s3:rpc_client: fix comment
[samba.git] / source3 / rpc_client / cli_pipe.c
index 840148b17c42fd0cb4ab6006069416423383e378..d4607d89c8edabaf36ae9ceccbbd60783ad5adc7 100644 (file)
@@ -1,37 +1,40 @@
-/* 
+/*
  *  Unix SMB/CIFS implementation.
- *  RPC Pipe client / server routines
+ *  RPC Pipe client routines
  *  Largely rewritten by Jeremy Allison                    2005.
- *  
+ *  Heavily modified by Simo Sorce                 2010.
+ *  Copyright Andrew Bartlett                       2011.
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 3 of the License, or
  *  (at your option) any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
 #include "includes.h"
-#include "librpc/gen_ndr/cli_epmapper.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "librpc/gen_ndr/ndr_epmapper_c.h"
 #include "../librpc/gen_ndr/ndr_schannel.h"
 #include "../librpc/gen_ndr/ndr_dssetup.h"
-#include "../librpc/gen_ndr/ndr_netlogon.h"
 #include "../libcli/auth/schannel.h"
 #include "../libcli/auth/spnego.h"
-#include "smb_krb5.h"
-#include "../libcli/auth/ntlmssp.h"
-#include "ntlmssp_wrap.h"
-#include "rpc_client/cli_netlogon.h"
+#include "../auth/ntlmssp/ntlmssp.h"
+#include "auth_generic.h"
 #include "librpc/gen_ndr/ndr_dcerpc.h"
 #include "librpc/rpc/dcerpc.h"
-#include "librpc/rpc/dcerpc_gssapi.h"
-#include "librpc/rpc/dcerpc_spnego.h"
+#include "librpc/crypto/spnego.h"
+#include "rpc_dce.h"
+#include "cli_pipe.h"
+#include "libsmb/libsmb.h"
+#include "auth/gensec/gensec.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_CLI
@@ -379,21 +382,10 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
                                                DATA_BLOB *rdata,
                                                DATA_BLOB *reply_pdu)
 {
+       struct dcerpc_response *r;
        NTSTATUS ret = NT_STATUS_OK;
        size_t pad_len = 0;
 
-       ret = dcerpc_pull_ncacn_packet(cli, pdu, pkt, false);
-       if (!NT_STATUS_IS_OK(ret)) {
-               return ret;
-       }
-
-       if (pdu->length != pkt->frag_length) {
-               DEBUG(5, ("Incorrect pdu length %u, expected %u\n",
-                         (unsigned int)pdu->length,
-                         (unsigned int)pkt->frag_length));
-               return NT_STATUS_INVALID_PARAMETER;
-       }
-
        /*
         * Point the return values at the real data including the RPC
         * header. Just in case the caller wants it.
@@ -405,38 +397,39 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
        case DCERPC_PKT_ALTER_RESP:
        case DCERPC_PKT_BIND_ACK:
 
-               /* Alter context and bind ack share the same packet definitions. */
+               /* Client code never receives this kind of packets */
                break;
 
 
        case DCERPC_PKT_RESPONSE:
 
+               r = &pkt->u.response;
+
                /* Here's where we deal with incoming sign/seal. */
                ret = dcerpc_check_auth(cli->auth, pkt,
-                                       &pkt->u.response.stub_and_verifier,
+                                       &r->stub_and_verifier,
                                        DCERPC_RESPONSE_LENGTH,
                                        pdu, &pad_len);
                if (!NT_STATUS_IS_OK(ret)) {
                        return ret;
                }
 
-               if (pdu->length < DCERPC_RESPONSE_LENGTH + pad_len) {
+               if (pkt->frag_length < DCERPC_RESPONSE_LENGTH + pad_len) {
                        return NT_STATUS_BUFFER_TOO_SMALL;
                }
 
                /* Point the return values at the NDR data. */
-               rdata->data = pdu->data + DCERPC_RESPONSE_LENGTH;
+               rdata->data = r->stub_and_verifier.data;
 
                if (pkt->auth_length) {
                        /* We've already done integer wrap tests in
                         * dcerpc_check_auth(). */
-                       rdata->length = pdu->length
-                                        - DCERPC_RESPONSE_LENGTH
+                       rdata->length = r->stub_and_verifier.length
                                         - pad_len
                                         - DCERPC_AUTH_TRAILER_LENGTH
                                         - pkt->auth_length;
                } else {
-                       rdata->length = pdu->length - DCERPC_RESPONSE_LENGTH;
+                       rdata->length = r->stub_and_verifier.length;
                }
 
                DEBUG(10, ("Got pdu len %lu, data_len %lu, ss_len %u\n",
@@ -451,13 +444,12 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
                 */
 
                if ((reply_pdu->length == 0) &&
-                   pkt->u.response.alloc_hint &&
-                   (pkt->u.response.alloc_hint < 15*1024*1024)) {
+                   r->alloc_hint && (r->alloc_hint < 15*1024*1024)) {
                        if (!data_blob_realloc(mem_ctx, reply_pdu,
-                                               pkt->u.response.alloc_hint)) {
+                                                       r->alloc_hint)) {
                                DEBUG(0, ("reply alloc hint %d too "
                                          "large to allocate\n",
-                                   (int)pkt->u.response.alloc_hint));
+                                         (int)r->alloc_hint));
                                return NT_STATUS_NO_MEMORY;
                        }
                }
@@ -465,39 +457,34 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
                break;
 
        case DCERPC_PKT_BIND_NAK:
-               DEBUG(1, ("cli_pipe_validate_current_pdu: Bind NACK "
-                         "received from %s!\n",
+               DEBUG(1, (__location__ ": Bind NACK received from %s!\n",
                          rpccli_pipe_txt(talloc_tos(), cli)));
                /* Use this for now... */
                return NT_STATUS_NETWORK_ACCESS_DENIED;
 
        case DCERPC_PKT_FAULT:
 
-               DEBUG(1, ("cli_pipe_validate_current_pdu: RPC fault "
-                         "code %s received from %s!\n",
+               DEBUG(1, (__location__ ": RPC fault code %s received "
+                         "from %s!\n",
                          dcerpc_errstr(talloc_tos(),
                          pkt->u.fault.status),
-                       rpccli_pipe_txt(talloc_tos(), cli)));
+                         rpccli_pipe_txt(talloc_tos(), cli)));
 
-               if (NT_STATUS_IS_OK(NT_STATUS(pkt->u.fault.status))) {
-                       return NT_STATUS_UNSUCCESSFUL;
-               } else {
-                       return NT_STATUS(pkt->u.fault.status);
-               }
+               return dcerpc_fault_to_nt_status(pkt->u.fault.status);
 
        default:
-               DEBUG(0, ("Unknown packet type %u received from %s!\n",
-                       (unsigned int)pkt->ptype,
-                       rpccli_pipe_txt(talloc_tos(), cli)));
+               DEBUG(0, (__location__ "Unknown packet type %u received "
+                         "from %s!\n",
+                         (unsigned int)pkt->ptype,
+                         rpccli_pipe_txt(talloc_tos(), cli)));
                return NT_STATUS_INVALID_INFO_CLASS;
        }
 
        if (pkt->ptype != expected_pkt_type) {
-               DEBUG(3, ("cli_pipe_validate_current_pdu: Connection to %s "
-                         "got an unexpected RPC packet type - %u, not %u\n",
-                       rpccli_pipe_txt(talloc_tos(), cli),
-                       pkt->ptype,
-                       expected_pkt_type));
+               DEBUG(3, (__location__ ": Connection to %s got an unexpected "
+                         "RPC packet type - %u, not %u\n",
+                         rpccli_pipe_txt(talloc_tos(), cli),
+                         pkt->ptype, expected_pkt_type));
                return NT_STATUS_INVALID_INFO_CLASS;
        }
 
