summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2014-09-23 09:12:20 -0700
committerAndrew Bartlett <abartlet@samba.org>2014-10-17 12:57:07 +0200
commit295b323b1c65cd8387b3977a189f81253c139b43 (patch)
tree999dddd197ddd32458a39e6ced44728672ae8e29
parentbe994ca579c6c302d9d6487c863699b3e4457210 (diff)
downloadsamba-295b323b1c65cd8387b3977a189f81253c139b43.tar.gz
samba-295b323b1c65cd8387b3977a189f81253c139b43.tar.xz
samba-295b323b1c65cd8387b3977a189f81253c139b43.zip
s3-librpc: Add cli_rpc_pipe_open_with_creds()
This provides a credentials-based interface. In the long term, we will want to change this not to reference the credentials, but for now this suits the caller in winbindd_cm.c Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/include/auth_generic.h2
-rw-r--r--source3/libsmb/auth_generic.c8
-rw-r--r--source3/rpc_client/cli_pipe.c116
-rw-r--r--source3/rpc_client/cli_pipe.h15
4 files changed, 141 insertions, 0 deletions
diff --git a/source3/include/auth_generic.h b/source3/include/auth_generic.h
index 96b07cd8f7..07df62af43 100644
--- a/source3/include/auth_generic.h
+++ b/source3/include/auth_generic.h
@@ -37,6 +37,8 @@ NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
const char *domain);
NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
const char *password);
+NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
+ struct cli_credentials *creds);
NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx,
struct auth_generic_state **_ans);
NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid);
diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
index 1f6c681a6e..68d14516f3 100644
--- a/source3/libsmb/auth_generic.c
+++ b/source3/libsmb/auth_generic.c
@@ -48,6 +48,14 @@ NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
return NT_STATUS_OK;
}
+NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
+ struct cli_credentials *creds)
+{
+ talloc_unlink(ans->credentials, creds);
+ ans->credentials = creds;
+ return NT_STATUS_OK;
+}
+
NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
{
struct auth_generic_state *ans;
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 43ce719f4c..fcb8b61751 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2407,6 +2407,63 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
return status;
}
+/* This routine steals the creds pointer that is passed in */
+static NTSTATUS rpccli_generic_bind_data_from_creds(TALLOC_CTX *mem_ctx,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level,
+ const char *server,
+ const char *target_service,
+ struct cli_credentials *creds,
+ struct pipe_auth_data **presult)
+{
+ struct auth_generic_state *auth_generic_ctx;
+ struct pipe_auth_data *result;
+ NTSTATUS status;
+
+ result = talloc_zero(mem_ctx, struct pipe_auth_data);
+ if (result == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ result->auth_type = auth_type;
+ result->auth_level = auth_level;
+
+ status = auth_generic_client_prepare(result,
+ &auth_generic_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = auth_generic_set_creds(auth_generic_ctx, creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = gensec_set_target_service(auth_generic_ctx->gensec_security, target_service);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = gensec_set_target_hostname(auth_generic_ctx->gensec_security, server);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = auth_generic_client_start_by_authtype(auth_generic_ctx, auth_type, auth_level);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security);
+ talloc_free(auth_generic_ctx);
+ *presult = result;
+ return NT_STATUS_OK;
+
+ fail:
+ TALLOC_FREE(result);
+ return status;
+}
+
NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx,
struct pipe_auth_data **presult)
{
@@ -2940,6 +2997,65 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
/****************************************************************************
Open a named pipe to an SMB server and bind using the mech specified
+
+ This routine references the creds pointer that is passed in
+ ****************************************************************************/
+
+NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
+ const struct ndr_interface_table *table,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level,
+ const char *server,
+ struct cli_credentials *creds,
+ struct rpc_pipe_client **presult)
+{
+ struct rpc_pipe_client *result;
+ struct pipe_auth_data *auth = NULL;
+ const char *target_service = table->authservices->names[0];
+
+ NTSTATUS status;
+
+ status = cli_rpc_pipe_open(cli, transport, table, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = rpccli_generic_bind_data_from_creds(result,
+ auth_type, auth_level,
+ server, target_service,
+ creds,
+ &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
+ nt_errstr(status)));
+ goto err;
+ }
+
+ status = rpc_pipe_bind(result, auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("cli_rpc_pipe_open_generic_auth: cli_rpc_pipe_bind failed with error %s\n",
+ nt_errstr(status) ));
+ goto err;
+ }
+
+ DEBUG(10,("cli_rpc_pipe_open_generic_auth: opened pipe %s to "
+ "machine %s and bound as user %s.\n", table->name,
+ result->desthost, cli_credentials_get_unparsed_name(creds, talloc_tos())));
+
+ *presult = result;
+ return NT_STATUS_OK;
+
+ err:
+
+ TALLOC_FREE(result);
+ return status;
+}
+
+/****************************************************************************
+ Open a named pipe to an SMB server and bind using the mech specified
+
+ This routine steals the creds pointer that is passed in
****************************************************************************/
NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 34e79d1fa2..0c1e692138 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -72,6 +72,21 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
const struct ndr_interface_table *table,
struct rpc_pipe_client **presult);
+/****************************************************************************
+ Open a named pipe to an SMB server and bind using the mech specified
+
+ This routine steals the creds pointer that is passed in
+ ****************************************************************************/
+
+NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
+ const struct ndr_interface_table *table,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level,
+ const char *server,
+ struct cli_credentials *creds,
+ struct rpc_pipe_client **presult);
+
NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
const struct ndr_interface_table *table,
enum dcerpc_transport_t transport,