From 2ed1789e4d8ac09ed78e5ecccf0eb97d1dfa8f65 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 23 Apr 2014 14:35:15 +0200 Subject: [PATCH] s3:rpc_client: pass everything to gensec by default Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/librpc/rpc/dcerpc_helpers.c | 31 ++++++----------- source3/rpc_client/cli_pipe.c | 66 +++++++++++-------------------------- 2 files changed, 29 insertions(+), 68 deletions(-) diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index 2400bfd5669..f95f46670ee 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -382,6 +382,10 @@ static NTSTATUS get_generic_auth_footer(struct gensec_security *gensec_security, DATA_BLOB *data, DATA_BLOB *full_pkt, DATA_BLOB *auth_token) { + if (gensec_security == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } + switch (auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ @@ -466,19 +470,13 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: status = NT_STATUS_OK; break; - case DCERPC_AUTH_TYPE_SPNEGO: - case DCERPC_AUTH_TYPE_KRB5: - case DCERPC_AUTH_TYPE_NTLMSSP: - case DCERPC_AUTH_TYPE_SCHANNEL: - gensec_security = talloc_get_type_abort(auth->auth_ctx, - struct gensec_security); + default: + gensec_security = talloc_get_type(auth->auth_ctx, + struct gensec_security); status = add_generic_auth_footer(gensec_security, auth->auth_level, rpc_out); break; - default: - status = NT_STATUS_INVALID_PARAMETER; - break; } return status; @@ -569,15 +567,11 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: return NT_STATUS_OK; - case DCERPC_AUTH_TYPE_SPNEGO: - case DCERPC_AUTH_TYPE_KRB5: - case DCERPC_AUTH_TYPE_NTLMSSP: - case DCERPC_AUTH_TYPE_SCHANNEL: - + default: DEBUG(10, ("GENSEC auth\n")); - gensec_security = talloc_get_type_abort(auth->auth_ctx, - struct gensec_security); + gensec_security = talloc_get_type(auth->auth_ctx, + struct gensec_security); status = get_generic_auth_footer(gensec_security, auth->auth_level, &data, &full_pkt, @@ -586,11 +580,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, return status; } break; - default: - DEBUG(0, ("process_request_pdu: " - "unknown auth type %u set.\n", - (unsigned int)auth->auth_type)); - return NT_STATUS_INVALID_PARAMETER; } /* TODO: remove later diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index cd783f25689..245f3fbeae3 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1104,18 +1104,7 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx, NTSTATUS ret = NT_STATUS_OK; switch (auth->auth_type) { - case DCERPC_AUTH_TYPE_SCHANNEL: - case DCERPC_AUTH_TYPE_NTLMSSP: - case DCERPC_AUTH_TYPE_KRB5: - case DCERPC_AUTH_TYPE_SPNEGO: - ret = create_generic_auth_rpc_bind_req(cli, mem_ctx, - &auth_token, - &auth->client_hdr_signing); - - if (!NT_STATUS_IS_OK(ret) && - !NT_STATUS_EQUAL(ret, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - return ret; - } + case DCERPC_AUTH_TYPE_NONE: break; case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: @@ -1124,12 +1113,16 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx, 18); break; - case DCERPC_AUTH_TYPE_NONE: - break; - default: - /* "Can't" happen. */ - return NT_STATUS_INVALID_INFO_CLASS; + ret = create_generic_auth_rpc_bind_req(cli, mem_ctx, + &auth_token, + &auth->client_hdr_signing); + + if (!NT_STATUS_IS_OK(ret) && + !NT_STATUS_EQUAL(ret, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + return ret; + } + break; } if (auth_token.length != 0) { @@ -1841,10 +1834,7 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) tevent_req_done(req); return; - case DCERPC_AUTH_TYPE_SCHANNEL: - case DCERPC_AUTH_TYPE_NTLMSSP: - case DCERPC_AUTH_TYPE_SPNEGO: - case DCERPC_AUTH_TYPE_KRB5: + default: /* Paranoid lenght checks */ if (pkt->frag_length < DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length) { @@ -1863,9 +1853,6 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) return; } break; - - default: - goto err_out; } /* @@ -1880,10 +1867,7 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) tevent_req_done(req); return; - case DCERPC_AUTH_TYPE_SCHANNEL: - case DCERPC_AUTH_TYPE_NTLMSSP: - case DCERPC_AUTH_TYPE_KRB5: - case DCERPC_AUTH_TYPE_SPNEGO: + default: gensec_security = talloc_get_type_abort(pauth->auth_ctx, struct gensec_security); @@ -1911,20 +1895,12 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) &auth_token); } break; - - default: - goto err_out; } if (!NT_STATUS_IS_OK(status)) { tevent_req_nterror(req, status); } return; - -err_out: - DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n", - (unsigned int)state->cli->auth->auth_type)); - tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); } static NTSTATUS rpc_bind_next_send(struct tevent_req *req, @@ -3210,17 +3186,6 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, } switch (cli->auth->auth_type) { - case DCERPC_AUTH_TYPE_SPNEGO: - case DCERPC_AUTH_TYPE_NTLMSSP: - case DCERPC_AUTH_TYPE_KRB5: - gensec_security = talloc_get_type_abort(a->auth_ctx, - struct gensec_security); - status = gensec_session_key(gensec_security, mem_ctx, &sk); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - make_dup = false; - break; case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: case DCERPC_AUTH_TYPE_NONE: sk = data_blob_const(a->transport_session_key.data, @@ -3228,6 +3193,13 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, make_dup = true; break; default: + gensec_security = talloc_get_type(a->auth_ctx, + struct gensec_security); + status = gensec_session_key(gensec_security, mem_ctx, &sk); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + make_dup = false; break; } -- 2.11.4.GIT