@@ -507,10 +494,9 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
 
        if ((pkt->ptype == DCERPC_PKT_BIND_ACK) &&
            !(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) {
-               DEBUG(5,("cli_pipe_validate_current_pdu: bug in server (AS/U?), "
-                       "setting fragment first/last ON.\n"));
-               pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST |
-                                       DCERPC_PFC_FLAG_LAST;
+               DEBUG(5, (__location__ ": bug in server (AS/U?), setting "
+                         "fragment first/last ON.\n"));
+               pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
        }
 
        return NT_STATUS_OK;
@@ -621,7 +607,7 @@ static void cli_api_pipe_write_done(struct tevent_req *subreq)
                return;
        }
 
-       state->rdata = TALLOC_ARRAY(state, uint8_t, RPC_HEADER_LEN);
+       state->rdata = talloc_array(state, uint8_t, RPC_HEADER_LEN);
        if (tevent_req_nomem(state->rdata, req)) {
                return;
        }
@@ -717,6 +703,7 @@ struct rpc_api_pipe_state {
 
 static void rpc_api_pipe_trans_done(struct tevent_req *subreq);
 static void rpc_api_pipe_got_pdu(struct tevent_req *subreq);
+static void rpc_api_pipe_auth3_done(struct tevent_req *subreq);
 
 static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx,
                                            struct event_context *ev,
@@ -751,6 +738,16 @@ static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx,
 
        DEBUG(5,("rpc_api_pipe: %s\n", rpccli_pipe_txt(talloc_tos(), cli)));
 
+       if (state->expected_pkt_type == DCERPC_PKT_AUTH3) {
+               subreq = rpc_write_send(state, ev, cli->transport,
+                                       data->data, data->length);
+               if (subreq == NULL) {
+                       goto fail;
+               }
+               tevent_req_set_callback(subreq, rpc_api_pipe_auth3_done, req);
+               return req;
+       }
+
        /* get the header first, then fetch the rest once we have
         * the frag_length available */
        max_recv_frag = RPC_HEADER_LEN;
@@ -771,6 +768,23 @@ static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx,
        return NULL;
 }
 
+static void rpc_api_pipe_auth3_done(struct tevent_req *subreq)
+{
+       struct tevent_req *req =
+               tevent_req_callback_data(subreq,
+               struct tevent_req);
+       NTSTATUS status;
+
+       status = rpc_write_recv(subreq);
+       TALLOC_FREE(subreq);
+       if (!NT_STATUS_IS_OK(status)) {
+               tevent_req_nterror(req, status);
+               return;
+       }
+
+       tevent_req_done(req);
+}
+
 static void rpc_api_pipe_trans_done(struct tevent_req *subreq)
 {
        struct tevent_req *req = tevent_req_callback_data(
@@ -839,6 +853,23 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq)
                return;
        }
 
+       status = dcerpc_pull_ncacn_packet(state->pkt,
+                                         &state->incoming_frag,
+                                         state->pkt,
+                                         !state->endianess);
+       if (!NT_STATUS_IS_OK(status)) {
+               tevent_req_nterror(req, status);
+               return;
+       }
+
+       if (state->incoming_frag.length != state->pkt->frag_length) {
+               DEBUG(5, ("Incorrect pdu length %u, expected %u\n",
+                         (unsigned int)state->incoming_frag.length,
+                         (unsigned int)state->pkt->frag_length));
+               tevent_req_nterror(req,  NT_STATUS_INVALID_PARAMETER);
+               return;
+       }
+
        status = cli_pipe_validate_current_pdu(state,
                                                state->cli, state->pkt,
                                                &state->incoming_frag,
@@ -953,39 +984,16 @@ static NTSTATUS create_spnego_auth_bind_req(TALLOC_CTX *mem_ctx,
                                            struct pipe_auth_data *auth,
                                            DATA_BLOB *auth_token)
 {
+       struct spnego_context *spnego_ctx;
        DATA_BLOB in_token = data_blob_null;
        NTSTATUS status;
 
-       /* Negotiate the initial auth token */
-       status = spnego_get_client_auth_token(mem_ctx,
-                                             auth->a_u.spnego_state,
-                                             &in_token, auth_token);
-       if (!NT_STATUS_IS_OK(status)) {
-               return status;
-       }
-
-       DEBUG(5, ("Created GSS Authentication Token:\n"));
-       dump_data(5, auth_token->data, auth_token->length);
-
-       return NT_STATUS_OK;
-}
-
-/*******************************************************************
- Creates krb5 auth bind.
- ********************************************************************/
-
-static NTSTATUS create_gssapi_auth_bind_req(TALLOC_CTX *mem_ctx,
-                                           struct pipe_auth_data *auth,
-                                           DATA_BLOB *auth_token)
-{
-       DATA_BLOB in_token = data_blob_null;
-       NTSTATUS status;
+       spnego_ctx = talloc_get_type_abort(auth->auth_ctx,
+                                          struct spnego_context);
 
        /* Negotiate the initial auth token */
-       status = gse_get_client_auth_token(mem_ctx,
-                                          auth->a_u.gssapi_state,
-                                          &in_token,
-                                          auth_token);
+       status = spnego_get_client_auth_token(mem_ctx, spnego_ctx,
+                                             &in_token, auth_token);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -1000,25 +1008,18 @@ static NTSTATUS create_gssapi_auth_bind_req(TALLOC_CTX *mem_ctx,
  Creates NTLMSSP auth bind.
  ********************************************************************/
 
-static NTSTATUS create_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli,
+static NTSTATUS create_generic_auth_rpc_bind_req(struct rpc_pipe_client *cli,
+                                                TALLOC_CTX *mem_ctx,
                                                 DATA_BLOB *auth_token)
 {
-       NTSTATUS status;
+       struct gensec_security *gensec_security;
        DATA_BLOB null_blob = data_blob_null;
 
-       DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
-       status = auth_ntlmssp_update(cli->auth->a_u.auth_ntlmssp_state,
-                                       null_blob, auth_token);
+       gensec_security = talloc_get_type_abort(cli->auth->auth_ctx,
+                                       struct gensec_security);
 
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-               data_blob_free(auth_token);
-               return status;
-       }
-
-       DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate:\n"));
-       dump_data(5, auth_token->data, auth_token->length);
-
-       return NT_STATUS_OK;
+       DEBUG(5, ("create_generic_auth_rpc_bind_req: generate first token\n"));
+       return gensec_update(gensec_security, mem_ctx, NULL, null_blob, auth_token);
 }
 
 /*******************************************************************
@@ -1048,7 +1049,7 @@ static NTSTATUS create_schannel_auth_rpc_bind_req(struct rpc_pipe_client *cli,
        r.Flags                         = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
                                          NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
        r.oem_netbios_domain.a          = cli->auth->domain;
-       r.oem_netbios_computer.a        = global_myname();
+       r.oem_netbios_computer.a        = lp_netbios_name();
 
        status = dcerpc_push_schannel_bind(cli, &r, auth_token);
        if (!NT_STATUS_IS_OK(status)) {
@@ -1132,8 +1133,11 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx,
                break;
 
        case DCERPC_AUTH_TYPE_NTLMSSP:
-               ret = create_ntlmssp_auth_rpc_bind_req(cli, &auth_token);
-               if (!NT_STATUS_IS_OK(ret)) {
+       case DCERPC_AUTH_TYPE_KRB5:
+               ret = create_generic_auth_rpc_bind_req(cli, mem_ctx, &auth_token);
+
+               if (!NT_STATUS_IS_OK(ret) &&
+                   !NT_STATUS_EQUAL(ret, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                        return ret;
                }
                break;
@@ -1145,11 +1149,10 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx,
                }
                break;
 
