*/
#include "includes.h"
-#include "librpc/gen_ndr/cli_epmapper.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "librpc/gen_ndr/ndr_epmapper_c.h"
#include "../librpc/gen_ndr/ndr_schannel.h"
#include "../librpc/gen_ndr/ndr_dssetup.h"
#include "../libcli/auth/schannel.h"
#include "../libcli/auth/spnego.h"
-#include "smb_krb5.h"
-#include "../libcli/auth/ntlmssp.h"
+#include "../auth/ntlmssp/ntlmssp.h"
#include "ntlmssp_wrap.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "librpc/rpc/dcerpc.h"
#include "librpc/crypto/gse.h"
#include "librpc/crypto/spnego.h"
#include "rpc_dce.h"
+#include "cli_pipe.h"
+#include "libsmb/libsmb.h"
+#include "auth/gensec/gensec.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
pkt->u.fault.status),
rpccli_pipe_txt(talloc_tos(), cli)));
- if (NT_STATUS_IS_OK(NT_STATUS(pkt->u.fault.status))) {
- return NT_STATUS_UNSUCCESSFUL;
- } else {
- return NT_STATUS(pkt->u.fault.status);
- }
+ return dcerpc_fault_to_nt_status(pkt->u.fault.status);
default:
DEBUG(0, (__location__ "Unknown packet type %u received "
return;
}
- state->rdata = TALLOC_ARRAY(state, uint8_t, RPC_HEADER_LEN);
+ state->rdata = talloc_array(state, uint8_t, RPC_HEADER_LEN);
if (tevent_req_nomem(state->rdata, req)) {
return;
}
struct pipe_auth_data *auth,
DATA_BLOB *auth_token)
{
+ struct spnego_context *spnego_ctx;
DATA_BLOB in_token = data_blob_null;
NTSTATUS status;
+ spnego_ctx = talloc_get_type_abort(auth->auth_ctx,
+ struct spnego_context);
+
/* Negotiate the initial auth token */
- status = spnego_get_client_auth_token(mem_ctx,
- auth->a_u.spnego_state,
+ status = spnego_get_client_auth_token(mem_ctx, spnego_ctx,
&in_token, auth_token);
if (!NT_STATUS_IS_OK(status)) {
return status;
struct pipe_auth_data *auth,
DATA_BLOB *auth_token)
{
+ struct gse_context *gse_ctx;
DATA_BLOB in_token = data_blob_null;
NTSTATUS status;
+ gse_ctx = talloc_get_type_abort(auth->auth_ctx,
+ struct gse_context);
+
/* Negotiate the initial auth token */
- status = gse_get_client_auth_token(mem_ctx,
- auth->a_u.gssapi_state,
+ status = gse_get_client_auth_token(mem_ctx, gse_ctx,
&in_token,
auth_token);
if (!NT_STATUS_IS_OK(status)) {
********************************************************************/
static NTSTATUS create_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
DATA_BLOB *auth_token)
{
- NTSTATUS status;
+ struct auth_ntlmssp_state *ntlmssp_ctx;
DATA_BLOB null_blob = data_blob_null;
+ NTSTATUS status;
+
+ ntlmssp_ctx = talloc_get_type_abort(cli->auth->auth_ctx,
+ struct auth_ntlmssp_state);
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- status = auth_ntlmssp_update(cli->auth->a_u.auth_ntlmssp_state,
- null_blob, auth_token);
+ status = gensec_update(ntlmssp_ctx->gensec_security, mem_ctx, NULL, null_blob, auth_token);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
data_blob_free(auth_token);
r.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
r.oem_netbios_domain.a = cli->auth->domain;
- r.oem_netbios_computer.a = global_myname();
+ r.oem_netbios_computer.a = lp_netbios_name();
status = dcerpc_push_schannel_bind(cli, &r, auth_token);
if (!NT_STATUS_IS_OK(status)) {
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
- ret = create_ntlmssp_auth_rpc_bind_req(cli, &auth_token);
+ ret = create_ntlmssp_auth_rpc_bind_req(cli, mem_ctx, &auth_token);
if (!NT_STATUS_IS_OK(ret)) {
return ret;
}
}
break;
+ case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
+ auth_token = data_blob_talloc(mem_ctx,
+ "NCALRPC_AUTH_TOKEN",
+ 18);
+ break;
+
case DCERPC_AUTH_TYPE_NONE:
break;
return NULL;
}
- DEBUG(5,("Bind RPC Pipe: %s auth_type %u(%u), auth_level %u\n",
+ DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n",
rpccli_pipe_txt(talloc_tos(), cli),
(unsigned int)auth->auth_type,
- (unsigned int)auth->spnego_type,
(unsigned int)auth->auth_level ));
state->ev = ev;
struct rpc_pipe_bind_state *state = tevent_req_data(
req, struct rpc_pipe_bind_state);
struct pipe_auth_data *pauth = state->cli->auth;
- struct ncacn_packet *pkt;
+ struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct spnego_context *spnego_ctx;
