s3-librpc: Add cli_rpc_pipe_open_with_creds()

This provides a credentials-based interface. In the long term, we will want to change this not to reference the credentials, but for now this suits the caller in winbindd_cm.c Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2014-09-23 09:12:20 -0700
committer: Andrew Bartlett <abartlet@samba.org> 2014-10-17 12:57:07 +0200
commit: 295b323b1c65cd8387b3977a189f81253c139b43 (patch)
tree: 999dddd197ddd32458a39e6ced44728672ae8e29
parent: be994ca579c6c302d9d6487c863699b3e4457210 (diff)
download: samba-295b323b1c65cd8387b3977a189f81253c139b43.tar.gz
samba-295b323b1c65cd8387b3977a189f81253c139b43.tar.xz
samba-295b323b1c65cd8387b3977a189f81253c139b43.zip
4 files changed, 141 insertions, 0 deletions
diff --git a/source3/include/auth_generic.h b/source3/include/auth_generic.h
index 96b07cd8f7..07df62af43 100644
--- a/source3/include/auth_generic.h
+++ b/source3/include/auth_generic.h
@@ -37,6 +37,8 @@ NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
 				 const char *domain);
 NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
 				   const char *password);
+NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
+				struct cli_credentials *creds);
 NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx,
 				     struct auth_generic_state **_ans);
 NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid);
diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
index 1f6c681a6e..68d14516f3 100644
--- a/source3/libsmb/auth_generic.c
+++ b/source3/libsmb/auth_generic.c
@@ -48,6 +48,14 @@ NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
 	return NT_STATUS_OK;
 }
 
+NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
+				struct cli_credentials *creds)
+{
+	talloc_unlink(ans->credentials, creds);
+	ans->credentials = creds;
+	return NT_STATUS_OK;
+}
+
 NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
 {
 	struct auth_generic_state *ans;
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 43ce719f4c..fcb8b61751 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2407,6 +2407,63 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
 	return status;
 }
 
+/* This routine steals the creds pointer that is passed in */
+static NTSTATUS rpccli_generic_bind_data_from_creds(TALLOC_CTX *mem_ctx,
+						    enum dcerpc_AuthType auth_type,
+						    enum dcerpc_AuthLevel auth_level,
+						    const char *server,
+						    const char *target_service,
+						    struct cli_credentials *creds,
+						    struct pipe_auth_data **presult)
+{
+	struct auth_generic_state *auth_generic_ctx;
+	struct pipe_auth_data *result;
+	NTSTATUS status;
+
+	result = talloc_zero(mem_ctx, struct pipe_auth_data);
+	if (result == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	result->auth_type = auth_type;
+	result->auth_level = auth_level;
+
+	status = auth_generic_client_prepare(result,
+					     &auth_generic_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+
+	status = auth_generic_set_creds(auth_generic_ctx, creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+
+	status = gensec_set_target_service(auth_generic_ctx->gensec_security, target_service);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+
+	status = gensec_set_target_hostname(auth_generic_ctx->gensec_security, server);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+
+	status = auth_generic_client_start_by_authtype(auth_generic_ctx, auth_type, auth_level);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
+
+	result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security);
+	talloc_free(auth_generic_ctx);
+	*presult = result;
+	return NT_STATUS_OK;
+
+ fail:
+	TALLOC_FREE(result);
+	return status;
+}
+
 NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx,
 				  struct pipe_auth_data **presult)
 {
@@ -2940,6 +2997,65 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
 
 /****************************************************************************
  Open a named pipe to an SMB server and bind using the mech specified
+
+ This routine references the creds pointer that is passed in
+ ****************************************************************************/
+
+NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
+				      const struct ndr_interface_table *table,
+				      enum dcerpc_transport_t transport,
+				      enum dcerpc_AuthType auth_type,
+				      enum dcerpc_AuthLevel auth_level,
+				      const char *server,
+				      struct cli_credentials *creds,
+				      struct rpc_pipe_client **presult)
+{
+	struct rpc_pipe_client *result;
+	struct pipe_auth_data *auth = NULL;
+	const char *target_service = table->authservices->names[0];
+
+	NTSTATUS status;
+
+	status = cli_rpc_pipe_open(cli, transport, table, &result);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = rpccli_generic_bind_data_from_creds(result,
+						     auth_type, auth_level,
+						     server, target_service,
+						     creds,
+						     &auth);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
+			  nt_errstr(status)));
+		goto err;
+	}
+
+	status = rpc_pipe_bind(result, auth);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("cli_rpc_pipe_open_generic_auth: cli_rpc_pipe_bind failed with error %s\n",
+			nt_errstr(status) ));
+		goto err;
+	}
+
+	DEBUG(10,("cli_rpc_pipe_open_generic_auth: opened pipe %s to "
+		"machine %s and bound as user %s.\n", table->name,
+		  result->desthost, cli_credentials_get_unparsed_name(creds, talloc_tos())));
+
+	*presult = result;
+	return NT_STATUS_OK;
+
+  err:
+
+	TALLOC_FREE(result);
+	return status;
+}
+
+/****************************************************************************
+ Open a named pipe to an SMB server and bind using the mech specified
+
+ This routine steals the creds pointer that is passed in
  ****************************************************************************/
 
 NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 34e79d1fa2..0c1e692138 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -72,6 +72,21 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
 					    const struct ndr_interface_table *table,
 					    struct rpc_pipe_client **presult);
 
+/****************************************************************************
+ Open a named pipe to an SMB server and bind using the mech specified
+
+ This routine steals the creds pointer that is passed in
+ ****************************************************************************/
+
+NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
+				      const struct ndr_interface_table *table,
+				      enum dcerpc_transport_t transport,
+				      enum dcerpc_AuthType auth_type,
+				      enum dcerpc_AuthLevel auth_level,
+				      const char *server,
+				      struct cli_credentials *creds,
+				      struct rpc_pipe_client **presult);
+
 NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
 					const struct ndr_interface_table *table,
 					enum dcerpc_transport_t transport,
author	Andrew Bartlett <abartlet@samba.org>	2014-09-23 09:12:20 -0700
committer	Andrew Bartlett <abartlet@samba.org>	2014-10-17 12:57:07 +0200
commit	295b323b1c65cd8387b3977a189f81253c139b43 (patch)
tree	999dddd197ddd32458a39e6ced44728672ae8e29
parent	be994ca579c6c302d9d6487c863699b3e4457210 (diff)
download	samba-295b323b1c65cd8387b3977a189f81253c139b43.tar.gz samba-295b323b1c65cd8387b3977a189f81253c139b43.tar.xz samba-295b323b1c65cd8387b3977a189f81253c139b43.zip