-       case DCERPC_AUTH_TYPE_KRB5:
-               ret = create_gssapi_auth_bind_req(mem_ctx, auth, &auth_token);
-               if (!NT_STATUS_IS_OK(ret)) {
-                       return ret;
-               }
+       case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
+               auth_token = data_blob_talloc(mem_ctx,
+                                             "NCALRPC_AUTH_TOKEN",
+                                             18);
                break;
 
        case DCERPC_AUTH_TYPE_NONE:
@@ -1442,53 +1445,6 @@ NTSTATUS rpc_api_pipe_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
        return NT_STATUS_OK;
 }
 
-#if 0
-/****************************************************************************
- Set the handle state.
-****************************************************************************/
-
-static bool rpc_pipe_set_hnd_state(struct rpc_pipe_client *cli,
-                                  const char *pipe_name, uint16 device_state)
-{
-       bool state_set = False;
-       char param[2];
-       uint16 setup[2]; /* only need 2 uint16 setup parameters */
-       char *rparam = NULL;
-       char *rdata = NULL;
-       uint32 rparam_len, rdata_len;
-
-       if (pipe_name == NULL)
-               return False;
-
-       DEBUG(5,("Set Handle state Pipe[%x]: %s - device state:%x\n",
-                cli->fnum, pipe_name, device_state));
-
-       /* create parameters: device state */
-       SSVAL(param, 0, device_state);
-
-       /* create setup parameters. */
-       setup[0] = 0x0001; 
-       setup[1] = cli->fnum; /* pipe file handle.  got this from an SMBOpenX. */
-
-       /* send the data on \PIPE\ */
-       if (cli_api_pipe(cli->cli, "\\PIPE\\",
-                   setup, 2, 0,                /* setup, length, max */
-                   param, 2, 0,                /* param, length, max */
-                   NULL, 0, 1024,              /* data, length, max */
-                   &rparam, &rparam_len,        /* return param, length */
-                   &rdata, &rdata_len))         /* return data, length */
-       {
-               DEBUG(5, ("Set Handle state: return OK\n"));
-               state_set = True;
-       }
-
-       SAFE_FREE(rparam);
-       SAFE_FREE(rdata);
-
-       return state_set;
-}
-#endif
-
 /****************************************************************************
  Check the rpc bind acknowledge response.
 ****************************************************************************/
@@ -1619,14 +1575,11 @@ struct rpc_pipe_bind_state {
        struct event_context *ev;
        struct rpc_pipe_client *cli;
        DATA_BLOB rpc_out;
+       bool auth3;
        uint32_t rpc_call_id;
 };
 
 static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq);
-static NTSTATUS rpc_finish_auth3_bind_send(struct tevent_req *req,
-                                          struct rpc_pipe_bind_state *state,
-                                          DATA_BLOB *credentials);
-static void rpc_bind_auth3_write_done(struct tevent_req *subreq);
 static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
                                   struct rpc_pipe_bind_state *state,
                                   DATA_BLOB *credentials);
@@ -1648,16 +1601,14 @@ struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
                return NULL;
        }
 
-       DEBUG(5,("Bind RPC Pipe: %s auth_type %u(%u), auth_level %u\n",
+       DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n",
                rpccli_pipe_txt(talloc_tos(), cli),
                (unsigned int)auth->auth_type,
-               (unsigned int)auth->spnego_type,
                (unsigned int)auth->auth_level ));
 
        state->ev = ev;
        state->cli = cli;
        state->rpc_call_id = get_rpc_call_id();
-       state->rpc_out = data_blob_null;
 
        cli->auth = talloc_move(cli, &auth);
 
@@ -1669,7 +1620,8 @@ struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
                                     &cli->transfer_syntax,
                                     &state->rpc_out);
 
-       if (!NT_STATUS_IS_OK(status)) {
+       if (!NT_STATUS_IS_OK(status) &&
+           !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                goto post_status;
        }
 
@@ -1696,13 +1648,14 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
        struct rpc_pipe_bind_state *state = tevent_req_data(
                req, struct rpc_pipe_bind_state);
        struct pipe_auth_data *pauth = state->cli->auth;
-       DATA_BLOB reply_pdu;
-       struct ncacn_packet *pkt;
+       struct gensec_security *gensec_security;
+       struct spnego_context *spnego_ctx;
+       struct ncacn_packet *pkt = NULL;
        struct dcerpc_auth auth;
        DATA_BLOB auth_token = data_blob_null;
        NTSTATUS status;
 
-       status = rpc_api_pipe_recv(subreq, talloc_tos(), &pkt, &reply_pdu);
+       status = rpc_api_pipe_recv(subreq, talloc_tos(), &pkt, NULL);
        TALLOC_FREE(subreq);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(3, ("rpc_pipe_bind: %s bind request returned %s\n",
@@ -1712,6 +1665,11 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
                return;
        }
 
+       if (state->auth3) {
+               tevent_req_done(req);
+               return;
+       }
+
        if (!check_bind_response(&pkt->u.bind_ack, &state->cli->transfer_syntax)) {
                DEBUG(2, ("rpc_pipe_bind: check_bind_response failed.\n"));
                tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
@@ -1721,9 +1679,10 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
        state->cli->max_xmit_frag = pkt->u.bind_ack.max_xmit_frag;
        state->cli->max_recv_frag = pkt->u.bind_ack.max_recv_frag;
 
-       switch(state->cli->auth->auth_type) {
+       switch(pauth->auth_type) {
 
        case DCERPC_AUTH_TYPE_NONE:
+       case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
        case DCERPC_AUTH_TYPE_SCHANNEL:
                /* Bind complete. */
                tevent_req_done(req);
@@ -1759,23 +1718,41 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
         * For authenticated binds we may need to do 3 or 4 leg binds.
         */
 
-       switch(state->cli->auth->auth_type) {
+       switch(pauth->auth_type) {
 
        case DCERPC_AUTH_TYPE_NONE:
+       case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
        case DCERPC_AUTH_TYPE_SCHANNEL:
                /* Bind complete. */
                tevent_req_done(req);
                return;
 
        case DCERPC_AUTH_TYPE_NTLMSSP:
-               /* Need to send AUTH3 packet - no reply. */
-               status = rpc_finish_auth3_bind_send(req, state,
-                                                   &auth.credentials);
+       case DCERPC_AUTH_TYPE_KRB5:
+               gensec_security = talloc_get_type_abort(pauth->auth_ctx,
+                                               struct gensec_security);
+               status = gensec_update(gensec_security, state, NULL,
+                                      auth.credentials, &auth_token);
+               if (NT_STATUS_EQUAL(status,
+                                   NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+                       status = rpc_bind_next_send(req, state,
+                                                       &auth_token);
+               } else if (NT_STATUS_IS_OK(status)) {
+                       if (auth_token.length == 0) {
+                               /* Bind complete. */
+                               tevent_req_done(req);
+                               return;
+                       }
+                       status = rpc_bind_finish_send(req, state,
+                                                       &auth_token);
+               }
                break;
 
        case DCERPC_AUTH_TYPE_SPNEGO:
+               spnego_ctx = talloc_get_type_abort(pauth->auth_ctx,
+                                                  struct spnego_context);
                status = spnego_get_client_auth_token(state,
-                                               pauth->a_u.spnego_state,
+                                               spnego_ctx,
                                                &auth.credentials,
                                                &auth_token);
                if (!NT_STATUS_IS_OK(status)) {
@@ -1786,7 +1763,7 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
                        tevent_req_done(req);
                        return;
                }
-               if (spnego_require_more_processing(pauth->a_u.spnego_state)) {
+               if (spnego_require_more_processing(spnego_ctx)) {
                        status = rpc_bind_next_send(req, state,
                                                        &auth_token);
                } else {
@@ -1795,22 +1772,6 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
                }
                break;
 