+ struct gse_context *gse_ctx;
+ struct ncacn_packet *pkt = NULL;
struct dcerpc_auth auth;
DATA_BLOB auth_token = data_blob_null;
NTSTATUS status;
switch(pauth->auth_type) {
case DCERPC_AUTH_TYPE_NONE:
+ case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
case DCERPC_AUTH_TYPE_SCHANNEL:
/* Bind complete. */
tevent_req_done(req);
switch(pauth->auth_type) {
case DCERPC_AUTH_TYPE_NONE:
+ case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
case DCERPC_AUTH_TYPE_SCHANNEL:
/* Bind complete. */
tevent_req_done(req);
return;
case DCERPC_AUTH_TYPE_NTLMSSP:
- status = auth_ntlmssp_update(pauth->a_u.auth_ntlmssp_state,
- auth.credentials, &auth_token);
+ ntlmssp_ctx = talloc_get_type_abort(pauth->auth_ctx,
+ struct auth_ntlmssp_state);
+ status = gensec_update(ntlmssp_ctx->gensec_security, state, NULL,
+ auth.credentials, &auth_token);
if (NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
status = rpc_bind_next_send(req, state,
break;
case DCERPC_AUTH_TYPE_SPNEGO:
+ spnego_ctx = talloc_get_type_abort(pauth->auth_ctx,
+ struct spnego_context);
status = spnego_get_client_auth_token(state,
- pauth->a_u.spnego_state,
+ spnego_ctx,
&auth.credentials,
&auth_token);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_done(req);
return;
}
- if (spnego_require_more_processing(pauth->a_u.spnego_state)) {
+ if (spnego_require_more_processing(spnego_ctx)) {
status = rpc_bind_next_send(req, state,
&auth_token);
} else {
break;
case DCERPC_AUTH_TYPE_KRB5:
+ gse_ctx = talloc_get_type_abort(pauth->auth_ctx,
+ struct gse_context);
status = gse_get_client_auth_token(state,
- pauth->a_u.gssapi_state,
+ gse_ctx,
&auth.credentials,
&auth_token);
if (!NT_STATUS_IS_OK(status)) {
break;
}
- if (gse_require_more_processing(pauth->a_u.gssapi_state)) {
+ if (gse_require_more_processing(gse_ctx)) {
status = rpc_bind_next_send(req, state, &auth_token);
} else {
status = rpc_bind_finish_send(req, state, &auth_token);
return;
err_out:
- DEBUG(0,("cli_finish_bind_auth: unknown auth type %u(%u)\n",
- (unsigned int)state->cli->auth->auth_type,
- (unsigned int)state->cli->auth->spnego_type));
+ DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n",
+ (unsigned int)state->cli->auth->auth_type));
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
}
ok = rpccli_bh_is_connected(h);
if (!ok) {
- tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+ tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
return tevent_req_post(req, ev);
}
ok = rpccli_bh_is_connected(h);
if (!ok) {
- tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+ tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
return tevent_req_post(req, ev);
}
};
/* initialise a rpc_pipe_client binding handle */
-static struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c)
+struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c)
{
struct dcerpc_binding_handle *h;
struct rpccli_bh_state *hs;
return h;
}
-bool rpccli_get_pwd_hash(struct rpc_pipe_client *rpc_cli, uint8_t nt_hash[16])
+NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx,
+ struct pipe_auth_data **presult)
{
- struct auth_ntlmssp_state *a = NULL;
- struct cli_state *cli;
-
- if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_NTLMSSP) {
- a = rpc_cli->auth->a_u.auth_ntlmssp_state;
- } else if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
- enum spnego_mech auth_type;
- void *auth_ctx;
- NTSTATUS status;
-
- status = spnego_get_negotiated_mech(
- rpc_cli->auth->a_u.spnego_state,
- &auth_type, &auth_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- return false;
- }
+ struct pipe_auth_data *result;
- if (auth_type == SPNEGO_NTLMSSP) {
- a = talloc_get_type(auth_ctx,
- struct auth_ntlmssp_state);
- }
+ result = talloc(mem_ctx, struct pipe_auth_data);
+ if (result == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
- if (a) {
- memcpy(nt_hash, auth_ntlmssp_get_nt_hash(a), 16);
- return true;
- }
+ result->auth_type = DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM;
+ result->auth_level = DCERPC_AUTH_LEVEL_CONNECT;
