*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
/* Common case. */
if (current_pdu_len == (uint32)prhdr->frag_len) {
prs_mem_free(current_pdu);
- prs_init(current_pdu, 0, prs_get_mem_context(current_pdu), UNMARSHALL);
+ prs_init_empty(current_pdu, prs_get_mem_context(current_pdu), UNMARSHALL);
/* Make current_pdu dynamic with no memory. */
prs_give_memory(current_pdu, 0, 0, True);
return NT_STATUS_OK;
#endif
/* Set up the current pdu parse struct. */
- prs_init(¤t_pdu, 0, prs_get_mem_context(rbuf), UNMARSHALL);
+ prs_init_empty(¤t_pdu, prs_get_mem_context(rbuf), UNMARSHALL);
/* Create setup parameters - must be in native byte order. */
setup[0] = TRANSACT_DCERPCCMD;
&rparam, &rparam_len, /* return params, len */
&prdata, &rdata_len)) /* return data, len */
{
- DEBUG(0, ("rpc_api_pipe: Remote machine %s pipe %s fnum 0x%x"
+ DEBUG(0, ("rpc_api_pipe: Remote machine %s pipe %s fnum 0x%x "
"returned critical error. Error was %s\n",
cli->cli->desthost,
cli->pipe_name,
#ifdef HAVE_KRB5
int ret;
struct kerberos_auth_struct *a = cli->auth.a_u.kerberos_auth;
- DATA_BLOB tkt = data_blob(NULL, 0);
- DATA_BLOB tkt_wrapped = data_blob(NULL, 0);
+ DATA_BLOB tkt = data_blob_null;
+ DATA_BLOB tkt_wrapped = data_blob_null;
/* We may change the pad length before marshalling. */
init_rpc_hdr_auth(pauth_out, RPC_KRB5_AUTH_TYPE, (int)auth_level, 0, 1);
/* Create the ticket for the service principal and return it in a gss-api wrapped blob. */
ret = cli_krb5_get_ticket(a->service_principal, 0, &tkt,
- &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL);
+ &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL);
if (ret) {
DEBUG(1,("create_krb5_auth_bind_req: cli_krb5_get_ticket for principal %s "
}
DEBUG(5, ("create_krb5_auth_bind_req: Created krb5 GSS blob :\n"));
- dump_data(5, (const char *)tkt_wrapped.data, tkt_wrapped.length);
+ dump_data(5, tkt_wrapped.data, tkt_wrapped.length);
data_blob_free(&tkt_wrapped);
return NT_STATUS_OK;
prs_struct *auth_data)
{
NTSTATUS nt_status;
- DATA_BLOB null_blob = data_blob(NULL, 0);
- DATA_BLOB request = data_blob(NULL, 0);
- DATA_BLOB spnego_msg = data_blob(NULL, 0);
+ DATA_BLOB null_blob = data_blob_null;
+ DATA_BLOB request = data_blob_null;
+ DATA_BLOB spnego_msg = data_blob_null;
/* We may change the pad length before marshalling. */
init_rpc_hdr_auth(pauth_out, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1);
}
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate:\n"));
- dump_data(5, (const char *)spnego_msg.data, spnego_msg.length);
+ dump_data(5, spnego_msg.data, spnego_msg.length);
data_blob_free(&spnego_msg);
return NT_STATUS_OK;
prs_struct *auth_data)
{
NTSTATUS nt_status;
- DATA_BLOB null_blob = data_blob(NULL, 0);
- DATA_BLOB request = data_blob(NULL, 0);
+ DATA_BLOB null_blob = data_blob_null;
+ DATA_BLOB request = data_blob_null;
/* We may change the pad length before marshalling. */
init_rpc_hdr_auth(pauth_out, RPC_NTLMSSP_AUTH_TYPE, (int)auth_level, 0, 1);
}
