3 files changed, 48 insertions, 68 deletions

diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index ac74788ba6..c5bfe150bd 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -143,10 +143,7 @@ done:
 */
 NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p,
 				   const char *uuid, uint_t version,
-				   const char *workstation,
-				   const char *domain,
-				   const char *username,
-				   const char *password,
+				   struct cli_credentials *credentials,
 				   uint8_t auth_type,
 				   const char *service)
 {
@@ -162,28 +159,32 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p,
 		return status;
 	}
 
-	status = gensec_set_workstation(p->conn->security_state.generic_state, workstation);
+	status = gensec_set_workstation(p->conn->security_state.generic_state, 
+								cli_credentials_get_workstation(credentials));
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start set GENSEC client workstation name to %s: %s\n", 
-			  workstation, nt_errstr(status)));
+			  cli_credentials_get_workstation(credentials), nt_errstr(status)));
 		return status;
 	}
 
-	status = gensec_set_domain(p->conn->security_state.generic_state, domain);
+	status = gensec_set_domain(p->conn->security_state.generic_state, 
+							   cli_credentials_get_domain(credentials));
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start set GENSEC client domain to %s: %s\n", 
-			  domain, nt_errstr(status)));
+			  cli_credentials_get_domain(credentials), nt_errstr(status)));
 		return status;
 	}
 
-	status = gensec_set_username(p->conn->security_state.generic_state, username);
+	status = gensec_set_username(p->conn->security_state.generic_state, 
+								 cli_credentials_get_username(credentials));
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start set GENSEC client username to %s: %s\n", 
-			  username, nt_errstr(status)));
+			  cli_credentials_get_username(credentials), nt_errstr(status)));
 		return status;
 	}
 
-	status = gensec_set_password(p->conn->security_state.generic_state, password);
+	status = gensec_set_password(p->conn->security_state.generic_state, 
+								 cli_credentials_get_password(credentials));
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start set GENSEC client password: %s\n", 
 			  nt_errstr(status)));
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 170ddee1f3..bcdd1a923c 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -295,10 +295,7 @@ static NTSTATUS dcerpc_schannel_client_start(struct gensec_security *gensec_secu
   get a schannel key using a netlogon challenge on a secondary pipe
 */
 static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
-				    const char *workstation,
-				    const char *domain,
-				    const char *username,
-				    const char *password,
+									struct cli_credentials *credentials,
 				    int chan_type,
 				    struct creds_CredentialState *creds)
 {
@@ -319,7 +316,7 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
 		negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
 	}
 
-	workgroup = domain;
+	workgroup = cli_credentials_get_domain(credentials);
 
 	tmp_ctx = talloc_new(NULL);
 
@@ -363,7 +360,7 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
 	  step 2 - request a netlogon challenge
 	*/
 	r.in.server_name = talloc_asprintf(p, "\\\\%s", dcerpc_server_name(p));
-	r.in.computer_name = workstation;
+	r.in.computer_name = cli_credentials_get_workstation(credentials);
 	r.in.credentials = &credentials1;
 	r.out.credentials = &credentials2;
 
@@ -377,16 +374,18 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
 	/*
 	  step 3 - authenticate on the netlogon pipe
 	*/
-	E_md4hash(password, mach_pwd.hash);
+	E_md4hash(cli_credentials_get_password(credentials), mach_pwd.hash);
 	creds_client_init(creds, &credentials1, &credentials2, 
-			  workstation, domain, username, 
+			  cli_credentials_get_workstation(credentials), 
+			  cli_credentials_get_domain(credentials), 
+			  cli_credentials_get_username(credentials), 
 			  &mach_pwd, &credentials3,
 			  negotiate_flags);
 
 	a.in.server_name = r.in.server_name;
-	a.in.account_name = username;
+	a.in.account_name = cli_credentials_get_username(credentials);
 	a.in.secure_channel_type = chan_type;
-	a.in.computer_name = workstation;
+	a.in.computer_name = cli_credentials_get_workstation(credentials);
 	a.in.negotiate_flags = &negotiate_flags;
 	a.out.negotiate_flags = &negotiate_flags;
 	a.in.credentials = &credentials3;
@@ -483,10 +482,7 @@ NTSTATUS dcerpc_bind_auth_schannel_withkey(struct dcerpc_pipe *p,
 
 NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p,
 				   const char *uuid, uint_t version,
-				   const char *workstation,
-				   const char *domain,
-				   const char *username,
-				   const char *password)
+				   struct cli_credentials *credentials)
 {
 	NTSTATUS status;
 	int chan_type = 0;
@@ -504,10 +500,7 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p,
 		chan_type = SEC_CHAN_DOMAIN;
 	}
 
-	status = dcerpc_schannel_key(p, domain, 
-				     workstation,
-				     username,
-				     password, 
+	status = dcerpc_schannel_key(p, credentials,
 				     chan_type,
 				     creds);
 
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 91e6ea9397..4b245fd24d 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -796,6 +796,7 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
 	struct epm_twr_t twr, *twr_r;
 	struct dcerpc_binding *epmapper_binding;
 	const struct dcerpc_interface_table *table = idl_iface_by_uuid(uuid);
+	struct cli_credentials *credentials;
 	int i;
 
 	/* First, check if there is a default endpoint specified in the IDL */
@@ -834,11 +835,13 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
 	epmapper_binding->endpoint = NULL;
 	epmapper_binding->authservice = NULL;
 	
+	credentials = talloc_zero(mem_ctx, struct cli_credentials);
+	cli_credentials_guess(credentials);
 	status = dcerpc_pipe_connect_b(&p,
 				       epmapper_binding,
 				       DCERPC_EPMAPPER_UUID,
 				       DCERPC_EPMAPPER_VERSION,
-				       NULL, NULL, NULL, NULL);
+				       credentials);
 
