s3-librpc: Add cli_rpc_pipe_open_with_creds()

This provides a credentials-based interface.  In the long term, we
will want to change this not to reference the credentials, but for now
this suits the caller in winbindd_cm.c

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/include/auth_generic.h b/source3/include/auth_generic.h
index 96b07cd8f77e70235d13217caa48e8e996cde305..07df62af43a62681cfc9870051aea7ab97b2e4ec 100644 (file)
--- a/source3/include/auth_generic.h
+++ b/source3/include/auth_generic.h
@@ -37,6 +37,8 @@ NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
                                 const char *domain);
 NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
                                   const char *password);
+NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
+                               struct cli_credentials *creds);
 NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx,
                                     struct auth_generic_state **_ans);
 NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid);

diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
index 1f6c681a6e59c6b5bec1a57751df2af9aaae5760..68d14516f39eb5db5aba3c017070480e0d95258b 100644 (file)
--- a/source3/libsmb/auth_generic.c
+++ b/source3/libsmb/auth_generic.c
@@ -48,6 +48,14 @@ NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
        return NT_STATUS_OK;
 }
 
+NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
+                               struct cli_credentials *creds)
+{
+       talloc_unlink(ans->credentials, creds);
+       ans->credentials = creds;
+       return NT_STATUS_OK;
+}
+
 NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
 {
        struct auth_generic_state *ans;

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 43ce719f4cca84f2f3aed657e1098cb7da7a1039..fcb8b61751cb9fae7ae6a085db8b016697be39f2 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2407,6 +2407,63 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
        return status;
 }
 
+/* This routine steals the creds pointer that is passed in */
+static NTSTATUS rpccli_generic_bind_data_from_creds(TALLOC_CTX *mem_ctx,
+                                                   enum dcerpc_AuthType auth_type,
+                                                   enum dcerpc_AuthLevel auth_level,
+                                                   const char *server,
+                                                   const char *target_service,
+                                                   struct cli_credentials *creds,
+                                                   struct pipe_auth_data **presult)
+{
+       struct auth_generic_state *auth_generic_ctx;
+       struct pipe_auth_data *result;
+       NTSTATUS status;
+
+       result = talloc_zero(mem_ctx, struct pipe_auth_data);
+       if (result == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       result->auth_type = auth_type;
+       result->auth_level = auth_level;
+
+       status = auth_generic_client_prepare(result,
+                                            &auth_generic_ctx);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
+       }
+
+       status = auth_generic_set_creds(auth_generic_ctx, creds);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
+       }
+
+       status = gensec_set_target_service(auth_generic_ctx->gensec_security, target_service);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
+       }
+
+       status = gensec_set_target_hostname(auth_generic_ctx->gensec_security, server);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
+       }
+
+       status = auth_generic_client_start_by_authtype(auth_generic_ctx, auth_type, auth_level);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto fail;
+       }
+
+       result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security);
+       talloc_free(auth_generic_ctx);
+       *presult = result;
+       return NT_STATUS_OK;
+
+ fail:
+       TALLOC_FREE(result);
+       return status;
+}
+
 NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx,
                                  struct pipe_auth_data **presult)
 {
@@ -2940,6 +2997,65 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
 
 /****************************************************************************
  Open a named pipe to an SMB server and bind using the mech specified
+
+ This routine references the creds pointer that is passed in
+ ****************************************************************************/
+
+NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
+                                     const struct ndr_interface_table *table,
+                                     enum dcerpc_transport_t transport,
+                                     enum dcerpc_AuthType auth_type,
+                                     enum dcerpc_AuthLevel auth_level,
+                                     const char *server,
+                                     struct cli_credentials *creds,
+                                     struct rpc_pipe_client **presult)
+{
+       struct rpc_pipe_client *result;
+       struct pipe_auth_data *auth = NULL;
+       const char *target_service = table->authservices->names[0];
+
+       NTSTATUS status;
+
+       status = cli_rpc_pipe_open(cli, transport, table, &result);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
+       status = rpccli_generic_bind_data_from_creds(result,
+                                                    auth_type, auth_level,
+                                                    server, target_service,
+                                                    creds,
+                                                    &auth);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
+                         nt_errstr(status)));
+               goto err;
+       }
+
+       status = rpc_pipe_bind(result, auth);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, ("cli_rpc_pipe_open_generic_auth: cli_rpc_pipe_bind failed with error %s\n",
+                       nt_errstr(status) ));
+               goto err;
+       }
+
+       DEBUG(10,("cli_rpc_pipe_open_generic_auth: opened pipe %s to "
+               "machine %s and bound as user %s.\n", table->name,
+                 result->desthost, cli_credentials_get_unparsed_name(creds, talloc_tos())));
+
+       *presult = result;
+       return NT_STATUS_OK;
+
+  err:
+
+       TALLOC_FREE(result);
+       return status;
+}
+
+/****************************************************************************
+ Open a named pipe to an SMB server and bind using the mech specified
+
+ This routine steals the creds pointer that is passed in
  ****************************************************************************/
 
 NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,

diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 34e79d1fa22b0333641ea7c2a7396fde91919b70..0c1e692138005c48931dff2951c2cc3a1881cb09 100644 (file)
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -72,6 +72,21 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
                                            const struct ndr_interface_table *table,
                                            struct rpc_pipe_client **presult);
 
+/****************************************************************************
+ Open a named pipe to an SMB server and bind using the mech specified
+
+ This routine steals the creds pointer that is passed in
+ ****************************************************************************/
+
+NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
+                                     const struct ndr_interface_table *table,
+                                     enum dcerpc_transport_t transport,
+                                     enum dcerpc_AuthType auth_type,
+                                     enum dcerpc_AuthLevel auth_level,
+                                     const char *server,
+                                     struct cli_credentials *creds,
+                                     struct rpc_pipe_client **presult);
+
 NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
                                        const struct ndr_interface_table *table,
                                        enum dcerpc_transport_t transport,