-       case DCERPC_AUTH_TYPE_KRB5:
-               status = gse_get_client_auth_token(state,
-                                                  pauth->a_u.gssapi_state,
-                                                  &auth.credentials,
-                                                  &auth_token);
-               if (!NT_STATUS_IS_OK(status)) {
-                       break;
-               }
-
-               if (gse_require_more_processing(pauth->a_u.gssapi_state)) {
-                       status = rpc_bind_next_send(req, state, &auth_token);
-               } else {
-                       status = rpc_bind_finish_send(req, state, &auth_token);
-               }
-               break;
-
        default:
                goto err_out;
        }
@@ -1821,70 +1782,11 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
        return;
 
 err_out:
-       DEBUG(0,("cli_finish_bind_auth: unknown auth type %u(%u)\n",
-                (unsigned int)state->cli->auth->auth_type,
-                (unsigned int)state->cli->auth->spnego_type));
+       DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n",
+                (unsigned int)state->cli->auth->auth_type));
        tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
 }
 
-static NTSTATUS rpc_finish_auth3_bind_send(struct tevent_req *req,
-                                          struct rpc_pipe_bind_state *state,
-                                          DATA_BLOB *credentials)
-{
-       struct pipe_auth_data *auth = state->cli->auth;
-       DATA_BLOB client_reply = data_blob_null;
-       struct tevent_req *subreq;
-       NTSTATUS status;
-
-       /* TODO - check auth_type/auth_level match. */
-
-       status = auth_ntlmssp_update(auth->a_u.auth_ntlmssp_state,
-                                    *credentials, &client_reply);
-
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("rpc_finish_auth3_bind: NTLMSSP update using server "
-                         "blob failed: %s.\n", nt_errstr(status)));
-               return status;
-       }
-
-       data_blob_free(&state->rpc_out);
-
-       status = create_rpc_bind_auth3(state, state->cli,
-                                       state->rpc_call_id,
-                                       auth->auth_type,
-                                       auth->auth_level,
-                                       &client_reply,
-                                       &state->rpc_out);
-       data_blob_free(&client_reply);
-
-       if (!NT_STATUS_IS_OK(status)) {
-               return status;
-       }
-
-       subreq = rpc_write_send(state, state->ev, state->cli->transport,
-                               state->rpc_out.data, state->rpc_out.length);
-       if (subreq == NULL) {
-               return NT_STATUS_NO_MEMORY;
-       }
-       tevent_req_set_callback(subreq, rpc_bind_auth3_write_done, req);
-       return NT_STATUS_OK;
-}
-
-static void rpc_bind_auth3_write_done(struct tevent_req *subreq)
-{
-       struct tevent_req *req = tevent_req_callback_data(
-               subreq, struct tevent_req);
-       NTSTATUS status;
-
-       status = rpc_write_recv(subreq);
-       TALLOC_FREE(subreq);
-       if (!NT_STATUS_IS_OK(status)) {
-               tevent_req_nterror(req, status);
-               return;
-       }
-       tevent_req_done(req);
-}
-
 static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
                                   struct rpc_pipe_bind_state *state,
                                   DATA_BLOB *auth_token)
@@ -1925,6 +1827,8 @@ static NTSTATUS rpc_bind_finish_send(struct tevent_req *req,
        struct tevent_req *subreq;
        NTSTATUS status;
 
+       state->auth3 = true;
+
        /* Now prepare the auth3 context pdu. */
        data_blob_free(&state->rpc_out);
 
@@ -1938,12 +1842,12 @@ static NTSTATUS rpc_bind_finish_send(struct tevent_req *req,
                return status;
        }
 
-       subreq = rpc_write_send(state, state->ev, state->cli->transport,
-                               state->rpc_out.data, state->rpc_out.length);
+       subreq = rpc_api_pipe_send(state, state->ev, state->cli,
+                                  &state->rpc_out, DCERPC_PKT_AUTH3);
        if (subreq == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
-       tevent_req_set_callback(subreq, rpc_bind_auth3_write_done, req);
+       tevent_req_set_callback(subreq, rpc_pipe_bind_step_one_done, req);
        return NT_STATUS_OK;
 }
 
@@ -2031,6 +1935,15 @@ static bool rpccli_bh_is_connected(struct dcerpc_binding_handle *h)
        return rpccli_is_connected(hs->rpc_cli);
 }
 
+static uint32_t rpccli_bh_set_timeout(struct dcerpc_binding_handle *h,
+                                     uint32_t timeout)
+{
+       struct rpccli_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct rpccli_bh_state);
+
+       return rpccli_set_timeout(hs->rpc_cli, timeout);
+}
+
 struct rpccli_bh_raw_call_state {
        DATA_BLOB in_data;
        DATA_BLOB out_data;
@@ -2065,7 +1978,7 @@ static struct tevent_req *rpccli_bh_raw_call_send(TALLOC_CTX *mem_ctx,
 
        ok = rpccli_bh_is_connected(h);
        if (!ok) {
-               tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+               tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
                return tevent_req_post(req, ev);
        }
 
@@ -2148,7 +2061,7 @@ static struct tevent_req *rpccli_bh_disconnect_send(TALLOC_CTX *mem_ctx,
 
        ok = rpccli_bh_is_connected(h);
        if (!ok) {
-               tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+               tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
                return tevent_req_post(req, ev);
        }
 
@@ -2209,6 +2122,7 @@ static void rpccli_bh_do_ndr_print(struct dcerpc_binding_handle *h,
 static const struct dcerpc_binding_handle_ops rpccli_bh_ops = {
        .name                   = "rpccli",
        .is_connected           = rpccli_bh_is_connected,
+       .set_timeout            = rpccli_bh_set_timeout,
        .raw_call_send          = rpccli_bh_raw_call_send,
        .raw_call_recv          = rpccli_bh_raw_call_recv,
        .disconnect_send        = rpccli_bh_disconnect_send,
@@ -2219,7 +2133,7 @@ static const struct dcerpc_binding_handle_ops rpccli_bh_ops = {
 };
 
 /* initialise a rpc_pipe_client binding handle */
-static struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c)
+struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c)
 {
        struct dcerpc_binding_handle *h;
        struct rpccli_bh_state *hs;
@@ -2239,42 +2153,28 @@ static struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c)
        return h;
 }
 
-bool rpccli_get_pwd_hash(struct rpc_pipe_client *rpc_cli, uint8_t nt_hash[16])
+NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx,
+                                 struct pipe_auth_data **presult)
 {
-       struct auth_ntlmssp_state *a = NULL;
-       struct cli_state *cli;
-
-       if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_NTLMSSP) {
-               a = rpc_cli->auth->a_u.auth_ntlmssp_state;
-       } else if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
-               enum dcerpc_AuthType auth_type;
-               void *auth_ctx;
-               NTSTATUS status;
-
-               status = spnego_get_negotiated_mech(
-                                       rpc_cli->auth->a_u.spnego_state,
-                                       &auth_type, &auth_ctx);
-               if (!NT_STATUS_IS_OK(status)) {
-                       return false;
-               }
+       struct pipe_auth_data *result;
 