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -903,10 +906,7 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
 			  struct dcerpc_binding *binding,
 			  const char *pipe_uuid, 
 			  uint32_t pipe_version,
-			  const char *workstation,
-			  const char *domain,
-			  const char *username,
-			  const char *password)
+			  struct cli_credentials *credentials)
 {
 	NTSTATUS status;
 	p->conn->flags = binding->flags;
@@ -914,11 +914,11 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
 	/* remember the binding string for possible secondary connections */
 	p->conn->binding_string = dcerpc_binding_string(p, binding);
 
-	if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) {
+	if (cli_credentials_is_anonymous(credentials) &&
+		(binding->flags & DCERPC_SCHANNEL_ANY)) {
 		status = dcerpc_bind_auth_schannel(p, pipe_uuid, pipe_version, 
-						   domain, workstation, 
-						   username, password);
-	} else if (username && username[0]) {
+						   credentials);
+	} else if (cli_credentials_is_anonymous(credentials)) {
 		uint8_t auth_type;
 		if (binding->flags & DCERPC_AUTH_SPNEGO) {
 			auth_type = DCERPC_AUTH_TYPE_SPNEGO;
@@ -929,10 +929,8 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
 		}
 
 		status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version, 
-						   workstation, 
-						   domain, username, password, 
-						   auth_type,
-						   binding->authservice);
+										   credentials, auth_type,
+						   				   binding->authservice);
 	} else {
 		status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version);
 	}
@@ -950,10 +948,7 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp,
 					     struct dcerpc_binding *binding,
 					     const char *pipe_uuid, 
 					     uint32_t pipe_version,
-					     const char *workstation,
-					     const char *domain,
-					     const char *username,
-					     const char *password)
+						 struct cli_credentials *credentials)
 {
 	struct dcerpc_pipe *p;
 	NTSTATUS status;
@@ -983,18 +978,21 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp,
 
 	pipe_name = binding->endpoint;
 
-	if (!username || !username[0] || 
+	if (cli_credentials_is_anonymous(credentials) || 
 	    (binding->flags & DCERPC_SCHANNEL_ANY)) {
-		status = smbcli_full_connection(p->conn, &cli, workstation,
+		status = smbcli_full_connection(p->conn, &cli, 
+						cli_credentials_get_workstation(credentials),
 						binding->host, 
 						"ipc$", NULL, 
 						"", "", NULL);
 	} else {
-		status = smbcli_full_connection(p->conn, &cli, workstation,
+		status = smbcli_full_connection(p->conn, &cli, 
+						cli_credentials_get_workstation(credentials),
 						binding->host, 
 						"ipc$", NULL,
-						username, domain,
-						password);
+						cli_credentials_get_username(credentials), 
+						cli_credentials_get_domain(credentials),
+						cli_credentials_get_password(credentials));
 	}
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0,("Failed to connect to %s - %s\n", binding->host, nt_errstr(status)));
@@ -1009,10 +1007,6 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp,
 		return status;
 	}
 
-	if (!(binding->flags & DCERPC_AUTH_OPTIONS)) {
-		username = NULL;
-	}
-
 	(*pp) = p;
 	talloc_free(tmp_ctx);
 
@@ -1156,17 +1150,13 @@ NTSTATUS dcerpc_pipe_connect_b(struct dcerpc_pipe **pp,
 			       struct dcerpc_binding *binding,
 			       const char *pipe_uuid, 
 			       uint32_t pipe_version,
-			       const char *workstation,
-			       const char *domain,
-			       const char *username,
-			       const char *password)
+				   struct cli_credentials *credentials)
 {
 	NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
 	
 	switch (binding->transport) {
 	case NCACN_NP:
-		status = dcerpc_pipe_connect_ncacn_np(pp, binding, pipe_uuid, pipe_version,
-						      workstation, domain, username, password);
+		status = dcerpc_pipe_connect_ncacn_np(pp, binding, pipe_uuid, pipe_version, credentials);
 		break;
 	case NCACN_IP_TCP:
 		status = dcerpc_pipe_connect_ncacn_ip_tcp(pp, binding, pipe_uuid, pipe_version);
@@ -1185,7 +1175,7 @@ NTSTATUS dcerpc_pipe_connect_b(struct dcerpc_pipe **pp,
 		return status;
 	}
 
-	status = dcerpc_pipe_auth(*pp, binding, pipe_uuid, pipe_version, workstation, domain, username, password);
+	status = dcerpc_pipe_auth(*pp, binding, pipe_uuid, pipe_version, credentials);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(*pp);
 		*pp = NULL;
@@ -1202,10 +1192,7 @@ NTSTATUS dcerpc_pipe_connect(struct dcerpc_pipe **pp,
 			     const char *binding,
 			     const char *pipe_uuid, 
 			     uint32_t pipe_version,
-			     const char *workstation,
-			     const char *domain,
-			     const char *username,
-			     const char *password)
+				 struct cli_credentials *credentials)
 {
 	struct dcerpc_binding *b;
 	NTSTATUS status;
@@ -1225,8 +1212,7 @@ NTSTATUS dcerpc_pipe_connect(struct dcerpc_pipe **pp,
 
 	DEBUG(3,("Using binding %s\n", dcerpc_binding_string(tmp_ctx, b)));
 
-	status = dcerpc_pipe_connect_b(pp, b, pipe_uuid, pipe_version, workstation, 
-				       domain, username, password);
+	status = dcerpc_pipe_connect_b(pp, b, pipe_uuid, pipe_version, credentials);
 
 	talloc_free(tmp_ctx);