s3-librpc Rename and rework cli_rpc_pipe_open_ntlmssp() to be generic

This also includes renaming the helper function
rpccli_ntlmssp_bind_data, and allows this function to operate on any
gensec-supplied auth type.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 2f6ff5163207ef51ffeec1f7cddbf48a772942eb..684ffd91a11ca712a1f83fc17e08d81e0d31487f 100644 (file)
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -148,13 +148,15 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
        /* Try not to give the password away too easily */
 
        if (!pass_must_change) {
-               result = cli_rpc_pipe_open_ntlmssp(cli,
-                                                  &ndr_table_samr.syntax_id,
-                                                  NCACN_NP,
-                                                  DCERPC_AUTH_LEVEL_PRIVACY,
-                                                  domain, user,
-                                                  old_passwd,
-                                                  &pipe_hnd);
+               result = cli_rpc_pipe_open_generic_auth(cli,
+                                                       &ndr_table_samr.syntax_id,
+                                                       NCACN_NP,
+                                                       DCERPC_AUTH_TYPE_NTLMSSP,
+                                                       DCERPC_AUTH_LEVEL_PRIVACY,
+                                                       remote_machine,
+                                                       domain, user,
+                                                       old_passwd,
+                                                       &pipe_hnd);
        } else {
                /*
                 * If the user password must be changed the ntlmssp bind will

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 8faeac225af2cfa18f027c3cb1d1ba4304af59b7..25c5e913a166b0bb93102ced7358be1ec71902bd 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2255,15 +2255,17 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
        return NT_STATUS_OK;
 }
 
-static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
-                                 enum dcerpc_AuthType auth_type,
-                                 enum dcerpc_AuthLevel auth_level,
-                                 const char *domain,
-                                 const char *username,
-                                 const char *password,
-                                 struct pipe_auth_data **presult)
-{
-       struct auth_generic_state *ntlmssp_ctx;
+static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
+                                        enum dcerpc_AuthType auth_type,
+                                        enum dcerpc_AuthLevel auth_level,
+                                        const char *server,
+                                        const char *target_service,
+                                        const char *domain,
+                                        const char *username,
+                                        const char *password,
+                                        struct pipe_auth_data **presult)
+{
+       struct auth_generic_state *auth_generic_ctx;
        struct pipe_auth_data *result;
        NTSTATUS status;
 
@@ -2283,33 +2285,33 @@ static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
        }
 
        status = auth_generic_client_prepare(result,
-                                            &ntlmssp_ctx);
+                                            &auth_generic_ctx);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
 
-       status = auth_generic_set_username(ntlmssp_ctx, username);
+       status = auth_generic_set_username(auth_generic_ctx, username);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
 
-       status = auth_generic_set_domain(ntlmssp_ctx, domain);
+       status = auth_generic_set_domain(auth_generic_ctx, domain);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
 
-       status = auth_generic_set_password(ntlmssp_ctx, password);
+       status = auth_generic_set_password(auth_generic_ctx, password);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
 
-       status = auth_generic_client_start_by_authtype(ntlmssp_ctx, auth_type, auth_level);
+       status = auth_generic_client_start_by_authtype(auth_generic_ctx, auth_type, auth_level);
        if (!NT_STATUS_IS_OK(status)) {
                goto fail;
        }
 
-       result->auth_ctx = talloc_move(result, &ntlmssp_ctx->gensec_security);
-       talloc_free(ntlmssp_ctx);
+       result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security);
+       talloc_free(auth_generic_ctx);
        *presult = result;
        return NT_STATUS_OK;
 
@@ -2850,21 +2852,23 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
 }
 
 /****************************************************************************
- Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP
+ Open a named pipe to an SMB server and bind using the mech specified
  ****************************************************************************/
 
-NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
-                                  const struct ndr_syntax_id *interface,
-                                  enum dcerpc_transport_t transport,
-                                  enum dcerpc_AuthLevel auth_level,
-                                  const char *domain,
-                                  const char *username,
-                                  const char *password,
-                                  struct rpc_pipe_client **presult)
+NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
+                                       const struct ndr_syntax_id *interface,
+                                       enum dcerpc_transport_t transport,
+                                       enum dcerpc_AuthType auth_type,
+                                       enum dcerpc_AuthLevel auth_level,
+                                       const char *server,
+                                       const char *domain,
+                                       const char *username,
+                                       const char *password,
+                                       struct rpc_pipe_client **presult)
 {
        struct rpc_pipe_client *result;
        struct pipe_auth_data *auth = NULL;
-       enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+       const char *target_service = "cifs"; /* TODO: Determine target service from the bindings or interface table */
        NTSTATUS status;
 
        status = cli_rpc_pipe_open(cli, transport, interface, &result);
@@ -2872,25 +2876,26 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
                return status;
        }
 
