s3:rpc_client: use cli_credentials based functions in cli_rpc_pipe_open_schannel()

This simplifies the code and allows the previous password to be passed
through the stack.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

1 files changed, 15 insertions, 53 deletions

diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
index 0825663100b..5e309fd8363 100644
--- a/source3/rpc_client/cli_pipe_schannel.c
+++ b/source3/rpc_client/cli_pipe_schannel.c
@@ -50,76 +50,38 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
 	const char *dc_name = smbXcli_conn_remote_name(cli->conn);
 	struct rpc_pipe_client *result = NULL;
 	NTSTATUS status;
+	struct cli_credentials *cli_creds = NULL;
 	struct netlogon_creds_cli_context *netlogon_creds = NULL;
-	struct netlogon_creds_CredentialState *creds = NULL;
-	uint32_t netlogon_flags = 0;
-	enum netr_SchannelType sec_chan_type = 0;
-	const char *_account_name = NULL;
-	const char *account_name = NULL;
-	struct samr_Password current_nt_hash;
-	struct samr_Password *previous_nt_hash = NULL;
-	bool ok;
 
-	ok = get_trust_pw_hash(domain,
-			       current_nt_hash.hash,
-			       &_account_name,
-			       &sec_chan_type);
-	if (!ok) {
-		TALLOC_FREE(frame);
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-	}
-
-	account_name = talloc_asprintf(frame, "%s$", _account_name);
-	if (account_name == NULL) {
-		SAFE_FREE(previous_nt_hash);
-		TALLOC_FREE(frame);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	status = rpccli_create_netlogon_creds(dc_name,
-					      domain,
-					      account_name,
-					      sec_chan_type,
-					      msg_ctx,
-					      frame,
-					      &netlogon_creds);
+	status = pdb_get_trust_credentials(domain, NULL,
+					   frame, &cli_creds);
 	if (!NT_STATUS_IS_OK(status)) {
-		SAFE_FREE(previous_nt_hash);
 		TALLOC_FREE(frame);
 		return status;
 	}
 
-	status = rpccli_setup_netlogon_creds(cli, transport,
-					     netlogon_creds,
-					     false, /* force_reauth */
-					     current_nt_hash,
-					     previous_nt_hash);
-	SAFE_FREE(previous_nt_hash);
+	status = rpccli_create_netlogon_creds_with_creds(cli_creds,
+							 dc_name,
+							 msg_ctx,
+							 frame,
+							 &netlogon_creds);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(frame);
 		return status;
 	}
 
-	status = netlogon_creds_cli_get(netlogon_creds,
-					frame,
-					&creds);
+	status = rpccli_setup_netlogon_creds_with_creds(cli, transport,
+					     netlogon_creds,
+					     false, /* force_reauth */
+					     cli_creds);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(frame);
 		return status;
 	}
-	netlogon_flags = creds->negotiate_flags;
-	TALLOC_FREE(creds);
-
-	if (!(netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
-		TALLOC_FREE(frame);
-		return NT_STATUS_DOWNGRADE_DETECTED;
-	}
-
-	status = cli_rpc_pipe_open_schannel_with_key(
-		cli, table, transport, domain,
-		netlogon_creds,
-		&result);
 
+	status = cli_rpc_pipe_open_schannel_with_creds(cli, table, transport,
+						       cli_creds, netlogon_creds,
+						       &result);
 	if (NT_STATUS_IS_OK(status)) {
 		*presult = result;
 		if (pcreds != NULL) {