summaryrefslogtreecommitdiffstats
path: root/source4
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2014-09-21 09:20:26 +0200
committerStefan Metzmacher <metze@samba.org>2014-09-23 01:34:05 +0200
commitf65c1f0e2f6a8c23a94003f61b0b98d963b2424b (patch)
treef2cecce7bcc0f1318bf20176321a0adb6c960fbe /source4
parent3b18dea1310cfe9e9b4ec0f2b3b5b14ac4771c83 (diff)
downloadsamba-f65c1f0e2f6a8c23a94003f61b0b98d963b2424b.tar.gz
samba-f65c1f0e2f6a8c23a94003f61b0b98d963b2424b.tar.xz
samba-f65c1f0e2f6a8c23a94003f61b0b98d963b2424b.zip
s4:librpc: use authenticated epmapping for ncacn_http
We need to authenticate against the RpcProxy. In future we could have a way to specify alternative credentials for the RpcProxy and HttpProxy. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 23 01:34:05 CEST 2014 on sn-devel-104
Diffstat (limited to 'source4')
-rw-r--r--source4/libnet/libnet_rpc.c10
-rw-r--r--source4/librpc/rpc/dcerpc_connect.c12
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c7
-rw-r--r--source4/librpc/rpc/dcerpc_util.c20
4 files changed, 38 insertions, 11 deletions
diff --git a/source4/libnet/libnet_rpc.c b/source4/libnet/libnet_rpc.c
index 19838d4fe3..ec1931795b 100644
--- a/source4/libnet/libnet_rpc.c
+++ b/source4/libnet/libnet_rpc.c
@@ -25,7 +25,7 @@
#include "librpc/rpc/dcerpc_proto.h"
#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "librpc/gen_ndr/ndr_samr.h"
-
+#include "auth/credentials/credentials.h"
struct rpc_connect_srv_state {
struct libnet_context *ctx;
@@ -783,13 +783,19 @@ static void continue_epm_map_binding_send(struct composite_context *c)
{
struct rpc_connect_dci_state *s;
struct composite_context *epm_map_req;
+ struct cli_credentials *epm_creds = NULL;
+
s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
/* prepare to get endpoint mapping for the requested interface */
s->final_binding = dcerpc_binding_dup(s, s->lsa_pipe->binding);
if (composite_nomem(s->final_binding, c)) return;
-
+
+ epm_creds = cli_credentials_init_anon(s);
+ if (composite_nomem(epm_creds, c)) return;
+
epm_map_req = dcerpc_epm_map_binding_send(c, s->final_binding, s->r.in.dcerpc_iface,
+ epm_creds,
s->ctx->event_ctx, s->ctx->lp_ctx);
if (composite_nomem(epm_map_req, c)) return;
diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c
index fe3a0c8a62..9c5dbebcc1 100644
--- a/source4/librpc/rpc/dcerpc_connect.c
+++ b/source4/librpc/rpc/dcerpc_connect.c
@@ -1005,6 +1005,7 @@ _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent
struct pipe_connect_state *s;
enum dcerpc_transport_t transport;
const char *endpoint = NULL;
+ struct cli_credentials *epm_creds = NULL;
/* composite context allocation and setup */
c = composite_create(parent_ctx, ev);
@@ -1042,9 +1043,17 @@ _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent
switch (transport) {
case NCACN_NP:
case NCACN_IP_TCP:
- case NCACN_HTTP:
case NCALRPC:
endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+
+ /* anonymous credentials for rpc connection used to get endpoint mapping */
+ epm_creds = cli_credentials_init_anon(s);
+ if (composite_nomem(epm_creds, c)) return c;
+
+ break;
+ case NCACN_HTTP:
+ endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+ epm_creds = credentials;
break;
default:
break;
@@ -1054,6 +1063,7 @@ _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent
struct composite_context *binding_req;
binding_req = dcerpc_epm_map_binding_send(c, s->binding, s->table,
+ epm_creds,
s->pipe->conn->event_ctx,
s->lp_ctx);
composite_continue(c, binding_req, continue_map_binding, c);
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 9ce36774da..9ff39ebd2d 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -312,7 +312,8 @@ static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
struct schannel_key_state *s;
struct composite_context *epm_map_req;
enum netr_SchannelType schannel_type = cli_credentials_get_secure_channel_type(credentials);
-
+ struct cli_credentials *epm_creds = NULL;
+
/* composite context allocation and setup */
c = composite_create(mem_ctx, p->conn->event_ctx);
if (c == NULL) return NULL;
@@ -345,6 +346,9 @@ static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
s->local_negotiate_flags |= NETLOGON_NEG_RODC_PASSTHROUGH;
}
+ epm_creds = cli_credentials_init_anon(s);
+ if (composite_nomem(epm_creds, c)) return c;
+
/* allocate binding structure */
s->binding = dcerpc_binding_dup(s, s->pipe->binding);
if (composite_nomem(s->binding, c)) return c;
@@ -352,6 +356,7 @@ static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
/* request the netlogon endpoint mapping */
epm_map_req = dcerpc_epm_map_binding_send(c, s->binding,
&ndr_table_netlogon,
+ epm_creds,
s->pipe->conn->event_ctx,
lp_ctx);
if (composite_nomem(epm_map_req, c)) return c;
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index a9eaccb70b..de960b246b 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -222,13 +222,13 @@ static void continue_epm_map(struct tevent_req *subreq)
struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx,
struct dcerpc_binding *binding,
const struct ndr_interface_table *table,
+ struct cli_credentials *creds,
struct tevent_context *ev,
struct loadparm_context *lp_ctx)
{
struct composite_context *c;
struct epm_map_binding_state *s;
struct composite_context *pipe_connect_req;
- struct cli_credentials *anon_creds;
NTSTATUS status;
struct dcerpc_binding *epmapper_binding;
int i;
@@ -308,10 +308,6 @@ struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx,
return c;
}
- /* anonymous credentials for rpc connection used to get endpoint mapping */
- anon_creds = cli_credentials_init_anon(s);
- if (composite_nomem(anon_creds, c)) return c;
-
epmapper_binding = dcerpc_binding_dup(s, binding);
if (composite_nomem(epmapper_binding, c)) return c;
@@ -337,7 +333,7 @@ struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx,
/* initiate rpc pipe connection */
pipe_connect_req = dcerpc_pipe_connect_b_send(s, epmapper_binding,
&ndr_table_epmapper,
- anon_creds, c->event_ctx,
+ creds, c->event_ctx,
lp_ctx);
if (composite_nomem(pipe_connect_req, c)) return c;
@@ -366,8 +362,18 @@ _PUBLIC_ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_bind
struct loadparm_context *lp_ctx)
{
struct composite_context *c;
+ struct cli_credentials *epm_creds;
- c = dcerpc_epm_map_binding_send(mem_ctx, binding, table, ev, lp_ctx);
+ epm_creds = cli_credentials_init_anon(mem_ctx);
+ if (epm_creds == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ c = dcerpc_epm_map_binding_send(mem_ctx, binding, table, epm_creds, ev, lp_ctx);
+ if (c == NULL) {
+ talloc_free(epm_creds);
+ return NT_STATUS_NO_MEMORY;
+ }
+ talloc_steal(c, epm_creds);
return dcerpc_epm_map_binding_recv(c);
}