-               if (auth_type == DCERPC_AUTH_TYPE_NTLMSSP) {
-                       a = talloc_get_type(auth_ctx,
-                                           struct auth_ntlmssp_state);
-               }
+       result = talloc(mem_ctx, struct pipe_auth_data);
+       if (result == NULL) {
+               return NT_STATUS_NO_MEMORY;
        }
 
-       if (a) {
-               memcpy(nt_hash, auth_ntlmssp_get_nt_hash(a), 16);
-               return true;
-       }
+       result->auth_type = DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM;
+       result->auth_level = DCERPC_AUTH_LEVEL_CONNECT;
 
-       cli = rpc_pipe_np_smb_conn(rpc_cli);
-       if (cli == NULL) {
-               return false;
+       result->user_name = talloc_strdup(result, "");
+       result->domain = talloc_strdup(result, "");
+       if ((result->user_name == NULL) || (result->domain == NULL)) {
+               TALLOC_FREE(result);
+               return NT_STATUS_NO_MEMORY;
        }
-       E_md4hash(cli->password ? cli->password : "", nt_hash);
-       return true;
+
+       *presult = result;
+       return NT_STATUS_OK;
 }
 
 NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
@@ -2288,7 +2188,6 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
        }
 
        result->auth_type = DCERPC_AUTH_TYPE_NONE;
-       result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
        result->auth_level = DCERPC_AUTH_LEVEL_NONE;
 
        result->user_name = talloc_strdup(result, "");
@@ -2302,20 +2201,17 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
        return NT_STATUS_OK;
 }
 
-static int cli_auth_ntlmssp_data_destructor(struct pipe_auth_data *auth)
-{
-       TALLOC_FREE(auth->a_u.auth_ntlmssp_state);
-       return 0;
-}
-
-static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
-                                 enum dcerpc_AuthType auth_type,
-                                 enum dcerpc_AuthLevel auth_level,
-                                 const char *domain,
-                                 const char *username,
-                                 const char *password,
-                                 struct pipe_auth_data **presult)
+static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
+                                        enum dcerpc_AuthType auth_type,
+                                        enum dcerpc_AuthLevel auth_level,
+                                        const char *server,
+                                        const char *target_service,
+                                        const char *domain,
+                                        const char *username,
+                                        const char *password,
+                                        struct pipe_auth_data **presult)
 {
+       struct auth_generic_state *auth_generic_ctx;
        struct pipe_auth_data *result;
        NTSTATUS status;
 
@@ -2334,51 +2230,44 @@ static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
                goto fail;
        }
 
-       status = auth_ntlmssp_client_start(NULL,
-                                     global_myname(),
-                                     lp_workgroup(),
-                                     lp_client_ntlmv2_auth(),
-                                     &result->a_u.auth_ntlmssp_state);
+       status = auth_generic_client_prepare(result,
+                                            &auth_generic_ctx);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
 
-       talloc_set_destructor(result, cli_auth_ntlmssp_data_destructor);
+       status = auth_generic_set_username(auth_generic_ctx, username);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
+       }
 
-       status = auth_ntlmssp_set_username(result->a_u.auth_ntlmssp_state,
-                                          username);
+       status = auth_generic_set_domain(auth_generic_ctx, domain);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
 
-       status = auth_ntlmssp_set_domain(result->a_u.auth_ntlmssp_state,
-                                        domain);
+       status = auth_generic_set_password(auth_generic_ctx, password);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
 
-       status = auth_ntlmssp_set_password(result->a_u.auth_ntlmssp_state,
-                                          password);
+       status = gensec_set_target_service(auth_generic_ctx->gensec_security, target_service);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
 
-       /*
-        * Turn off sign+seal to allow selected auth level to turn it back on.
-        */
-       auth_ntlmssp_and_flags(result->a_u.auth_ntlmssp_state,
-                                               ~(NTLMSSP_NEGOTIATE_SIGN |
-                                                 NTLMSSP_NEGOTIATE_SEAL));
+       status = gensec_set_target_hostname(auth_generic_ctx->gensec_security, server);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
+       }
 
-       if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
-               auth_ntlmssp_or_flags(result->a_u.auth_ntlmssp_state,
-                                               NTLMSSP_NEGOTIATE_SIGN);
-       } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
-               auth_ntlmssp_or_flags(result->a_u.auth_ntlmssp_state,
-                                               NTLMSSP_NEGOTIATE_SEAL |
-                                               NTLMSSP_NEGOTIATE_SIGN);
+       status = auth_generic_client_start_by_authtype(auth_generic_ctx, auth_type, auth_level);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
        }
 
+       result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security);
+       talloc_free(auth_generic_ctx);
        *presult = result;
        return NT_STATUS_OK;
 
@@ -2392,6 +2281,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
                                   struct netlogon_creds_CredentialState *creds,
                                   struct pipe_auth_data **presult)
 {
+       struct schannel_state *schannel_auth;
        struct pipe_auth_data *result;
 
        result = talloc(mem_ctx, struct pipe_auth_data);
@@ -2400,7 +2290,6 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
        }
 
        result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
-       result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
        result->auth_level = auth_level;
 
        result->user_name = talloc_strdup(result, "");
@@ -2409,16 +2298,17 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
                goto fail;
        }
 
-       result->a_u.schannel_auth = talloc(result, struct schannel_state);
-       if (result->a_u.schannel_auth == NULL) {
+       schannel_auth = talloc(result, struct schannel_state);
+       if (schannel_auth == NULL) {
                goto fail;
        }
 
-       result->a_u.schannel_auth->state = SCHANNEL_STATE_START;
-       result->a_u.schannel_auth->seq_num = 0;
-       result->a_u.schannel_auth->initiator = true;
-       result->a_u.schannel_auth->creds = creds;
+       schannel_auth->state = SCHANNEL_STATE_START;
+       schannel_auth->seq_num = 0;
+       schannel_auth->initiator = true;
+       schannel_auth->creds = netlogon_creds_copy(result, creds);
 
+       result->auth_ctx = schannel_auth;
        *presult = result;
        return NT_STATUS_OK;
 
@@ -2440,7 +2330,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host,
        NTSTATUS status;
        int fd;
 
-       result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);
+       result = talloc_zero(mem_ctx, struct rpc_pipe_client);
        if (result == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
@@ -2464,7 +2354,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host,
                goto fail;
        }
 
-       status = open_socket_out(&addr, port, 60, &fd);
+       status = open_socket_out(&addr, port, 60*1000, &fd);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
@@ -2503,6 +2393,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
 {
        NTSTATUS status;
        struct rpc_pipe_client *epm_pipe = NULL;
+       struct dcerpc_binding_handle *epm_handle = NULL;
        struct pipe_auth_data *auth = NULL;
        struct dcerpc_binding *map_binding = NULL;
        struct dcerpc_binding *res_binding = NULL;
@@ -2513,12 +2404,19 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
        uint32_t max_towers = 1;
        struct epm_twr_p_t towers;
        TALLOC_CTX *tmp_ctx = talloc_stackframe();
+       uint32_t result = 0;
 
        if (pport == NULL) {
                status = NT_STATUS_INVALID_PARAMETER;
                goto done;
        }
 
+       if (ndr_syntax_id_equal(abstract_syntax,
+                               &ndr_table_epmapper.syntax_id)) {
+               *pport = 135;
+               return NT_STATUS_OK;
+       }
+
        /* open the connection to the endpoint mapper */
        status = rpc_pipe_open_tcp_port(tmp_ctx, host, 135,
                                        &ndr_table_epmapper.syntax_id,
@@ -2527,6 +2425,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
        if (!NT_STATUS_IS_OK(status)) {
                goto done;
        }
+       epm_handle = epm_pipe->binding_handle;
 
        status = rpccli_anon_bind_data(tmp_ctx, &auth);
        if (!NT_STATUS_IS_OK(status)) {
@@ -2540,7 +2439,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
 
