sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-01 05:47:28 +03:00
Code

rpc_client3: Avoid "cli_credentials" in cli_rpc_pipe_open_schannel_with_creds

Browse Source 
This provides cleaner data dependencies. A netlogon_creds_ctx contains
everything required to open an schannel, there is no good reason to
require cli_credentials here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Volker Lendecke 2017-09-07 12:43:00 +02:00
parent 6f879b780a
commit 4b97de8adb
6 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libcli/auth/netlogon_creds_cli.c
View File

@ -474,6 +474,7 @@ NTSTATUS netlogon_creds_bind_cli_credentials(
TALLOC_FREE(cli_creds);
return status;
}
cli_credentials_set_netlogon_creds(cli_creds, ncreds);
*pcli_creds = cli_creds;
return NT_STATUS_OK;

1
source3/libnet/libnet_join.c
View File

@ -1662,7 +1662,6 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
status = cli_rpc_pipe_open_schannel_with_creds(
cli, &ndr_table_netlogon, NCACN_NP,
cli_creds,
netlogon_creds, &netlogon_pipe);
TALLOC_FREE(netlogon_pipe);

17
source3/rpc_client/cli_pipe.c
View File

@ -3275,7 +3275,6 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
const struct ndr_interface_table *table,
enum dcerpc_transport_t transport,
struct cli_credentials *cli_creds,
struct netlogon_creds_cli_context *netlogon_creds,
struct rpc_pipe_client **_rpccli)
{
@ -3283,6 +3282,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
struct pipe_auth_data *rpcauth;
const char *target_service = table->authservices->names[0];
struct netlogon_creds_CredentialState *ncreds = NULL;
struct cli_credentials *cli_creds;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
int rpc_pipe_bind_dbglvl = 0;
@ -3302,7 +3302,14 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
auth_level = netlogon_creds_cli_auth_level(netlogon_creds);
cli_credentials_set_netlogon_creds(cli_creds, ncreds);
status = netlogon_creds_bind_cli_credentials(
netlogon_creds, rpccli, &cli_creds);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("netlogon_creds_bind_cli_credentials failed: %s\n",
nt_errstr(status));
TALLOC_FREE(rpccli);
return status;
}
status = rpccli_generic_bind_data_from_creds(rpccli,
DCERPC_AUTH_TYPE_SCHANNEL,
@ -3319,7 +3326,11 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
}
status = rpc_pipe_bind(rpccli, rpcauth);
cli_credentials_set_netlogon_creds(cli_creds, NULL);
/* No TALLOC_FREE, gensec takes references */
talloc_unlink(rpccli, cli_creds);
cli_creds = NULL;
if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
rpc_pipe_bind_dbglvl = 1;
netlogon_creds_cli_delete(netlogon_creds, ncreds);

1
source3/rpc_client/cli_pipe.h
View File

@ -102,7 +102,6 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
const struct ndr_interface_table *table,
enum dcerpc_transport_t transport,
struct cli_credentials *cli_creds,
struct netlogon_creds_cli_context *netlogon_creds,
struct rpc_pipe_client **_rpccli);

1
source3/rpc_client/cli_pipe_schannel.c
View File

@ -93,7 +93,6 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
if (netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC) {
status = cli_rpc_pipe_open_schannel_with_creds(cli, table,
transport,
cli_creds,
netlogon_creds,
&result);
if (!NT_STATUS_IS_OK(status)) {

14
source3/winbindd/winbindd_cm.c
View File

@ -2771,9 +2771,9 @@ retry:
nt_errstr(result)));
goto anonymous;
}
status = cli_rpc_pipe_open_schannel_with_creds
(conn->cli, &ndr_table_samr, NCACN_NP,
creds, p_creds, &conn->samr_pipe);
status = cli_rpc_pipe_open_schannel_with_creds(
conn->cli, &ndr_table_samr, NCACN_NP, p_creds,
&conn->samr_pipe);
if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)
&& !retry) {
@ -2950,7 +2950,6 @@ static NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
status = cli_rpc_pipe_open_schannel_with_creds(conn->cli,
&ndr_table_lsarpc,
NCACN_IP_TCP,
creds,
p_creds,
&conn->lsa_pipe_tcp);
if (!NT_STATUS_IS_OK(status)) {
@ -3077,9 +3076,9 @@ retry:
nt_errstr(result)));
goto anonymous;
}
result = cli_rpc_pipe_open_schannel_with_creds
(conn->cli, &ndr_table_lsarpc, NCACN_NP,
creds, p_creds, &conn->lsa_pipe);
result = cli_rpc_pipe_open_schannel_with_creds(
conn->cli, &ndr_table_lsarpc, NCACN_NP, p_creds,
&conn->lsa_pipe);
if (NT_STATUS_EQUAL(result, NT_STATUS_NETWORK_SESSION_EXPIRED)
&& !retry) {
@ -3343,7 +3342,6 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
result = cli_rpc_pipe_open_schannel_with_creds(
conn->cli, &ndr_table_netlogon, transport,
creds,
conn->netlogon_creds_ctx,
&conn->netlogon_pipe);
if (!NT_STATUS_IS_OK(result)) {