summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2014-12-17 09:19:49 +0000
committerStefan Metzmacher <metze@samba.org>2014-12-19 13:15:13 +0100
commitfb42b02c9f75804bc471c1f88fbda28865d9f01e (patch)
tree5d01849d1a3f7fe8e1426f84bf1fa6b41bc3150a /source3/rpc_client
parent995cf54b3177cd92b1bce5f34df134122a0200de (diff)
downloadsamba-fb42b02c9f75804bc471c1f88fbda28865d9f01e.tar.gz
s3:rpc_client: add cli_rpc_pipe_open_schannel_with_creds() helper function
This will simplify the callers and add potential support for SEC_CHAN_DNS_DOMAIN as cli_credentials_get_realm() will return the correct value compared to cli_credentials_get_domain(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_pipe.c86
-rw-r--r--source3/rpc_client/cli_pipe.h7
2 files changed, 93 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index fcb8b61751c..db283060148 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3210,6 +3210,92 @@ done:
return NT_STATUS_OK;
}
+NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
+ const struct ndr_interface_table *table,
+ enum dcerpc_transport_t transport,
+ struct cli_credentials *cli_creds,
+ struct netlogon_creds_cli_context *netlogon_creds,
+ struct rpc_pipe_client **_rpccli)
+{
+ struct rpc_pipe_client *rpccli;
+ struct pipe_auth_data *rpcauth;
+ const char *target_service = table->authservices->names[0];
+ struct netlogon_creds_CredentialState *ncreds = NULL;
+ enum dcerpc_AuthLevel auth_level;
+ NTSTATUS status;
+ int rpc_pipe_bind_dbglvl = 0;
+
+ status = cli_rpc_pipe_open(cli, transport, table, &rpccli);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = netlogon_creds_cli_lock(netlogon_creds, rpccli, &ncreds);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("netlogon_creds_cli_get returned %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(rpccli);
+ return status;
+ }
+
+ auth_level = netlogon_creds_cli_auth_level(netlogon_creds);
+
+ cli_credentials_set_netlogon_creds(cli_creds, ncreds);
+
+ status = rpccli_generic_bind_data_from_creds(rpccli,
+ DCERPC_AUTH_TYPE_SCHANNEL,
+ auth_level,
+ rpccli->desthost,
+ target_service,
+ cli_creds,
+ &rpcauth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("rpccli_generic_bind_data_from_creds returned %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(rpccli);
+ return status;
+ }
+
+ status = rpc_pipe_bind(rpccli, rpcauth);
+ cli_credentials_set_netlogon_creds(cli_creds, NULL);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+ rpc_pipe_bind_dbglvl = 1;
+ netlogon_creds_cli_delete(netlogon_creds, &ncreds);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(rpc_pipe_bind_dbglvl,
+ ("%s: rpc_pipe_bind failed with error %s\n",
+ __func__, nt_errstr(status)));
+ TALLOC_FREE(rpccli);
+ return status;
+ }
+
+ TALLOC_FREE(ncreds);
+
+ if (!ndr_syntax_id_equal(&table->syntax_id, &ndr_table_netlogon.syntax_id)) {
+ goto done;
+ }
+
+ status = netlogon_creds_cli_check(netlogon_creds,
+ rpccli->binding_handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("netlogon_creds_cli_check failed with %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(rpccli);
+ return status;
+ }
+
+
+done:
+ DEBUG(10,("%s: opened pipe %s to machine %s "
+ "for domain %s and bound using schannel.\n",
+ __func__, table->name,
+ rpccli->desthost, cli_credentials_get_domain(cli_creds)));
+
+ *_rpccli = rpccli;
+ return NT_STATUS_OK;
+}
+
NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *cli,
DATA_BLOB *session_key)
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 0c1e6921380..16946c5e206 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -106,6 +106,13 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
struct netlogon_creds_cli_context *netlogon_creds,
struct rpc_pipe_client **presult);
+NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
+ const struct ndr_interface_table *table,
+ enum dcerpc_transport_t transport,
+ struct cli_credentials *cli_creds,
+ struct netlogon_creds_cli_context *netlogon_creds,
+ struct rpc_pipe_client **_rpccli);
+
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
struct messaging_context *msg_ctx,
const struct ndr_interface_table *table,