
}
-static NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx,
- const char *domain,
- enum dcerpc_AuthLevel auth_level,
- struct netlogon_creds_CredentialState *creds,
- struct pipe_auth_data **presult)
-{
- struct schannel_state *schannel_auth;
- struct pipe_auth_data *result;
-
- result = talloc(mem_ctx, struct pipe_auth_data);
--
Samba Shared Repository
More information about the samba-cvs
mailing list