+ /* Remember which pipe we're talking to */
+ fstrcpy(cli->pipe_name, pipe_names[pipe_idx].client_pipe);
+
+ return True;
+}
+
+
+/****************************************************************************
+ Open a session to the NETLOGON pipe using schannel.
+ ****************************************************************************/
+
+BOOL cli_nt_open_netlogon(struct cli_state *cli, const char *trust_password,
+ int sec_chan)
+{
+ NTSTATUS result;
+ uint32 neg_flags = 0x000001ff;
+ int fnum;
+
+ if (lp_client_schannel() != False)
+ neg_flags |= NETLOGON_NEG_SCHANNEL;
+
+
+ if (!cli_nt_session_open(cli, PI_NETLOGON)) {
+ return False;
+ }
+
+ if (!secrets_init()) {
+ DEBUG(3,("Failed to init secrets.tdb\n"));
+ return False;
+ }
+
+ result = cli_nt_setup_creds(cli, sec_chan, trust_password,
+ &neg_flags, 2);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ cli_nt_session_close(cli);
+ return False;
+ }
+
+ if ((lp_client_schannel() == True) &&
+ ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
+
+ DEBUG(3, ("Server did not offer schannel\n"));
+ cli_nt_session_close(cli);
+ return False;
+ }
+
+ if ((lp_client_schannel() == False) ||
+ ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
+ return True;
+ }
+
+ /* Server offered schannel, so try it. */
+
+ cli->auth_info.seq_num = 0;
+ memcpy(cli->auth_info.sess_key, cli->sess_key,
+ sizeof(cli->auth_info.sess_key));
+
+ cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
+
+ if (cli->capabilities & CAP_NT_SMBS) {
+
+ /* The secure channel connection must be opened on the same
+ session (TCP connection) as the one the challenge was
+ requested from. */
+
+ if ((fnum = cli_nt_create(cli, PIPE_NETLOGON_PLAIN,
+ DESIRED_ACCESS_PIPE)) == -1) {
+ DEBUG(0,("cli_nt_create failed to %s machine %s. "
+ "Error was %s\n",
+ PIPE_NETLOGON, cli->desthost,
+ cli_errstr(cli)));
+ return False;
+ }
+
+ cli->nt_pipe_fnum = (uint16)fnum;
+ } else {
+ if ((fnum = cli_open(cli, PIPE_NETLOGON,
+ O_CREAT|O_RDWR, DENY_NONE)) == -1) {
+ DEBUG(0,("cli_open failed on pipe %s to machine %s. "
+ "Error was %s\n",
+ PIPE_NETLOGON, cli->desthost,
+ cli_errstr(cli)));
+ return False;
+ }
+
+ cli->nt_pipe_fnum = (uint16)fnum;
+
+ /**************** Set Named Pipe State ***************/
+ if (!rpc_pipe_set_hnd_state(cli, PIPE_NETLOGON, 0x4300)) {
+ DEBUG(0,("Pipe hnd state failed. Error was %s\n",
+ cli_errstr(cli)));
+ cli_close(cli, cli->nt_pipe_fnum);
+ return False;
+ }
+ }
+
+ if (!rpc_pipe_bind(cli, PI_NETLOGON, global_myname(), True)) {
+ DEBUG(2,("rpc bind to %s failed\n", PIPE_NETLOGON));
+ cli_close(cli, cli->nt_pipe_fnum);
+ return False;
+ }
+