diff options
author | Andrew Bartlett <abartlet@samba.org> | 2014-09-22 20:47:57 -0700 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2014-10-08 03:36:52 +0200 |
commit | 6f97237edb5f0a54546f39b500afca2b5c1fd9c9 (patch) | |
tree | 56f31943566167ce0e26c1b98c2d8b3caa1ffddb | |
parent | 8166ecaaa06a7febc9697ca4f97a3d61aa02d5c1 (diff) | |
download | samba-6f97237edb5f0a54546f39b500afca2b5c1fd9c9.tar.gz |
s3-rpc_client: Migrate to cli_rpc_pipe_open_generic_auth and remove cli_rpc_pipe_open_spnego
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 8 03:36:52 CEST 2014 on sn-devel-104
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 54 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.h | 11 | ||||
-rw-r--r-- | source3/rpcclient/rpcclient.c | 19 | ||||
-rw-r--r-- | source3/winbindd/winbindd_cm.c | 24 |
4 files changed, 16 insertions, 92 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 449ebbd747c..43ce719f4cc 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -3094,60 +3094,6 @@ done: return NT_STATUS_OK; } -NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli, - const struct ndr_interface_table *table, - enum dcerpc_transport_t transport, - enum credentials_use_kerberos use_kerberos, - enum dcerpc_AuthLevel auth_level, - const char *server, - const char *domain, - const char *username, - const char *password, - struct rpc_pipe_client **presult) -{ - struct rpc_pipe_client *result; - struct pipe_auth_data *auth = NULL; - const char *target_service = table->authservices->names[0]; - - NTSTATUS status; - - status = cli_rpc_pipe_open(cli, transport, table, &result); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - status = rpccli_generic_bind_data(result, - DCERPC_AUTH_TYPE_SPNEGO, auth_level, - server, target_service, - domain, username, password, - use_kerberos, NULL, - &auth); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("rpccli_generic_bind_data returned %s\n", - nt_errstr(status))); - goto err; - } - - status = rpc_pipe_bind(result, auth); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("cli_rpc_pipe_open_spnego: cli_rpc_pipe_bind failed with error %s\n", - nt_errstr(status) )); - goto err; - } - - DEBUG(10,("cli_rpc_pipe_open_spnego: opened pipe %s to " - "machine %s.\n", table->name, - result->desthost)); - - *presult = result; - return NT_STATUS_OK; - - err: - - TALLOC_FREE(result); - return status; -} - NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *cli, DATA_BLOB *session_key) diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index e697e3f8c63..34e79d1fa22 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -84,17 +84,6 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli, const char *password, struct rpc_pipe_client **presult); -NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli, - const struct ndr_interface_table *table, - enum dcerpc_transport_t transport, - enum credentials_use_kerberos use_kerberos, - enum dcerpc_AuthLevel auth_level, - const char *server, - const char *domain, - const char *username, - const char *password, - struct rpc_pipe_client **presult); - NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, const struct ndr_interface_table *table, enum dcerpc_transport_t transport, diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 1b26e643dd9..7b190c15e1d 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -693,6 +693,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, /* Open pipe */ if ((cmd_entry->table != NULL) && (cmd_entry->rpc_pipe == NULL)) { + enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS; switch (pipe_default_auth_type) { case DCERPC_AUTH_TYPE_NONE: ntresult = cli_rpc_pipe_open_noauth_transport( @@ -701,9 +702,6 @@ static NTSTATUS do_cmd(struct cli_state *cli, &cmd_entry->rpc_pipe); break; case DCERPC_AUTH_TYPE_SPNEGO: - { - enum credentials_use_kerberos use_kerberos; - switch (pipe_default_auth_spnego_type) { case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: use_kerberos = CRED_DONT_USE_KERBEROS; @@ -715,24 +713,13 @@ static NTSTATUS do_cmd(struct cli_state *cli, use_kerberos = CRED_AUTO_USE_KERBEROS; break; } - ntresult = cli_rpc_pipe_open_spnego( - cli, cmd_entry->table, - default_transport, - use_kerberos, - pipe_default_auth_level, - smbXcli_conn_remote_name(cli->conn), - get_cmdline_auth_info_domain(auth_info), - get_cmdline_auth_info_username(auth_info), - get_cmdline_auth_info_password(auth_info), - &cmd_entry->rpc_pipe); - break; - } + /* Fall through */ case DCERPC_AUTH_TYPE_NTLMSSP: case DCERPC_AUTH_TYPE_KRB5: ntresult = cli_rpc_pipe_open_generic_auth( cli, cmd_entry->table, default_transport, - CRED_AUTO_USE_KERBEROS, + use_kerberos, pipe_default_auth_type, pipe_default_auth_level, smbXcli_conn_remote_name(cli->conn), diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index e71b79398e2..96c45775628 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2567,16 +2567,17 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, /* We have an authenticated connection. Use a NTLMSSP SPNEGO authenticated SAMR pipe with sign & seal. */ - status = cli_rpc_pipe_open_spnego(conn->cli, - &ndr_table_samr, - NCACN_NP, - CRED_DONT_USE_KERBEROS, - conn->auth_level, - smbXcli_conn_remote_name(conn->cli->conn), - domain_name, - machine_account, - machine_password, - &conn->samr_pipe); + status = cli_rpc_pipe_open_generic_auth(conn->cli, + &ndr_table_samr, + NCACN_NP, + CRED_DONT_USE_KERBEROS, + DCERPC_AUTH_TYPE_SPNEGO, + conn->auth_level, + smbXcli_conn_remote_name(conn->cli->conn), + domain_name, + machine_account, + machine_password, + &conn->samr_pipe); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("cm_connect_sam: failed to connect to SAMR " @@ -2814,9 +2815,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, /* We have an authenticated connection. Use a NTLMSSP SPNEGO * authenticated LSA pipe with sign & seal. */ - result = cli_rpc_pipe_open_spnego + result = cli_rpc_pipe_open_generic_auth (conn->cli, &ndr_table_lsarpc, NCACN_NP, CRED_DONT_USE_KERBEROS, + DCERPC_AUTH_TYPE_SPNEGO, conn->auth_level, smbXcli_conn_remote_name(conn->cli->conn), conn->cli->domain, conn->cli->user_name, conn->cli->password, |