r4627: - simplified the dcerpc auth code using a common function
[samba.git] / source4 / librpc / rpc / dcerpc_spnego.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    dcerpc authentication operations
5
6    Copyright (C) Stefan Metzmacher 2004
7    Copyright (C) Andrew Tridgell 2003-2005
8    Copyright (C) Andrew Bartlett 2004
9    
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 2 of the License, or
13    (at your option) any later version.
14    
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19    
20    You should have received a copy of the GNU General Public License
21    along with this program; if not, write to the Free Software
22    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26
27 /*
28   do spnego style authentication on a gensec pipe
29 */
30 NTSTATUS dcerpc_bind_auth_spnego(struct dcerpc_pipe *p,
31                                  const char *uuid, uint_t version,
32                                  const char *domain,
33                                  const char *username,
34                                  const char *password)
35 {
36         NTSTATUS status;
37
38         if (!(p->conn->flags & (DCERPC_SIGN | DCERPC_SEAL))) {
39                 p->conn->flags |= DCERPC_CONNECT;
40         }
41
42         status = gensec_client_start(p, &p->conn->security_state.generic_state);
43         if (!NT_STATUS_IS_OK(status)) {
44                 DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
45                 return status;
46         }
47
48         status = gensec_set_domain(p->conn->security_state.generic_state, domain);
49         if (!NT_STATUS_IS_OK(status)) {
50                 DEBUG(1, ("Failed to start set GENSEC client domain to %s: %s\n", 
51                           domain, nt_errstr(status)));
52                 return status;
53         }
54
55         status = gensec_set_username(p->conn->security_state.generic_state, username);
56         if (!NT_STATUS_IS_OK(status)) {
57                 DEBUG(1, ("Failed to start set GENSEC client username to %s: %s\n", 
58                           username, nt_errstr(status)));
59                 return status;
60         }
61
62         status = gensec_set_password(p->conn->security_state.generic_state, password);
63         if (!NT_STATUS_IS_OK(status)) {
64                 DEBUG(1, ("Failed to start set GENSEC client password: %s\n", 
65                           nt_errstr(status)));
66                 return status;
67         }
68
69         status = gensec_set_target_hostname(p->conn->security_state.generic_state, 
70                                             p->conn->transport.peer_name(p->conn));
71         if (!NT_STATUS_IS_OK(status)) {
72                 DEBUG(1, ("Failed to start set GENSEC target hostname: %s\n", 
73                           nt_errstr(status)));
74                 return status;
75         }
76
77         status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state, 
78                                                DCERPC_AUTH_TYPE_SPNEGO, 
79                                                dcerpc_auth_level(p->conn));
80         if (!NT_STATUS_IS_OK(status)) {
81                 DEBUG(1, ("Failed to start set GENSEC client SPNEGO mechanism: %s\n",
82                           nt_errstr(status)));
83                 return status;
84         }
85         
86         status = dcerpc_bind_auth(p, DCERPC_AUTH_TYPE_SPNEGO,
87                                   dcerpc_auth_level(p->conn),
88                                   uuid, version);
89         if (!NT_STATUS_IS_OK(status)) {
90                 DEBUG(2, ("Failed to bind to pipe with SPNEGO: %s\n", nt_errstr(status)));
91                 return status;
92         }
93
94         return status;
95 }