From 7541a0103ad22000e94ffc6d057ffd5d33d1a930 Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Tue, 24 Jun 2008 10:34:16 +0200
Subject: [PATCH] net: add basic support for sealed RPC connections (using
 NET_FLAGS_SEAL).

Guenther
---
 source/utils/net.h     |  2 ++
 source/utils/net_rpc.c | 11 ++++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/source/utils/net.h b/source/utils/net.h
index aa4f3dbb6d3..941172a8c18 100644
--- a/source/utils/net.h
+++ b/source/utils/net.h
@@ -141,6 +141,8 @@ enum netdom_domain_t { ND_TYPE_NT4, ND_TYPE_AD };
 #define NET_FLAGS_PDC 				0x00000008	/* PDC only */
 #define NET_FLAGS_ANONYMOUS 			0x00000010	/* use an anonymous connection */
 #define NET_FLAGS_NO_PIPE 			0x00000020	/* don't open an RPC pipe */
+#define NET_FLAGS_SIGN				0x00000040	/* sign RPC connection */
+#define NET_FLAGS_SEAL				0x00000080	/* seal RPC connection */
 
 /* net share operation modes */
 #define NET_MODE_SHARE_MIGRATE 1
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index 19566bdf09c..08b68f012a8 100644
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -165,7 +165,16 @@ int run_rpc_command(struct net_context *c,
 				return -1;
 			}
 		} else {
-			pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx, &nt_status);
+			if (conn_flags & NET_FLAGS_SEAL) {
+				pipe_hnd = cli_rpc_pipe_open_ntlmssp(cli, pipe_idx,
+								     PIPE_AUTH_LEVEL_PRIVACY,
+								     lp_workgroup(),
+								     c->opt_user_name,
+								     c->opt_password,
+								     &nt_status);
+			} else {
+				pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx, &nt_status);
+			}
 			if (!pipe_hnd) {
 				DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
 					cli_get_pipe_name(pipe_idx),
-- 
2.47.3