summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_client/cli_pipe.c97
-rw-r--r--source3/rpc_client/cli_pipe.h27
-rw-r--r--source3/rpc_client/cli_pipe_schannel.c5
-rw-r--r--source3/rpcclient/rpcclient.c34
-rw-r--r--source3/winbindd/winbindd_cm.c23
5 files changed, 56 insertions, 130 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 9091d879b8..2ddf7bceb1 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2926,96 +2926,21 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
return NT_STATUS_OK;
}
-NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *server,
- const char *username,
- const char *password,
- struct rpc_pipe_client **presult)
-{
- struct rpc_pipe_client *result;
- struct pipe_auth_data *auth;
- struct spnego_context *spnego_ctx;
- NTSTATUS status;
- const char *target_service = "cifs"; /* TODO: Determine target service from the bindings or interface table */
-
- status = cli_rpc_pipe_open(cli, transport, interface, &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- auth = talloc(result, struct pipe_auth_data);
- if (auth == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto err_out;
- }
- auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
- auth->auth_level = auth_level;
-
- if (!username) {
- username = "";
- }
- auth->user_name = talloc_strdup(auth, username);
- if (!auth->user_name) {
- status = NT_STATUS_NO_MEMORY;
- goto err_out;
- }
-
- /* Fixme, should we fetch/set the Realm ? */
- auth->domain = talloc_strdup(auth, "");
- if (!auth->domain) {
- status = NT_STATUS_NO_MEMORY;
- goto err_out;
- }
-
- status = spnego_generic_init_client(auth,
- GENSEC_OID_KERBEROS5,
- (auth->auth_level ==
- DCERPC_AUTH_LEVEL_INTEGRITY),
- (auth->auth_level ==
- DCERPC_AUTH_LEVEL_PRIVACY),
- true,
- server, target_service,
- auth->domain, auth->user_name, password,
- &spnego_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("spnego_init_client returned %s\n",
- nt_errstr(status)));
- goto err_out;
- }
- auth->auth_ctx = spnego_ctx;
-
- status = rpc_pipe_bind(result, auth);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("cli_rpc_pipe_bind failed with error %s\n",
- nt_errstr(status)));
- goto err_out;
- }
-
- *presult = result;
- return NT_STATUS_OK;
-
-err_out:
- TALLOC_FREE(result);
- return status;
-}
-
-NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
- const char *username,
- const char *password,
- struct rpc_pipe_client **presult)
+NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
+ const char *oid,
+ enum dcerpc_AuthLevel auth_level,
+ const char *server,
+ const char *domain,
+ const char *username,
+ const char *password,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
struct pipe_auth_data *auth;
struct spnego_context *spnego_ctx;
NTSTATUS status;
- const char *server = NULL;
const char *target_service = "cifs"; /* TODO: Determine target service from the bindings or interface table */
status = cli_rpc_pipe_open(cli, transport, interface, &result);
@@ -3050,7 +2975,7 @@ NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
}
status = spnego_generic_init_client(auth,
- GENSEC_OID_NTLMSSP,
+ oid,
(auth->auth_level ==
DCERPC_AUTH_LEVEL_INTEGRITY),
(auth->auth_level ==
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index a9d5784643..25c9fca825 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -95,14 +95,16 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
const char *password,
struct rpc_pipe_client **presult);
-NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *domain,
- const char *username,
- const char *password,
- struct rpc_pipe_client **presult);
+NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
+ const char *oid,
+ enum dcerpc_AuthLevel auth_level,
+ const char *server,
+ const char *domain,
+ const char *username,
+ const char *password,
+ struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
const struct ndr_syntax_id *interface,
@@ -137,15 +139,6 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
const char *password,
struct rpc_pipe_client **presult);
-NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- enum dcerpc_transport_t transport,
- enum dcerpc_AuthLevel auth_level,
- const char *server,
- const char *username,
- const char *password,
