/* open the netlogon pipe. */
if (lp_client_schannel()) {
/* We also setup the creds chain in the open_schannel call. */
- netlogon_pipe = cli_rpc_pipe_open_schannel(*cli, PI_NETLOGON,
- PIPE_AUTH_LEVEL_PRIVACY, domain, &result);
+ result = cli_rpc_pipe_open_schannel(
+ *cli, &ndr_table_netlogon.syntax_id,
+ PIPE_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
} else {
result = cli_rpc_pipe_open_noauth(
*cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe);
const char *username,
const char *password,
struct rpc_pipe_client **presult);
-struct rpc_pipe_client *cli_rpc_pipe_open_schannel(struct cli_state *cli,
- int pipe_idx,
- enum pipe_auth_level auth_level,
- const char *domain,
- NTSTATUS *perr);
+NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum pipe_auth_level auth_level,
+ const char *domain,
+ struct rpc_pipe_client **presult);
struct rpc_pipe_client *cli_rpc_pipe_open_krb5(struct cli_state *cli,
int pipe_idx,
enum pipe_auth_level auth_level,
Fetch the session key ourselves using a temporary netlogon pipe.
****************************************************************************/
-struct rpc_pipe_client *cli_rpc_pipe_open_schannel(struct cli_state *cli,
- int pipe_idx,
- enum pipe_auth_level auth_level,
- const char *domain,
- NTSTATUS *perr)
+NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum pipe_auth_level auth_level,
+ const char *domain,
+ struct rpc_pipe_client **presult)
{
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
+ NTSTATUS status;
- *perr = get_schannel_session_key(cli, domain, &neg_flags,
- &netlogon_pipe);
- if (!NT_STATUS_IS_OK(*perr)) {
+ status = get_schannel_session_key(cli, domain, &neg_flags,
+ &netlogon_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("cli_rpc_pipe_open_schannel: failed to get schannel session "
"key from server %s for domain %s.\n",
cli->desthost, domain ));
- return NULL;
+ return status;
}
- *perr = cli_rpc_pipe_open_schannel_with_key(
- cli, cli_get_iface(pipe_idx), auth_level,
- domain, netlogon_pipe->dc, &result);
+ status = cli_rpc_pipe_open_schannel_with_key(
+ cli, interface, auth_level, domain, netlogon_pipe->dc,
+ &result);
/* Now we've bound using the session key we can close the netlog pipe. */
TALLOC_FREE(netlogon_pipe);
- return result;
+ if (NT_STATUS_IS_OK(status)) {
+ *presult = result;
+ }
+
+ return NT_STATUS_OK;
}
/****************************************************************************
&cmd_entry->rpc_pipe);
break;
case PIPE_AUTH_TYPE_SCHANNEL:
- cmd_entry->rpc_pipe = cli_rpc_pipe_open_schannel(cli,
- cmd_entry->pipe_idx,
- pipe_default_auth_level,
- lp_workgroup(),
- &ntresult);
+ ntresult = cli_rpc_pipe_open_schannel(
+ cli,
+ cli_get_iface(cmd_entry->pipe_idx),
+ pipe_default_auth_level,
+ lp_workgroup(),
+ &cmd_entry->rpc_pipe);
break;
default:
DEBUG(0, ("Could not initialise %s. Invalid auth type %u\n",
if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
if (lp_client_schannel() && (pipe_idx == PI_NETLOGON)) {
/* Always try and create an schannel netlogon pipe. */
- pipe_hnd = cli_rpc_pipe_open_schannel(cli, pipe_idx,
- PIPE_AUTH_LEVEL_PRIVACY,
- domain_name,
- &nt_status);
- if (!pipe_hnd) {
+ nt_status = cli_rpc_pipe_open_schannel(
+ cli, cli_get_iface(pipe_idx),
+ PIPE_AUTH_LEVEL_PRIVACY, domain_name,
+ &pipe_hnd);
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
nt_errstr(nt_status) ));
cli_shutdown(cli);