From 283729cee998d686f7666fb84a9cb4a30ebafeba Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 22 Jan 2014 11:25:53 +0100 Subject: [PATCH] STEP04c: HACK s4: client use dcerpc_do_bind() --- source4/librpc/rpc/dcerpc_auth.c | 111 ++++++++++++++++--------------- 1 file changed, 57 insertions(+), 54 deletions(-) diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index dc3daaccd574..44e09c9d4449 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -62,7 +62,6 @@ static NTSTATUS dcerpc_init_syntaxes(struct dcerpc_pipe *p, return NT_STATUS_OK; } - /* Send request to do a non-authenticated dcerpc bind */ @@ -72,40 +71,53 @@ struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p, const struct ndr_interface_table *table) { - struct ndr_syntax_id syntax; - struct ndr_syntax_id transfer_syntax; - struct composite_context *c; + struct dcecli_security *sec = &p->conn->security_state; struct tevent_req *subreq; struct dcerpc_call *call; c = composite_create(mem_ctx, p->conn->event_ctx); if (c == NULL) return NULL; - if (p->conn->security_state.sec != NULL) { - composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX); - return c; + if (sec->sec == NULL) { + sec->sec = dcerpc_security_allocate(p->conn, + p->conn->conn, + DCERPC_AUTH_TYPE_NONE, + DCERPC_AUTH_LEVEL_NONE, + NULL); + if (composite_nomem(sec->sec, c)) return c; } - p->conn->security_state.sec = dcerpc_security_allocate(p->conn, - p->conn->conn, - DCERPC_AUTH_TYPE_NONE, - DCERPC_AUTH_LEVEL_NONE, - NULL); - if (composite_nomem(p->conn->security_state.sec, c)) return c; + if (table != NULL) { + if (p->pres != NULL) { + composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX); + return c; + } - c->status = dcerpc_init_syntaxes(p, table, - &syntax, &transfer_syntax); - if (!NT_STATUS_IS_OK(c->status)) { - DEBUG(2,("Invalid uuid string in " - "dcerpc_bind_auth_none_send\n")); - composite_error(c, c->status); - return c; - } + c->status = dcerpc_init_syntaxes(p, table, + &p->syntax, + &p->transfer_syntax); + if (!NT_STATUS_IS_OK(c->status)) { + DEBUG(2,("Invalid uuid string in " + "dcerpc_bind_auth_none_send\n")); + composite_error(c, c->status); + return c; + } - p->pres = dcerpc_presentation_allocate(p, p->conn->conn, - table, &transfer_syntax); - if (composite_nomem(p->pres, c)) return c; + p->pres = dcerpc_presentation_allocate(p, p->conn->conn, + table, + &p->transfer_syntax); + if (composite_nomem(p->pres, c)) return c; + } else { + /* + * This code path with table == NULL is just for testing + * alter_context with the same context and syntax + */ + if (p->pres == NULL) { + composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX); + return c; + } + } call = dcerpc_call_allocate(c, p->conn->assoc, NULL, NULL); if (composite_nomem(call, c)) return c; @@ -153,11 +165,15 @@ static void bind_auth_recv_bindreply(struct tevent_req *subreq) struct composite_context *c = tevent_req_callback_data(subreq, struct composite_context); + struct bind_auth_state *state = talloc_get_type(c->private_data, + struct bind_auth_state); c->status = dcerpc_do_bind_recv(subreq); TALLOC_FREE(subreq); if (!composite_is_ok(c)) return; + state->pipe->conn->security_state.session_key = dcerpc_generic_session_key; + composite_done(c); } @@ -186,10 +202,10 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, { struct composite_context *c; struct bind_auth_state *state; - struct dcecli_security *sec; + struct dcecli_security *sec = &p->conn->security_state; + struct gensec_security *gensec; struct tevent_req *subreq; struct dcerpc_call *call; - struct ndr_syntax_id syntax, transfer_syntax; const char *target_principal = NULL; /* composite context allocation and setup */ @@ -202,15 +218,15 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, state->pipe = p; - if (p->conn->security_state.sec != NULL) { + if (sec->sec != NULL) { + /* + * security context multiplexing isn't implemented yet + */ composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX); return c; } - sec = &p->conn->security_state; - - c->status = gensec_client_start(p, &sec->generic_state, - gensec_settings); + c->status = gensec_client_start(p, &gensec, gensec_settings); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(c->status))); @@ -218,7 +234,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, return c; } - c->status = gensec_set_credentials(sec->generic_state, credentials); + c->status = gensec_set_credentials(gensec, credentials); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to set GENSEC client credentials: %s\n", nt_errstr(c->status))); @@ -226,8 +242,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, return c; } - c->status = gensec_set_target_hostname(sec->generic_state, - dcerpc_server_name(p)); + c->status = gensec_set_target_hostname(gensec, dcerpc_server_name(p)); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to set GENSEC target hostname: %s\n", nt_errstr(c->status))); @@ -236,8 +251,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, } if (service != NULL) { - c->status = gensec_set_target_service(sec->generic_state, - service); + c->status = gensec_set_target_service(gensec, service); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to set GENSEC target service: %s\n", nt_errstr(c->status))); @@ -251,7 +265,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, "target_principal"); } if (target_principal != NULL) { - c->status = gensec_set_target_principal(sec->generic_state, + c->status = gensec_set_target_principal(gensec, target_principal); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to set GENSEC target principal to %s: %s\n", @@ -261,11 +275,10 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, } } - c->status = gensec_start_mech_by_authtype(sec->generic_state, - auth_type, auth_level); + c->status = gensec_start_mech_by_authtype(gensec, auth_type, auth_level); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n", - gensec_get_name_by_authtype(sec->generic_state, auth_type), + gensec_get_name_by_authtype(gensec, auth_type), nt_errstr(c->status))); composite_error(c, c->status); return c; @@ -274,16 +287,16 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, sec->sec = dcerpc_security_allocate(p->conn, p->conn->conn, auth_type, auth_level, - &sec->generic_state); + &gensec); if (composite_nomem(sec->sec, c)) return c; c->status = dcerpc_init_syntaxes(p, table, - &syntax, - &transfer_syntax); + &p->syntax, + &p->transfer_syntax); if (!composite_is_ok(c)) return c; p->pres = dcerpc_presentation_allocate(p, p->conn->conn, - table, &transfer_syntax); + table, &p->transfer_syntax); if (composite_nomem(p->pres, c)) return c; call = dcerpc_call_allocate(c, p->conn->assoc, NULL, NULL); @@ -309,17 +322,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq) { NTSTATUS result = composite_wait(creq); - struct bind_auth_state *state = talloc_get_type(creq->private_data, - struct bind_auth_state); - if (NT_STATUS_IS_OK(result)) { - /* - after a successful authenticated bind the session - key reverts to the generic session key - */ - state->pipe->conn->security_state.session_key = dcerpc_generic_session_key; - } - talloc_free(creq); return result; } -- 2.34.1