*/
#include "includes.h"
+#include "../lib/util/tevent_ntstatus.h"
#include "librpc/gen_ndr/ndr_epmapper_c.h"
#include "../librpc/gen_ndr/ndr_schannel.h"
#include "../librpc/gen_ndr/ndr_dssetup.h"
#include "../libcli/auth/schannel.h"
#include "../libcli/auth/spnego.h"
-#include "smb_krb5.h"
-#include "../libcli/auth/ntlmssp.h"
+#include "../auth/ntlmssp/ntlmssp.h"
#include "ntlmssp_wrap.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "librpc/rpc/dcerpc.h"
#include "librpc/crypto/spnego.h"
#include "rpc_dce.h"
#include "cli_pipe.h"
-#include "ntdomain.h"
+#include "libsmb/libsmb.h"
+#include "auth/gensec/gensec.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
pkt->u.fault.status),
rpccli_pipe_txt(talloc_tos(), cli)));
- if (NT_STATUS_IS_OK(NT_STATUS(pkt->u.fault.status))) {
- return NT_STATUS_UNSUCCESSFUL;
- } else {
- return NT_STATUS(pkt->u.fault.status);
- }
+ return dcerpc_fault_to_nt_status(pkt->u.fault.status);
default:
DEBUG(0, (__location__ "Unknown packet type %u received "
return;
}
- state->rdata = TALLOC_ARRAY(state, uint8_t, RPC_HEADER_LEN);
+ state->rdata = talloc_array(state, uint8_t, RPC_HEADER_LEN);
if (tevent_req_nomem(state->rdata, req)) {
return;
}
********************************************************************/
static NTSTATUS create_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
DATA_BLOB *auth_token)
{
- struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct gensec_security *gensec_security;
DATA_BLOB null_blob = data_blob_null;
NTSTATUS status;
- ntlmssp_ctx = talloc_get_type_abort(cli->auth->auth_ctx,
- struct auth_ntlmssp_state);
+ gensec_security = talloc_get_type_abort(cli->auth->auth_ctx,
+ struct gensec_security);
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- status = auth_ntlmssp_update(ntlmssp_ctx, null_blob, auth_token);
+ status = gensec_update(gensec_security, mem_ctx, NULL, null_blob, auth_token);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
data_blob_free(auth_token);
r.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
r.oem_netbios_domain.a = cli->auth->domain;
- r.oem_netbios_computer.a = global_myname();
+ r.oem_netbios_computer.a = lp_netbios_name();
status = dcerpc_push_schannel_bind(cli, &r, auth_token);
if (!NT_STATUS_IS_OK(status)) {
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
- ret = create_ntlmssp_auth_rpc_bind_req(cli, &auth_token);
+ ret = create_ntlmssp_auth_rpc_bind_req(cli, mem_ctx, &auth_token);
if (!NT_STATUS_IS_OK(ret)) {
return ret;
}
struct rpc_pipe_bind_state *state = tevent_req_data(
req, struct rpc_pipe_bind_state);
struct pipe_auth_data *pauth = state->cli->auth;
- struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct gensec_security *gensec_security;
struct spnego_context *spnego_ctx;
struct gse_context *gse_ctx;
struct ncacn_packet *pkt = NULL;
return;
case DCERPC_AUTH_TYPE_NTLMSSP:
- ntlmssp_ctx = talloc_get_type_abort(pauth->auth_ctx,
- struct auth_ntlmssp_state);
- status = auth_ntlmssp_update(ntlmssp_ctx,
- auth.credentials, &auth_token);
+ gensec_security = talloc_get_type_abort(pauth->auth_ctx,
+ struct gensec_security);
+ status = gensec_update(gensec_security, state, NULL,
+ auth.credentials, &auth_token);
if (NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
status = rpc_bind_next_send(req, state,
ok = rpccli_bh_is_connected(h);
if (!ok) {
- tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+ tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
return tevent_req_post(req, ev);
}
ok = rpccli_bh_is_connected(h);
if (!ok) {
- tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+ tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
