return status;
}
-NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type,
+NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level,
const char *uuid, uint_t version)
{
NTSTATUS status;
}
if (!p->security_state.generic_state) {
- status = gensec_client_start(&p->security_state.generic_state);
+ status = gensec_client_start(p, &p->security_state.generic_state);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = gensec_start_mech_by_authtype(p->security_state.generic_state, auth_type);
+ status = gensec_start_mech_by_authtype(p->security_state.generic_state, auth_type, auth_level);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
- p->security_state.auth_info = talloc(p->mem_ctx, sizeof(*p->security_state.auth_info));
+ p->security_state.auth_info = talloc_p(p, struct dcerpc_auth);
if (!p->security_state.auth_info) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
p->security_state.auth_info->auth_type = auth_type;
+ p->security_state.auth_info->auth_level = auth_level;
p->security_state.auth_info->auth_pad_length = 0;
p->security_state.auth_info->auth_reserved = 0;
p->security_state.auth_info->auth_context_id = random();
p->security_state.auth_info->credentials = null_data_blob;
- if (p->flags & DCERPC_SEAL) {
- p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
- } else if (p->flags & DCERPC_SIGN) {
- p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
- } else {
- p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE;
- }
-
status = gensec_update(p->security_state.generic_state, mem_ctx,
null_data_blob,
&credentials);
}
p->security_state.auth_info->credentials = credentials;
-
+
status = dcerpc_auth3(p, mem_ctx);
done:
talloc_destroy(mem_ctx);
if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(p->security_state.generic_state);
ZERO_STRUCT(p->security_state);
+ } else {
+ /* Authenticated connections use the generic session key */
+ p->security_state.session_key = dcerpc_generic_session_key;
}
return status;
}
-NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type,
+NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level,
const char *uuid, uint_t version)
{
NTSTATUS status;
}
if (!p->security_state.generic_state) {
- status = gensec_client_start(&p->security_state.generic_state);
+ status = gensec_client_start(p, &p->security_state.generic_state);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = gensec_start_mech_by_authtype(p->security_state.generic_state, auth_type);
+ status = gensec_start_mech_by_authtype(p->security_state.generic_state,
+ auth_type, auth_level);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
- p->security_state.auth_info = talloc(p->mem_ctx, sizeof(*p->security_state.auth_info));
+ p->security_state.auth_info = talloc_p(p, struct dcerpc_auth);
if (!p->security_state.auth_info) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
p->security_state.auth_info->auth_type = auth_type;
+ p->security_state.auth_info->auth_level = auth_level;
p->security_state.auth_info->auth_pad_length = 0;
p->security_state.auth_info->auth_reserved = 0;
p->security_state.auth_info->auth_context_id = random();
p->security_state.auth_info->credentials = null_data_blob;
- if (p->flags & DCERPC_SEAL) {
- p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
- } else if (p->flags & DCERPC_SIGN) {
- p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
- } else {
- p->security_state.auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE;
- }
-
status = gensec_update(p->security_state.generic_state, mem_ctx,
null_data_blob,
&credentials);
if (!NT_STATUS_IS_OK(status)) {
ZERO_STRUCT(p->security_state);
+ } else {
+ /* Authenticated connections use the generic session key */
+ p->security_state.session_key = dcerpc_generic_session_key;
}
return status;