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate:\n"));
- dump_data(5, (const char *)request.data, request.length);
+ dump_data(5, request.data, request.length);
data_blob_free(&request);
return NT_STATUS_OK;
NTSTATUS ret = NT_STATUS_OK;
ZERO_STRUCT(hdr_auth);
- prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL);
+ if (!prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL))
+ return NT_STATUS_NO_MEMORY;
switch (auth_type) {
case PIPE_AUTH_TYPE_SCHANNEL:
{
RPC_HDR_AUTH auth_info;
NTSTATUS status;
- DATA_BLOB auth_blob = data_blob(NULL, 0);
+ DATA_BLOB auth_blob = data_blob_null;
uint16 data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
if (!cli->auth.a_u.ntlmssp_state) {
return NT_STATUS_INVALID_PARAMETER;
}
- prs_init(&outgoing_pdu, cli->max_xmit_frag, prs_get_mem_context(in_data), MARSHALL);
+ if (!prs_init(&outgoing_pdu, cli->max_xmit_frag, prs_get_mem_context(in_data), MARSHALL))
+ return NT_STATUS_NO_MEMORY;
while (1) {
RPC_HDR hdr;
ret = rpc_api_pipe(cli, &outgoing_pdu, out_data, RPC_RESPONSE);
prs_mem_free(&outgoing_pdu);
-
if (DEBUGLEVEL >= 50) {
- pstring dump_name;
+ char *dump_name = NULL;
/* Also capture received data */
- slprintf(dump_name, sizeof(dump_name) - 1, "%s/reply_%s_%d",
- dyn_LOGFILEBASE, cli->pipe_name, op_num);
- prs_dump(dump_name, op_num, out_data);
+ if (asprintf(&dump_name, "%s/reply_%s_%d",
+ get_dyn_LOGFILEBASE(), cli->pipe_name,
+ op_num) > 0) {
+ prs_dump(dump_name, op_num, out_data);
+ SAFE_FREE(dump_name);
+ }
}
return ret;
Set the handle state.
****************************************************************************/
-static BOOL rpc_pipe_set_hnd_state(struct rpc_pipe_client *cli,
+static bool rpc_pipe_set_hnd_state(struct rpc_pipe_client *cli,
const char *pipe_name, uint16 device_state)
{
- BOOL state_set = False;
+ bool state_set = False;
char param[2];
uint16 setup[2]; /* only need 2 uint16 setup parameters */
char *rparam = NULL;
Check the rpc bind acknowledge response.
****************************************************************************/
-static BOOL valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
+static bool valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
{
if ( pipe_idx >= PI_MAX_PIPES ) {
DEBUG(0,("valid_pipe_name: Programmer error! Invalid pipe index [%d]\n",
}
DEBUG(5,("Bind Abstract Syntax: "));
- dump_data(5, (char*)&pipe_names[pipe_idx].abstr_syntax,
+ dump_data(5, (uint8 *)&pipe_names[pipe_idx].abstr_syntax,
sizeof(pipe_names[pipe_idx].abstr_syntax));
DEBUG(5,("Bind Transfer Syntax: "));
- dump_data(5, (char*)&pipe_names[pipe_idx].trans_syntax,
+ dump_data(5, (uint8 *)&pipe_names[pipe_idx].trans_syntax,
sizeof(pipe_names[pipe_idx].trans_syntax));
/* copy the required syntaxes out so we can do the right bind */
- *transfer = pipe_names[pipe_idx].trans_syntax;
- *abstract = pipe_names[pipe_idx].abstr_syntax;
+ *transfer = *pipe_names[pipe_idx].trans_syntax;
+ *abstract = *pipe_names[pipe_idx].abstr_syntax;
return True;
}
Check the rpc bind acknowledge response.
