s3-dcerpc: finally remove the legaqcy spnego_type variable from pipe_auth_data

Signed-off-by: Günther Deschner <gd@samba.org>

source3/include/ntdomain.h

@@ -93,19 +93,12 @@ typedef struct pipe_rpc_fns {
  * Can't keep in sync with wire values as spnego wraps different auth methods.
  */
 
-enum pipe_auth_type_spnego {
-	PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
-	PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
-	PIPE_AUTH_TYPE_SPNEGO_KRB5
-};
-
 struct gse_context;
 
 /* auth state for all bind types. */
 
 struct pipe_auth_data {
 	enum dcerpc_AuthType auth_type;
-	enum pipe_auth_type_spnego spnego_type; /* used by server only */
 	enum dcerpc_AuthLevel auth_level;
 
 	union {

source3/librpc/rpc/dcerpc_helpers.c

@@ -303,11 +303,6 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
 	/* Treat the same for all authenticated rpc requests. */
 	switch (auth->auth_type) {
 	case DCERPC_AUTH_TYPE_SPNEGO:
-		/* compat for server code */
-		if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
-			*auth_len = NTLMSSP_SIG_SIZE;
-			break;
-		}
 
 		status = spnego_get_negotiated_mech(auth->a_u.spnego_state,
 						    &auth_type, &auth_ctx);
@@ -806,13 +801,6 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
 		status = NT_STATUS_OK;
 		break;
 	case DCERPC_AUTH_TYPE_SPNEGO:
-		if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
-			/* compat for server code */
-			return add_ntlmssp_auth_footer(
-						auth->a_u.auth_ntlmssp_state,
-						auth->auth_level,
-						rpc_out);
-		}
 		status = add_spnego_auth_footer(auth->a_u.spnego_state,
 						auth->auth_level, rpc_out);
 		break;
@@ -923,20 +911,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
 		return NT_STATUS_OK;
 
 	case DCERPC_AUTH_TYPE_SPNEGO:
-		if (auth->spnego_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
-			/* compat for server code */
-			DEBUG(10, ("NTLMSSP auth\n"));
-
-			status = get_ntlmssp_auth_footer(
-						auth->a_u.auth_ntlmssp_state,
-						auth->auth_level,
-						&data, &full_pkt,
-						&auth_info.credentials);
-			if (!NT_STATUS_IS_OK(status)) {
-				return status;
-			}
-			break;
-		}
 
 		status = get_spnego_auth_footer(pkt, auth->a_u.spnego_state,
 						auth->auth_level,

source3/rpc_client/cli_pipe.c

@@ -1630,10 +1630,9 @@ struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
 		return NULL;
 	}
 
-	DEBUG(5,("Bind RPC Pipe: %s auth_type %u(%u), auth_level %u\n",
+	DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n",
 		rpccli_pipe_txt(talloc_tos(), cli),
 		(unsigned int)auth->auth_type,
-		(unsigned int)auth->spnego_type,
 		(unsigned int)auth->auth_level ));
 
 	state->ev = ev;
@@ -1813,9 +1812,8 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
 	return;
 
 err_out:
-	DEBUG(0,("cli_finish_bind_auth: unknown auth type %u(%u)\n",
-		 (unsigned int)state->cli->auth->auth_type,
-		 (unsigned int)state->cli->auth->spnego_type));
+	DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n",
+		 (unsigned int)state->cli->auth->auth_type));
 	tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
 }
 
@@ -2234,7 +2232,6 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
 	}
 
 	result->auth_type = DCERPC_AUTH_TYPE_NONE;
-	result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
 	result->auth_level = DCERPC_AUTH_LEVEL_NONE;
 
 	result->user_name = talloc_strdup(result, "");
@@ -2346,7 +2343,6 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
 	}
 
 	result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
-	result->spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
 	result->auth_level = auth_level;
 
 	result->user_name = talloc_strdup(result, "");
@@ -3064,8 +3060,6 @@ NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli,
 	}
 	auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
 	auth->auth_level = auth_level;
-	/* compat */
-	auth->spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
 
 	if (!username) {
 		username = "";

source3/rpc_server/srv_pipe.c

@@ -548,7 +548,6 @@ static bool setup_bind_nak(struct pipes_struct *p, struct ncacn_packet *pkt)
 	free_pipe_auth_data(&p->auth);
 	p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
 	p->auth.auth_type = DCERPC_AUTH_TYPE_NONE;
-	p->auth.spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
 	p->pipe_bound = False;
 
 	return True;
@@ -1186,7 +1185,6 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
 		/* Unauthenticated bind request. */
 		/* We're finished - no more packets. */
 		p->auth.auth_type = DCERPC_AUTH_TYPE_NONE;
-		p->auth.spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
 		/* We must set the pipe auth_level here also. */
 		p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
 		p->pipe_bound = True;
@@ -1546,8 +1544,8 @@ static bool api_pipe_request(struct pipes_struct *p,
 
 	if (p->pipe_bound &&
 	    ((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) ||
-	     ((p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO) &&
-	      (p->auth.spnego_type ==  PIPE_AUTH_TYPE_SPNEGO_NTLMSSP)))) {
+	     (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) ||
+	     (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) {
 		if(!become_authenticated_pipe_user(p)) {
 			data_blob_free(&p->out_data.rdata);
 			return False;

source3/rpc_server/srv_samr_nt.c

@@ -2781,8 +2781,8 @@ static NTSTATUS get_user_info_18(struct pipes_struct *p,
 	}
 
 	if ((p->auth.auth_type != DCERPC_AUTH_TYPE_NTLMSSP) ||
-	    ((p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO) &&
-	     (p->auth.spnego_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
+	    (p->auth.auth_type != DCERPC_AUTH_TYPE_KRB5) ||
+	    (p->auth.auth_type != DCERPC_AUTH_TYPE_SPNEGO)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 

source3/rpcclient/rpcclient.c

@@ -28,6 +28,12 @@
 #include "../librpc/gen_ndr/ndr_netlogon.h"
 #include "rpc_client/cli_netlogon.h"
 
+enum pipe_auth_type_spnego {
+	PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
+	PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
+	PIPE_AUTH_TYPE_SPNEGO_KRB5
+};
+
 struct dom_sid domain_sid;
 
 static enum dcerpc_AuthType pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE;