return ret ? -1 : 0;
}
-NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
- struct cli_pipe_auth_data **presult)
-{
- struct cli_pipe_auth_data *result;
-
- result = talloc(mem_ctx, struct cli_pipe_auth_data);
- if (result == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- result->auth_type = PIPE_AUTH_TYPE_NONE;
- result->auth_level = PIPE_AUTH_LEVEL_NONE;
-
- result->user_name = talloc_strdup(result, "");
- result->domain = talloc_strdup(result, "");
- if ((result->user_name == NULL) || (result->domain == NULL)) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
-
- *presult = result;
- return NT_STATUS_OK;
-}
-
-static int cli_auth_ntlmssp_data_destructor(struct cli_pipe_auth_data *auth)
-{
- ntlmssp_end(&auth->a_u.ntlmssp_state);
- return 0;
-}
-
-NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
- enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
- const char *domain,
- const char *username,
- const char *password,
- struct cli_pipe_auth_data **presult)
-{
- struct cli_pipe_auth_data *result;
- NTSTATUS status;
-
- result = talloc(mem_ctx, struct cli_pipe_auth_data);
- if (result == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- result->auth_type = auth_type;
- result->auth_level = auth_level;
-
- result->user_name = talloc_strdup(result, username);
- result->domain = talloc_strdup(result, domain);
- if ((result->user_name == NULL) || (result->domain == NULL)) {
- status = NT_STATUS_NO_MEMORY;
- goto fail;
- }
-
- status = ntlmssp_client_start(&result->a_u.ntlmssp_state);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
- }
-
- talloc_set_destructor(result, cli_auth_ntlmssp_data_destructor);
-
- status = ntlmssp_set_username(result->a_u.ntlmssp_state, username);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
- }
-
- status = ntlmssp_set_domain(result->a_u.ntlmssp_state, domain);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
- }
-
- status = ntlmssp_set_password(result->a_u.ntlmssp_state, password);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
- }
-
- /*
- * Turn off sign+seal to allow selected auth level to turn it back on.
- */
- result->a_u.ntlmssp_state->neg_flags &=
- ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
-
- if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
- result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- } else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
- result->a_u.ntlmssp_state->neg_flags
- |= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN;
- }
-
- *presult = result;
- return NT_STATUS_OK;
-
- fail:
- TALLOC_FREE(result);
- return status;
-}
-
-NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
- enum pipe_auth_level auth_level,
- const struct dcinfo *pdc,
- struct cli_pipe_auth_data **presult)
-{
- struct cli_pipe_auth_data *result;
-
- result = talloc(mem_ctx, struct cli_pipe_auth_data);
- if (result == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- result->auth_type = PIPE_AUTH_TYPE_SCHANNEL;
- result->auth_level = auth_level;
-
- result->user_name = talloc_strdup(result, "");
- result->domain = talloc_strdup(result, domain);
- if ((result->user_name == NULL) || (result->domain == NULL)) {
- goto fail;
- }
-
- result->a_u.schannel_auth = talloc(result,
- struct schannel_auth_struct);
- if (result->a_u.schannel_auth == NULL) {
- goto fail;
- }
-
- memcpy(result->a_u.schannel_auth->sess_key, pdc->sess_key, 16);
- result->a_u.schannel_auth->seq_num = 0;
-
- *presult = result;
- return NT_STATUS_OK;
-
- fail:
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
-}
-
-static int cli_auth_kerberos_data_destructor(struct kerberos_auth_struct *auth)
-{
- data_blob_free(&auth->session_key);
- return 0;
-}
-
-NTSTATUS rpccli_krb5_bind_data(TALLOC_CTX *mem_ctx,
- enum pipe_auth_level auth_level,
- const char *service_princ,
- const char *username,
- const char *password,
- struct cli_pipe_auth_data **presult)
-{
- struct cli_pipe_auth_data *result;
-
- if ((username != NULL) && (password != NULL)) {
- int ret = kerberos_kinit_password(username, password, 0, NULL);
- if (ret != 0) {
- return NT_STATUS_ACCESS_DENIED;
- }
- }
-
- result = talloc(mem_ctx, struct cli_pipe_auth_data);
- if (result == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- result->auth_type = PIPE_AUTH_TYPE_KRB5;
- result->auth_level = auth_level;
-
- /*
- * Username / domain need fixing!
- */
- result->user_name = talloc_strdup(result, "");
- result->domain = talloc_strdup(result, "");
- if ((result->user_name == NULL) || (result->domain == NULL)) {
- goto fail;
- }
-
- result->a_u.kerberos_auth = TALLOC_ZERO_P(
- result, struct kerberos_auth_struct);
- if (result->a_u.kerberos_auth == NULL) {
- goto fail;
- }
- talloc_set_destructor(result->a_u.kerberos_auth,
- cli_auth_kerberos_data_destructor);
-
- result->a_u.kerberos_auth->service_principal = talloc_strdup(
- result, service_princ);
- if (result->a_u.kerberos_auth->service_principal == NULL) {
- goto fail;
- }
-
- *presult = result;
- return NT_STATUS_OK;
-
- fail:
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
-}
-
/****************************************************************************
Open a named pipe over SMB to a remote server.
*