        /* create tower for asking the epmapper */
 
-       map_binding = TALLOC_ZERO_P(tmp_ctx, struct dcerpc_binding);
+       map_binding = talloc_zero(tmp_ctx, struct dcerpc_binding);
        if (map_binding == NULL) {
                status = NT_STATUS_NO_MEMORY;
                goto done;
@@ -2551,7 +2450,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
        map_binding->host = host; /* needed? */
        map_binding->endpoint = "0"; /* correct? needed? */
 
-       map_tower = TALLOC_ZERO_P(tmp_ctx, struct epm_twr_t);
+       map_tower = talloc_zero(tmp_ctx, struct epm_twr_t);
        if (map_tower == NULL) {
                status = NT_STATUS_NO_MEMORY;
                goto done;
@@ -2565,14 +2464,14 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
 
        /* allocate further parameters for the epm_Map call */
 
-       res_towers = TALLOC_ARRAY(tmp_ctx, struct epm_twr_t, max_towers);
+       res_towers = talloc_array(tmp_ctx, struct epm_twr_t, max_towers);
        if (res_towers == NULL) {
                status = NT_STATUS_NO_MEMORY;
                goto done;
        }
        towers.twr = res_towers;
 
-       entry_handle = TALLOC_ZERO_P(tmp_ctx, struct policy_handle);
+       entry_handle = talloc_zero(tmp_ctx, struct policy_handle);
        if (entry_handle == NULL) {
                status = NT_STATUS_NO_MEMORY;
                goto done;
@@ -2580,20 +2479,26 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
 
        /* ask the endpoint mapper for the port */
 
-       status = rpccli_epm_Map(epm_pipe,
+       status = dcerpc_epm_Map(epm_handle,
                                tmp_ctx,
-                               CONST_DISCARD(struct GUID *,
+                               discard_const_p(struct GUID,
                                              &(abstract_syntax->uuid)),
                                map_tower,
                                entry_handle,
                                max_towers,
                                &num_towers,
-                               &towers);
+                               &towers,
+                               &result);
 
        if (!NT_STATUS_IS_OK(status)) {
                goto done;
        }
 
+       if (result != EPMAPPER_STATUS_OK) {
+               status = NT_STATUS_UNSUCCESSFUL;
+               goto done;
+       }
+
        if (num_towers != 1) {
                status = NT_STATUS_UNSUCCESSFUL;
                goto done;
@@ -2681,7 +2586,7 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path,
 
        ZERO_STRUCT(addr);
        addr.sun_family = AF_UNIX;
-       strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
+       strlcpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
 
        if (sys_connect(fd, (struct sockaddr *)(void *)&addr) == -1) {
                DEBUG(0, ("connect(%s) failed: %s\n", socket_path,
@@ -2750,14 +2655,14 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
                return NT_STATUS_INVALID_HANDLE;
        }
 
-       result = TALLOC_ZERO_P(NULL, struct rpc_pipe_client);
+       result = talloc_zero(NULL, struct rpc_pipe_client);
        if (result == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
 
        result->abstract_syntax = *abstract_syntax;
        result->transfer_syntax = ndr_transfer_syntax;
-       result->desthost = talloc_strdup(result, cli->desthost);
+       result->desthost = talloc_strdup(result, cli_state_remote_name(cli));
        result->srv_name_slash = talloc_asprintf_strupper_m(
                result, "\\\\%s", result->desthost);
 
@@ -2810,8 +2715,8 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
 {
        switch (transport) {
        case NCACN_IP_TCP:
-               return rpc_pipe_open_tcp(NULL, cli->desthost, interface,
-                                        presult);
+               return rpc_pipe_open_tcp(NULL, cli_state_remote_name(cli),
+                                        interface, presult);
        case NCACN_NP:
                return rpc_pipe_open_np(cli, interface, presult);
        default:
@@ -2885,7 +2790,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
        DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine "
                  "%s and bound anonymously.\n",
                  get_pipe_name_from_syntax(talloc_tos(), interface),
-                 cli->desthost));
+                 result->desthost));
 
        *presult = result;
        return NT_STATUS_OK;
@@ -2903,49 +2808,51 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
 }
 
 /****************************************************************************
- Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP
+ Open a named pipe to an SMB server and bind using the mech specified
  ****************************************************************************/
 
-NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
-                                  const struct ndr_syntax_id *interface,
-                                  enum dcerpc_transport_t transport,
-                                  enum dcerpc_AuthLevel auth_level,
-                                  const char *domain,
-                                  const char *username,
-                                  const char *password,
-                                  struct rpc_pipe_client **presult)
+NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
+                                       const struct ndr_interface_table *table,
+                                       enum dcerpc_transport_t transport,
+                                       enum dcerpc_AuthType auth_type,
+                                       enum dcerpc_AuthLevel auth_level,
+                                       const char *server,
+                                       const char *domain,
+                                       const char *username,
+                                       const char *password,
+                                       struct rpc_pipe_client **presult)
 {
        struct rpc_pipe_client *result;
        struct pipe_auth_data *auth = NULL;
-       enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+       const char *target_service = table->authservices->names[0];
        NTSTATUS status;
 
-       status = cli_rpc_pipe_open(cli, transport, interface, &result);
+       status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
 
-       status = rpccli_ntlmssp_bind_data(result,
+       status = rpccli_generic_bind_data(result,
                                          auth_type, auth_level,
+                                         server, target_service,
                                          domain, username, password,
                                          &auth);
        if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("rpccli_ntlmssp_bind_data returned %s\n",
+               DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
                          nt_errstr(status)));
                goto err;
        }
 
        status = rpc_pipe_bind(result, auth);
        if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error %s\n",
+               DEBUG(0, ("cli_rpc_pipe_open_generic_auth: cli_rpc_pipe_bind failed with error %s\n",
                        nt_errstr(status) ));
                goto err;
        }
 
-       DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to "
-               "machine %s and bound NTLMSSP as user %s\\%s.\n",
-                 get_pipe_name_from_syntax(talloc_tos(), interface),
-                 cli->desthost, domain, username ));
+       DEBUG(10,("cli_rpc_pipe_open_generic_auth: opened pipe %s to "
+               "machine %s and bound as user %s\\%s.\n", table->name,
+                 result->desthost, domain, username));
 
        *presult = result;
        return NT_STATUS_OK;
@@ -2956,87 +2863,6 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
        return status;
 }
 