****************************************************************************/
-static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, const int pipe_idx, RPC_IFACE *transfer)
+static bool check_bind_response(RPC_HDR_BA *hdr_ba, const int pipe_idx, RPC_IFACE *transfer)
{
if ( hdr_ba->addr.len == 0) {
DEBUG(4,("Ignoring length check -- ASU bug (server didn't fill in the pipe name correctly)"));
#endif /* JERRY */
/* check the transfer syntax */
- if ((hdr_ba->transfer.version != transfer->version) ||
+ if ((hdr_ba->transfer.if_version != transfer->if_version) ||
(memcmp(&hdr_ba->transfer.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) {
DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n"));
return False;
enum pipe_auth_type auth_type,
enum pipe_auth_level auth_level)
{
- DATA_BLOB server_response = data_blob(NULL,0);
- DATA_BLOB client_reply = data_blob(NULL,0);
+ DATA_BLOB server_response = data_blob_null;
+ DATA_BLOB client_reply = data_blob_null;
RPC_HDR_AUTH hdr_auth;
NTSTATUS nt_status;
prs_struct rpc_out;
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("rpc_finish_auth3_bind: NTLMSSP update using server blob failed.\n"));
+ data_blob_free(&server_response);
return nt_status;
}
- prs_init(&rpc_out, 0, prs_get_mem_context(rbuf), MARSHALL);
+ prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL);
nt_status = create_rpc_bind_auth3(cli, rpc_call_id,
auth_type, auth_level,
NTSTATUS ret = NT_STATUS_OK;
ZERO_STRUCT(hdr_auth);
- prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL);
+ if (!prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL))
+ return NT_STATUS_NO_MEMORY;
/* We may change the pad length before marshalling. */
init_rpc_hdr_auth(&hdr_auth, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1);
enum pipe_auth_type auth_type,
enum pipe_auth_level auth_level)
{
- DATA_BLOB server_spnego_response = data_blob(NULL,0);
- DATA_BLOB server_ntlm_response = data_blob(NULL,0);
- DATA_BLOB client_reply = data_blob(NULL,0);
- DATA_BLOB tmp_blob = data_blob(NULL, 0);
+ DATA_BLOB server_spnego_response = data_blob_null;
+ DATA_BLOB server_ntlm_response = data_blob_null;
+ DATA_BLOB client_reply = data_blob_null;
+ DATA_BLOB tmp_blob = data_blob_null;
RPC_HDR_AUTH hdr_auth;
NTSTATUS nt_status;
prs_struct rpc_out;
tmp_blob = spnego_gen_auth(client_reply);
data_blob_free(&client_reply);
client_reply = tmp_blob;
- tmp_blob = data_blob(NULL,0); /* Ensure it's safe to free this just in case. */
+ tmp_blob = data_blob_null; /* Ensure it's safe to free this just in case. */
/* Now prepare the alter context pdu. */
- prs_init(&rpc_out, 0, prs_get_mem_context(rbuf), MARSHALL);
+ prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL);
nt_status = create_rpc_alter_context(rpc_call_id,
abstract,
/* Initialize the returning data struct. */
prs_mem_free(rbuf);
- prs_init(rbuf, 0, cli->cli->mem_ctx, UNMARSHALL);
+ prs_init_empty(rbuf, cli->mem_ctx, UNMARSHALL);
nt_status = rpc_api_pipe(cli, &rpc_out, rbuf, RPC_ALTCONTRESP);
if (!NT_STATUS_IS_OK(nt_status)) {
prs_copy_data_out((char *)server_spnego_response.data, rbuf, phdr->auth_len);
/* Check we got a valid auth response. */
- if (!spnego_parse_auth_response(server_spnego_response, NT_STATUS_OK, &tmp_blob)) {
+ if (!spnego_parse_auth_response(server_spnego_response, NT_STATUS_OK, OID_NTLMSSP, &tmp_blob)) {
data_blob_free(&server_spnego_response);
data_blob_free(&tmp_blob);
return NT_STATUS_INVALID_PARAMETER;
return NT_STATUS_INVALID_PARAMETER;
}
- prs_init(&rpc_out, 0, cli->cli->mem_ctx, MARSHALL);
+ prs_init_empty(&rpc_out, cli->mem_ctx, MARSHALL);
rpc_call_id = get_rpc_call_id();
}
/* Initialize the incoming data struct. */
- prs_init(&rbuf, 0, cli->cli->mem_ctx, UNMARSHALL);
+ prs_init_empty(&rbuf, cli->mem_ctx, UNMARSHALL);
/* send data on \PIPE\. receive a response */
status = rpc_api_pipe(cli, &rpc_out, &rbuf, RPC_BINDACK);
return NT_STATUS_INVALID_INFO_CLASS;
}
+ /* For NTLMSSP ensure the server gave us the auth_level we wanted. */
+ if (auth_type == PIPE_AUTH_TYPE_NTLMSSP || auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
+ if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
+ if (!(cli->auth.a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
+ DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP signing and server refused.\n"));
