sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-23 09:57:40 +03:00
Code

s3:rpc_client: use cli_credentials based functions in cli_rpc_pipe_open_schannel()

Browse Source 
This simplifies the code and allows the previous password to be passed
through the stack.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2015-02-09 09:34:45 +01:00 committed by Günther Deschner
parent 0994e0a3e3
commit c3b7e6e218
1 changed files with 18 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
source3/rpc_client/cli_pipe_schannel.c
View File

@ -50,76 +50,38 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const char *dc_name = smbXcli_conn_remote_name(cli->conn); const char *dc_name = smbXcli_conn_remote_name(cli->conn);
struct rpc_pipe_client *result = NULL; struct rpc_pipe_client *result = NULL;
NTSTATUS status; NTSTATUS status;
struct cli_credentials *cli_creds = NULL;
struct netlogon_creds_cli_context *netlogon_creds = NULL; struct netlogon_creds_cli_context *netlogon_creds = NULL;
struct netlogon_creds_CredentialState *creds = NULL;
uint32_t netlogon_flags = 0;
enum netr_SchannelType sec_chan_type = 0;
const char *_account_name = NULL;
const char *account_name = NULL;
struct samr_Password current_nt_hash;
struct samr_Password *previous_nt_hash = NULL;
bool ok;
ok = get_trust_pw_hash(domain, status = pdb_get_trust_credentials(domain, NULL,
current_nt_hash.hash, frame, &cli_creds);
&_account_name,
&sec_chan_type);
if (!ok) {
TALLOC_FREE(frame);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
account_name = talloc_asprintf(frame, "%s$", _account_name);
if (account_name == NULL) {
SAFE_FREE(previous_nt_hash);
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
status = rpccli_create_netlogon_creds(dc_name,
domain,
account_name,
sec_chan_type,
msg_ctx,
frame,
&netlogon_creds);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
SAFE_FREE(previous_nt_hash);
TALLOC_FREE(frame); TALLOC_FREE(frame);
return status; return status;
} }
status = rpccli_setup_netlogon_creds(cli, transport, status = rpccli_create_netlogon_creds_with_creds(cli_creds,
dc_name,
msg_ctx,
frame,
&netlogon_creds);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
}
status = rpccli_setup_netlogon_creds_with_creds(cli, transport,
netlogon_creds, netlogon_creds,
false, /* force_reauth */ false, /* force_reauth */
current_nt_hash, cli_creds);
previous_nt_hash);
SAFE_FREE(previous_nt_hash);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame); TALLOC_FREE(frame);
return status; return status;
} }
status = netlogon_creds_cli_get(netlogon_creds, status = cli_rpc_pipe_open_schannel_with_creds(cli, table, transport,
frame, cli_creds, netlogon_creds,
&creds); &result);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
}
netlogon_flags = creds->negotiate_flags;
TALLOC_FREE(creds);
if (!(netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
TALLOC_FREE(frame);
return NT_STATUS_DOWNGRADE_DETECTED;
}
status = cli_rpc_pipe_open_schannel_with_key(
cli, table, transport, domain,
netlogon_creds,
&result);
if (NT_STATUS_IS_OK(status)) { if (NT_STATUS_IS_OK(status)) {
*presult = result; *presult = result;
if (pcreds != NULL) { if (pcreds != NULL) {