- cli = rpc_pipe_np_smb_conn(rpc_cli);
- if (cli == NULL) {
- return false;
+ result->user_name = talloc_strdup(result, "");
+ result->domain = talloc_strdup(result, "");
+ if ((result->user_name == NULL) || (result->domain == NULL)) {
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
}
- E_md4hash(cli->password ? cli->password : "", nt_hash);
- return true;
+
+ *presult = result;
+ return NT_STATUS_OK;
}
NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
}
result->auth_type = DCERPC_AUTH_TYPE_NONE;
- result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
result->auth_level = DCERPC_AUTH_LEVEL_NONE;
result->user_name = talloc_strdup(result, "");
return NT_STATUS_OK;
}
-static int cli_auth_ntlmssp_data_destructor(struct pipe_auth_data *auth)
-{
- TALLOC_FREE(auth->a_u.auth_ntlmssp_state);
- return 0;
-}
-
static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
const char *password,
struct pipe_auth_data **presult)
{
+ struct auth_ntlmssp_state *ntlmssp_ctx;
struct pipe_auth_data *result;
NTSTATUS status;
goto fail;
}
- status = auth_ntlmssp_client_start(NULL,
- global_myname(),
- lp_workgroup(),
- lp_client_ntlmv2_auth(),
- &result->a_u.auth_ntlmssp_state);
+ status = auth_ntlmssp_client_prepare(result,
+ &ntlmssp_ctx);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
- talloc_set_destructor(result, cli_auth_ntlmssp_data_destructor);
-
- status = auth_ntlmssp_set_username(result->a_u.auth_ntlmssp_state,
- username);
+ status = auth_ntlmssp_set_username(ntlmssp_ctx, username);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
- status = auth_ntlmssp_set_domain(result->a_u.auth_ntlmssp_state,
- domain);
+ status = auth_ntlmssp_set_domain(ntlmssp_ctx, domain);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
- status = auth_ntlmssp_set_password(result->a_u.auth_ntlmssp_state,
- password);
+ status = auth_ntlmssp_set_password(ntlmssp_ctx, password);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
- /*
- * Turn off sign+seal to allow selected auth level to turn it back on.
- */
- auth_ntlmssp_and_flags(result->a_u.auth_ntlmssp_state,
- ~(NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL));
-
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- auth_ntlmssp_or_flags(result->a_u.auth_ntlmssp_state,
- NTLMSSP_NEGOTIATE_SIGN);
+ gensec_want_feature(ntlmssp_ctx->gensec_security, GENSEC_FEATURE_SIGN);
} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- auth_ntlmssp_or_flags(result->a_u.auth_ntlmssp_state,
- NTLMSSP_NEGOTIATE_SEAL |
- NTLMSSP_NEGOTIATE_SIGN);
+ gensec_want_feature(ntlmssp_ctx->gensec_security, GENSEC_FEATURE_SEAL);
+ }
+
+ status = auth_ntlmssp_client_start(ntlmssp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
}
+ result->auth_ctx = ntlmssp_ctx;
*presult = result;
return NT_STATUS_OK;
struct netlogon_creds_CredentialState *creds,
struct pipe_auth_data **presult)
{
+ struct schannel_state *schannel_auth;
struct pipe_auth_data *result;
result = talloc(mem_ctx, struct pipe_auth_data);
}
result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
- result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
result->auth_level = auth_level;
result->user_name = talloc_strdup(result, "");
goto fail;
}
- result->a_u.schannel_auth = talloc(result, struct schannel_state);
- if (result->a_u.schannel_auth == NULL) {
+ schannel_auth = talloc(result, struct schannel_state);
+ if (schannel_auth == NULL) {
goto fail;
}
- result->a_u.schannel_auth->state = SCHANNEL_STATE_START;
- result->a_u.schannel_auth->seq_num = 0;
- result->a_u.schannel_auth->initiator = true;
- result->a_u.schannel_auth->creds = netlogon_creds_copy(result, creds);
+ schannel_auth->state = SCHANNEL_STATE_START;
+ schannel_auth->seq_num = 0;
+ schannel_auth->initiator = true;
+ schannel_auth->creds = netlogon_creds_copy(result, creds);
+ result->auth_ctx = schannel_auth;
*presult = result;
return NT_STATUS_OK;
NTSTATUS status;
int fd;
- result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);
+ result = talloc_zero(mem_ctx, struct rpc_pipe_client);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
