s3-rpc_client: Adapt cli_rpc_pipe_open_spnego to use enum credentials_kerberos_state

This allows us to pass this value in directly from the cli_credentials
structure in winbindd.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

4 files changed, 11 insertions, 18 deletions

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index dc07495bfe..e3822d1640 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3096,7 +3096,7 @@ done:
 NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
 				  const struct ndr_interface_table *table,
 				  enum dcerpc_transport_t transport,
-				  const char *oid,
+				  enum credentials_use_kerberos use_kerberos,
 				  enum dcerpc_AuthLevel auth_level,
 				  const char *server,
 				  const char *domain,
@@ -3109,15 +3109,6 @@ NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
 	const char *target_service = table->authservices->names[0];
 	
 	NTSTATUS status;
-	enum credentials_use_kerberos use_kerberos;
-
-	if (strcmp(oid, GENSEC_OID_KERBEROS5) == 0) {
-		use_kerberos = CRED_MUST_USE_KERBEROS;
-	} else if (strcmp(oid, GENSEC_OID_NTLMSSP) == 0) {
-		use_kerberos = CRED_DONT_USE_KERBEROS;
-	} else {
-		return NT_STATUS_INVALID_PARAMETER;
-	}
 
 	status = cli_rpc_pipe_open(cli, transport, table, &result);
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 533e752ced..c4ed08a0c4 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -24,6 +24,7 @@
 #define _CLI_PIPE_H
 
 #include "rpc_client/rpc_client.h"
+#include "auth/credentials/credentials.h"
 
 /* The following definitions come from rpc_client/cli_pipe.c  */
 
@@ -85,7 +86,7 @@ NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
 NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
 				  const struct ndr_interface_table *table,
 				  enum dcerpc_transport_t transport,
-				  const char *oid,
+				  enum credentials_use_kerberos use_kerberos,
 				  enum dcerpc_AuthLevel auth_level,
 				  const char *server,
 				  const char *domain,
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index ac7576fc01..eca2185fe1 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -702,22 +702,23 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 			break;
 		case DCERPC_AUTH_TYPE_SPNEGO:
 		{
-			/* won't happen, but if it does it will fail in cli_rpc_pipe_open_spnego() eventually */
-			const char *oid = "INVALID";
+			enum credentials_use_kerberos use_kerberos;
+
 			switch (pipe_default_auth_spnego_type) {
 			case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
-				oid = GENSEC_OID_NTLMSSP;
+				use_kerberos = CRED_DONT_USE_KERBEROS;
 				break;
 			case PIPE_AUTH_TYPE_SPNEGO_KRB5:
-				oid = GENSEC_OID_KERBEROS5;
+				use_kerberos = CRED_MUST_USE_KERBEROS;
 				break;
 			case PIPE_AUTH_TYPE_SPNEGO_NONE:
+				use_kerberos = CRED_AUTO_USE_KERBEROS;
 				break;
 			}
 			ntresult = cli_rpc_pipe_open_spnego(
 				cli, cmd_entry->table,
 				default_transport,
-				oid,
+				use_kerberos,
 				pipe_default_auth_level,
 				smbXcli_conn_remote_name(cli->conn),
 				get_cmdline_auth_info_domain(auth_info),
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 0e13a94c5a..e71b79398e 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2570,7 +2570,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
 	status = cli_rpc_pipe_open_spnego(conn->cli,
 					  &ndr_table_samr,
 					  NCACN_NP,
-					  GENSEC_OID_NTLMSSP,
+					  CRED_DONT_USE_KERBEROS,
 					  conn->auth_level,
 					  smbXcli_conn_remote_name(conn->cli->conn),
 					  domain_name,
@@ -2816,7 +2816,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
 	 * authenticated LSA pipe with sign & seal. */
 	result = cli_rpc_pipe_open_spnego
 		(conn->cli, &ndr_table_lsarpc, NCACN_NP,
-		 GENSEC_OID_NTLMSSP,
+		 CRED_DONT_USE_KERBEROS,
 		 conn->auth_level,
 		 smbXcli_conn_remote_name(conn->cli->conn),
 		 conn->cli->domain, conn->cli->user_name, conn->cli->password,