s3:rpc_client: use cli_credentials based functions in cli_rpc_pipe_open_schannel()

This simplifies the code and allows the previous password to be passed
through the stack.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
index 0825663100b8d1f87177d5a797dd98cf54e6fdd5..5e309fd83633eb66198d5a51eb2e08b031a491ee 100644 (file)
--- a/source3/rpc_client/cli_pipe_schannel.c
+++ b/source3/rpc_client/cli_pipe_schannel.c
@@ -50,76 +50,38 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
        const char *dc_name = smbXcli_conn_remote_name(cli->conn);
        struct rpc_pipe_client *result = NULL;
        NTSTATUS status;
+       struct cli_credentials *cli_creds = NULL;
        struct netlogon_creds_cli_context *netlogon_creds = NULL;
-       struct netlogon_creds_CredentialState *creds = NULL;
-       uint32_t netlogon_flags = 0;
-       enum netr_SchannelType sec_chan_type = 0;
-       const char *_account_name = NULL;
-       const char *account_name = NULL;
-       struct samr_Password current_nt_hash;
-       struct samr_Password *previous_nt_hash = NULL;
-       bool ok;
 
-       ok = get_trust_pw_hash(domain,
-                              current_nt_hash.hash,
-                              &_account_name,
-                              &sec_chan_type);
-       if (!ok) {
-               TALLOC_FREE(frame);
-               return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-       }
-
-       account_name = talloc_asprintf(frame, "%s$", _account_name);
-       if (account_name == NULL) {
-               SAFE_FREE(previous_nt_hash);
-               TALLOC_FREE(frame);
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       status = rpccli_create_netlogon_creds(dc_name,
-                                             domain,
-                                             account_name,
-                                             sec_chan_type,
-                                             msg_ctx,
-                                             frame,
-                                             &netlogon_creds);
+       status = pdb_get_trust_credentials(domain, NULL,
+                                          frame, &cli_creds);
        if (!NT_STATUS_IS_OK(status)) {
-               SAFE_FREE(previous_nt_hash);
                TALLOC_FREE(frame);
                return status;
        }
 
-       status = rpccli_setup_netlogon_creds(cli, transport,
-                                            netlogon_creds,
-                                            false, /* force_reauth */
-                                            current_nt_hash,
-                                            previous_nt_hash);
-       SAFE_FREE(previous_nt_hash);
+       status = rpccli_create_netlogon_creds_with_creds(cli_creds,
+                                                        dc_name,
+                                                        msg_ctx,
+                                                        frame,
+                                                        &netlogon_creds);
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(frame);
                return status;
        }
 
-       status = netlogon_creds_cli_get(netlogon_creds,
-                                       frame,
-                                       &creds);
+       status = rpccli_setup_netlogon_creds_with_creds(cli, transport,
+                                            netlogon_creds,
+                                            false, /* force_reauth */
+                                            cli_creds);
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(frame);
                return status;
        }
-       netlogon_flags = creds->negotiate_flags;
-       TALLOC_FREE(creds);
-
-       if (!(netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
-               TALLOC_FREE(frame);
-               return NT_STATUS_DOWNGRADE_DETECTED;
-       }
-
-       status = cli_rpc_pipe_open_schannel_with_key(
-               cli, table, transport, domain,
-               netlogon_creds,
-               &result);
 
+       status = cli_rpc_pipe_open_schannel_with_creds(cli, table, transport,
+                                                      cli_creds, netlogon_creds,
+                                                      &result);
        if (NT_STATUS_IS_OK(status)) {
                *presult = result;
                if (pcreds != NULL) {