summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_pipe.c97
-rw-r--r--source3/rpc_client/cli_pipe.h27
-rw-r--r--source3/rpc_client/cli_pipe_schannel.c5
3 files changed, 25 insertions, 104 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 9091d879b8..2ddf7bceb1 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2926,96 +2926,21 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
return NT_STATUS_OK;
}
-NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *server,
- const char *username,
- const char *password,
- struct rpc_pipe_client **presult)
-{
- struct rpc_pipe_client *result;
- struct pipe_auth_data *auth;
- struct spnego_context *spnego_ctx;
- NTSTATUS status;
- const char *target_service = "cifs"; /* TODO: Determine target service from the bindings or interface table */
-
- status = cli_rpc_pipe_open(cli, transport, interface, &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- auth = talloc(result, struct pipe_auth_data);
- if (auth == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto err_out;
- }
- auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
- auth->auth_level = auth_level;
-
- if (!username) {
- username = "";
- }
- auth->user_name = talloc_strdup(auth, username);
- if (!auth->user_name) {
- status = NT_STATUS_NO_MEMORY;
- goto err_out;
- }
-
- /* Fixme, should we fetch/set the Realm ? */
- auth->domain = talloc_strdup(auth, "");
- if (!auth->domain) {
- status = NT_STATUS_NO_MEMORY;
- goto err_out;
- }
-
- status = spnego_generic_init_client(auth,
- GENSEC_OID_KERBEROS5,
- (auth->auth_level ==
- DCERPC_AUTH_LEVEL_INTEGRITY),
- (auth->auth_level ==
- DCERPC_AUTH_LEVEL_PRIVACY),
- true,
- server, target_service,
- auth->domain, auth->user_name, password,
- &spnego_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("spnego_init_client returned %s\n",
- nt_errstr(status)));
- goto err_out;
- }
- auth->auth_ctx = spnego_ctx;
-
- status = rpc_pipe_bind(result, auth);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("cli_rpc_pipe_bind failed with error %s\n",
- nt_errstr(status)));
- goto err_out;
- }
-
- *presult = result;
- return NT_STATUS_OK;
-
-err_out:
- TALLOC_FREE(result);
- return status;
-}
-
-NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
- const char *username,
- const char *password,
- struct rpc_pipe_client **presult)
+NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
+ const char *oid,
+ enum dcerpc_AuthLevel auth_level,
+ const char *server,
+ const char *domain,
+ const char *username,
+ const char *password,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
struct pipe_auth_data *auth;
struct spnego_context *spnego_ctx;
NTSTATUS status;
- const char *server = NULL;
const char *target_service = "cifs"; /* TODO: Determine target service from the bindings or interface table */
status = cli_rpc_pipe_open(cli, transport, interface, &result);
@@ -3050,7 +2975,7 @@ NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
}
status = spnego_generic_init_client(auth,
- GENSEC_OID_NTLMSSP,
+ oid,
(auth->auth_level ==
DCERPC_AUTH_LEVEL_INTEGRITY),
(auth->auth_level ==
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index a9d5784643..25c9fca825 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -95,14 +95,16 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
const char *password,
struct rpc_pipe_client **presult);
-NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
- const char *username,
- const char *password,
- struct rpc_pipe_client **presult);
+NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
+ const char *oid,
+ enum dcerpc_AuthLevel auth_level,
+ const char *server,
+ const char *domain,
+ const char *username,
+ const char *password,
+ struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
const struct ndr_syntax_id *interface,
@@ -137,15 +139,6 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
const char *password,
struct rpc_pipe_client **presult);
-NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *server,
- const char *username,
- const char *password,
- struct rpc_pipe_client **presult);
-
NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *cli,
DATA_BLOB *session_key);
diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
index 2c937df0f0..4a11f08a12 100644
--- a/source3/rpc_client/cli_pipe_schannel.c
+++ b/source3/rpc_client/cli_pipe_schannel.c
@@ -27,6 +27,7 @@
#include "librpc/rpc/dcerpc.h"
#include "passdb.h"
#include "libsmb/libsmb.h"
+#include "auth/gensec/gensec.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
@@ -98,9 +99,11 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
struct rpc_pipe_client *netlogon_pipe = NULL;
NTSTATUS status;
- status = cli_rpc_pipe_open_spnego_ntlmssp(
+ status = cli_rpc_pipe_open_spnego(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
+ GENSEC_OID_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
+ cli_state_remote_name(cli),
domain, username, password, &netlogon_pipe);
if (!NT_STATUS_IS_OK(status)) {
return status;