goto fail;
}
- status = open_socket_out(&addr, port, 60, &fd);
+ status = open_socket_out(&addr, port, 60*1000, &fd);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
{
NTSTATUS status;
struct rpc_pipe_client *epm_pipe = NULL;
+ struct dcerpc_binding_handle *epm_handle = NULL;
struct pipe_auth_data *auth = NULL;
struct dcerpc_binding *map_binding = NULL;
struct dcerpc_binding *res_binding = NULL;
uint32_t max_towers = 1;
struct epm_twr_p_t towers;
TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ uint32_t result = 0;
if (pport == NULL) {
status = NT_STATUS_INVALID_PARAMETER;
goto done;
}
+ if (ndr_syntax_id_equal(abstract_syntax,
+ &ndr_table_epmapper.syntax_id)) {
+ *pport = 135;
+ return NT_STATUS_OK;
+ }
+
/* open the connection to the endpoint mapper */
status = rpc_pipe_open_tcp_port(tmp_ctx, host, 135,
&ndr_table_epmapper.syntax_id,
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
+ epm_handle = epm_pipe->binding_handle;
status = rpccli_anon_bind_data(tmp_ctx, &auth);
if (!NT_STATUS_IS_OK(status)) {
/* create tower for asking the epmapper */
- map_binding = TALLOC_ZERO_P(tmp_ctx, struct dcerpc_binding);
+ map_binding = talloc_zero(tmp_ctx, struct dcerpc_binding);
if (map_binding == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
map_binding->host = host; /* needed? */
map_binding->endpoint = "0"; /* correct? needed? */
- map_tower = TALLOC_ZERO_P(tmp_ctx, struct epm_twr_t);
+ map_tower = talloc_zero(tmp_ctx, struct epm_twr_t);
if (map_tower == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
/* allocate further parameters for the epm_Map call */
- res_towers = TALLOC_ARRAY(tmp_ctx, struct epm_twr_t, max_towers);
+ res_towers = talloc_array(tmp_ctx, struct epm_twr_t, max_towers);
if (res_towers == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
towers.twr = res_towers;
- entry_handle = TALLOC_ZERO_P(tmp_ctx, struct policy_handle);
+ entry_handle = talloc_zero(tmp_ctx, struct policy_handle);
if (entry_handle == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
/* ask the endpoint mapper for the port */
- status = rpccli_epm_Map(epm_pipe,
+ status = dcerpc_epm_Map(epm_handle,
tmp_ctx,
- CONST_DISCARD(struct GUID *,
+ discard_const_p(struct GUID,
&(abstract_syntax->uuid)),
map_tower,
entry_handle,
max_towers,
&num_towers,
- &towers);
+ &towers,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
+ if (result != EPMAPPER_STATUS_OK) {
+ status = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
if (num_towers != 1) {
status = NT_STATUS_UNSUCCESSFUL;
goto done;
ZERO_STRUCT(addr);
addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
+ strlcpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
if (sys_connect(fd, (struct sockaddr *)(void *)&addr) == -1) {
DEBUG(0, ("connect(%s) failed: %s\n", socket_path,
return NT_STATUS_INVALID_HANDLE;
}
- result = TALLOC_ZERO_P(NULL, struct rpc_pipe_client);
+ result = talloc_zero(NULL, struct rpc_pipe_client);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
result->abstract_syntax = *abstract_syntax;
result->transfer_syntax = ndr_transfer_syntax;
- result->desthost = talloc_strdup(result, cli->desthost);
+ result->desthost = talloc_strdup(result, cli_state_remote_name(cli));
result->srv_name_slash = talloc_asprintf_strupper_m(
result, "\\\\%s", result->desthost);
{
switch (transport) {
case NCACN_IP_TCP:
- return rpc_pipe_open_tcp(NULL, cli->desthost, interface,
- presult);
+ return rpc_pipe_open_tcp(NULL, cli_state_remote_name(cli),
+ interface, presult);
case NCACN_NP:
return rpc_pipe_open_np(cli, interface, presult);
default:
DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine "
"%s and bound anonymously.\n",
get_pipe_name_from_syntax(talloc_tos(), interface),
- cli->desthost));
+ result->desthost));
*presult = result;
return NT_STATUS_OK;
DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to "
"machine %s and bound NTLMSSP as user %s\\%s.\n",
get_pipe_name_from_syntax(talloc_tos(), interface),
- cli->desthost, domain, username ));
