s4-rpc: added target_principal binding handle option

this allows you to specify a target SPN for a connection

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index 42059c05867860969e435d68066cc75b1cf69a25..1b716d0153bac21b0f26921ba0dbf4a4d6d864e4 100644 (file)
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -247,7 +247,7 @@ _PUBLIC_ NTSTATUS dcerpc_parse_binding(TALLOC_CTX *mem_ctx, const char *s, struc
        char *p;
        int i, j, comma_count;
 
-       b = talloc(mem_ctx, struct dcerpc_binding);
+       b = talloc_zero(mem_ctx, struct dcerpc_binding);
        if (!b) {
                return NT_STATUS_NO_MEMORY;
        }
@@ -651,7 +651,7 @@ _PUBLIC_ NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx,
        NTSTATUS status;
        struct dcerpc_binding *binding;
 
-       binding = talloc(mem_ctx, struct dcerpc_binding);
+       binding = talloc_zero(mem_ctx, struct dcerpc_binding);
        NT_STATUS_HAVE_NO_MEMORY(binding);
 
        ZERO_STRUCT(binding->object);

diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index 7992670eec5c5d91e1bd9e3f00614c0f89bfcdbd..da2110842bf26ad40060f3f4dfa2ca28131edaf8 100644 (file)
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -96,7 +96,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J
                return NT_STATUS_NO_MEMORY;
        }
                                                   
-       drsuapi_binding = talloc(tmp_ctx, struct dcerpc_binding);
+       drsuapi_binding = talloc_zero(tmp_ctx, struct dcerpc_binding);
        if (!drsuapi_binding) {
                r->out.error_string = NULL;
                talloc_free(tmp_ctx);

diff --git a/source4/libnet/libnet_rpc.c b/source4/libnet/libnet_rpc.c
index fbf002f2ed9cfe86c3d144989d2be2a0365a3429..e0781c3816d7cbc85ae6a063df89ccdc0c409f1b 100644 (file)
--- a/source4/libnet/libnet_rpc.c
+++ b/source4/libnet/libnet_rpc.c
@@ -772,7 +772,7 @@ static void continue_epm_map_binding_send(struct composite_context *c)
        s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
 
        /* prepare to get endpoint mapping for the requested interface */
-       s->final_binding = talloc(s, struct dcerpc_binding);
+       s->final_binding = talloc_zero(s, struct dcerpc_binding);
        if (composite_nomem(s->final_binding, c)) return;
        
        *s->final_binding = *s->lsa_pipe->binding;

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 13e3a3e1004f9e53f92ea2080bb218011497304a..5a31b6a2bb192a6d2cca35d192b6c0529b4de3cf 100644 (file)
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -517,7 +517,7 @@ _PUBLIC_ struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent
 {
        struct dcerpc_pipe *p;
 
-       p = talloc(mem_ctx, struct dcerpc_pipe);
+       p = talloc_zero(mem_ctx, struct dcerpc_pipe);
        if (!p) {
                return NULL;
        }

diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index b5062a55e3e0fb0aa5181bfcc16aa99ef56906af..4edb5218545e8e149b04f18f0d8914ac78c97e73 100644 (file)
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -190,6 +190,7 @@ struct dcerpc_binding {
        struct ndr_syntax_id object;
        const char *host;
        const char *target_hostname;
+       const char *target_principal;
        const char *endpoint;
        const char **options;
        const char *localaddress;

diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index bca7a8d186044ebf4b808902e80b183dd6e3f172..95fdbf237429607cd215c9eff38932e41ae46e99 100644 (file)
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -292,6 +292,17 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
                }
        }
 
+       if (p->binding && p->binding->target_principal) {
+               c->status = gensec_set_target_principal(sec->generic_state,
+                                                       p->binding->target_principal);
+               if (!NT_STATUS_IS_OK(c->status)) {
+                       DEBUG(1, ("Failed to set GENSEC target principal to %s: %s\n",
+                                 p->binding->target_principal, nt_errstr(c->status)));
+                       composite_error(c, c->status);
+                       return c;
+               }
+       }
+
        c->status = gensec_start_mech_by_authtype(sec->generic_state,
                                                  auth_type, auth_level);
        if (!NT_STATUS_IS_OK(c->status)) {

diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 77163235416582dc229343b203b49fef312e025b..fc56eccf7c534f05d8aee69f5dfecc435aeecafa 100644 (file)
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -268,7 +268,7 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
        }
 
        /* allocate binding structure */
-       s->binding = talloc(c, struct dcerpc_binding);
+       s->binding = talloc_zero(c, struct dcerpc_binding);
        if (composite_nomem(s->binding, c)) return c;
 
        *s->binding = *s->pipe->binding;