s3:rpc_client: split out cli_rpc_pipe_client_auth_schannel()

author Stefan Metzmacher <metze@samba.org>

Tue, 17 Sep 2024 02:23:40 +0000 (04:23 +0200)

committer Jule Anger <janger@samba.org>

Thu, 12 Jun 2025 11:27:15 +0000 (11:27 +0000)
author Stefan Metzmacher <metze@samba.org>
Tue, 17 Sep 2024 02:23:40 +0000 (04:23 +0200)
committer Jule Anger <janger@samba.org>
Thu, 12 Jun 2025 11:27:15 +0000 (11:27 +0000)
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c

index 143a91138331a57c72590faf0a8e5820fd41a358..e231d5875a52462344ba3d67c3e7fdb30871523b 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -4266,40 +4266,27 @@ NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
         return status;
  }
  
-NTSTATUS cli_rpc_pipe_open_bind_schannel(
-       struct cli_state *cli,
+NTSTATUS cli_rpc_pipe_client_auth_schannel(
+       struct rpc_pipe_client *rpccli,
         const struct ndr_interface_table *table,
-       enum dcerpc_transport_t transport,
-       struct netlogon_creds_cli_context *netlogon_creds,
-       const char *remote_name,
-       const struct sockaddr_storage *remote_sockaddr,
-       struct rpc_pipe_client **_rpccli)
+       struct netlogon_creds_cli_context *netlogon_creds)
  {
-       struct rpc_pipe_client *rpccli;
-       struct pipe_auth_data *rpcauth;
+       TALLOC_CTX *frame = talloc_stackframe();
+       struct pipe_auth_data *rpcauth = NULL;
         const char *target_service = table->authservices->names[0];
-       struct cli_credentials *cli_creds;
+       struct cli_credentials *cli_creds = NULL;
         enum dcerpc_AuthLevel auth_level;
         NTSTATUS status;
  
-       status = cli_rpc_pipe_open(cli,
-                                  transport,
-                                  table,
-                                  remote_name,
-                                  remote_sockaddr,
-                                  &rpccli);
-       if (!NT_STATUS_IS_OK(status)) {
-               return status;
-       }
-
         auth_level = netlogon_creds_cli_auth_level(netlogon_creds);
  
-       status = netlogon_creds_bind_cli_credentials(
-               netlogon_creds, rpccli, &cli_creds);
+       status = netlogon_creds_bind_cli_credentials(netlogon_creds,
+                                                    frame,
+                                                    &cli_creds);
         if (!NT_STATUS_IS_OK(status)) {
                 DBG_DEBUG("netlogon_creds_bind_cli_credentials failed: %s\n",
                           nt_errstr(status));
-               TALLOC_FREE(rpccli);
+               TALLOC_FREE(frame);
                 return status;
         }
  
@@ -4313,16 +4300,47 @@ NTSTATUS cli_rpc_pipe_open_bind_schannel(
         if (!NT_STATUS_IS_OK(status)) {
                 DEBUG(0, ("rpccli_generic_bind_data_from_creds returned %s\n",
                           nt_errstr(status)));
-               TALLOC_FREE(rpccli);
+               TALLOC_FREE(frame);
                 return status;
         }
  
         status = rpc_pipe_bind(rpccli, rpcauth);
+       if (!NT_STATUS_IS_OK(status)) {
+               DBG_DEBUG("rpc_pipe_bind failed with error %s\n",
+                         nt_errstr(status));
+               TALLOC_FREE(frame);
+               return status;
+       }
+
+       TALLOC_FREE(frame);
+       return NT_STATUS_OK;
+}
+
+NTSTATUS cli_rpc_pipe_open_bind_schannel(
+       struct cli_state *cli,
+       const struct ndr_interface_table *table,
+       enum dcerpc_transport_t transport,
+       struct netlogon_creds_cli_context *netlogon_creds,
+       const char *remote_name,
+       const struct sockaddr_storage *remote_sockaddr,
+       struct rpc_pipe_client **_rpccli)
+{
+       struct rpc_pipe_client *rpccli = NULL;
+       NTSTATUS status;
  
-       /* No TALLOC_FREE, gensec takes references */
-       talloc_unlink(rpccli, cli_creds);
-       cli_creds = NULL;
+       status = cli_rpc_pipe_open(cli,
+                                  transport,
+                                  table,
+                                  remote_name,
+                                  remote_sockaddr,
+                                  &rpccli);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
  
+       status = cli_rpc_pipe_client_auth_schannel(rpccli,
+                                                  table,
+                                                  netlogon_creds);
         if (!NT_STATUS_IS_OK(status)) {
                 DBG_DEBUG("rpc_pipe_bind failed with error %s\n",
                           nt_errstr(status));
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h

index 006a30684b0a40b3da1b8ba6cbb700e0c2caff61..2639cba884f067d64f4192ce94dbe79551dd608b 100644 (file)
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -109,6 +109,10 @@ NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
                                       struct cli_credentials *creds,
                                       struct rpc_pipe_client **presult);
  
+NTSTATUS cli_rpc_pipe_client_auth_schannel(
+       struct rpc_pipe_client *rpccli,
+       const struct ndr_interface_table *table,
+       struct netlogon_creds_cli_context *netlogon_creds);
  NTSTATUS cli_rpc_pipe_open_bind_schannel(
         struct cli_state *cli,
         const struct ndr_interface_table *table,
author	Stefan Metzmacher <metze@samba.org>
	Tue, 17 Sep 2024 02:23:40 +0000 (04:23 +0200)
committer	Jule Anger <janger@samba.org>
	Thu, 12 Jun 2025 11:27:15 +0000 (11:27 +0000)
source3/rpc_client/cli_pipe.c		patch \| blob \| blame \| history
source3/rpc_client/cli_pipe.h		patch \| blob \| blame \| history