1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3-librpc Rename and rework cli_rpc_pipe_open_ntlmssp() to be generic

This also includes renaming the helper function
rpccli_ntlmssp_bind_data, and allows this function to operate on any
gensec-supplied auth type.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2012-01-02 12:51:06 +11:00 committed by Stefan Metzmacher
parent 1e5e219a4b
commit b89a0439b3
5 changed files with 60 additions and 47 deletions

View File

@ -148,13 +148,15 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
/* Try not to give the password away too easily */
if (!pass_must_change) {
result = cli_rpc_pipe_open_ntlmssp(cli,
&ndr_table_samr.syntax_id,
NCACN_NP,
DCERPC_AUTH_LEVEL_PRIVACY,
domain, user,
old_passwd,
&pipe_hnd);
result = cli_rpc_pipe_open_generic_auth(cli,
&ndr_table_samr.syntax_id,
NCACN_NP,
DCERPC_AUTH_TYPE_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
remote_machine,
domain, user,
old_passwd,
&pipe_hnd);
} else {
/*
* If the user password must be changed the ntlmssp bind will

View File

@ -2255,15 +2255,17 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
struct pipe_auth_data **presult)
static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
const char *server,
const char *target_service,
const char *domain,
const char *username,
const char *password,
struct pipe_auth_data **presult)
{
struct auth_generic_state *ntlmssp_ctx;
struct auth_generic_state *auth_generic_ctx;
struct pipe_auth_data *result;
NTSTATUS status;
@ -2283,33 +2285,33 @@ static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
}
status = auth_generic_client_prepare(result,
&ntlmssp_ctx);
&auth_generic_ctx);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
status = auth_generic_set_username(ntlmssp_ctx, username);
status = auth_generic_set_username(auth_generic_ctx, username);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
status = auth_generic_set_domain(ntlmssp_ctx, domain);
status = auth_generic_set_domain(auth_generic_ctx, domain);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
status = auth_generic_set_password(ntlmssp_ctx, password);
status = auth_generic_set_password(auth_generic_ctx, password);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
status = auth_generic_client_start_by_authtype(ntlmssp_ctx, auth_type, auth_level);
status = auth_generic_client_start_by_authtype(auth_generic_ctx, auth_type, auth_level);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
result->auth_ctx = talloc_move(result, &ntlmssp_ctx->gensec_security);
talloc_free(ntlmssp_ctx);
result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security);
talloc_free(auth_generic_ctx);
*presult = result;
return NT_STATUS_OK;
@ -2850,21 +2852,23 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
}
/****************************************************************************
Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP
Open a named pipe to an SMB server and bind using the mech specified
****************************************************************************/
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
struct rpc_pipe_client **presult)
NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
const char *server,
const char *domain,
const char *username,
const char *password,
struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
struct pipe_auth_data *auth = NULL;
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
const char *target_service = "cifs"; /* TODO: Determine target service from the bindings or interface table */
NTSTATUS status;
status = cli_rpc_pipe_open(cli, transport, interface, &result);
@ -2872,25 +2876,26 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
return status;
}
status = rpccli_ntlmssp_bind_data(result,
status = rpccli_generic_bind_data(result,
auth_type, auth_level,
server, target_service,
domain, username, password,
&auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("rpccli_ntlmssp_bind_data returned %s\n",
DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
nt_errstr(status)));
goto err;
}
status = rpc_pipe_bind(result, auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error %s\n",
DEBUG(0, ("cli_rpc_pipe_open_generic_auth: cli_rpc_pipe_bind failed with error %s\n",
nt_errstr(status) ));
goto err;
}
DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to "
"machine %s and bound NTLMSSP as user %s\\%s.\n",
DEBUG(10,("cli_rpc_pipe_open_generic_auth: opened pipe %s to "
"machine %s and bound as user %s\\%s.\n",
get_pipe_name_from_syntax(talloc_tos(), interface),
result->desthost, domain, username));

View File

@ -84,14 +84,16 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
const struct ndr_syntax_id *interface,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
const struct ndr_syntax_id *interface,
enum dcerpc_transport_t transport,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
const char *server,
const char *domain,
const char *username,
const char *password,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,

View File

@ -715,10 +715,12 @@ static NTSTATUS do_cmd(struct cli_state *cli,
}
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
ntresult = cli_rpc_pipe_open_ntlmssp(
ntresult = cli_rpc_pipe_open_generic_auth(
cli, cmd_entry->interface,
default_transport,
pipe_default_auth_type,
pipe_default_auth_level,
cli_state_remote_name(cli),
get_cmdline_auth_info_domain(auth_info),
get_cmdline_auth_info_username(auth_info),
get_cmdline_auth_info_password(auth_info),

View File

@ -200,11 +200,13 @@ int run_rpc_command(struct net_context *c,
}
} else {
if (conn_flags & NET_FLAGS_SEAL) {
nt_status = cli_rpc_pipe_open_ntlmssp(
nt_status = cli_rpc_pipe_open_generic_auth(
cli, interface,
(conn_flags & NET_FLAGS_TCP) ?
NCACN_IP_TCP : NCACN_NP,
DCERPC_AUTH_TYPE_NTLMSSP,
DCERPC_AUTH_LEVEL_PRIVACY,
cli_state_remote_name(cli),
lp_workgroup(), c->opt_user_name,
c->opt_password, &pipe_hnd);
} else {