cli_netlogon: Eliminate rpccli_setup_netlogon_creds_with_creds
[samba.git] / source3 / rpc_client / cli_pipe_schannel.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *  Largely rewritten by Jeremy Allison             2005.
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 3 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19
20 #include "includes.h"
21 #include "../librpc/gen_ndr/ndr_schannel.h"
22 #include "../librpc/gen_ndr/ndr_netlogon.h"
23 #include "../libcli/auth/schannel.h"
24 #include "rpc_client/cli_netlogon.h"
25 #include "rpc_client/cli_pipe.h"
26 #include "librpc/rpc/dcerpc.h"
27 #include "passdb.h"
28 #include "libsmb/libsmb.h"
29 #include "../libcli/smb/smbXcli_base.h"
30 #include "libcli/auth/netlogon_creds_cli.h"
31
32 #undef DBGC_CLASS
33 #define DBGC_CLASS DBGC_RPC_CLI
34
35 /****************************************************************************
36  Open a named pipe to an SMB server and bind using schannel (bind type 68).
37  Fetch the session key ourselves using a temporary netlogon pipe.
38  ****************************************************************************/
39
40 NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
41                                     struct messaging_context *msg_ctx,
42                                     const struct ndr_interface_table *table,
43                                     enum dcerpc_transport_t transport,
44                                     const char *domain,
45                                     struct rpc_pipe_client **presult,
46                                     TALLOC_CTX *mem_ctx,
47                                     struct netlogon_creds_cli_context **pcreds)
48 {
49         TALLOC_CTX *frame = talloc_stackframe();
50         const char *dc_name = smbXcli_conn_remote_name(cli->conn);
51         struct rpc_pipe_client *result = NULL;
52         NTSTATUS status;
53         struct cli_credentials *cli_creds = NULL;
54         struct netlogon_creds_cli_context *netlogon_creds = NULL;
55         struct netlogon_creds_CredentialState *creds = NULL;
56         uint32_t netlogon_flags;
57
58         status = pdb_get_trust_credentials(domain, NULL,
59                                            frame, &cli_creds);
60         if (!NT_STATUS_IS_OK(status)) {
61                 TALLOC_FREE(frame);
62                 return status;
63         }
64
65         status = rpccli_create_netlogon_creds_ctx(cli_creds,
66                                                   dc_name,
67                                                   msg_ctx,
68                                                   frame,
69                                                   &netlogon_creds);
70         if (!NT_STATUS_IS_OK(status)) {
71                 TALLOC_FREE(frame);
72                 return status;
73         }
74
75         status = rpccli_setup_netlogon_creds(cli, transport,
76                                              netlogon_creds,
77                                              false, /* force_reauth */
78                                              cli_creds);
79         if (!NT_STATUS_IS_OK(status)) {
80                 TALLOC_FREE(frame);
81                 return status;
82         }
83
84         status = netlogon_creds_cli_get(netlogon_creds, frame, &creds);
85         if (!NT_STATUS_IS_OK(status)) {
86                 TALLOC_FREE(frame);
87                 return status;
88         }
89
90         netlogon_flags = creds->negotiate_flags;
91         TALLOC_FREE(creds);
92
93         if (netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC) {
94                 status = cli_rpc_pipe_open_schannel_with_creds(cli, table,
95                                                                transport,
96                                                                cli_creds,
97                                                                netlogon_creds,
98                                                                &result);
99                 if (!NT_STATUS_IS_OK(status)) {
100                         TALLOC_FREE(frame);
101                         return status;
102                 }
103         } else {
104                 status = cli_rpc_pipe_open_noauth(cli, table, &result);
105                 if (!NT_STATUS_IS_OK(status)) {
106                         TALLOC_FREE(frame);
107                         return status;
108                 }
109         }
110
111         *presult = result;
112         if (pcreds != NULL) {
113                 *pcreds = talloc_move(mem_ctx, &netlogon_creds);
114         }
115
116         TALLOC_FREE(frame);
117         return NT_STATUS_OK;
118 }