-       status = rpccli_ntlmssp_bind_data(result,
+       status = rpccli_generic_bind_data(result,
                                          auth_type, auth_level,
+                                         server, target_service,
                                          domain, username, password,
                                          &auth);
        if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("rpccli_ntlmssp_bind_data returned %s\n",
+               DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
                          nt_errstr(status)));
                goto err;
        }
 
        status = rpc_pipe_bind(result, auth);
        if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error %s\n",
+               DEBUG(0, ("cli_rpc_pipe_open_generic_auth: cli_rpc_pipe_bind failed with error %s\n",
                        nt_errstr(status) ));
                goto err;
        }
 
-       DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to "
-               "machine %s and bound NTLMSSP as user %s\\%s.\n",
+       DEBUG(10,("cli_rpc_pipe_open_generic_auth: opened pipe %s to "
+               "machine %s and bound as user %s\\%s.\n",
                  get_pipe_name_from_syntax(talloc_tos(), interface),
                  result->desthost, domain, username));
 

diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 25a134068fda80ca29bff640433cfb66f1b02991..a9d5784643044a79bf7abdaf7406780582fe2f4e 100644 (file)
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -84,14 +84,16 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
                                            const struct ndr_syntax_id *interface,
                                            struct rpc_pipe_client **presult);
 
-NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
-                                  const struct ndr_syntax_id *interface,
-                                  enum dcerpc_transport_t transport,
-                                  enum dcerpc_AuthLevel auth_level,
-                                  const char *domain,
-                                  const char *username,
-                                  const char *password,
-                                  struct rpc_pipe_client **presult);
+NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
+                                       const struct ndr_syntax_id *interface,
+                                       enum dcerpc_transport_t transport,
+                                       enum dcerpc_AuthType auth_type,
+                                       enum dcerpc_AuthLevel auth_level,
+                                       const char *server,
+                                       const char *domain,
+                                       const char *username,
+                                       const char *password,
+                                       struct rpc_pipe_client **presult);
 
 NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
                                          const struct ndr_syntax_id *interface,

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index c195d289ab48b2be951cb253728b5679b341c627..1f74f7e9e91c88d272f4b12f0c98c3e6a11d4a28 100644 (file)
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -715,10 +715,12 @@ static NTSTATUS do_cmd(struct cli_state *cli,
                        }
                        break;
                case DCERPC_AUTH_TYPE_NTLMSSP:
-                       ntresult = cli_rpc_pipe_open_ntlmssp(
+                       ntresult = cli_rpc_pipe_open_generic_auth(
                                cli, cmd_entry->interface,
                                default_transport,
+                               pipe_default_auth_type,
                                pipe_default_auth_level,
+                               cli_state_remote_name(cli),
                                get_cmdline_auth_info_domain(auth_info),
                                get_cmdline_auth_info_username(auth_info),
                                get_cmdline_auth_info_password(auth_info),

diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index ef017ec9dc02ba6c8e50fdebd4b8330b1e1d3496..5491c58138763dbc66b44e5d1817f82e8ac8ae9b 100644 (file)
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -200,11 +200,13 @@ int run_rpc_command(struct net_context *c,
                        }
                } else {
                        if (conn_flags & NET_FLAGS_SEAL) {
-                               nt_status = cli_rpc_pipe_open_ntlmssp(
+                               nt_status = cli_rpc_pipe_open_generic_auth(
                                        cli, interface,
                                        (conn_flags & NET_FLAGS_TCP) ?
                                        NCACN_IP_TCP : NCACN_NP,
+                                       DCERPC_AUTH_TYPE_NTLMSSP,
                                        DCERPC_AUTH_LEVEL_PRIVACY,
+                                       cli_state_remote_name(cli),
                                        lp_workgroup(), c->opt_user_name,
                                        c->opt_password, &pipe_hnd);
                        } else {