diff options
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 97 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.h | 27 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe_schannel.c | 5 |
3 files changed, 25 insertions, 104 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 9091d879b8..2ddf7bceb1 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2926,96 +2926,21 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, return NT_STATUS_OK; } -NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli, - const struct ndr_syntax_id *interface, - enum dcerpc_transport_t transport, - enum dcerpc_AuthLevel auth_level, - const char *server, - const char *username, - const char *password, - struct rpc_pipe_client **presult) -{ - struct rpc_pipe_client *result; - struct pipe_auth_data *auth; - struct spnego_context *spnego_ctx; - NTSTATUS status; - const char *target_service = "cifs"; /* TODO: Determine target service from the bindings or interface table */ - - status = cli_rpc_pipe_open(cli, transport, interface, &result); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - auth = talloc(result, struct pipe_auth_data); - if (auth == NULL) { - status = NT_STATUS_NO_MEMORY; - goto err_out; - } - auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO; - auth->auth_level = auth_level; - - if (!username) { - username = ""; - } - auth->user_name = talloc_strdup(auth, username); - if (!auth->user_name) { - status = NT_STATUS_NO_MEMORY; - goto err_out; - } - - /* Fixme, should we fetch/set the Realm ? */ - auth->domain = talloc_strdup(auth, ""); - if (!auth->domain) { - status = NT_STATUS_NO_MEMORY; - goto err_out; - } - - status = spnego_generic_init_client(auth, - GENSEC_OID_KERBEROS5, - (auth->auth_level == - DCERPC_AUTH_LEVEL_INTEGRITY), - (auth->auth_level == - DCERPC_AUTH_LEVEL_PRIVACY), - true, - server, target_service, - auth->domain, auth->user_name, password, - &spnego_ctx); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("spnego_init_client returned %s\n", - nt_errstr(status))); - goto err_out; - } - auth->auth_ctx = spnego_ctx; - - status = rpc_pipe_bind(result, auth); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("cli_rpc_pipe_bind failed with error %s\n", - nt_errstr(status))); - goto err_out; - } - - *presult = result; - return NT_STATUS_OK; - -err_out: - TALLOC_FREE(result); - return status; -} - -NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, - const struct ndr_syntax_id *interface, - enum dcerpc_transport_t transport, - enum dcerpc_AuthLevel auth_level, - const char *domain, - const char *username, - const char *password, - struct rpc_pipe_client **presult) +NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli, + const struct ndr_syntax_id *interface, + enum dcerpc_transport_t transport, + const char *oid, + enum dcerpc_AuthLevel auth_level, + const char *server, + const char *domain, + const char *username, + const char *password, + struct rpc_pipe_client **presult) { struct rpc_pipe_client *result; struct pipe_auth_data *auth; struct spnego_context *spnego_ctx; NTSTATUS status; - const char *server = NULL; const char *target_service = "cifs"; /* TODO: Determine target service from the bindings or interface table */ status = cli_rpc_pipe_open(cli, transport, interface, &result); @@ -3050,7 +2975,7 @@ NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, } status = spnego_generic_init_client(auth, - GENSEC_OID_NTLMSSP, + oid, (auth->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY), (auth->auth_level == diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index a9d5784643..25c9fca825 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -95,14 +95,16 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli, const char *password, struct rpc_pipe_client **presult); -NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, - const struct ndr_syntax_id *interface, - enum dcerpc_transport_t transport, - enum dcerpc_AuthLevel auth_level, - const char *domain, - const char *username, - const char *password, - struct rpc_pipe_client **presult); +NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli, + const struct ndr_syntax_id *interface, + enum dcerpc_transport_t transport, + const char *oid, + enum dcerpc_AuthLevel auth_level, + const char *server, + const char *domain, + const char *username, + const char *password, + struct rpc_pipe_client **presult); NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, const struct ndr_syntax_id *interface, @@ -137,15 +139,6 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, const char *password, struct rpc_pipe_client **presult); -NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli, - const struct ndr_syntax_id *interface, - enum dcerpc_transport_t transport, - enum dcerpc_AuthLevel auth_level, - const char *server, - const char *username, - const char *password, - struct rpc_pipe_client **presult); - NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *cli, DATA_BLOB *session_key); diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c index 2c937df0f0..4a11f08a12 100644 --- a/source3/rpc_client/cli_pipe_schannel.c +++ b/source3/rpc_client/cli_pipe_schannel.c @@ -27,6 +27,7 @@ #include "librpc/rpc/dcerpc.h" #include "passdb.h" #include "libsmb/libsmb.h" +#include "auth/gensec/gensec.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_CLI @@ -98,9 +99,11 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, struct rpc_pipe_client *netlogon_pipe = NULL; NTSTATUS status; - status = cli_rpc_pipe_open_spnego_ntlmssp( + status = cli_rpc_pipe_open_spnego( cli, &ndr_table_netlogon.syntax_id, NCACN_NP, + GENSEC_OID_NTLMSSP, DCERPC_AUTH_LEVEL_PRIVACY, + cli_state_remote_name(cli), domain, username, password, &netlogon_pipe); if (!NT_STATUS_IS_OK(status)) { return status; |