s3/cli_netlogon: remove SEC_CHAN_NULL fallback from rpccli_connect_netlogon()

The caller should handle secure-channel-type SEC_CHAN_NULL. The previous
commit already added handling of SEC_CHAN_NULL to
cm_connect_netlogon_transport.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13167

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index a7676efb055de743004196b20068ca6a13d6d27c..a67b6928ebf0247482c33aa4630243532324f570 100644 (file)
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -285,7 +285,7 @@ NTSTATUS rpccli_connect_netlogon(
        struct netlogon_creds_CredentialState *creds = NULL;
        enum netlogon_creds_cli_lck_type lck_type;
        enum netr_SchannelType sec_chan_type;
-       struct netlogon_creds_cli_lck *lck;
+       struct netlogon_creds_cli_lck *lck = NULL;
        uint32_t negotiate_flags;
        uint8_t found_session_key[16] = {0};
        bool found_existing_creds = false;
@@ -294,6 +294,13 @@ NTSTATUS rpccli_connect_netlogon(
        NTSTATUS status;
        bool retry = false;
 
+       sec_chan_type = cli_credentials_get_secure_channel_type(trust_creds);
+       if (sec_chan_type == SEC_CHAN_NULL) {
+               DBG_ERR("secure_channel_type gave SEC_CHAN_NULL\n");
+               status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+               goto fail;
+       }
+
 again:
 
        /*
@@ -378,35 +385,6 @@ again:
                goto fail;
        }
 
-       sec_chan_type = cli_credentials_get_secure_channel_type(trust_creds);
-       if (sec_chan_type == SEC_CHAN_NULL) {
-               if (transport == NCACN_IP_TCP) {
-                       DBG_NOTICE("secure_channel_type gave SEC_CHAN_NULL "
-                                  "for %s, deny NCACN_IP_TCP and let the "
-                                  "caller fallback to NCACN_NP.\n",
-                                  netlogon_creds_cli_debug_string(
-                                          creds_ctx, frame));
-                       status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-                       goto fail;
-               }
-
-               DBG_NOTICE("get_secure_channel_type gave SEC_CHAN_NULL "
-                          "for %s, fallback to noauth on NCACN_NP.\n",
-                          netlogon_creds_cli_debug_string(
-                                  creds_ctx, frame));
-
-               TALLOC_FREE(lck);
-
-               status = cli_rpc_pipe_open_noauth_transport(
-                       cli, transport, &ndr_table_netlogon, &rpccli);
-               if (!NT_STATUS_IS_OK(status)) {
-                       DBG_DEBUG("cli_rpc_pipe_open_noauth_transport "
-                                 "failed: %s\n", nt_errstr(status));
-                       goto fail;
-               }
-               goto done;
-       }
-
        status = rpccli_setup_netlogon_creds_locked(
                cli, transport, creds_ctx, true, trust_creds,
                &negotiate_flags);