From: Stefan Metzmacher Date: Fri, 20 Sep 2013 02:16:00 +0000 (+0200) Subject: s4:librpc: let dcerpc_schannel_key_recv() return netlogon_creds_CredentialState X-Git-Url: http://git.samba.org/?p=mat%2Fsamba.git;a=commitdiff_plain;h=a62927ef882a5ed7bee1c737c44dd29b13e724e0 s4:librpc: let dcerpc_schannel_key_recv() return netlogon_creds_CredentialState cli_credentials_set_netlogon_creds() should only be used directly before a DCERPC bind in order to pass the session information to the gensec layer. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index cd62508edd..c4bedfa913 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -296,9 +296,6 @@ static void continue_srv_auth2(struct tevent_req *subreq) return; } - /* setup current netlogon credentials */ - cli_credentials_set_netlogon_creds(s->credentials, s->creds); - composite_done(c); } @@ -369,10 +366,19 @@ static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx, /* Receive result of schannel key request */ -static NTSTATUS dcerpc_schannel_key_recv(struct composite_context *c) +static NTSTATUS dcerpc_schannel_key_recv(struct composite_context *c, + TALLOC_CTX *mem_ctx, + struct netlogon_creds_CredentialState **creds) { NTSTATUS status = composite_wait(c); - + + if (NT_STATUS_IS_OK(status)) { + struct schannel_key_state *s = + talloc_get_type_abort(c->private_data, + struct schannel_key_state); + *creds = talloc_move(mem_ctx, &s->creds); + } + talloc_free(c); return status; } @@ -410,13 +416,15 @@ static void continue_schannel_key(struct composite_context *ctx) NTSTATUS status; /* receive schannel key */ - status = c->status = dcerpc_schannel_key_recv(ctx); + status = c->status = dcerpc_schannel_key_recv(ctx, s, &s->creds_state); if (!composite_is_ok(c)) { DEBUG(1, ("Failed to setup credentials: %s\n", nt_errstr(status))); return; } /* send bind auth request with received creds */ + cli_credentials_set_netlogon_creds(s->credentials, s->creds_state); + auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials, lpcfg_gensec_settings(c, s->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL, s->auth_level, @@ -447,9 +455,6 @@ static void continue_bind_auth(struct composite_context *ctx) &ndr_table_netlogon.syntax_id)) { ZERO_STRUCT(s->return_auth); - s->creds_state = cli_credentials_get_netlogon_creds(s->credentials); - if (composite_nomem(s->creds_state, c)) return; - s->save_creds_state = *s->creds_state; netlogon_creds_client_authenticator(&s->save_creds_state, &s->auth); @@ -528,6 +533,7 @@ static void continue_get_capabilities(struct tevent_req *subreq) } *s->creds_state = s->save_creds_state; + cli_credentials_set_netlogon_creds(s->credentials, s->creds_state); if (!NT_STATUS_IS_OK(s->c.out.result)) { composite_error(c, s->c.out.result);