summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2013-04-25 18:30:36 +0200
committerStefan Metzmacher <metze@samba.org>2013-08-10 09:18:55 +0200
commit3302356226cca474f0afab9a129220241c16663f (patch)
treee771c57e034d422fa0ea166958084ad515272327
parenteecb5bafba5b362d4fdf33d6a2a32e4ee56f30a4 (diff)
downloadsamba-3302356226cca474f0afab9a129220241c16663f.tar.gz
samba-3302356226cca474f0afab9a129220241c16663f.tar.bz2
samba-3302356226cca474f0afab9a129220241c16663f.zip
s3:rpc_client: remove netr_LogonGetCapabilities check from rpc_pipe_bind*
It's done in the caller now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source3/rpc_client/cli_pipe.c150
1 files changed, 1 insertions, 149 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index fc27f63144..25c7a44cea 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1542,15 +1542,9 @@ struct rpc_pipe_bind_state {
DATA_BLOB rpc_out;
bool auth3;
uint32_t rpc_call_id;
- struct netr_Authenticator auth;
- struct netr_Authenticator return_auth;
- struct netlogon_creds_CredentialState *creds;
- union netr_Capabilities capabilities;
- struct netr_LogonGetCapabilities r;
};
static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq);
-static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req);
static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
struct rpc_pipe_bind_state *state,
DATA_BLOB *credentials);
@@ -1653,14 +1647,11 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
case DCERPC_AUTH_TYPE_NONE:
case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
+ case DCERPC_AUTH_TYPE_SCHANNEL:
/* Bind complete. */
tevent_req_done(req);
return;
- case DCERPC_AUTH_TYPE_SCHANNEL:
- rpc_pipe_bind_step_two_trigger(req);
- return;
-
case DCERPC_AUTH_TYPE_NTLMSSP:
case DCERPC_AUTH_TYPE_SPNEGO:
case DCERPC_AUTH_TYPE_KRB5:
@@ -1737,145 +1728,6 @@ err_out:
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
}
-static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq);
-
-static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req)
-{
- struct rpc_pipe_bind_state *state =
- tevent_req_data(req,
- struct rpc_pipe_bind_state);
- struct dcerpc_binding_handle *b = state->cli->binding_handle;
- struct schannel_state *schannel_auth =
- talloc_get_type_abort(state->cli->auth->auth_ctx,
- struct schannel_state);
- struct tevent_req *subreq;
-
- if (schannel_auth == NULL ||
- !ndr_syntax_id_equal(&state->cli->abstract_syntax,
- &ndr_table_netlogon.syntax_id)) {
- tevent_req_done(req);
- return;
- }
-
- ZERO_STRUCT(state->return_auth);
-
- state->creds = netlogon_creds_copy(state, schannel_auth->creds);
- if (state->creds == NULL) {
- tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
- return;
- }
-
- netlogon_creds_client_authenticator(state->creds, &state->auth);
-
- state->r.in.server_name = state->cli->srv_name_slash;
- state->r.in.computer_name = state->creds->computer_name;
- state->r.in.credential = &state->auth;
- state->r.in.query_level = 1;
- state->r.in.return_authenticator = &state->return_auth;
-
- state->r.out.capabilities = &state->capabilities;
- state->r.out.return_authenticator = &state->return_auth;
-
- subreq = dcerpc_netr_LogonGetCapabilities_r_send(talloc_tos(),
- state->ev,
- b,
- &state->r);
- if (subreq == NULL) {
- tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
- return;
- }
-
- tevent_req_set_callback(subreq, rpc_pipe_bind_step_two_done, req);
- return;
-}
-
-static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
-{
- struct tevent_req *req =
- tevent_req_callback_data(subreq,
- struct tevent_req);
- struct rpc_pipe_bind_state *state =
- tevent_req_data(req,
- struct rpc_pipe_bind_state);
- NTSTATUS status;
-
- status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
- TALLOC_FREE(subreq);
- if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
- if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
- DEBUG(5, ("AES is not supported and the error was %s\n",
- nt_errstr(status)));
- tevent_req_nterror(req,
- NT_STATUS_INVALID_NETWORK_RESPONSE);
- return;
- }
-
- /* This is probably NT */
- DEBUG(5, ("We are checking against an NT - %s\n",
- nt_errstr(status)));
- tevent_req_done(req);
- return;
- } else if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
- nt_errstr(status)));
- tevent_req_nterror(req, status);
- return;
- }
-
- if (NT_STATUS_EQUAL(state->r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
- if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
- /* This means AES isn't supported. */
- DEBUG(5, ("AES is not supported and the error was %s\n",
- nt_errstr(state->r.out.result)));
- tevent_req_nterror(req,
- NT_STATUS_INVALID_NETWORK_RESPONSE);
- return;
- }
-
- /* This is probably an old Samba version */
- DEBUG(5, ("We are checking against an old Samba version - %s\n",
- nt_errstr(state->r.out.result)));
- tevent_req_done(req);
- return;
- }
-
- /* We need to check the credential state here, cause win2k3 and earlier
- * returns NT_STATUS_NOT_IMPLEMENTED */
- if (!netlogon_creds_client_check(state->creds,
- &state->r.out.return_authenticator->cred)) {
- /*
- * Server replied with bad credential. Fail.
- */
- DEBUG(0,("rpc_pipe_bind_step_two_done: server %s "
- "replied with bad credential\n",
- state->cli->desthost));
- tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
- return;
- }
-
- if (!NT_STATUS_IS_OK(state->r.out.result)) {
- DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
- nt_errstr(state->r.out.result)));
- tevent_req_nterror(req, state->r.out.result);
- return;
- }
-
- if (!(state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) {
- DEBUG(0, ("netr_LogonGetCapabilities is supported by %s, "
- "but AES was not negotiated - downgrade detected",
- state->cli->desthost));
- tevent_req_nterror(req,
- NT_STATUS_INVALID_NETWORK_RESPONSE);
- return;
- }
-
- TALLOC_FREE(state->cli->dc);
- state->cli->dc = talloc_move(state->cli, &state->creds);
-
- tevent_req_done(req);
- return;
-}
-
static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
struct rpc_pipe_bind_state *state,
DATA_BLOB *auth_token)