s3:rpc_client: use netlogon_creds_cli_auth_level() in cli_rpc_pipe_open_schannel_with...

This means the auth level is now based on the "winbindd sealed pipes" option,
defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 5dc620f270eb6eb9c7e2b34fab04384c59a29bc1..b2805eed5419f0f7ccf463aaf70c56e8957bcdef 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1278,7 +1278,6 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
 
        status = cli_rpc_pipe_open_schannel_with_key(
                cli, &ndr_table_netlogon, NCACN_NP,
-               DCERPC_AUTH_LEVEL_PRIVACY,
                netbios_domain_name,
                netlogon_pipe->netlogon_creds, &pipe_hnd);
 

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 7f79046fc7c38dfdd71a84738944ceca37a9c911..b9473bbb83458ccdb9985aaf57d5ab295028dcb7 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3023,7 +3023,6 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
 NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
                                             const struct ndr_interface_table *table,
                                             enum dcerpc_transport_t transport,
-                                            enum dcerpc_AuthLevel auth_level,
                                             const char *domain,
                                             struct netlogon_creds_cli_context *netlogon_creds,
                                             struct rpc_pipe_client **_rpccli)
@@ -3031,6 +3030,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
        struct rpc_pipe_client *rpccli;
        struct pipe_auth_data *rpcauth;
        struct netlogon_creds_CredentialState *creds = NULL;
+       enum dcerpc_AuthLevel auth_level;
        NTSTATUS status;
        const char *target_service = table->authservices->names[0];
        int rpc_pipe_bind_dbglvl = 0;
@@ -3048,6 +3048,8 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
                return status;
        }
 
+       auth_level = netlogon_creds_cli_auth_level(netlogon_creds);
+
        status = rpccli_generic_bind_data(rpccli,
                                          DCERPC_AUTH_TYPE_SCHANNEL,
                                          auth_level,

diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 4e9f84a333b5a92278713d7c4c9d32c9628bbcb1..2a10a810bbbe890864cbaf1d658d17b2e3399e0a 100644 (file)
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -96,7 +96,6 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
 NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
                                             const struct ndr_interface_table *table,
                                             enum dcerpc_transport_t transport,
-                                            enum dcerpc_AuthLevel auth_level,
                                             const char *domain,
                                             struct netlogon_creds_cli_context *netlogon_creds,
                                             struct rpc_pipe_client **presult);

diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
index e3d65c86203567be125903ce4b36cd2701b2beb6..8f9161fc5aed79f24d81e02797cf3f2da43b96a2 100644 (file)
--- a/source3/rpc_client/cli_pipe_schannel.c
+++ b/source3/rpc_client/cli_pipe_schannel.c
@@ -112,7 +112,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
        }
 
        status = cli_rpc_pipe_open_schannel_with_key(
-               cli, table, transport, auth_level, domain,
+               cli, table, transport, domain,
                netlogon_pipe->netlogon_creds,
                &result);
 

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index d08d7de13f8517728478e2adc38245cd3befdbdc..25e6d50f3ea2abc9040f2b5d6c5885a2a572e1e7 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2430,7 +2430,6 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
        }
        status = cli_rpc_pipe_open_schannel_with_key
                (conn->cli, &ndr_table_samr, NCACN_NP,
-                DCERPC_AUTH_LEVEL_PRIVACY,
                 domain->name, p_creds, &conn->samr_pipe);
 
        if (!NT_STATUS_IS_OK(status)) {
@@ -2563,7 +2562,6 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
        status = cli_rpc_pipe_open_schannel_with_key(conn->cli,
                                                     &ndr_table_lsarpc,
                                                     NCACN_IP_TCP,
-                                                    DCERPC_AUTH_LEVEL_PRIVACY,
                                                     domain->name,
                                                     creds,
                                                     &conn->lsa_pipe_tcp);
@@ -2661,7 +2659,6 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
        }
        result = cli_rpc_pipe_open_schannel_with_key
                (conn->cli, &ndr_table_lsarpc, NCACN_NP,
-                DCERPC_AUTH_LEVEL_PRIVACY,
                 domain->name, p_creds, &conn->lsa_pipe);
 
        if (!NT_STATUS_IS_OK(result)) {
@@ -2841,7 +2838,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
 
        result = cli_rpc_pipe_open_schannel_with_key(
                conn->cli, &ndr_table_netlogon, NCACN_NP,
-               DCERPC_AUTH_LEVEL_PRIVACY, domain->name,
+               domain->name,
                netlogon_pipe->netlogon_creds,
                &conn->netlogon_pipe);