s4:librpc: let dcerpc_schannel_key_recv() return netlogon_creds_CredentialState

cli_credentials_set_netlogon_creds() should only be used directly before
a DCERPC bind in order to pass the session information to the
gensec layer.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index cd62508eddab7694236faa91b39d58d157f77836..c4bedfa9136e1a8310d338eef664af1bb5b1491c 100644 (file)
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -296,9 +296,6 @@ static void continue_srv_auth2(struct tevent_req *subreq)
                return;
        }
 
-       /* setup current netlogon credentials */
-       cli_credentials_set_netlogon_creds(s->credentials, s->creds);
-
        composite_done(c);
 }
 
@@ -369,10 +366,19 @@ static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
 /*
   Receive result of schannel key request
  */
-static NTSTATUS dcerpc_schannel_key_recv(struct composite_context *c)
+static NTSTATUS dcerpc_schannel_key_recv(struct composite_context *c,
+                               TALLOC_CTX *mem_ctx,
+                               struct netlogon_creds_CredentialState **creds)
 {
        NTSTATUS status = composite_wait(c);
-       
+
+       if (NT_STATUS_IS_OK(status)) {
+               struct schannel_key_state *s =
+                       talloc_get_type_abort(c->private_data,
+                       struct schannel_key_state);
+               *creds = talloc_move(mem_ctx, &s->creds);
+       }
+
        talloc_free(c);
        return status;
 }
@@ -410,13 +416,15 @@ static void continue_schannel_key(struct composite_context *ctx)
        NTSTATUS status;
 
        /* receive schannel key */
-       status = c->status = dcerpc_schannel_key_recv(ctx);
+       status = c->status = dcerpc_schannel_key_recv(ctx, s, &s->creds_state);
        if (!composite_is_ok(c)) {
                DEBUG(1, ("Failed to setup credentials: %s\n", nt_errstr(status)));
                return;
        }
 
        /* send bind auth request with received creds */
+       cli_credentials_set_netlogon_creds(s->credentials, s->creds_state);
+
        auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials, 
                                         lpcfg_gensec_settings(c, s->lp_ctx),
                                         DCERPC_AUTH_TYPE_SCHANNEL, s->auth_level,
@@ -447,9 +455,6 @@ static void continue_bind_auth(struct composite_context *ctx)
                                &ndr_table_netlogon.syntax_id)) {
                ZERO_STRUCT(s->return_auth);
 
-               s->creds_state = cli_credentials_get_netlogon_creds(s->credentials);
-               if (composite_nomem(s->creds_state, c)) return;
-
                s->save_creds_state = *s->creds_state;
                netlogon_creds_client_authenticator(&s->save_creds_state, &s->auth);
 
@@ -528,6 +533,7 @@ static void continue_get_capabilities(struct tevent_req *subreq)
        }
 
        *s->creds_state = s->save_creds_state;
+       cli_credentials_set_netlogon_creds(s->credentials, s->creds_state);
 
        if (!NT_STATUS_IS_OK(s->c.out.result)) {
                composite_error(c, s->c.out.result);