s3:rpcclient: add support for DCERPC_AUTH_LEVEL_CONNECT

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

diff --git a/selftest/knownfail b/selftest/knownfail
index 52fecfb939726207090510db25222067b8d97627..81f737a2ef33d960c4e6d48b14e0e2d2f8de459b 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -33,15 +33,6 @@
 # see bug 8412
 ^samba3.smb2.rename.*.simple_nodelete
 ^samba3.smb2.rename.*.no_share_delete_no_delete_access
-#These rpcclient combinations (pipe-level authentication but without sign or seal) need fixing in s3
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,bigendian\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,connect\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,connect,bigendian\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,smb2\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,smb2,bigendian\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,connect,smb2\]
-^samba3.blackbox.rpcclient over ncacn_np with \[spnego,connect,smb2,bigendian\]
 ^samba3.blackbox.smbclient_machine_auth.plain \(s3dc:local\)# the S3dc does not currently set up a self-join
 ^samba3.raw.samba3hide.samba3hide\((s3dc|plugin_s4_dc)\) # This test fails against an smbd environment with NT ACLs enabled
 ^samba3.raw.samba3closeerr.samba3closeerr\(s3dc\) # This test fails against an smbd environment with NT ACLs enabled

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 9429e26f3be14f49d5a87a716d963a41c23b4827..c47c1507e5dbb341a403a1cce8a73d77c513ec6e 100644 (file)
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -1065,6 +1065,10 @@ out_free:
                binding->transport = NCACN_NP;
        }
 
+       if (binding->flags & DCERPC_CONNECT) {
+               pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+               pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+       }
        if (binding->flags & DCERPC_SIGN) {
                pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
                pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
@@ -1078,12 +1082,6 @@ out_free:
                pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
        }
        if (binding->flags & DCERPC_AUTH_NTLM) {
-               /* If neither Integrity or Privacy are requested then
-                * Use just Connect level */
-               if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
-                       pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
-               }
-
                if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
                        pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
                } else {
@@ -1091,18 +1089,19 @@ out_free:
                }
        }
        if (binding->flags & DCERPC_AUTH_KRB5) {
-               /* If neither Integrity or Privacy are requested then
-                * Use just Connect level */
-               if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
-                       pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
-               }
-
                if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
                        pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
                } else {
                        pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
                }
        }
+       if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) {
+               /* If neither Integrity or Privacy are requested then
+                * Use just Connect level */
+               if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
+                       pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+               }
+       }
 
        if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) {
                flags |= CLI_FULL_CONNECTION_USE_KERBEROS |