NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
const struct ndr_interface_table *table,
enum dcerpc_transport_t transport,
- const char *oid,
+ enum credentials_use_kerberos use_kerberos,
enum dcerpc_AuthLevel auth_level,
const char *server,
const char *domain,
const char *target_service = table->authservices->names[0];
NTSTATUS status;
- enum credentials_use_kerberos use_kerberos;
-
- if (strcmp(oid, GENSEC_OID_KERBEROS5) == 0) {
- use_kerberos = CRED_MUST_USE_KERBEROS;
- } else if (strcmp(oid, GENSEC_OID_NTLMSSP) == 0) {
- use_kerberos = CRED_DONT_USE_KERBEROS;
- } else {
- return NT_STATUS_INVALID_PARAMETER;
- }
status = cli_rpc_pipe_open(cli, transport, table, &result);
if (!NT_STATUS_IS_OK(status)) {
#define _CLI_PIPE_H
#include "rpc_client/rpc_client.h"
+#include "auth/credentials/credentials.h"
/* The following definitions come from rpc_client/cli_pipe.c */
NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
const struct ndr_interface_table *table,
enum dcerpc_transport_t transport,
- const char *oid,
+ enum credentials_use_kerberos use_kerberos,
enum dcerpc_AuthLevel auth_level,
const char *server,
const char *domain,
break;
case DCERPC_AUTH_TYPE_SPNEGO:
{
- /* won't happen, but if it does it will fail in cli_rpc_pipe_open_spnego() eventually */
- const char *oid = "INVALID";
+ enum credentials_use_kerberos use_kerberos;
+
switch (pipe_default_auth_spnego_type) {
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
- oid = GENSEC_OID_NTLMSSP;
+ use_kerberos = CRED_DONT_USE_KERBEROS;
break;
case PIPE_AUTH_TYPE_SPNEGO_KRB5:
- oid = GENSEC_OID_KERBEROS5;
+ use_kerberos = CRED_MUST_USE_KERBEROS;
break;
case PIPE_AUTH_TYPE_SPNEGO_NONE:
+ use_kerberos = CRED_AUTO_USE_KERBEROS;
break;
}
ntresult = cli_rpc_pipe_open_spnego(
cli, cmd_entry->table,
default_transport,
- oid,
+ use_kerberos,
pipe_default_auth_level,
smbXcli_conn_remote_name(cli->conn),
get_cmdline_auth_info_domain(auth_info),
status = cli_rpc_pipe_open_spnego(conn->cli,
&ndr_table_samr,
NCACN_NP,
- GENSEC_OID_NTLMSSP,
+ CRED_DONT_USE_KERBEROS,
conn->auth_level,
smbXcli_conn_remote_name(conn->cli->conn),
domain_name,
* authenticated LSA pipe with sign & seal. */
result = cli_rpc_pipe_open_spnego
(conn->cli, &ndr_table_lsarpc, NCACN_NP,
- GENSEC_OID_NTLMSSP,
+ CRED_DONT_USE_KERBEROS,
conn->auth_level,
smbXcli_conn_remote_name(conn->cli->conn),
conn->cli->domain, conn->cli->user_name, conn->cli->password,