From b89a0439b3e38b6da739119d904d25901f34a8f8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 2 Jan 2012 12:51:06 +1100
Subject: s3-librpc Rename and rework cli_rpc_pipe_open_ntlmssp() to be generic

This also includes renaming the helper function
rpccli_ntlmssp_bind_data, and allows this function to operate on any
gensec-supplied auth type.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/libsmb/passchange.c   | 16 ++++++-----
 source3/rpc_client/cli_pipe.c | 67 +++++++++++++++++++++++--------------------
 source3/rpc_client/cli_pipe.h | 18 ++++++------
 source3/rpcclient/rpcclient.c |  4 ++-
 source3/utils/net_rpc.c       |  4 ++-
 5 files changed, 61 insertions(+), 48 deletions(-)

diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 2f6ff51632..684ffd91a1 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -148,13 +148,15 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
 	/* Try not to give the password away too easily */
 
 	if (!pass_must_change) {
-		result = cli_rpc_pipe_open_ntlmssp(cli,
-						   &ndr_table_samr.syntax_id,
-						   NCACN_NP,
-						   DCERPC_AUTH_LEVEL_PRIVACY,
-						   domain, user,
-						   old_passwd,
-						   &pipe_hnd);
+		result = cli_rpc_pipe_open_generic_auth(cli,
+							&ndr_table_samr.syntax_id,
+							NCACN_NP,
+							DCERPC_AUTH_TYPE_NTLMSSP,
+							DCERPC_AUTH_LEVEL_PRIVACY,
+							remote_machine,
+							domain, user,
+							old_passwd,
+							&pipe_hnd);
 	} else {
 		/*
 		 * If the user password must be changed the ntlmssp bind will
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 8faeac225a..25c5e913a1 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2255,15 +2255,17 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
-				  enum dcerpc_AuthType auth_type,
-				  enum dcerpc_AuthLevel auth_level,
-				  const char *domain,
-				  const char *username,
-				  const char *password,
-				  struct pipe_auth_data **presult)
-{
-	struct auth_generic_state *ntlmssp_ctx;
+static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
+					 enum dcerpc_AuthType auth_type,
+					 enum dcerpc_AuthLevel auth_level,
+					 const char *server,
+					 const char *target_service,
+					 const char *domain,
+					 const char *username,
+					 const char *password,
+					 struct pipe_auth_data **presult)
+{
+	struct auth_generic_state *auth_generic_ctx;
 	struct pipe_auth_data *result;
 	NTSTATUS status;
 
@@ -2283,33 +2285,33 @@ static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
 	}
 
 	status = auth_generic_client_prepare(result,
-					     &ntlmssp_ctx);
+					     &auth_generic_ctx);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto fail;
 	}
 
-	status = auth_generic_set_username(ntlmssp_ctx, username);
+	status = auth_generic_set_username(auth_generic_ctx, username);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto fail;
 	}
 
-	status = auth_generic_set_domain(ntlmssp_ctx, domain);
+	status = auth_generic_set_domain(auth_generic_ctx, domain);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto fail;
 	}
 
-	status = auth_generic_set_password(ntlmssp_ctx, password);
+	status = auth_generic_set_password(auth_generic_ctx, password);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto fail;
 	}
 
-	status = auth_generic_client_start_by_authtype(ntlmssp_ctx, auth_type, auth_level);
+	status = auth_generic_client_start_by_authtype(auth_generic_ctx, auth_type, auth_level);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto fail;
 	}
 
-	result->auth_ctx = talloc_move(result, &ntlmssp_ctx->gensec_security);
-	talloc_free(ntlmssp_ctx);
+	result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security);
+	talloc_free(auth_generic_ctx);
 	*presult = result;
 	return NT_STATUS_OK;
 
@@ -2850,21 +2852,23 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
 }
 
 /****************************************************************************
- Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP
+ Open a named pipe to an SMB server and bind using the mech specified
  ****************************************************************************/
 
-NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
-				   const struct ndr_syntax_id *interface,
-				   enum dcerpc_transport_t transport,
-				   enum dcerpc_AuthLevel auth_level,
-				   const char *domain,
-				   const char *username,
-				   const char *password,
-				   struct rpc_pipe_client **presult)
+NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
+					const struct ndr_syntax_id *interface,
+					enum dcerpc_transport_t transport,
+					enum dcerpc_AuthType auth_type,
+					enum dcerpc_AuthLevel auth_level,
+					const char *server,
+					const char *domain,
+					const char *username,
+					const char *password,
+					struct rpc_pipe_client **presult)
 {
 	struct rpc_pipe_client *result;
 	struct pipe_auth_data *auth = NULL;
-	enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+	const char *target_service = "cifs"; /* TODO: Determine target service from the bindings or interface table */
 	NTSTATUS status;
 
 	status = cli_rpc_pipe_open(cli, transport, interface, &result);
@@ -2872,25 +2876,26 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
 		return status;
 	}
 
-	status = rpccli_ntlmssp_bind_data(result,
+	status = rpccli_generic_bind_data(result,
 					  auth_type, auth_level,
+					  server, target_service,
 					  domain, username, password,
 					  &auth);
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("rpccli_ntlmssp_bind_data returned %s\n",
+		DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
 			  nt_errstr(status)));
 		goto err;
 	}
 
 	status = rpc_pipe_bind(result, auth);
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error %s\n",
+		DEBUG(0, ("cli_rpc_pipe_open_generic_auth: cli_rpc_pipe_bind failed with error %s\n",
 			nt_errstr(status) ));
 		goto err;
 	}
 
-	DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to "
-		"machine %s and bound NTLMSSP as user %s\\%s.\n",
+	DEBUG(10,("cli_rpc_pipe_open_generic_auth: opened pipe %s to "
+		"machine %s and bound as user %s\\%s.\n",
 		  get_pipe_name_from_syntax(talloc_tos(), interface),
 		  result->desthost, domain, username));
 
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 25a134068f..a9d5784643 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -84,14 +84,16 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
 					    const struct ndr_syntax_id *interface,
 					    struct rpc_pipe_client **presult);
 
-NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
-				   const struct ndr_syntax_id *interface,
-				   enum dcerpc_transport_t transport,
-				   enum dcerpc_AuthLevel auth_level,
-				   const char *domain,
-				   const char *username,
-				   const char *password,
-				   struct rpc_pipe_client **presult);
+NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
+					const struct ndr_syntax_id *interface,
+					enum dcerpc_transport_t transport,
+					enum dcerpc_AuthType auth_type,
+					enum dcerpc_AuthLevel auth_level,
+					const char *server,
+					const char *domain,
+					const char *username,
+					const char *password,
+					struct rpc_pipe_client **presult);
 
 NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
 					  const struct ndr_syntax_id *interface,
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index c195d289ab..1f74f7e9e9 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -715,10 +715,12 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 			}
 			break;
 		case DCERPC_AUTH_TYPE_NTLMSSP:
-			ntresult = cli_rpc_pipe_open_ntlmssp(
+			ntresult = cli_rpc_pipe_open_generic_auth(
 				cli, cmd_entry->interface,
 				default_transport,
+				pipe_default_auth_type,
 				pipe_default_auth_level,
+				cli_state_remote_name(cli),
 				get_cmdline_auth_info_domain(auth_info),
 				get_cmdline_auth_info_username(auth_info),
 				get_cmdline_auth_info_password(auth_info),
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index ef017ec9dc..5491c58138 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -200,11 +200,13 @@ int run_rpc_command(struct net_context *c,
 			}
 		} else {
 			if (conn_flags & NET_FLAGS_SEAL) {
-				nt_status = cli_rpc_pipe_open_ntlmssp(
+				nt_status = cli_rpc_pipe_open_generic_auth(
 					cli, interface,
 					(conn_flags & NET_FLAGS_TCP) ?
 					NCACN_IP_TCP : NCACN_NP,
+					DCERPC_AUTH_TYPE_NTLMSSP,
 					DCERPC_AUTH_LEVEL_PRIVACY,
+					cli_state_remote_name(cli),
 					lp_workgroup(), c->opt_user_name,
 					c->opt_password, &pipe_hnd);
 			} else {
-- 
cgit