- struct rpc_pipe_client **presult);
-
NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *cli,
DATA_BLOB *session_key);
diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
index 2c937df0f0..4a11f08a12 100644
--- a/source3/rpc_client/cli_pipe_schannel.c
+++ b/source3/rpc_client/cli_pipe_schannel.c
@@ -27,6 +27,7 @@
#include "librpc/rpc/dcerpc.h"
#include "passdb.h"
#include "libsmb/libsmb.h"
+#include "auth/gensec/gensec.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
@@ -98,9 +99,11 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
struct rpc_pipe_client *netlogon_pipe = NULL;
NTSTATUS status;
- status = cli_rpc_pipe_open_spnego_ntlmssp(
+ status = cli_rpc_pipe_open_spnego(
cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
+ GENSEC_OID_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
+ cli_state_remote_name(cli),
domain, username, password, &netlogon_pipe);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 27deff56ff..39b54bf052 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -31,6 +31,7 @@
#include "../libcli/security/security.h"
#include "passdb.h"
#include "libsmb/libsmb.h"
+#include "auth/gensec/gensec.h"
enum pipe_auth_type_spnego {
PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
@@ -690,30 +691,29 @@ static NTSTATUS do_cmd(struct cli_state *cli,
&cmd_entry->rpc_pipe);
break;
case DCERPC_AUTH_TYPE_SPNEGO:
+ {
+ /* won't happen, but if it does it will fail in cli_rpc_pipe_open_spnego() eventually */
+ const char *oid = "INVALID";
switch (pipe_default_auth_spnego_type) {
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
- ntresult = cli_rpc_pipe_open_spnego_ntlmssp(
- cli, cmd_entry->interface,
- default_transport,
- pipe_default_auth_level,
- get_cmdline_auth_info_domain(auth_info),
- get_cmdline_auth_info_username(auth_info),
- get_cmdline_auth_info_password(auth_info),
- &cmd_entry->rpc_pipe);
+ oid = GENSEC_OID_NTLMSSP;
break;
case PIPE_AUTH_TYPE_SPNEGO_KRB5:
- ntresult = cli_rpc_pipe_open_spnego_krb5(
- cli, cmd_entry->interface,
- default_transport,
- pipe_default_auth_level,
- cli_state_remote_name(cli),
- NULL, NULL,
- &cmd_entry->rpc_pipe);
+ oid = GENSEC_OID_KERBEROS5;
break;
- default:
- ntresult = NT_STATUS_INTERNAL_ERROR;
}
+ ntresult = cli_rpc_pipe_open_spnego(
+ cli, cmd_entry->interface,
+ default_transport,
+ oid,
+ pipe_default_auth_level,
+ cli_state_remote_name(cli),
+ get_cmdline_auth_info_domain(auth_info),
+ get_cmdline_auth_info_username(auth_info),
+ get_cmdline_auth_info_password(auth_info),
+ &cmd_entry->rpc_pipe);
break;
+ }
case DCERPC_AUTH_TYPE_NTLMSSP:
case DCERPC_AUTH_TYPE_KRB5:
ntresult = cli_rpc_pipe_open_generic_auth(
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 8563050273..5d8826127b 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -76,6 +76,7 @@
#include "../libcli/security/security.h"
#include "passdb.h"
#include "messages.h"
+#include "auth/gensec/gensec.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
@@ -2189,14 +2190,16 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
/* We have an authenticated connection. Use a NTLMSSP SPNEGO
authenticated SAMR pipe with sign & seal. */
- status = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli,
- &ndr_table_samr.syntax_id,
- NCACN_NP,
- DCERPC_AUTH_LEVEL_PRIVACY,
- domain_name,
- machine_account,
- machine_password,
- &conn->samr_pipe);
+ status = cli_rpc_pipe_open_spnego(conn->cli,
+ &ndr_table_samr.syntax_id,
+ NCACN_NP,
+ GENSEC_OID_NTLMSSP,
+ DCERPC_AUTH_LEVEL_PRIVACY,
+ cli_state_remote_name(conn->cli),
+ domain_name,
+ machine_account,
+ machine_password,
+ &conn->samr_pipe);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("cm_connect_sam: failed to connect to SAMR "
@@ -2427,9 +2430,11 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
/* We have an authenticated connection. Use a NTLMSSP SPNEGO
* authenticated LSA pipe with sign & seal. */
- result = cli_rpc_pipe_open_spnego_ntlmssp
+ result = cli_rpc_pipe_open_spnego
(conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
+ GENSEC_OID_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
+ cli_state_remote_name(conn->cli),
conn->cli->domain, conn->cli->user_name, conn->cli->password,
&conn->lsa_pipe);