From 232378c6e5b1db9facd3c74b7fa82ed9a3b4ef67 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Jan 2011 11:36:06 +0100 Subject: s3-rpc_client: prefer dcerpc_netr_X functions. Guenther Signed-off-by: Andreas Schneider --- source3/rpc_client/cli_netlogon.c | 92 +++++++++++++++++++++++++++------------ 1 file changed, 65 insertions(+), 27 deletions(-) (limited to 'source3/rpc_client') diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 28972c96fa..3046d277ee 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -22,7 +22,7 @@ #include "includes.h" #include "../libcli/auth/libcli_auth.h" -#include "../librpc/gen_ndr/cli_netlogon.h" +#include "../librpc/gen_ndr/ndr_netlogon_c.h" #include "rpc_client/cli_netlogon.h" #include "rpc_client/init_netlogon.h" @@ -41,6 +41,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, enum netr_SchannelType sec_chan_type, uint32_t *neg_flags_inout) { + NTSTATUS status; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; struct netr_Credential clnt_chal_send; struct netr_Credential srv_chal_recv; @@ -48,6 +49,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, bool retried = false; fstring mach_acct; uint32_t neg_flags = *neg_flags_inout; + struct dcerpc_binding_handle *b = cli->binding_handle; if (!ndr_syntax_id_equal(&cli->abstract_syntax, &ndr_table_netlogon.syntax_id)) { @@ -66,11 +68,15 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, generate_random_buffer(clnt_chal_send.data, 8); /* Get the server challenge. */ - result = rpccli_netr_ServerReqChallenge(cli, talloc_tos(), + status = dcerpc_netr_ServerReqChallenge(b, talloc_tos(), cli->srv_name_slash, clnt_name, &clnt_chal_send, - &srv_chal_recv); + &srv_chal_recv, + &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } if (!NT_STATUS_IS_OK(result)) { return result; } @@ -94,15 +100,18 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, * Send client auth-2 challenge and receive server repy. */ - result = rpccli_netr_ServerAuthenticate2(cli, talloc_tos(), + status = dcerpc_netr_ServerAuthenticate2(b, talloc_tos(), cli->srv_name_slash, cli->dc->account_name, sec_chan_type, cli->dc->computer_name, &clnt_chal_send, /* input. */ &srv_chal_recv, /* output. */ - &neg_flags); - + &neg_flags, + &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } /* we might be talking to NT4, so let's downgrade in that case and retry * with the returned neg_flags - gd */ @@ -153,6 +162,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, int logon_type) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS status; struct netr_Authenticator clnt_creds; struct netr_Authenticator ret_creds; union netr_LogonLevel *logon; @@ -160,6 +170,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, uint8_t authoritative; int validation_level = 3; fstring clnt_name_slash; + struct dcerpc_binding_handle *b = cli->binding_handle; ZERO_STRUCT(ret_creds); @@ -263,7 +274,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, return NT_STATUS_INVALID_INFO_CLASS; } - result = rpccli_netr_LogonSamLogon(cli, mem_ctx, + status = dcerpc_netr_LogonSamLogon(b, mem_ctx, cli->srv_name_slash, global_myname(), &clnt_creds, @@ -272,7 +283,11 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, logon, validation_level, &validation, - &authoritative); + &authoritative, + &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } /* Always check returned credentials */ if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) { @@ -303,6 +318,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, struct netr_SamInfo3 **info3) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS status; int validation_level = 3; const char *workstation_name_slash; const char *server_name_slash; @@ -314,6 +330,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, union netr_Validation validation; struct netr_ChallengeResponse lm; struct netr_ChallengeResponse nt; + struct dcerpc_binding_handle *b = cli->binding_handle; *info3 = NULL; @@ -373,7 +390,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, /* Marshall data and send request */ - result = rpccli_netr_LogonSamLogon(cli, mem_ctx, + status = dcerpc_netr_LogonSamLogon(b, mem_ctx, server_name_slash, global_myname(), &clnt_creds, @@ -382,9 +399,10 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, logon, validation_level, &validation, - &authoritative); - if (!NT_STATUS_IS_OK(result)) { - return result; + &authoritative, + &result); + if (!NT_STATUS_IS_OK(status)) { + return status; } /* Always check returned credentials. */ @@ -393,6 +411,10 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, return NT_STATUS_ACCESS_DENIED; } + if (!NT_STATUS_IS_OK(result)) { + return result; + } + netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation); *info3 = validation.sam3; @@ -413,6 +435,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, struct netr_SamInfo3 **info3) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS status; int validation_level = 3; const char *workstation_name_slash; const char *server_name_slash; @@ -423,6 +446,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, struct netr_ChallengeResponse lm; struct netr_ChallengeResponse nt; uint32_t flags = 0; + struct dcerpc_binding_handle *b = cli->binding_handle; *info3 = NULL; @@ -478,7 +502,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, /* Marshall data and send request */ - result = rpccli_netr_LogonSamLogonEx(cli, mem_ctx, + status = dcerpc_netr_LogonSamLogonEx(b, mem_ctx, server_name_slash, global_myname(), NetlogonNetworkInformation, @@ -486,7 +510,12 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, validation_level, &validation, &authoritative, - &flags); + &flags, + &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (!NT_STATUS_IS_OK(result)) { return result; } @@ -515,8 +544,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, const unsigned char new_trust_passwd_hash[16], enum netr_SchannelType sec_channel_type) { - NTSTATUS result; + NTSTATUS result, status; struct netr_Authenticator clnt_creds, srv_cred; + struct dcerpc_binding_handle *b = cli->binding_handle; if (!cli->dc) { uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; @@ -545,18 +575,19 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, cli->dc->session_key, &new_password); - result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx, + status = dcerpc_netr_ServerPasswordSet2(b, mem_ctx, cli->srv_name_slash, cli->dc->account_name, sec_channel_type, cli->dc->computer_name, &clnt_creds, &srv_cred, - &new_password); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0,("rpccli_netr_ServerPasswordSet2 failed: %s\n", - nt_errstr(result))); - return result; + &new_password, + &result); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("dcerpc_netr_ServerPasswordSet2 failed: %s\n", + nt_errstr(status))); + return status; } } else { @@ -564,18 +595,19 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, memcpy(new_password.hash, new_trust_passwd_hash, sizeof(new_password.hash)); netlogon_creds_des_encrypt(cli->dc, &new_password); - result = rpccli_netr_ServerPasswordSet(cli, mem_ctx, + status = dcerpc_netr_ServerPasswordSet(b, mem_ctx, cli->srv_name_slash, cli->dc->account_name, sec_channel_type, cli->dc->computer_name, &clnt_creds, &srv_cred, - &new_password); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0,("rpccli_netr_ServerPasswordSet failed: %s\n", - nt_errstr(result))); - return result; + &new_password, + &result); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("dcerpc_netr_ServerPasswordSet failed: %s\n", + nt_errstr(status))); + return status; } } @@ -585,6 +617,12 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, return NT_STATUS_ACCESS_DENIED; } + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("dcerpc_netr_ServerPasswordSet{2} failed: %s\n", + nt_errstr(result))); + return result; + } + return result; } -- cgit