return tevent_req_post(req, ev);
}
return h;
}
-bool rpccli_get_pwd_hash(struct rpc_pipe_client *rpc_cli, uint8_t nt_hash[16])
-{
- struct auth_ntlmssp_state *a = NULL;
- struct cli_state *cli;
-
- if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_NTLMSSP) {
- a = talloc_get_type_abort(rpc_cli->auth->auth_ctx,
- struct auth_ntlmssp_state);
- } else if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
- struct spnego_context *spnego_ctx;
- enum spnego_mech auth_type;
- void *auth_ctx;
- NTSTATUS status;
-
- spnego_ctx = talloc_get_type_abort(rpc_cli->auth->auth_ctx,
- struct spnego_context);
- status = spnego_get_negotiated_mech(spnego_ctx,
- &auth_type, &auth_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- return false;
- }
-
- if (auth_type == SPNEGO_NTLMSSP) {
- a = talloc_get_type_abort(auth_ctx,
- struct auth_ntlmssp_state);
- }
- }
-
- if (a) {
- memcpy(nt_hash, auth_ntlmssp_get_nt_hash(a), 16);
- return true;
- }
-
- cli = rpc_pipe_np_smb_conn(rpc_cli);
- if (cli == NULL) {
- return false;
- }
- E_md4hash(cli->password ? cli->password : "", nt_hash);
- return true;
-}
-
NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx,
struct pipe_auth_data **presult)
{
return NT_STATUS_OK;
}
-static int cli_auth_ntlmssp_data_destructor(struct pipe_auth_data *auth)
-{
- TALLOC_FREE(auth->auth_ctx);
- return 0;
-}
-
static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
const char *password,
struct pipe_auth_data **presult)
{
- struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct auth_generic_state *ntlmssp_ctx;
struct pipe_auth_data *result;
NTSTATUS status;
goto fail;
}
- status = auth_ntlmssp_client_start(NULL,
- global_myname(),
- lp_workgroup(),
- lp_client_ntlmv2_auth(),
- &ntlmssp_ctx);
+ status = auth_ntlmssp_client_prepare(result,
+ &ntlmssp_ctx);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
- talloc_set_destructor(result, cli_auth_ntlmssp_data_destructor);
-
status = auth_ntlmssp_set_username(ntlmssp_ctx, username);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
goto fail;
}
- /*
- * Turn off sign+seal to allow selected auth level to turn it back on.
- */
- auth_ntlmssp_and_flags(ntlmssp_ctx, ~(NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL));
-
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- auth_ntlmssp_or_flags(ntlmssp_ctx, NTLMSSP_NEGOTIATE_SIGN);
+ gensec_want_feature(ntlmssp_ctx->gensec_security, GENSEC_FEATURE_SIGN);
} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- auth_ntlmssp_or_flags(ntlmssp_ctx, NTLMSSP_NEGOTIATE_SEAL |
- NTLMSSP_NEGOTIATE_SIGN);
+ gensec_want_feature(ntlmssp_ctx->gensec_security, GENSEC_FEATURE_SEAL);
}
- result->auth_ctx = ntlmssp_ctx;
+ status = auth_ntlmssp_client_start(ntlmssp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ result->auth_ctx = talloc_move(result, &ntlmssp_ctx->gensec_security);
+ talloc_free(ntlmssp_ctx);
*presult = result;
return NT_STATUS_OK;
NTSTATUS status;
int fd;
- result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);
+ result = talloc_zero(mem_ctx, struct rpc_pipe_client);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
goto fail;
}
- status = open_socket_out(&addr, port, 60, &fd);
+ status = open_socket_out(&addr, port, 60*1000, &fd);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
/* create tower for asking the epmapper */
- map_binding = TALLOC_ZERO_P(tmp_ctx, struct dcerpc_binding);
+ map_binding = talloc_zero(tmp_ctx, struct dcerpc_binding);
if (map_binding == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
map_binding->host = host; /* needed? */
map_binding->endpoint = "0"; /* correct? needed? */