-/****************************************************************************
-  Get a the schannel session key out of an already opened netlogon pipe.
- ****************************************************************************/
-static NTSTATUS get_schannel_session_key_common(struct rpc_pipe_client *netlogon_pipe,
-                                               struct cli_state *cli,
-                                               const char *domain,
-                                               uint32 *pneg_flags)
-{
-       enum netr_SchannelType sec_chan_type = 0;
-       unsigned char machine_pwd[16];
-       const char *machine_account;
-       NTSTATUS status;
-
-       /* Get the machine account credentials from secrets.tdb. */
-       if (!get_trust_pw_hash(domain, machine_pwd, &machine_account,
-                              &sec_chan_type))
-       {
-               DEBUG(0, ("get_schannel_session_key: could not fetch "
-                       "trust account password for domain '%s'\n",
-                       domain));
-               return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-       }
-
-       status = rpccli_netlogon_setup_creds(netlogon_pipe,
-                                       cli->desthost, /* server name */
-                                       domain,        /* domain */
-                                       global_myname(), /* client name */
-                                       machine_account, /* machine account name */
-                                       machine_pwd,
-                                       sec_chan_type,
-                                       pneg_flags);
-
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(3, ("get_schannel_session_key_common: "
-                         "rpccli_netlogon_setup_creds failed with result %s "
-                         "to server %s, domain %s, machine account %s.\n",
-                         nt_errstr(status), cli->desthost, domain,
-                         machine_account ));
-               return status;
-       }
-
-       if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) {
-               DEBUG(3, ("get_schannel_session_key: Server %s did not offer schannel\n",
-                       cli->desthost));
-               return NT_STATUS_INVALID_NETWORK_RESPONSE;
-       }
-
-       return NT_STATUS_OK;;
-}
-
-/****************************************************************************
- Open a netlogon pipe and get the schannel session key.
- Now exposed to external callers.
- ****************************************************************************/
-
-
-NTSTATUS get_schannel_session_key(struct cli_state *cli,
-                                 const char *domain,
-                                 uint32 *pneg_flags,
-                                 struct rpc_pipe_client **presult)
-{
-       struct rpc_pipe_client *netlogon_pipe = NULL;
-       NTSTATUS status;
-
-       status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
-                                         &netlogon_pipe);
-       if (!NT_STATUS_IS_OK(status)) {
-               return status;
-       }
-
-       status = get_schannel_session_key_common(netlogon_pipe, cli, domain,
-                                                pneg_flags);
-       if (!NT_STATUS_IS_OK(status)) {
-               TALLOC_FREE(netlogon_pipe);
-               return status;
-       }
-
-       *presult = netlogon_pipe;
-       return NT_STATUS_OK;
-}
-
 /****************************************************************************
  External interface.
  Open a named pipe to an SMB server and bind using schannel (bind type 68)
@@ -3082,293 +2908,41 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
 
        /*
         * The credentials on a new netlogon pipe are the ones we are passed
-        * in - reference them in
+        * in - copy them over
         */
-       result->dc = talloc_move(result, pdc);
+       result->dc = netlogon_creds_copy(result, *pdc);
+       if (result->dc == NULL) {
+               TALLOC_FREE(result);
+               return NT_STATUS_NO_MEMORY;
+       }
 
        DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
                  "for domain %s and bound using schannel.\n",
                  get_pipe_name_from_syntax(talloc_tos(), interface),
-                 cli->desthost, domain ));
-
-       *presult = result;
-       return NT_STATUS_OK;
-}
-
-/****************************************************************************
- Open a named pipe to an SMB server and bind using schannel (bind type 68).
- Fetch the session key ourselves using a temporary netlogon pipe. This
- version uses an ntlmssp auth bound netlogon pipe to get the key.
- ****************************************************************************/
-
-static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
-                                                     const char *domain,
-                                                     const char *username,
-                                                     const char *password,
-                                                     uint32 *pneg_flags,
-                                                     struct rpc_pipe_client **presult)
-{
-       struct rpc_pipe_client *netlogon_pipe = NULL;
-       NTSTATUS status;
-
-       status = cli_rpc_pipe_open_spnego_ntlmssp(
-               cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
-               DCERPC_AUTH_LEVEL_PRIVACY,
-               domain, username, password, &netlogon_pipe);
-       if (!NT_STATUS_IS_OK(status)) {
-               return status;
-       }
-
-       status = get_schannel_session_key_common(netlogon_pipe, cli, domain,
-                                                pneg_flags);
-       if (!NT_STATUS_IS_OK(status)) {
-               TALLOC_FREE(netlogon_pipe);
-               return status;
-       }
-
-       *presult = netlogon_pipe;
-       return NT_STATUS_OK;
-}
-
-/****************************************************************************
- Open a named pipe to an SMB server and bind using schannel (bind type 68).
- Fetch the session key ourselves using a temporary netlogon pipe. This version
- uses an ntlmssp bind to get the session key.
- ****************************************************************************/
-
-NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
-                                                const struct ndr_syntax_id *interface,
-                                                enum dcerpc_transport_t transport,
-                                                enum dcerpc_AuthLevel auth_level,
-                                                const char *domain,
-                                                const char *username,
-                                                const char *password,
-                                                struct rpc_pipe_client **presult)
-{
-       uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-       struct rpc_pipe_client *netlogon_pipe = NULL;
-       struct rpc_pipe_client *result = NULL;
-       NTSTATUS status;
-
-       status = get_schannel_session_key_auth_ntlmssp(
-               cli, domain, username, password, &neg_flags, &netlogon_pipe);
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0,("cli_rpc_pipe_open_ntlmssp_auth_schannel: failed to get schannel session "
-                       "key from server %s for domain %s.\n",
-                       cli->desthost, domain ));
-               return status;
-       }
-
-       status = cli_rpc_pipe_open_schannel_with_key(
-               cli, interface, transport, auth_level, domain, &netlogon_pipe->dc,
-               &result);
-
-       /* Now we've bound using the session key we can close the netlog pipe. */
-       TALLOC_FREE(netlogon_pipe);
-
-       if (NT_STATUS_IS_OK(status)) {
-               *presult = result;
-       }
-       return status;
-}
-
-/****************************************************************************
- Open a named pipe to an SMB server and bind using schannel (bind type 68).
- Fetch the session key ourselves using a temporary netlogon pipe.
- ****************************************************************************/
-
-NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
-                                   const struct ndr_syntax_id *interface,
-                                   enum dcerpc_transport_t transport,
-                                   enum dcerpc_AuthLevel auth_level,
-                                   const char *domain,
-                                   struct rpc_pipe_client **presult)
-{
-       uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-       struct rpc_pipe_client *netlogon_pipe = NULL;
-       struct rpc_pipe_client *result = NULL;
-       NTSTATUS status;
-
-       status = get_schannel_session_key(cli, domain, &neg_flags,
-                                         &netlogon_pipe);
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0,("cli_rpc_pipe_open_schannel: failed to get schannel session "
-                       "key from server %s for domain %s.\n",
-                       cli->desthost, domain ));
-               return status;
-       }
-
-       status = cli_rpc_pipe_open_schannel_with_key(
-               cli, interface, transport, auth_level, domain, &netlogon_pipe->dc,
-               &result);
-
-       /* Now we've bound using the session key we can close the netlog pipe. */
-       TALLOC_FREE(netlogon_pipe);
-
-       if (NT_STATUS_IS_OK(status)) {
-               *presult = result;
-       }
-
-       return status;
-}
-
-/****************************************************************************
- Open a named pipe to an SMB server and bind using krb5 (bind type 16).
- The idea is this can be called with service_princ, username and password all
- NULL so long as the caller has a TGT.
- ****************************************************************************/
-
-NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
-                               const struct ndr_syntax_id *interface,
-                               enum dcerpc_transport_t transport,
-                               enum dcerpc_AuthLevel auth_level,
-                               const char *server,
-                               const char *username,
-                               const char *password,
-                               struct rpc_pipe_client **presult)
-{
-       struct rpc_pipe_client *result;
-       struct pipe_auth_data *auth;
-       NTSTATUS status;
-
-       status = cli_rpc_pipe_open(cli, transport, interface, &result);
-       if (!NT_STATUS_IS_OK(status)) {
-               return status;
-       }
-
-       auth = talloc(result, struct pipe_auth_data);
-       if (auth == NULL) {
-               status = NT_STATUS_NO_MEMORY;
-               goto err_out;
-       }
-       auth->auth_type = DCERPC_AUTH_TYPE_KRB5;
-       auth->auth_level = auth_level;
-
-       if (!username) {
-               username = "";
-       }
-       auth->user_name = talloc_strdup(auth, username);
-       if (!auth->user_name) {
-               status = NT_STATUS_NO_MEMORY;
-               goto err_out;
-       }
-
-       /* Fixme, should we fetch/set the Realm ? */
-       auth->domain = talloc_strdup(auth, "");
-       if (!auth->domain) {
-               status = NT_STATUS_NO_MEMORY;
-               goto err_out;
-       }
-
-       status = gse_init_client(auth, auth->auth_type, auth->auth_level,
-                                NULL, server, "cifs", username, password,
-                                GSS_C_DCE_STYLE, &auth->a_u.gssapi_state);
-
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("gse_init_client returned %s\n",
-                         nt_errstr(status)));
-               goto err_out;
-       }
-
-       status = rpc_pipe_bind(result, auth);
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("cli_rpc_pipe_bind failed with error %s\n",
-                         nt_errstr(status)));
-               goto err_out;
-       }
-
-       *presult = result;
-       return NT_STATUS_OK;
-
-err_out:
-       TALLOC_FREE(result);
-       return status;
-}
-
-NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli,
-                                       const struct ndr_syntax_id *interface,
-                                       enum dcerpc_transport_t transport,
-                                       enum dcerpc_AuthLevel auth_level,
-                                       const char *server,
-                                       const char *username,
-                                       const char *password,
-                                       struct rpc_pipe_client **presult)
-{
-       struct rpc_pipe_client *result;
-       struct pipe_auth_data *auth;
-       NTSTATUS status;
-
-       status = cli_rpc_pipe_open(cli, transport, interface, &result);
-       if (!NT_STATUS_IS_OK(status)) {
-               return status;
-       }
-
-       auth = talloc(result, struct pipe_auth_data);
-       if (auth == NULL) {
-               status = NT_STATUS_NO_MEMORY;
-               goto err_out;
-       }
-       auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
-       auth->auth_level = auth_level;
-       /* compat */
-       auth->spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
-
-       if (!username) {
-               username = "";
-       }
-       auth->user_name = talloc_strdup(auth, username);
-       if (!auth->user_name) {
-               status = NT_STATUS_NO_MEMORY;
-               goto err_out;
-       }
-
-       /* Fixme, should we fetch/set the Realm ? */
-       auth->domain = talloc_strdup(auth, "");
-       if (!auth->domain) {
-               status = NT_STATUS_NO_MEMORY;
-               goto err_out;
-       }
-
-       status = spnego_gssapi_init_client(auth, auth->auth_level,
-                                          NULL, server, "cifs",
-                                          username, password,
-                                          GSS_C_DCE_STYLE,
-                                          &auth->a_u.spnego_state);
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("spnego_init_client returned %s\n",
-                         nt_errstr(status)));
-               goto err_out;
-       }
-
-       status = rpc_pipe_bind(result, auth);
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("cli_rpc_pipe_bind failed with error %s\n",
-                         nt_errstr(status)));
-               goto err_out;
-       }
+                 result->desthost, domain));
 
