From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 9 Aug 2023 13:29:29 +0000 (+0200)
Subject: librpc/rpc: add dcesrv_register_default_auth_types[_machine_principal]() helpers
X-Git-Tag: talloc-2.4.2~1263
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2ba5016e4b496a8f123fe91403cf178f7930d43e;p=thirdparty%2Fsamba.git

librpc/rpc: add dcesrv_register_default_auth_types[_machine_principal]() helpers

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 8a2707912c5..ee0ac2ce7ad 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -213,6 +213,64 @@ _PUBLIC_ const char *dcesrv_auth_type_principal_find(struct dcesrv_context *dce_
 	return NULL;
 }
 
+_PUBLIC_ NTSTATUS dcesrv_register_default_auth_types(struct dcesrv_context *dce_ctx,
+						     const char *principal)
+{
+	const char *realm = lpcfg_realm(dce_ctx->lp_ctx);
+	NTSTATUS status;
+
+	status = dcesrv_auth_type_principal_register(dce_ctx,
+						     DCERPC_AUTH_TYPE_NTLMSSP,
+						     principal);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	status = dcesrv_auth_type_principal_register(dce_ctx,
+						     DCERPC_AUTH_TYPE_SPNEGO,
+						     principal);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (realm == NULL || realm[0] == '\0') {
+		return NT_STATUS_OK;
+	}
+
+	status = dcesrv_auth_type_principal_register(dce_ctx,
+						     DCERPC_AUTH_TYPE_KRB5,
+						     principal);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS dcesrv_register_default_auth_types_machine_principal(struct dcesrv_context *dce_ctx)
+{
+	const char *realm = lpcfg_realm(dce_ctx->lp_ctx);
+	const char *nb = lpcfg_netbios_name(dce_ctx->lp_ctx);
+	char *principal = NULL;
+	NTSTATUS status;
+
+	if (realm == NULL || realm[0] == '\0') {
+		return dcesrv_register_default_auth_types(dce_ctx, "");
+	}
+
+	principal = talloc_asprintf(talloc_tos(), "%s$@%s", nb, realm);
+	if (principal == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = dcesrv_register_default_auth_types(dce_ctx, principal);
+	TALLOC_FREE(principal);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
 /*
   register an interface on an endpoint
 
diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h
index 3ec9f32c93d..64b8953bec2 100644
--- a/librpc/rpc/dcesrv_core.h
+++ b/librpc/rpc/dcesrv_core.h
@@ -475,6 +475,9 @@ NTSTATUS dcesrv_auth_type_principal_register(struct dcesrv_context *dce_ctx,
 					     const char *principal_name);
 const char *dcesrv_auth_type_principal_find(struct dcesrv_context *dce_ctx,
 					    enum dcerpc_AuthType auth_type);
+NTSTATUS dcesrv_register_default_auth_types(struct dcesrv_context *dce_ctx,
+					    const char *principal);
+NTSTATUS dcesrv_register_default_auth_types_machine_principal(struct dcesrv_context *dce_ctx);
 NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
 				   const char *ep_name,
 				   const char *ncacn_np_secondary_endpoint,