#include "libcli/composite/composite.h"
#include "auth/gensec/gensec.h"
#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_proto.h"
+#include "param/param.h"
/*
return the rpc syntax and transfer syntax given the pipe uuid and version
/*
Perform sync non-authenticated dcerpc bind
*/
-NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
+_PUBLIC_ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
const struct ndr_interface_table *table)
{
struct composite_context *ctx;
c->status = gensec_update(sec->generic_state, state,
sec->auth_info->credentials,
&state->credentials);
+ data_blob_free(&sec->auth_info->credentials);
if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
more_processing = true;
if (!composite_is_ok(c)) return;
+ if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) {
+ gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER);
+ }
+
if (state->credentials.length == 0) {
composite_done(c);
return;
if (!more_processing) {
/* NO reply expected, so just send it */
- c->status = dcerpc_auth3(state->pipe->conn, state);
+ c->status = dcerpc_auth3(state->pipe, state);
+ data_blob_free(&state->credentials);
+ sec->auth_info->credentials = data_blob(NULL, 0);
if (!composite_is_ok(c)) return;
composite_done(c);
creq = dcerpc_alter_context_send(state->pipe, state,
&state->pipe->syntax,
&state->pipe->transfer_syntax);
+ data_blob_free(&state->credentials);
+ sec->auth_info->credentials = data_blob(NULL, 0);
if (composite_nomem(creq, c)) return;
composite_continue(c, creq, bind_auth_recv_alter, c);
struct dcerpc_pipe *p,
const struct ndr_interface_table *table,
struct cli_credentials *credentials,
+ struct gensec_settings *gensec_settings,
uint8_t auth_type, uint8_t auth_level,
const char *service)
{
sec = &p->conn->security_state;
c->status = gensec_client_start(p, &sec->generic_state,
- p->conn->event_ctx);
+ p->conn->event_ctx,
+ gensec_settings);
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
nt_errstr(c->status)));
c->status = gensec_set_credentials(sec->generic_state, credentials);
if (!NT_STATUS_IS_OK(c->status)) {
- DEBUG(1, ("Failed to set GENSEC client credentails: %s\n",
+ DEBUG(1, ("Failed to set GENSEC client credentials: %s\n",
nt_errstr(c->status)));
composite_error(c, c->status);
return c;
auth_type, auth_level);
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
- gensec_get_name_by_authtype(auth_type),
+ gensec_get_name_by_authtype(sec->generic_state, auth_type),
nt_errstr(c->status)));
composite_error(c, c->status);
return c;
/* The first request always is a dcerpc_bind. The subsequent ones
* depend on gensec results */
creq = dcerpc_bind_send(p, state, &syntax, &transfer_syntax);
+ data_blob_free(&state->credentials);
+ sec->auth_info->credentials = data_blob(NULL, 0);
if (composite_nomem(creq, c)) return c;
composite_continue(c, creq, bind_auth_recv_bindreply, c);
@retval NTSTATUS status code
*/
-NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
+_PUBLIC_ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
const struct ndr_interface_table *table,
struct cli_credentials *credentials,
+ struct gensec_settings *gensec_settings,
uint8_t auth_type, uint8_t auth_level,
const char *service)
{
struct composite_context *creq;
- creq = dcerpc_bind_auth_send(p, p, table, credentials,
+ creq = dcerpc_bind_auth_send(p, p, table, credentials, gensec_settings,
auth_type, auth_level, service);
return dcerpc_bind_auth_recv(creq);
}