s3-rpc_client: Adapt cli_rpc_pipe_open_spnego to use enum credentials_kerberos_state

This allows us to pass this value in directly from the cli_credentials
structure in winbindd.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index dc07495bfe9669ea51a25a9ce560a665b05b3743..e3822d16408171dcf8374dfaad0bcfdec4b6198e 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3096,7 +3096,7 @@ done:
 NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
                                  const struct ndr_interface_table *table,
                                  enum dcerpc_transport_t transport,
-                                 const char *oid,
+                                 enum credentials_use_kerberos use_kerberos,
                                  enum dcerpc_AuthLevel auth_level,
                                  const char *server,
                                  const char *domain,
@@ -3109,15 +3109,6 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
        const char *target_service = table->authservices->names[0];
        
        NTSTATUS status;
-       enum credentials_use_kerberos use_kerberos;
-
-       if (strcmp(oid, GENSEC_OID_KERBEROS5) == 0) {
-               use_kerberos = CRED_MUST_USE_KERBEROS;
-       } else if (strcmp(oid, GENSEC_OID_NTLMSSP) == 0) {
-               use_kerberos = CRED_DONT_USE_KERBEROS;
-       } else {
-               return NT_STATUS_INVALID_PARAMETER;
-       }
 
        status = cli_rpc_pipe_open(cli, transport, table, &result);
        if (!NT_STATUS_IS_OK(status)) {

diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 533e752cedc252a0648a0084058a249889cadf3a..c4ed08a0c423e6a0fedf0d9ff3514652bd7fc6f2 100644 (file)
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -24,6 +24,7 @@
 #define _CLI_PIPE_H
 
 #include "rpc_client/rpc_client.h"
+#include "auth/credentials/credentials.h"
 
 /* The following definitions come from rpc_client/cli_pipe.c  */
 
@@ -85,7 +86,7 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
 NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
                                  const struct ndr_interface_table *table,
                                  enum dcerpc_transport_t transport,
-                                 const char *oid,
+                                 enum credentials_use_kerberos use_kerberos,
                                  enum dcerpc_AuthLevel auth_level,
                                  const char *server,
                                  const char *domain,

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index ac7576fc01750696eef4e1d6c55ff04e51bcfa2c..eca2185fe148cceaf9b54892374a2c738b7d4c73 100644 (file)
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -702,22 +702,23 @@ static NTSTATUS do_cmd(struct cli_state *cli,
                        break;
                case DCERPC_AUTH_TYPE_SPNEGO:
                {
-                       /* won't happen, but if it does it will fail in cli_rpc_pipe_open_spnego() eventually */
-                       const char *oid = "INVALID";
+                       enum credentials_use_kerberos use_kerberos;
+
                        switch (pipe_default_auth_spnego_type) {
                        case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
-                               oid = GENSEC_OID_NTLMSSP;
+                               use_kerberos = CRED_DONT_USE_KERBEROS;
                                break;
                        case PIPE_AUTH_TYPE_SPNEGO_KRB5:
-                               oid = GENSEC_OID_KERBEROS5;
+                               use_kerberos = CRED_MUST_USE_KERBEROS;
                                break;
                        case PIPE_AUTH_TYPE_SPNEGO_NONE:
+                               use_kerberos = CRED_AUTO_USE_KERBEROS;
                                break;
                        }
                        ntresult = cli_rpc_pipe_open_spnego(
                                cli, cmd_entry->table,
                                default_transport,
-                               oid,
+                               use_kerberos,
                                pipe_default_auth_level,
                                smbXcli_conn_remote_name(cli->conn),
                                get_cmdline_auth_info_domain(auth_info),

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 0e13a94c5af780f239d6f8cd24953131571c657e..e71b79398e2dc33fec7290d1c109135b29f2f196 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2570,7 +2570,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
        status = cli_rpc_pipe_open_spnego(conn->cli,
                                          &ndr_table_samr,
                                          NCACN_NP,
-                                         GENSEC_OID_NTLMSSP,
+                                         CRED_DONT_USE_KERBEROS,
                                          conn->auth_level,
                                          smbXcli_conn_remote_name(conn->cli->conn),
                                          domain_name,
@@ -2816,7 +2816,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
         * authenticated LSA pipe with sign & seal. */
        result = cli_rpc_pipe_open_spnego
                (conn->cli, &ndr_table_lsarpc, NCACN_NP,
-                GENSEC_OID_NTLMSSP,
+                CRED_DONT_USE_KERBEROS,
                 conn->auth_level,
                 smbXcli_conn_remote_name(conn->cli->conn),
                 conn->cli->domain, conn->cli->user_name, conn->cli->password,