* Can't keep in sync with wire values as spnego wraps different auth methods.
*/
-enum pipe_auth_type_spnego {
- PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
- PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
- PIPE_AUTH_TYPE_SPNEGO_KRB5
-};
-
struct gse_context;
/* auth state for all bind types. */
struct pipe_auth_data {
enum dcerpc_AuthType auth_type;
- enum pipe_auth_type_spnego spnego_type; /* used by server only */
enum dcerpc_AuthLevel auth_level;
union {
/* Treat the same for all authenticated rpc requests. */
switch (auth->auth_type) {
case DCERPC_AUTH_TYPE_SPNEGO:
- /* compat for server code */
- if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
- *auth_len = NTLMSSP_SIG_SIZE;
- break;
- }
status = spnego_get_negotiated_mech(auth->a_u.spnego_state,
&auth_type, &auth_ctx);
status = NT_STATUS_OK;
break;
case DCERPC_AUTH_TYPE_SPNEGO:
- if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
- /* compat for server code */
- return add_ntlmssp_auth_footer(
- auth->a_u.auth_ntlmssp_state,
- auth->auth_level,
- rpc_out);
- }
status = add_spnego_auth_footer(auth->a_u.spnego_state,
auth->auth_level, rpc_out);
break;
return NT_STATUS_OK;
case DCERPC_AUTH_TYPE_SPNEGO:
- if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
- /* compat for server code */
- DEBUG(10, ("NTLMSSP auth\n"));
-
- status = get_ntlmssp_auth_footer(
- auth->a_u.auth_ntlmssp_state,
- auth->auth_level,
- &data, &full_pkt,
- &auth_info.credentials);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- break;
- }
status = get_spnego_auth_footer(pkt, auth->a_u.spnego_state,
auth->auth_level,
return NULL;
}
- DEBUG(5,("Bind RPC Pipe: %s auth_type %u(%u), auth_level %u\n",
+ DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n",
rpccli_pipe_txt(talloc_tos(), cli),
(unsigned int)auth->auth_type,
- (unsigned int)auth->spnego_type,
(unsigned int)auth->auth_level ));
state->ev = ev;
return;
err_out:
- DEBUG(0,("cli_finish_bind_auth: unknown auth type %u(%u)\n",
- (unsigned int)state->cli->auth->auth_type,
- (unsigned int)state->cli->auth->spnego_type));
+ DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n",
+ (unsigned int)state->cli->auth->auth_type));
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
}
}
result->auth_type = DCERPC_AUTH_TYPE_NONE;
- result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
result->auth_level = DCERPC_AUTH_LEVEL_NONE;
result->user_name = talloc_strdup(result, "");
}
result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
- result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
result->auth_level = auth_level;
result->user_name = talloc_strdup(result, "");
}
auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
auth->auth_level = auth_level;
- /* compat */
- auth->spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
if (!username) {
username = "";
free_pipe_auth_data(&p->auth);
p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
p->auth.auth_type = DCERPC_AUTH_TYPE_NONE;
- p->auth.spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
p->pipe_bound = False;
return True;
/* Unauthenticated bind request. */
/* We're finished - no more packets. */
p->auth.auth_type = DCERPC_AUTH_TYPE_NONE;
- p->auth.spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
/* We must set the pipe auth_level here also. */
p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
p->pipe_bound = True;
if (p->pipe_bound &&
((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) ||
- ((p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO) &&
- (p->auth.spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP)))) {
+ (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) ||
+ (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) {
if(!become_authenticated_pipe_user(p)) {
data_blob_free(&p->out_data.rdata);
return False;
}
if ((p->auth.auth_type != DCERPC_AUTH_TYPE_NTLMSSP) ||
- ((p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO) &&
- (p->auth.spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
+ (p->auth.auth_type != DCERPC_AUTH_TYPE_KRB5) ||
+ (p->auth.auth_type != DCERPC_AUTH_TYPE_SPNEGO)) {
return NT_STATUS_ACCESS_DENIED;
}
#include "../librpc/gen_ndr/ndr_netlogon.h"
#include "rpc_client/cli_netlogon.h"
+enum pipe_auth_type_spnego {
+ PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
+ PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
+ PIPE_AUTH_TYPE_SPNEGO_KRB5
+};
+
struct dom_sid domain_sid;
static enum dcerpc_AuthType pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE;