s3-dcerpc: finally remove the legaqcy spnego_type variable from pipe_auth_data

Signed-off-by: Günther Deschner <gd@samba.org>

diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 073efe54b93897b0314ac6004c27a1f55e1ef337..9fdb794fd396cfa71c65ca67230d5df0799afc07 100644 (file)
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -93,19 +93,12 @@ typedef struct pipe_rpc_fns {
  * Can't keep in sync with wire values as spnego wraps different auth methods.
  */
 
-enum pipe_auth_type_spnego {
-       PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
-       PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
-       PIPE_AUTH_TYPE_SPNEGO_KRB5
-};
-
 struct gse_context;
 
 /* auth state for all bind types. */
 
 struct pipe_auth_data {
        enum dcerpc_AuthType auth_type;
-       enum pipe_auth_type_spnego spnego_type; /* used by server only */
        enum dcerpc_AuthLevel auth_level;
 
        union {

diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 870706bcbe22d3f14bfb601e857c872a0d05b2ed..c83668f9b8e4abbaa8a1620492cac878bd923220 100644 (file)
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -303,11 +303,6 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
        /* Treat the same for all authenticated rpc requests. */
        switch (auth->auth_type) {
        case DCERPC_AUTH_TYPE_SPNEGO:
-               /* compat for server code */
-               if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
-                       *auth_len = NTLMSSP_SIG_SIZE;
-                       break;
-               }
 
                status = spnego_get_negotiated_mech(auth->a_u.spnego_state,
                                                    &auth_type, &auth_ctx);
@@ -806,13 +801,6 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
                status = NT_STATUS_OK;
                break;
        case DCERPC_AUTH_TYPE_SPNEGO:
-               if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
-                       /* compat for server code */
-                       return add_ntlmssp_auth_footer(
-                                               auth->a_u.auth_ntlmssp_state,
-                                               auth->auth_level,
-                                               rpc_out);
-               }
                status = add_spnego_auth_footer(auth->a_u.spnego_state,
                                                auth->auth_level, rpc_out);
                break;
@@ -923,20 +911,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
                return NT_STATUS_OK;
 
        case DCERPC_AUTH_TYPE_SPNEGO:
-               if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
-                       /* compat for server code */
-                       DEBUG(10, ("NTLMSSP auth\n"));
-
-                       status = get_ntlmssp_auth_footer(
-                                               auth->a_u.auth_ntlmssp_state,
-                                               auth->auth_level,
-                                               &data, &full_pkt,
-                                               &auth_info.credentials);
-                       if (!NT_STATUS_IS_OK(status)) {
-                               return status;
-                       }
-                       break;
-               }
 
                status = get_spnego_auth_footer(pkt, auth->a_u.spnego_state,
                                                auth->auth_level,

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 8538b232ec7b613ca6bcaf8057ef1a7a82c30719..fa139f4f89b630513d3cff5e6f80f3765e5bc159 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1630,10 +1630,9 @@ struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
                return NULL;
        }
 
-       DEBUG(5,("Bind RPC Pipe: %s auth_type %u(%u), auth_level %u\n",
+       DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n",
                rpccli_pipe_txt(talloc_tos(), cli),
                (unsigned int)auth->auth_type,
-               (unsigned int)auth->spnego_type,
                (unsigned int)auth->auth_level ));
 
        state->ev = ev;
@@ -1813,9 +1812,8 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
        return;
 
 err_out:
-       DEBUG(0,("cli_finish_bind_auth: unknown auth type %u(%u)\n",
-                (unsigned int)state->cli->auth->auth_type,
-                (unsigned int)state->cli->auth->spnego_type));
+       DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n",
+                (unsigned int)state->cli->auth->auth_type));
        tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
 }
 
@@ -2234,7 +2232,6 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
        }
 
        result->auth_type = DCERPC_AUTH_TYPE_NONE;
-       result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
        result->auth_level = DCERPC_AUTH_LEVEL_NONE;
 
        result->user_name = talloc_strdup(result, "");
@@ -2346,7 +2343,6 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
        }
 
        result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
-       result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
        result->auth_level = auth_level;
 
        result->user_name = talloc_strdup(result, "");
@@ -3064,8 +3060,6 @@ NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli,
        }
        auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
        auth->auth_level = auth_level;
-       /* compat */
-       auth->spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
 
        if (!username) {
                username = "";

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 3e56646aa258dd2d2ff98969b75299f293a22a1f..ba6acc82899c7835e3258facfab339fd46446938 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -548,7 +548,6 @@ static bool setup_bind_nak(struct pipes_struct *p, struct ncacn_packet *pkt)
        free_pipe_auth_data(&p->auth);
        p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
        p->auth.auth_type = DCERPC_AUTH_TYPE_NONE;
-       p->auth.spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
        p->pipe_bound = False;
 
        return True;
@@ -1186,7 +1185,6 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
                /* Unauthenticated bind request. */
                /* We're finished - no more packets. */
                p->auth.auth_type = DCERPC_AUTH_TYPE_NONE;
-               p->auth.spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
                /* We must set the pipe auth_level here also. */
                p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
                p->pipe_bound = True;
@@ -1546,8 +1544,8 @@ static bool api_pipe_request(struct pipes_struct *p,
 
        if (p->pipe_bound &&
            ((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) ||
-            ((p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO) &&
-             (p->auth.spnego_type ==  PIPE_AUTH_TYPE_SPNEGO_NTLMSSP)))) {
+            (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) ||
+            (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) {
                if(!become_authenticated_pipe_user(p)) {
                        data_blob_free(&p->out_data.rdata);
                        return False;

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 994fc7934b79dd5e76d5be376b82940cb0e04256..efcf18af81d8efc1649788e44eafe7676505442e 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2781,8 +2781,8 @@ static NTSTATUS get_user_info_18(struct pipes_struct *p,
        }
 
        if ((p->auth.auth_type != DCERPC_AUTH_TYPE_NTLMSSP) ||
-           ((p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO) &&
-            (p->auth.spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
+           (p->auth.auth_type != DCERPC_AUTH_TYPE_KRB5) ||
+           (p->auth.auth_type != DCERPC_AUTH_TYPE_SPNEGO)) {
                return NT_STATUS_ACCESS_DENIED;
        }
 

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 5fa8132db8d1d41bf7c4d9df4602ffffb7103050..a1faca78d83312d1aac79282f86ff7f62727cdd3 100644 (file)
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -28,6 +28,12 @@
 #include "../librpc/gen_ndr/ndr_netlogon.h"
 #include "rpc_client/cli_netlogon.h"
 
+enum pipe_auth_type_spnego {
+       PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
+       PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
+       PIPE_AUTH_TYPE_SPNEGO_KRB5
+};
+
 struct dom_sid domain_sid;
 
 static enum dcerpc_AuthType pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE;