s3:rpc_client: remove netr_LogonGetCapabilities check from rpc_pipe_bind*

It's done in the caller now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 1 insertions, 149 deletions

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index fc27f63144..25c7a44cea 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1542,15 +1542,9 @@ struct rpc_pipe_bind_state {
 	DATA_BLOB rpc_out;
 	bool auth3;
 	uint32_t rpc_call_id;
-	struct netr_Authenticator auth;
-	struct netr_Authenticator return_auth;
-	struct netlogon_creds_CredentialState *creds;
-	union netr_Capabilities capabilities;
-	struct netr_LogonGetCapabilities r;
 };
 
 static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq);
-static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req);
 static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
 				   struct rpc_pipe_bind_state *state,
 				   DATA_BLOB *credentials);
@@ -1653,14 +1647,11 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
 
 	case DCERPC_AUTH_TYPE_NONE:
 	case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
+	case DCERPC_AUTH_TYPE_SCHANNEL:
 		/* Bind complete. */
 		tevent_req_done(req);
 		return;
 
-	case DCERPC_AUTH_TYPE_SCHANNEL:
-		rpc_pipe_bind_step_two_trigger(req);
-		return;
-
 	case DCERPC_AUTH_TYPE_NTLMSSP:
 	case DCERPC_AUTH_TYPE_SPNEGO:
 	case DCERPC_AUTH_TYPE_KRB5:
@@ -1737,145 +1728,6 @@ err_out:
 	tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
 }
 
-static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq);
-
-static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req)
-{
-	struct rpc_pipe_bind_state *state =
-		tevent_req_data(req,
-				struct rpc_pipe_bind_state);
-	struct dcerpc_binding_handle *b = state->cli->binding_handle;
-	struct schannel_state *schannel_auth =
-		talloc_get_type_abort(state->cli->auth->auth_ctx,
-				      struct schannel_state);
-	struct tevent_req *subreq;
-
-	if (schannel_auth == NULL ||
-	    !ndr_syntax_id_equal(&state->cli->abstract_syntax,
-				 &ndr_table_netlogon.syntax_id)) {
-		tevent_req_done(req);
-		return;
-	}
-
-	ZERO_STRUCT(state->return_auth);
-
-	state->creds = netlogon_creds_copy(state, schannel_auth->creds);
-	if (state->creds == NULL) {
-		tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
-		return;
-	}
-
-	netlogon_creds_client_authenticator(state->creds, &state->auth);
-
-	state->r.in.server_name = state->cli->srv_name_slash;
-	state->r.in.computer_name = state->creds->computer_name;
-	state->r.in.credential = &state->auth;
-	state->r.in.query_level = 1;
-	state->r.in.return_authenticator = &state->return_auth;
-
-	state->r.out.capabilities = &state->capabilities;
-	state->r.out.return_authenticator = &state->return_auth;
-
-	subreq = dcerpc_netr_LogonGetCapabilities_r_send(talloc_tos(),
-							 state->ev,
-							 b,
-							 &state->r);
-	if (subreq == NULL) {
-		tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
-		return;
-	}
-
-	tevent_req_set_callback(subreq, rpc_pipe_bind_step_two_done, req);
-	return;
-}
-
-static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
-{
-	struct tevent_req *req =
-		tevent_req_callback_data(subreq,
-					 struct tevent_req);
-	struct rpc_pipe_bind_state *state =
-		tevent_req_data(req,
-				struct rpc_pipe_bind_state);
-	NTSTATUS status;
-
-	status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
-	TALLOC_FREE(subreq);
-	if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
-		if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-			DEBUG(5, ("AES is not supported and the error was %s\n",
-				  nt_errstr(status)));
-			tevent_req_nterror(req,
-					   NT_STATUS_INVALID_NETWORK_RESPONSE);
-			return;
-		}
-
-		/* This is probably NT */
-		DEBUG(5, ("We are checking against an NT - %s\n",
-			  nt_errstr(status)));
-		tevent_req_done(req);
-		return;
-	} else if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
-			  nt_errstr(status)));
-		tevent_req_nterror(req, status);
-		return;
-	}
-
-	if (NT_STATUS_EQUAL(state->r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
-		if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-			/* This means AES isn't supported. */
-			DEBUG(5, ("AES is not supported and the error was %s\n",
-				  nt_errstr(state->r.out.result)));
-			tevent_req_nterror(req,
-					   NT_STATUS_INVALID_NETWORK_RESPONSE);
-			return;
-		}
-
-		/* This is probably an old Samba version */
-		DEBUG(5, ("We are checking against an old Samba version - %s\n",
-			  nt_errstr(state->r.out.result)));
-		tevent_req_done(req);
-		return;
-	}
-
-	/* We need to check the credential state here, cause win2k3 and earlier
-	 * returns NT_STATUS_NOT_IMPLEMENTED */
-	if (!netlogon_creds_client_check(state->creds,
-					 &state->r.out.return_authenticator->cred)) {
-		/*
-		 * Server replied with bad credential. Fail.
-		 */
-		DEBUG(0,("rpc_pipe_bind_step_two_done: server %s "
-			 "replied with bad credential\n",
-			 state->cli->desthost));
-		tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
-		return;
-	}
-
-	if (!NT_STATUS_IS_OK(state->r.out.result)) {
-		DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
-			  nt_errstr(state->r.out.result)));
-		tevent_req_nterror(req, state->r.out.result);
-		return;
-	}
-
-	if (!(state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) {
-		DEBUG(0, ("netr_LogonGetCapabilities is supported by %s, "
-			  "but AES was not negotiated - downgrade detected",
-			 state->cli->desthost));
-		tevent_req_nterror(req,
-				   NT_STATUS_INVALID_NETWORK_RESPONSE);
-		return;
-	}
-
-	TALLOC_FREE(state->cli->dc);
-	state->cli->dc = talloc_move(state->cli, &state->creds);
-
-	tevent_req_done(req);
-	return;
-}
-
 static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
 				   struct rpc_pipe_bind_state *state,
 				   DATA_BLOB *auth_token)