- map_tower = TALLOC_ZERO_P(tmp_ctx, struct epm_twr_t);
+ map_tower = talloc_zero(tmp_ctx, struct epm_twr_t);
if (map_tower == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
/* allocate further parameters for the epm_Map call */
- res_towers = TALLOC_ARRAY(tmp_ctx, struct epm_twr_t, max_towers);
+ res_towers = talloc_array(tmp_ctx, struct epm_twr_t, max_towers);
if (res_towers == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
towers.twr = res_towers;
- entry_handle = TALLOC_ZERO_P(tmp_ctx, struct policy_handle);
+ entry_handle = talloc_zero(tmp_ctx, struct policy_handle);
if (entry_handle == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
status = dcerpc_epm_Map(epm_handle,
tmp_ctx,
- CONST_DISCARD(struct GUID *,
+ discard_const_p(struct GUID,
&(abstract_syntax->uuid)),
map_tower,
entry_handle,
ZERO_STRUCT(addr);
addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
+ strlcpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
if (sys_connect(fd, (struct sockaddr *)(void *)&addr) == -1) {
DEBUG(0, ("connect(%s) failed: %s\n", socket_path,
return NT_STATUS_INVALID_HANDLE;
}
- result = TALLOC_ZERO_P(NULL, struct rpc_pipe_client);
+ result = talloc_zero(NULL, struct rpc_pipe_client);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
result->abstract_syntax = *abstract_syntax;
result->transfer_syntax = ndr_transfer_syntax;
- result->desthost = talloc_strdup(result, cli->desthost);
+ result->desthost = talloc_strdup(result, cli_state_remote_name(cli));
result->srv_name_slash = talloc_asprintf_strupper_m(
result, "\\\\%s", result->desthost);
{
switch (transport) {
case NCACN_IP_TCP:
- return rpc_pipe_open_tcp(NULL, cli->desthost, interface,
- presult);
+ return rpc_pipe_open_tcp(NULL, cli_state_remote_name(cli),
+ interface, presult);
case NCACN_NP:
return rpc_pipe_open_np(cli, interface, presult);
default:
DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine "
"%s and bound anonymously.\n",
get_pipe_name_from_syntax(talloc_tos(), interface),
- cli->desthost));
+ result->desthost));
*presult = result;
return NT_STATUS_OK;
DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to "
"machine %s and bound NTLMSSP as user %s\\%s.\n",
get_pipe_name_from_syntax(talloc_tos(), interface),
- cli->desthost, domain, username ));
+ result->desthost, domain, username));
*presult = result;
return NT_STATUS_OK;
DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
"for domain %s and bound using schannel.\n",
get_pipe_name_from_syntax(talloc_tos(), interface),
- cli->desthost, domain ));
+ result->desthost, domain));
*presult = result;
return NT_STATUS_OK;
struct rpc_pipe_client *cli,
DATA_BLOB *session_key)
{
+ NTSTATUS status;
struct pipe_auth_data *a;
struct schannel_state *schannel_auth;
- struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct gensec_security *gensec_security;
struct spnego_context *spnego_ctx;
struct gse_context *gse_ctx;
DATA_BLOB sk = data_blob_null;
make_dup = false;
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
- ntlmssp_ctx = talloc_get_type_abort(a->auth_ctx,
- struct auth_ntlmssp_state);
- sk = auth_ntlmssp_get_session_key(ntlmssp_ctx);
- make_dup = true;
+ gensec_security = talloc_get_type_abort(a->auth_ctx,
+ struct gensec_security);
+ status = gensec_session_key(gensec_security, mem_ctx, &sk);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ make_dup = false;
break;
case DCERPC_AUTH_TYPE_KRB5:
gse_ctx = talloc_get_type_abort(a->auth_ctx,
}
if (make_dup) {
- *session_key = data_blob_dup_talloc(mem_ctx, &sk);
+ *session_key = data_blob_dup_talloc(mem_ctx, sk);
} else {
*session_key = sk;
}