RPC_HDR_AUTH auth_info;
uint32 save_offset = prs_offset(current_pdu);
uint32 auth_len = prhdr->auth_len;
- NTLMSSP_STATE *ntlmssp_state = cli->auth.a_u.ntlmssp_state;
+ NTLMSSP_STATE *ntlmssp_state = cli->auth->a_u.ntlmssp_state;
unsigned char *data = NULL;
size_t data_len;
unsigned char *full_packet_data = NULL;
DATA_BLOB auth_blob;
NTSTATUS status;
- if (cli->auth.auth_level == PIPE_AUTH_LEVEL_NONE || cli->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
+ || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
auth_blob.data = (unsigned char *)prs_data_p(current_pdu) + prs_offset(current_pdu);
auth_blob.length = auth_len;
- switch (cli->auth.auth_level) {
+ switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
/* Data is encrypted. */
status = ntlmssp_unseal_packet(ntlmssp_state,
}
break;
default:
- DEBUG(0,("cli_pipe_verify_ntlmssp: unknown internal auth level %d\n",
- cli->auth.auth_level ));
+ DEBUG(0, ("cli_pipe_verify_ntlmssp: unknown internal "
+ "auth level %d\n", cli->auth->auth_level));
return NT_STATUS_INVALID_INFO_CLASS;
}
RPC_AUTH_SCHANNEL_CHK schannel_chk;
uint32 auth_len = prhdr->auth_len;
uint32 save_offset = prs_offset(current_pdu);
- struct schannel_auth_struct *schannel_auth = cli->auth.a_u.schannel_auth;
+ struct schannel_auth_struct *schannel_auth =
+ cli->auth->a_u.schannel_auth;
uint32 data_len;
- if (cli->auth.auth_level == PIPE_AUTH_LEVEL_NONE || cli->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
+ || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
}
if (!schannel_decode(schannel_auth,
- cli->auth.auth_level,
+ cli->auth->auth_level,
SENDER_IS_ACCEPTOR,
&schannel_chk,
prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN,
* Now we have a complete RPC request PDU fragment, try and verify any auth data.
*/
- switch(cli->auth.auth_type) {
+ switch(cli->auth->auth_type) {
case PIPE_AUTH_TYPE_NONE:
if (prhdr->auth_len) {
DEBUG(3, ("cli_pipe_validate_rpc_response: Connection to remote machine %s "
case PIPE_AUTH_TYPE_KRB5:
case PIPE_AUTH_TYPE_SPNEGO_KRB5:
default:
- DEBUG(3, ("cli_pipe_validate_rpc_response: Connection to remote machine %s "
- "pipe %s fnum %x - unknown internal auth type %u.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum,
- cli->auth.auth_type ));
+ DEBUG(3, ("cli_pipe_validate_rpc_response: Connection "
+ "to remote machine %s pipe %s fnum %x - "
+ "unknown internal auth type %u.\n",
+ cli->desthost, cli->pipe_name,
+ (unsigned int)cli->fnum,
+ cli->auth->auth_type ));
return NT_STATUS_INVALID_INFO_CLASS;
}
{
#ifdef HAVE_KRB5
int ret;
- struct kerberos_auth_struct *a = cli->auth.a_u.kerberos_auth;
+ struct kerberos_auth_struct *a = cli->auth->a_u.kerberos_auth;
DATA_BLOB tkt = data_blob_null;
DATA_BLOB tkt_wrapped = data_blob_null;
init_rpc_hdr_auth(pauth_out, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1);
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state,
+ nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
null_blob,
&request);
init_rpc_hdr_auth(pauth_out, RPC_NTLMSSP_AUTH_TYPE, (int)auth_level, 0, 1);
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state,
+ nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
null_blob,
&request);
DATA_BLOB auth_blob = data_blob_null;
uint16 data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
- if (!cli->auth.a_u.ntlmssp_state) {
+ if (!cli->auth->a_u.ntlmssp_state) {
return NT_STATUS_INVALID_PARAMETER;
}
/* Init and marshall the auth header. */
init_rpc_hdr_auth(&auth_info,
- map_pipe_auth_type_to_rpc_auth_type(cli->auth.auth_type),
