s4:rpc_server: split out dcesrv_auth_prepare_gensec()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2018-11-08 16:36:13 +0100
committer: Jeremy Allison <jra@samba.org> 2019-01-12 03:13:37 +0100
commit: 2640f60e885335b47bc7a1d509c8b26ba95a86ed (patch)
tree: 188be9bad3e16b66025e0f58d0c0c9afb9897483 /source4
parent: e2a05c3ad8668ee723c71378ccf83a612f9cb255 (diff)
download: samba-2640f60e885335b47bc7a1d509c8b26ba95a86ed.tar.gz
1 files changed, 62 insertions, 54 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 23f3332ae4c..c58314b13f9 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -32,67 +32,14 @@
 #include "param/param.h"
 #include "librpc/rpc/rpc_common.h"
 
-/*
-  parse any auth information from a dcerpc bind request
-  return false if we can't handle the auth request for some 
-  reason (in which case we send a bind_nak)
-*/
-bool dcesrv_auth_bind(struct dcesrv_call_state *call)
+static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
 {
 	struct cli_credentials *server_credentials = NULL;
-	struct ncacn_packet *pkt = &call->pkt;
 	struct dcesrv_connection *dce_conn = call->conn;
 	struct dcesrv_auth *auth = call->auth_state;
 	bool want_header_signing = false;
 	NTSTATUS status;
 
-	if (pkt->auth_length == 0) {
-		enum dcerpc_transport_t transport =
-			dcerpc_binding_get_transport(call->conn->endpoint->ep_description);
-		const char *auth_type = derpc_transport_string_by_transport(transport);
-		const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
-		if (transport == NCACN_NP) {
-			transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB;
-		}
-		auth->auth_type = DCERPC_AUTH_TYPE_NONE;
-		auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
-		auth->auth_context_id = 0;
-
-		/*
-		 * Log the authorization to this RPC interface.  This
-		 * covered ncacn_np pass-through auth, and anonymous
-		 * DCE/RPC (eg epmapper, netlogon etc)
-		 */
-		log_successful_authz_event(call->conn->msg_ctx,
-					   call->conn->dce_ctx->lp_ctx,
-					   call->conn->remote_address,
-					   call->conn->local_address,
-					   "DCE/RPC",
-					   auth_type,
-					   transport_protection,
-					   auth->session_info);
-
-		return true;
-	}
-
-	status = dcerpc_pull_auth_trailer(pkt, call, &pkt->u.bind.auth_info,
-					  &call->in_auth_info,
-					  NULL, true);
-	if (!NT_STATUS_IS_OK(status)) {
-		/*
-		 * Setting DCERPC_AUTH_LEVEL_NONE,
-		 * gives the caller the reject_reason
-		 * as auth_context_id.
-		 *
-		 * Note: DCERPC_AUTH_LEVEL_NONE == 1
-		 */
-		auth->auth_type = DCERPC_AUTH_TYPE_NONE;
-		auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
-		auth->auth_context_id =
-			DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED;
-		return false;
-	}
-
 	switch (call->in_auth_info.auth_level) {
 	case DCERPC_AUTH_LEVEL_CONNECT:
 	case DCERPC_AUTH_LEVEL_CALL:
@@ -242,6 +189,67 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
 	return true;
 }
 
+/*
+  parse any auth information from a dcerpc bind request
+  return false if we can't handle the auth request for some
+  reason (in which case we send a bind_nak)
+*/
+bool dcesrv_auth_bind(struct dcesrv_call_state *call)
+{
+	struct ncacn_packet *pkt = &call->pkt;
+	struct dcesrv_auth *auth = call->auth_state;
+	NTSTATUS status;
+
+	if (pkt->auth_length == 0) {
+		enum dcerpc_transport_t transport =
+			dcerpc_binding_get_transport(call->conn->endpoint->ep_description);
+		const char *auth_type = derpc_transport_string_by_transport(transport);
+		const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
+		if (transport == NCACN_NP) {
+			transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB;
+		}
+		auth->auth_type = DCERPC_AUTH_TYPE_NONE;
+		auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
+		auth->auth_context_id = 0;
+
+		/*
+		 * Log the authorization to this RPC interface.  This
+		 * covered ncacn_np pass-through auth, and anonymous
+		 * DCE/RPC (eg epmapper, netlogon etc)
+		 */
+		log_successful_authz_event(call->conn->msg_ctx,
+					   call->conn->dce_ctx->lp_ctx,
+					   call->conn->remote_address,
+					   call->conn->local_address,
+					   "DCE/RPC",
+					   auth_type,
+					   transport_protection,
+					   auth->session_info);
+
+		return true;
+	}
+
+	status = dcerpc_pull_auth_trailer(pkt, call, &pkt->u.bind.auth_info,
+					  &call->in_auth_info,
+					  NULL, true);
+	if (!NT_STATUS_IS_OK(status)) {
+		/*
+		 * Setting DCERPC_AUTH_LEVEL_NONE,
+		 * gives the caller the reject_reason
+		 * as auth_context_id.
+		 *
+		 * Note: DCERPC_AUTH_LEVEL_NONE == 1
+		 */
+		auth->auth_type = DCERPC_AUTH_TYPE_NONE;
+		auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
+		auth->auth_context_id =
+			DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED;
+		return false;
+	}
+
+	return dcesrv_auth_prepare_gensec(call);
+}
+
 NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
 {
 	struct dcesrv_connection *dce_conn = call->conn;
author	Stefan Metzmacher <metze@samba.org>	2018-11-08 16:36:13 +0100
committer	Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +0100
commit	2640f60e885335b47bc7a1d509c8b26ba95a86ed (patch)
tree	188be9bad3e16b66025e0f58d0c0c9afb9897483 /source4
parent	e2a05c3ad8668ee723c71378ccf83a612f9cb255 (diff)
download	samba-2640f60e885335b47bc7a1d509c8b26ba95a86ed.tar.gz