+ prs_mem_free(&rbuf);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+ if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
+ if (!(cli->auth.a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
+ DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP sealing and server refused.\n"));
+ prs_mem_free(&rbuf);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+ }
+
/* Pipe is bound - set up auth_type and auth_level data. */
cli->auth.auth_type = auth_type;
*perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_NONE, PIPE_AUTH_LEVEL_NONE);
if (!NT_STATUS_IS_OK(*perr)) {
- DEBUG(0, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe %s failed with error %s\n",
+ int lvl = 0;
+ if (pipe_idx == PI_DSSETUP) {
+ /* non AD domains just don't have this pipe, avoid
+ * level 0 statement in that case - gd */
+ lvl = 3;
+ }
+ DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe %s failed with error %s\n",
cli_get_pipe_name(pipe_idx), nt_errstr(*perr) ));
cli_rpc_pipe_close(result);
return NULL;
result->auth.a_u.ntlmssp_state = ntlmssp_state;
- *perr = ntlmssp_set_username(ntlmssp_state, cli->user_name);
+ *perr = ntlmssp_set_username(ntlmssp_state, username);
if (!NT_STATUS_IS_OK(*perr)) {
goto err;
}
- *perr = ntlmssp_set_domain(ntlmssp_state, cli->domain);
+ *perr = ntlmssp_set_domain(ntlmssp_state, domain);
if (!NT_STATUS_IS_OK(*perr)) {
goto err;
}
goto err;
}
- DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to machine %s and"
- "bound NTLMSSP as user %s\\%s.\n",
+ DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to "
+ "machine %s and bound NTLMSSP as user %s\\%s.\n",
result->pipe_name, cli->desthost,
domain, username ));
}
/****************************************************************************
- Open a netlogon pipe and get the schannel session key.
- Now exposed to external callers.
+ Get a the schannel session key out of an already opened netlogon pipe.
****************************************************************************/
-
-struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
- const char *domain,
- uint32 *pneg_flags,
- NTSTATUS *perr)
+static bool get_schannel_session_key_common(struct rpc_pipe_client *netlogon_pipe,
+ struct cli_state *cli,
+ const char *domain,
+ uint32 *pneg_flags,
+ NTSTATUS *perr)
{
- struct rpc_pipe_client *netlogon_pipe = NULL;
uint32 sec_chan_type = 0;
unsigned char machine_pwd[16];
- fstring machine_account;
-
- netlogon_pipe = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, perr);
- if (!netlogon_pipe) {
- return NULL;
- }
+ const char *machine_account;
/* Get the machine account credentials from secrets.tdb. */
- if (!get_trust_pw(domain, machine_pwd, &sec_chan_type)) {
+ if (!get_trust_pw_hash(domain, machine_pwd, &machine_account,
+ &sec_chan_type))
+ {
DEBUG(0, ("get_schannel_session_key: could not fetch "
"trust account password for domain '%s'\n",
domain));
- cli_rpc_pipe_close(netlogon_pipe);
*perr = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- return NULL;
+ return false;
}
- if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
- fstrcpy( machine_account, lp_workgroup() );
- } else {
- /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
- if (strequal(domain, lp_workgroup())) {
- fstrcpy(machine_account, global_myname());
- } else {
- fstrcpy(machine_account, domain);
- }
- }
-
*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
cli->desthost, /* server name */
domain, /* domain */
pneg_flags);
if (!NT_STATUS_IS_OK(*perr)) {
- DEBUG(3,("get_schannel_session_key: rpccli_netlogon_setup_creds "
+ DEBUG(3,("get_schannel_session_key_common: rpccli_netlogon_setup_creds "
"failed with result %s to server %s, domain %s, machine account %s.\n",
nt_errstr(*perr), cli->desthost, domain, machine_account ));
- cli_rpc_pipe_close(netlogon_pipe);
- return NULL;
+ return false;
}
if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) {
DEBUG(3, ("get_schannel_session_key: Server %s did not offer schannel\n",
cli->desthost));
- cli_rpc_pipe_close(netlogon_pipe);
*perr = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ return false;
+ }
+
+ return true;
+}
+
+/****************************************************************************
+ Open a netlogon pipe and get the schannel session key.
+ Now exposed to external callers.
