#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
+static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p);
+
/**
* Dump everything from the start of the end up of the provided data
* into a file, but only at debug level >= 50
response,
p->remote_address,
&gensec_security);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
- DEBUG(0, (__location__ ": auth_generic_server_authtype_start failed: %s\n",
- nt_errstr(status)));
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
+ {
+ DEBUG(0, (__location__ ": auth_generic_server_authtype_start[%u/%u] failed: %s\n",
+ auth_info->auth_type, auth_info->auth_level, nt_errstr(status)));
return false;
}
GENSEC_FEATURE_SIGN_PKT_HEADER);
}
+ if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ return true;
+ }
+
+ status = pipe_auth_verify_final(p);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("pipe_auth_verify_final failed: %s\n",
+ nt_errstr(status)));
+ return false;
+ }
+
return true;
}
}
switch (auth_type) {
- case DCERPC_AUTH_TYPE_NTLMSSP:
- if (!pipe_auth_generic_bind(p, pkt,
- &auth_info, &auth_resp)) {
- goto err_exit;
- }
- assoc_gid = 0x7a77;
- break;
-
- case DCERPC_AUTH_TYPE_SCHANNEL:
- if (!pipe_auth_generic_bind(p, pkt,
- &auth_info, &auth_resp)) {
- goto err_exit;
- }
- if (!session_info_set_session_key(p->session_info, generic_session_key())) {
- DEBUG(0, ("session_info_set_session_key failed\n"));
- goto err_exit;
- }
- p->pipe_bound = true;
- break;
-
- case DCERPC_AUTH_TYPE_SPNEGO:
- case DCERPC_AUTH_TYPE_KRB5:
- if (!pipe_auth_generic_bind(p, pkt,
- &auth_info, &auth_resp)) {
- goto err_exit;
- }
+ case DCERPC_AUTH_TYPE_NONE:
break;
case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
}
break;
- case DCERPC_AUTH_TYPE_NONE:
- break;
-
default:
- DEBUG(0, ("Unknown auth type %x requested.\n", auth_type));
- goto err_exit;
+ if (!pipe_auth_generic_bind(p, pkt,
+ &auth_info, &auth_resp)) {
+ goto err_exit;
+ }
+ break;
}
}
goto err;
}
- switch (auth_info.auth_type) {
- case DCERPC_AUTH_TYPE_NTLMSSP:
- case DCERPC_AUTH_TYPE_KRB5:
- case DCERPC_AUTH_TYPE_SPNEGO:
- gensec_security = talloc_get_type_abort(p->auth.auth_ctx,
- struct gensec_security);
- status = auth_generic_server_step(gensec_security,
- pkt, &auth_info.credentials,
- &response);
- break;
- default:
- DEBUG(1, (__location__ ": incorrect auth type (%u).\n",
- (unsigned int)auth_info.auth_type));
- return false;
- }
+ gensec_security = talloc_get_type(p->auth.auth_ctx,
+ struct gensec_security);
+
+ status = auth_generic_server_step(gensec_security,
+ pkt, &auth_info.credentials,
+ &response);
if (NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED) ||
goto err_exit;
}
-
- switch (auth_info.auth_type) {
- case DCERPC_AUTH_TYPE_SPNEGO:
- case DCERPC_AUTH_TYPE_KRB5:
- case DCERPC_AUTH_TYPE_NTLMSSP:
- gensec_security = talloc_get_type_abort(p->auth.auth_ctx,
- struct gensec_security);
- status = auth_generic_server_step(gensec_security,
- pkt,
- &auth_info.credentials,
- &auth_resp);
- break;
-
- default:
- DEBUG(3, (__location__ ": Usupported auth type (%d) "
- "in alter-context call\n",
- auth_info.auth_type));
- goto err_exit;
- }
-
+ gensec_security = talloc_get_type(p->auth.auth_ctx,
+ struct gensec_security);
+ status = auth_generic_server_step(gensec_security,
+ pkt,
+ &auth_info.credentials,
+ &auth_resp);
if (NT_STATUS_IS_OK(status)) {
/* third leg of auth, verify auth info */
status = pipe_auth_verify_final(p);