From 05bc2d7b2c11a3583a6d1221cfbd618eb6730518 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 21 Mar 2005 21:22:07 +0000 Subject: r5928: Use cli_credentials in: - gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6) --- source4/librpc/rpc/dcerpc_auth.c | 23 ++++++------- source4/librpc/rpc/dcerpc_schannel.c | 29 +++++++--------- source4/librpc/rpc/dcerpc_util.c | 64 ++++++++++++++---------------------- 3 files changed, 48 insertions(+), 68 deletions(-) (limited to 'source4/librpc') diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index ac74788ba6..c5bfe150bd 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -143,10 +143,7 @@ done: */ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p, const char *uuid, uint_t version, - const char *workstation, - const char *domain, - const char *username, - const char *password, + struct cli_credentials *credentials, uint8_t auth_type, const char *service) { @@ -162,28 +159,32 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p, return status; } - status = gensec_set_workstation(p->conn->security_state.generic_state, workstation); + status = gensec_set_workstation(p->conn->security_state.generic_state, + cli_credentials_get_workstation(credentials)); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client workstation name to %s: %s\n", - workstation, nt_errstr(status))); + cli_credentials_get_workstation(credentials), nt_errstr(status))); return status; } - status = gensec_set_domain(p->conn->security_state.generic_state, domain); + status = gensec_set_domain(p->conn->security_state.generic_state, + cli_credentials_get_domain(credentials)); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client domain to %s: %s\n", - domain, nt_errstr(status))); + cli_credentials_get_domain(credentials), nt_errstr(status))); return status; } - status = gensec_set_username(p->conn->security_state.generic_state, username); + status = gensec_set_username(p->conn->security_state.generic_state, + cli_credentials_get_username(credentials)); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client username to %s: %s\n", - username, nt_errstr(status))); + cli_credentials_get_username(credentials), nt_errstr(status))); return status; } - status = gensec_set_password(p->conn->security_state.generic_state, password); + status = gensec_set_password(p->conn->security_state.generic_state, + cli_credentials_get_password(credentials)); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client password: %s\n", nt_errstr(status))); diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 170ddee1f3..bcdd1a923c 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -295,10 +295,7 @@ static NTSTATUS dcerpc_schannel_client_start(struct gensec_security *gensec_secu get a schannel key using a netlogon challenge on a secondary pipe */ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, - const char *workstation, - const char *domain, - const char *username, - const char *password, + struct cli_credentials *credentials, int chan_type, struct creds_CredentialState *creds) { @@ -319,7 +316,7 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS; } - workgroup = domain; + workgroup = cli_credentials_get_domain(credentials); tmp_ctx = talloc_new(NULL); @@ -363,7 +360,7 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, step 2 - request a netlogon challenge */ r.in.server_name = talloc_asprintf(p, "\\\\%s", dcerpc_server_name(p)); - r.in.computer_name = workstation; + r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.credentials = &credentials1; r.out.credentials = &credentials2; @@ -377,16 +374,18 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, /* step 3 - authenticate on the netlogon pipe */ - E_md4hash(password, mach_pwd.hash); + E_md4hash(cli_credentials_get_password(credentials), mach_pwd.hash); creds_client_init(creds, &credentials1, &credentials2, - workstation, domain, username, + cli_credentials_get_workstation(credentials), + cli_credentials_get_domain(credentials), + cli_credentials_get_username(credentials), &mach_pwd, &credentials3, negotiate_flags); a.in.server_name = r.in.server_name; - a.in.account_name = username; + a.in.account_name = cli_credentials_get_username(credentials); a.in.secure_channel_type = chan_type; - a.in.computer_name = workstation; + a.in.computer_name = cli_credentials_get_workstation(credentials); a.in.negotiate_flags = &negotiate_flags; a.out.negotiate_flags = &negotiate_flags; a.in.credentials = &credentials3; @@ -483,10 +482,7 @@ NTSTATUS dcerpc_bind_auth_schannel_withkey(struct dcerpc_pipe *p, NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, const char *uuid, uint_t version, - const char *workstation, - const char *domain, - const char *username, - const char *password) + struct cli_credentials *credentials) { NTSTATUS status; int chan_type = 0; @@ -504,10 +500,7 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, chan_type = SEC_CHAN_DOMAIN; } - status = dcerpc_schannel_key(p, domain, - workstation, - username, - password, + status = dcerpc_schannel_key(p, credentials, chan_type, creds); diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 91e6ea9397..4b245fd24d 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -796,6 +796,7 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind struct epm_twr_t twr, *twr_r; struct dcerpc_binding *epmapper_binding; const struct dcerpc_interface_table *table = idl_iface_by_uuid(uuid); + struct cli_credentials *credentials; int i; /* First, check if there is a default endpoint specified in the IDL */ @@ -834,11 +835,13 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind epmapper_binding->endpoint = NULL; epmapper_binding->authservice = NULL; + credentials = talloc_zero(mem_ctx, struct cli_credentials); + cli_credentials_guess(credentials); status = dcerpc_pipe_connect_b(&p, epmapper_binding, DCERPC_EPMAPPER_UUID, DCERPC_EPMAPPER_VERSION, - NULL, NULL, NULL, NULL); + credentials); if (!NT_STATUS_IS_OK(status)) { return status; @@ -903,10 +906,7 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, struct dcerpc_binding *binding, const char *pipe_uuid, uint32_t pipe_version, - const char *workstation, - const char *domain, - const char *username, - const char *password) + struct cli_credentials *credentials) { NTSTATUS status; p->conn->flags = binding->flags; @@ -914,11 +914,11 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, /* remember the binding string for possible secondary connections */ p->conn->binding_string = dcerpc_binding_string(p, binding); - if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) { + if (cli_credentials_is_anonymous(credentials) && + (binding->flags & DCERPC_SCHANNEL_ANY)) { status = dcerpc_bind_auth_schannel(p, pipe_uuid, pipe_version, - domain, workstation, - username, password); - } else if (username && username[0]) { + credentials); + } else if (cli_credentials_is_anonymous(credentials)) { uint8_t auth_type; if (binding->flags & DCERPC_AUTH_SPNEGO) { auth_type = DCERPC_AUTH_TYPE_SPNEGO; @@ -929,10 +929,8 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, } status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version, - workstation, - domain, username, password, - auth_type, - binding->authservice); + credentials, auth_type, + binding->authservice); } else { status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version); } @@ -950,10 +948,7 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp, struct dcerpc_binding *binding, const char *pipe_uuid, uint32_t pipe_version, - const char *workstation, - const char *domain, - const char *username, - const char *password) + struct cli_credentials *credentials) { struct dcerpc_pipe *p; NTSTATUS status; @@ -983,18 +978,21 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp, pipe_name = binding->endpoint; - if (!username || !username[0] || + if (cli_credentials_is_anonymous(credentials) || (binding->flags & DCERPC_SCHANNEL_ANY)) { - status = smbcli_full_connection(p->conn, &cli, workstation, + status = smbcli_full_connection(p->conn, &cli, + cli_credentials_get_workstation(credentials), binding->host, "ipc$", NULL, "", "", NULL); } else { - status = smbcli_full_connection(p->conn, &cli, workstation, + status = smbcli_full_connection(p->conn, &cli, + cli_credentials_get_workstation(credentials), binding->host, "ipc$", NULL, - username, domain, - password); + cli_credentials_get_username(credentials), + cli_credentials_get_domain(credentials), + cli_credentials_get_password(credentials)); } if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Failed to connect to %s - %s\n", binding->host, nt_errstr(status))); @@ -1009,10 +1007,6 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp, return status; } - if (!(binding->flags & DCERPC_AUTH_OPTIONS)) { - username = NULL; - } - (*pp) = p; talloc_free(tmp_ctx); @@ -1156,17 +1150,13 @@ NTSTATUS dcerpc_pipe_connect_b(struct dcerpc_pipe **pp, struct dcerpc_binding *binding, const char *pipe_uuid, uint32_t pipe_version, - const char *workstation, - const char *domain, - const char *username, - const char *password) + struct cli_credentials *credentials) { NTSTATUS status = NT_STATUS_INVALID_PARAMETER; switch (binding->transport) { case NCACN_NP: - status = dcerpc_pipe_connect_ncacn_np(pp, binding, pipe_uuid, pipe_version, - workstation, domain, username, password); + status = dcerpc_pipe_connect_ncacn_np(pp, binding, pipe_uuid, pipe_version, credentials); break; case NCACN_IP_TCP: status = dcerpc_pipe_connect_ncacn_ip_tcp(pp, binding, pipe_uuid, pipe_version); @@ -1185,7 +1175,7 @@ NTSTATUS dcerpc_pipe_connect_b(struct dcerpc_pipe **pp, return status; } - status = dcerpc_pipe_auth(*pp, binding, pipe_uuid, pipe_version, workstation, domain, username, password); + status = dcerpc_pipe_auth(*pp, binding, pipe_uuid, pipe_version, credentials); if (!NT_STATUS_IS_OK(status)) { talloc_free(*pp); *pp = NULL; @@ -1202,10 +1192,7 @@ NTSTATUS dcerpc_pipe_connect(struct dcerpc_pipe **pp, const char *binding, const char *pipe_uuid, uint32_t pipe_version, - const char *workstation, - const char *domain, - const char *username, - const char *password) + struct cli_credentials *credentials) { struct dcerpc_binding *b; NTSTATUS status; @@ -1225,8 +1212,7 @@ NTSTATUS dcerpc_pipe_connect(struct dcerpc_pipe **pp, DEBUG(3,("Using binding %s\n", dcerpc_binding_string(tmp_ctx, b))); - status = dcerpc_pipe_connect_b(pp, b, pipe_uuid, pipe_version, workstation, - domain, username, password); + status = dcerpc_pipe_connect_b(pp, b, pipe_uuid, pipe_version, credentials); talloc_free(tmp_ctx); -- cgit