+ ****************************************************************************/
+
+
+struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
+ const char *domain,
+ uint32 *pneg_flags,
+ NTSTATUS *perr)
+{
+ struct rpc_pipe_client *netlogon_pipe = NULL;
+
+ netlogon_pipe = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, perr);
+ if (!netlogon_pipe) {
+ return NULL;
+ }
+
+ if (!get_schannel_session_key_common(netlogon_pipe, cli, domain,
+ pneg_flags, perr))
+ {
+ cli_rpc_pipe_close(netlogon_pipe);
return NULL;
}
NTSTATUS *perr)
{
struct rpc_pipe_client *netlogon_pipe = NULL;
- uint32 sec_chan_type = 0;
- unsigned char machine_pwd[16];
- fstring machine_account;
netlogon_pipe = cli_rpc_pipe_open_spnego_ntlmssp(cli, PI_NETLOGON, PIPE_AUTH_LEVEL_PRIVACY, domain, username, password, perr);
if (!netlogon_pipe) {
return NULL;
}
- /* Get the machine account credentials from secrets.tdb. */
- if (!get_trust_pw(domain, machine_pwd, &sec_chan_type)) {
- DEBUG(0, ("get_schannel_session_key_auth_ntlmssp: could not fetch "
- "trust account password for domain '%s'\n",
- domain));
- cli_rpc_pipe_close(netlogon_pipe);
- *perr = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- return NULL;
- }
-
- /* if we are a DC and this is a trusted domain, then we need to use our
- domain name in the net_req_auth2() request */
-
- if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
- fstrcpy( machine_account, lp_workgroup() );
- } else {
- /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
- if (strequal(domain, lp_workgroup())) {
- fstrcpy(machine_account, global_myname());
- } else {
- fstrcpy(machine_account, domain);
- }
- }
-
- *perr = rpccli_netlogon_setup_creds(netlogon_pipe,
- cli->desthost, /* server name */
- domain, /* domain */
- global_myname(), /* client name */
- machine_account, /* machine account name */
- machine_pwd,
- sec_chan_type,
- pneg_flags);
-
- if (!NT_STATUS_IS_OK(*perr)) {
- DEBUG(3,("get_schannel_session_key_auth_ntlmssp: rpccli_netlogon_setup_creds "
- "failed with result %s\n",
- nt_errstr(*perr) ));
- cli_rpc_pipe_close(netlogon_pipe);
- return NULL;
- }
-
- if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) {
- DEBUG(3, ("get_schannel_session_key_auth_ntlmssp: Server %s did not offer schannel\n",
- cli->desthost));
+ if (!get_schannel_session_key_common(netlogon_pipe, cli, domain,
+ pneg_flags, perr))
+ {
cli_rpc_pipe_close(netlogon_pipe);
- *perr = NT_STATUS_INVALID_NETWORK_RESPONSE;
return NULL;
}
const char *password,
NTSTATUS *perr)
{
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
const char *domain,
NTSTATUS *perr)
{
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
return NULL;
}
- /* Default service principal is "host/server@realm" */
+ /* Default service principal is "desthost$@realm" */
if (!service_princ) {
- service_princ = talloc_asprintf(result->mem_ctx, "host/%s@%s",
+ service_princ = talloc_asprintf(result->mem_ctx, "%s$@%s",
cli->desthost, lp_realm() );
if (!service_princ) {
cli_rpc_pipe_close(result);
}
}
- result->auth.a_u.kerberos_auth = TALLOC_ZERO_P(cli->mem_ctx, struct kerberos_auth_struct);
+ result->auth.a_u.kerberos_auth = TALLOC_ZERO_P(result->mem_ctx, struct kerberos_auth_struct);
if (!result->auth.a_u.kerberos_auth) {
cli_rpc_pipe_close(result);
*perr = NT_STATUS_NO_MEMORY;
return NULL;
#endif
}
-
-#if 0 /* Moved to libsmb/clientgen.c */
-/****************************************************************************
- External interface.
- Close an open named pipe over SMB. Free any authentication data.
- ****************************************************************************/
-
- void cli_rpc_pipe_close(struct rpc_pipe_client *cli)
-{
- if (!cli_close(cli->cli, cli->fnum)) {
- DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s "
- "to machine %s. Error was %s\n",
- cli->pipe_name),
- cli->cli->desthost,
- cli_errstr(cli->cli)));
- }
-
- if (cli->auth.cli_auth_data_free_func) {
- (*cli->auth.cli_auth_data_free_func)(&cli->auth);
- }
- DEBUG(10,("cli_rpc_pipe_close: closed pipe %s to machine %s\n",
- cli->pipe_name, cli->cli->desthost ));
-
- DLIST_REMOVE(cli->cli->pipe_list, cli);
- talloc_destroy(cli->mem_ctx);
-}
-#endif