- cli->auth.auth_level,
+ map_pipe_auth_type_to_rpc_auth_type(
+ cli->auth->auth_type),
+ cli->auth->auth_level,
ss_padding_len,
1 /* context id. */);
return NT_STATUS_NO_MEMORY;
}
- switch (cli->auth.auth_level) {
+ switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
- status = ntlmssp_seal_packet(cli->auth.a_u.ntlmssp_state,
+ status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
data_and_pad_len,
(unsigned char *)prs_data_p(outgoing_pdu),
case PIPE_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
- status = ntlmssp_sign_packet(cli->auth.a_u.ntlmssp_state,
+ status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
data_and_pad_len,
(unsigned char *)prs_data_p(outgoing_pdu),
{
RPC_HDR_AUTH auth_info;
RPC_AUTH_SCHANNEL_CHK verf;
- struct schannel_auth_struct *sas = cli->auth.a_u.schannel_auth;
+ struct schannel_auth_struct *sas = cli->auth->a_u.schannel_auth;
char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN;
size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
/* Init and marshall the auth header. */
init_rpc_hdr_auth(&auth_info,
- map_pipe_auth_type_to_rpc_auth_type(cli->auth.auth_type),
- cli->auth.auth_level,
+ map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type),
+ cli->auth->auth_level,
ss_padding_len,
1 /* context id. */);
return NT_STATUS_NO_MEMORY;
}
- switch (cli->auth.auth_level) {
+ switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
case PIPE_AUTH_LEVEL_INTEGRITY:
DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
sas->seq_num));
schannel_encode(sas,
- cli->auth.auth_level,
+ cli->auth->auth_level,
SENDER_IS_INITIATOR,
&verf,
data_p,
{
uint32 data_space, data_len;
- switch (cli->auth.auth_level) {
+ switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_NONE:
case PIPE_AUTH_LEVEL_CONNECT:
data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN;
case PIPE_AUTH_LEVEL_INTEGRITY:
case PIPE_AUTH_LEVEL_PRIVACY:
/* Treat the same for all authenticated rpc requests. */
- switch(cli->auth.auth_type) {
+ switch(cli->auth->auth_type) {
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
case PIPE_AUTH_TYPE_NTLMSSP:
*p_auth_len = NTLMSSP_SIG_SIZE;
/* Generate any auth sign/seal and add the auth footer. */
if (auth_len) {
- switch (cli->auth.auth_type) {
+ switch (cli->auth->auth_type) {
case PIPE_AUTH_TYPE_NONE:
break;
case PIPE_AUTH_TYPE_NTLMSSP:
server_response = data_blob(NULL, phdr->auth_len);
prs_copy_data_out((char *)server_response.data, rbuf, phdr->auth_len);
- nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state,
+ nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
server_response,
&client_reply);
data_blob_free(&server_spnego_response);
data_blob_free(&tmp_blob);
- nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state,
+ nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
server_ntlm_response,
&client_reply);
/* For NTLMSSP ensure the server gave us the auth_level we wanted. */
if (auth_type == PIPE_AUTH_TYPE_NTLMSSP || auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
- if (!(cli->auth.a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
+ if (!(cli->auth->a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP signing and server refused.\n"));
prs_mem_free(&rbuf);
return NT_STATUS_INVALID_PARAMETER;
}
}
if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
- if (!(cli->auth.a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
+ if (!(cli->auth->a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP sealing and server refused.\n"));
prs_mem_free(&rbuf);