        *presult = result;
        return NT_STATUS_OK;
-
-err_out:
-       TALLOC_FREE(result);
-       return status;
 }
 
-NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
-                                         const struct ndr_syntax_id *interface,
-                                         enum dcerpc_transport_t transport,
-                                         enum dcerpc_AuthLevel auth_level,
-                                         const char *domain,
-                                         const char *username,
-                                         const char *password,
-                                         struct rpc_pipe_client **presult)
+NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
+                                 const struct ndr_interface_table *table,
+                                 enum dcerpc_transport_t transport,
+                                 const char *oid,
+                                 enum dcerpc_AuthLevel auth_level,
+                                 const char *server,
+                                 const char *domain,
+                                 const char *username,
+                                 const char *password,
+                                 struct rpc_pipe_client **presult)
 {
        struct rpc_pipe_client *result;
        struct pipe_auth_data *auth;
+       struct spnego_context *spnego_ctx;
        NTSTATUS status;
+       const char *target_service = table->authservices->names[0];
 
-       status = cli_rpc_pipe_open(cli, transport, interface, &result);
+       status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -3399,14 +2973,22 @@ NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
                goto err_out;
        }
 
-       status = spnego_ntlmssp_init_client(auth, auth->auth_level,
+       status = spnego_generic_init_client(auth,
+                                           oid,
+                                           (auth->auth_level ==
+                                               DCERPC_AUTH_LEVEL_INTEGRITY),
+                                           (auth->auth_level ==
+                                               DCERPC_AUTH_LEVEL_PRIVACY),
+                                           true,
+                                           server, target_service,
                                            domain, username, password,
-                                           &auth->a_u.spnego_state);
+                                           &spnego_ctx);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0, ("spnego_init_client returned %s\n",
                          nt_errstr(status)));
                goto err_out;
        }
+       auth->auth_ctx = spnego_ctx;
 
        status = rpc_pipe_bind(result, auth);
        if (!NT_STATUS_IS_OK(status)) {
@@ -3427,42 +3009,73 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
                             struct rpc_pipe_client *cli,
                             DATA_BLOB *session_key)
 {
-       struct pipe_auth_data *a = cli->auth;
-       DATA_BLOB sk;
+       NTSTATUS status;
+       struct pipe_auth_data *a;
+       struct schannel_state *schannel_auth;
+       struct gensec_security *gensec_security;
+       struct spnego_context *spnego_ctx;
+       DATA_BLOB sk = data_blob_null;
+       bool make_dup = false;
 
        if (!session_key || !cli) {
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       if (!cli->auth) {
+       a = cli->auth;
+
+       if (a == NULL) {
                return NT_STATUS_INVALID_PARAMETER;
        }
 
        switch (cli->auth->auth_type) {
        case DCERPC_AUTH_TYPE_SCHANNEL:
-               sk = data_blob_const(a->a_u.schannel_auth->creds->session_key,
-                                    16);
+               schannel_auth = talloc_get_type_abort(a->auth_ctx,
+                                                     struct schannel_state);
+               sk = data_blob_const(schannel_auth->creds->session_key, 16);
+               make_dup = true;
                break;
        case DCERPC_AUTH_TYPE_SPNEGO:
-               sk = spnego_get_session_key(a->a_u.spnego_state);
-               if (sk.length == 0) {
-                       return NT_STATUS_NO_USER_SESSION_KEY;
+               spnego_ctx = talloc_get_type_abort(a->auth_ctx,
+                                                  struct spnego_context);
+               status = spnego_get_negotiated_mech(spnego_ctx, &gensec_security);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
+               status = gensec_session_key(gensec_security, mem_ctx, &sk);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
                }
+               make_dup = false;
                break;
        case DCERPC_AUTH_TYPE_NTLMSSP:
-               sk = auth_ntlmssp_get_session_key(a->a_u.auth_ntlmssp_state);
-               break;
        case DCERPC_AUTH_TYPE_KRB5:
-               sk = gse_get_session_key(a->a_u.gssapi_state);
+               gensec_security = talloc_get_type_abort(a->auth_ctx,
+                                               struct gensec_security);
+               status = gensec_session_key(gensec_security, mem_ctx, &sk);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
+               make_dup = false;
                break;
+       case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
        case DCERPC_AUTH_TYPE_NONE:
                sk = data_blob_const(a->user_session_key.data,
                                     a->user_session_key.length);
+               make_dup = true;
                break;
        default:
+               break;
+       }
+
+       if (!sk.data) {
                return NT_STATUS_NO_USER_SESSION_KEY;
        }
 
-       *session_key = data_blob_dup_talloc(mem_ctx, &sk);
+       if (make_dup) {
+               *session_key = data_blob_dup_talloc(mem_ctx, sk);
+       } else {
+               *session_key = sk;
+       }
+
        return NT_STATUS_OK;
 }