+ result->desthost, domain, username));
*presult = result;
return NT_STATUS_OK;
DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
"for domain %s and bound using schannel.\n",
get_pipe_name_from_syntax(talloc_tos(), interface),
- cli->desthost, domain ));
+ result->desthost, domain));
*presult = result;
return NT_STATUS_OK;
{
struct rpc_pipe_client *result;
struct pipe_auth_data *auth;
+ struct gse_context *gse_ctx;
NTSTATUS status;
status = cli_rpc_pipe_open(cli, transport, interface, &result);
(auth_level == DCERPC_AUTH_LEVEL_INTEGRITY),
(auth_level == DCERPC_AUTH_LEVEL_PRIVACY),
NULL, server, "cifs", username, password,
- GSS_C_DCE_STYLE, &auth->a_u.gssapi_state);
-
+ GSS_C_DCE_STYLE, &gse_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("gse_init_client returned %s\n",
nt_errstr(status)));
goto err_out;
}
+ auth->auth_ctx = gse_ctx;
status = rpc_pipe_bind(result, auth);
if (!NT_STATUS_IS_OK(status)) {
{
struct rpc_pipe_client *result;
struct pipe_auth_data *auth;
+ struct spnego_context *spnego_ctx;
NTSTATUS status;
status = cli_rpc_pipe_open(cli, transport, interface, &result);
}
auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
auth->auth_level = auth_level;
- /* compat */
- auth->spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
if (!username) {
username = "";
true,
NULL, server, "cifs",
username, password,
- &auth->a_u.spnego_state);
+ &spnego_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("spnego_init_client returned %s\n",
nt_errstr(status)));
goto err_out;
}
+ auth->auth_ctx = spnego_ctx;
status = rpc_pipe_bind(result, auth);
if (!NT_STATUS_IS_OK(status)) {
{
struct rpc_pipe_client *result;
struct pipe_auth_data *auth;
+ struct spnego_context *spnego_ctx;
NTSTATUS status;
status = cli_rpc_pipe_open(cli, transport, interface, &result);
DCERPC_AUTH_LEVEL_PRIVACY),
true,
domain, username, password,
- &auth->a_u.spnego_state);
+ &spnego_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("spnego_init_client returned %s\n",
nt_errstr(status)));
goto err_out;
}
+ auth->auth_ctx = spnego_ctx;
status = rpc_pipe_bind(result, auth);
if (!NT_STATUS_IS_OK(status)) {
struct rpc_pipe_client *cli,
DATA_BLOB *session_key)
{
- struct pipe_auth_data *a = cli->auth;
+ NTSTATUS status;
+ struct pipe_auth_data *a;
+ struct schannel_state *schannel_auth;
+ struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct spnego_context *spnego_ctx;
+ struct gse_context *gse_ctx;
DATA_BLOB sk = data_blob_null;
bool make_dup = false;
return NT_STATUS_INVALID_PARAMETER;
}
- if (!cli->auth) {
+ a = cli->auth;
+
+ if (a == NULL) {
return NT_STATUS_INVALID_PARAMETER;
}
switch (cli->auth->auth_type) {
case DCERPC_AUTH_TYPE_SCHANNEL:
- sk = data_blob_const(a->a_u.schannel_auth->creds->session_key,
- 16);
+ schannel_auth = talloc_get_type_abort(a->auth_ctx,
+ struct schannel_state);
+ sk = data_blob_const(schannel_auth->creds->session_key, 16);
make_dup = true;
break;
case DCERPC_AUTH_TYPE_SPNEGO:
- sk = spnego_get_session_key(mem_ctx, a->a_u.spnego_state);
+ spnego_ctx = talloc_get_type_abort(a->auth_ctx,
+ struct spnego_context);
+ sk = spnego_get_session_key(mem_ctx, spnego_ctx);
make_dup = false;
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
- sk = auth_ntlmssp_get_session_key(a->a_u.auth_ntlmssp_state);
- make_dup = true;
+ ntlmssp_ctx = talloc_get_type_abort(a->auth_ctx,
+ struct auth_ntlmssp_state);
+ status = gensec_session_key(ntlmssp_ctx->gensec_security, mem_ctx, &sk);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ make_dup = false;
break;
case DCERPC_AUTH_TYPE_KRB5:
- sk = gse_get_session_key(mem_ctx, a->a_u.gssapi_state);
+ gse_ctx = talloc_get_type_abort(a->auth_ctx,
+ struct gse_context);
+ sk = gse_get_session_key(mem_ctx, gse_ctx);
make_dup = false;
break;
+ case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
case DCERPC_AUTH_TYPE_NONE:
sk = data_blob_const(a->user_session_key.data,
a->user_session_key.length);
}
if (make_dup) {
- *session_key = data_blob_dup_talloc(mem_ctx, &sk);
+ *session_key = data_blob_dup_talloc(mem_ctx, sk);
} else {
*session_key = sk;
}