return NT_STATUS_INVALID_PARAMETER;
/* Pipe is bound - set up auth_type and auth_level data. */
- cli->auth.auth_type = auth_type;
- cli->auth.auth_level = auth_level;
+ cli->auth->auth_type = auth_type;
+ cli->auth->auth_level = auth_level;
prs_mem_free(&rbuf);
return NT_STATUS_OK;
bool rpccli_get_pwd_hash(struct rpc_pipe_client *cli, uint8_t nt_hash[16])
{
- if (!((cli->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP)
- || (cli->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
+ if (!((cli->auth->auth_type == PIPE_AUTH_TYPE_NTLMSSP)
+ || (cli->auth->auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
E_md4hash(cli->cli->pwd.password, nt_hash);
return true;
}
- memcpy(nt_hash, cli->auth.a_u.ntlmssp_state->nt_hash, 16);
+ memcpy(nt_hash, cli->auth->a_u.ntlmssp_state->nt_hash, 16);
return true;
}
p->desthost, cli_errstr(p->cli)));
}
- if (p->auth.cli_auth_data_free_func) {
- (*p->auth.cli_auth_data_free_func)(&p->auth);
+ if (p->auth->cli_auth_data_free_func) {
+ (*p->auth->cli_auth_data_free_func)(p->auth);
}
DEBUG(10, ("rpc_pipe_destructor: closed pipe %s to machine %s\n",
return NULL;
}
+ result->auth = TALLOC_ZERO_P(result, struct cli_pipe_auth_data);
+ if (result->auth == NULL) {
+ *perr = NT_STATUS_NO_MEMORY;
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
result->pipe_name = cli_get_pipe_name(pipe_idx);
result->cli = cli;
result->abstract_syntax = pipe_names[pipe_idx].abstr_syntax;
result->transfer_syntax = pipe_names[pipe_idx].trans_syntax;
- result->auth.auth_type = PIPE_AUTH_TYPE_NONE;
- result->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
+ result->auth->auth_type = PIPE_AUTH_TYPE_NONE;
+ result->auth->auth_level = PIPE_AUTH_LEVEL_NONE;
result->domain = talloc_strdup(result, cli->domain);
result->user_name = talloc_strdup(result, cli->user_name);
return NULL;
}
- result->auth.cli_auth_data_free_func = cli_ntlmssp_auth_free;
+ result->auth->cli_auth_data_free_func = cli_ntlmssp_auth_free;
TALLOC_FREE(result->domain);
TALLOC_FREE(result->user_name);
goto err;
}
- result->auth.a_u.ntlmssp_state = ntlmssp_state;
+ result->auth->a_u.ntlmssp_state = ntlmssp_state;
*perr = ntlmssp_set_username(ntlmssp_state, username);
if (!NT_STATUS_IS_OK(*perr)) {
return NULL;
}
- result->auth.a_u.schannel_auth = TALLOC_ZERO_P(
+ result->auth->a_u.schannel_auth = TALLOC_ZERO_P(
result, struct schannel_auth_struct);
- if (!result->auth.a_u.schannel_auth) {
+ if (!result->auth->a_u.schannel_auth) {
TALLOC_FREE(result);
*perr = NT_STATUS_NO_MEMORY;
return NULL;
return NULL;
}
- memcpy(result->auth.a_u.schannel_auth->sess_key, pdc->sess_key, 16);
+ memcpy(result->auth->a_u.schannel_auth->sess_key, pdc->sess_key, 16);
*perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_SCHANNEL, auth_level);
if (!NT_STATUS_IS_OK(*perr)) {
}
}
- result->auth.a_u.kerberos_auth = TALLOC_ZERO_P(
+ result->auth->a_u.kerberos_auth = TALLOC_ZERO_P(
result, struct kerberos_auth_struct);
- if (!result->auth.a_u.kerberos_auth) {
+ if (!result->auth->a_u.kerberos_auth) {
TALLOC_FREE(result);
*perr = NT_STATUS_NO_MEMORY;
return NULL;
}
- result->auth.a_u.kerberos_auth->service_principal = service_princ;
- result->auth.cli_auth_data_free_func = kerberos_auth_struct_free;
+ result->auth->a_u.kerberos_auth->service_principal = service_princ;
+ result->auth->cli_auth_data_free_func = kerberos_auth_struct_free;
*perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_KRB5, auth_level);
if (!NT_STATUS_IS_OK(*perr)) {
git.samba.org / metze / samba / wb-ndr.git / commitdiff