From 4ead84244710f2f70a3ff4db37fc06ca6b4e1b7b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 17 Sep 2024 04:23:40 +0200
Subject: [PATCH] s3:rpc_client: split out cli_rpc_pipe_client_auth_schannel()

This will allow us to use it without creating a new
association group and transport connection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 14fe854ec5379c422e805cde6ed6290f86ad66db)
---
 source3/rpc_client/cli_pipe.c | 72 ++++++++++++++++++++++-------------
 source3/rpc_client/cli_pipe.h |  4 ++
 2 files changed, 49 insertions(+), 27 deletions(-)

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 143a9113833..e231d5875a5 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -4266,40 +4266,27 @@ NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
 	return status;
 }
 
-NTSTATUS cli_rpc_pipe_open_bind_schannel(
-	struct cli_state *cli,
+NTSTATUS cli_rpc_pipe_client_auth_schannel(
+	struct rpc_pipe_client *rpccli,
 	const struct ndr_interface_table *table,
-	enum dcerpc_transport_t transport,
-	struct netlogon_creds_cli_context *netlogon_creds,
-	const char *remote_name,
-	const struct sockaddr_storage *remote_sockaddr,
-	struct rpc_pipe_client **_rpccli)
+	struct netlogon_creds_cli_context *netlogon_creds)
 {
-	struct rpc_pipe_client *rpccli;
-	struct pipe_auth_data *rpcauth;
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct pipe_auth_data *rpcauth = NULL;
 	const char *target_service = table->authservices->names[0];
-	struct cli_credentials *cli_creds;
+	struct cli_credentials *cli_creds = NULL;
 	enum dcerpc_AuthLevel auth_level;
 	NTSTATUS status;
 
-	status = cli_rpc_pipe_open(cli,
-				   transport,
-				   table,
-				   remote_name,
-				   remote_sockaddr,
-				   &rpccli);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	auth_level = netlogon_creds_cli_auth_level(netlogon_creds);
 
-	status = netlogon_creds_bind_cli_credentials(
-		netlogon_creds, rpccli, &cli_creds);
+	status = netlogon_creds_bind_cli_credentials(netlogon_creds,
+						     frame,
+						     &cli_creds);
 	if (!NT_STATUS_IS_OK(status)) {
 		DBG_DEBUG("netlogon_creds_bind_cli_credentials failed: %s\n",
 			  nt_errstr(status));
-		TALLOC_FREE(rpccli);
+		TALLOC_FREE(frame);
 		return status;
 	}
 
@@ -4313,16 +4300,47 @@ NTSTATUS cli_rpc_pipe_open_bind_schannel(
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, ("rpccli_generic_bind_data_from_creds returned %s\n",
 			  nt_errstr(status)));
-		TALLOC_FREE(rpccli);
+		TALLOC_FREE(frame);
 		return status;
 	}
 
 	status = rpc_pipe_bind(rpccli, rpcauth);
+	if (!NT_STATUS_IS_OK(status)) {
+		DBG_DEBUG("rpc_pipe_bind failed with error %s\n",
+			  nt_errstr(status));
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
+NTSTATUS cli_rpc_pipe_open_bind_schannel(
+	struct cli_state *cli,
+	const struct ndr_interface_table *table,
+	enum dcerpc_transport_t transport,
+	struct netlogon_creds_cli_context *netlogon_creds,
+	const char *remote_name,
+	const struct sockaddr_storage *remote_sockaddr,
+	struct rpc_pipe_client **_rpccli)
+{
+	struct rpc_pipe_client *rpccli = NULL;
+	NTSTATUS status;
 
-	/* No TALLOC_FREE, gensec takes references */
-	talloc_unlink(rpccli, cli_creds);
-	cli_creds = NULL;
+	status = cli_rpc_pipe_open(cli,
+				   transport,
+				   table,
+				   remote_name,
+				   remote_sockaddr,
+				   &rpccli);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
+	status = cli_rpc_pipe_client_auth_schannel(rpccli,
+						   table,
+						   netlogon_creds);
 	if (!NT_STATUS_IS_OK(status)) {
 		DBG_DEBUG("rpc_pipe_bind failed with error %s\n",
 			  nt_errstr(status));
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 006a30684b0..2639cba884f 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -109,6 +109,10 @@ NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
 				      struct cli_credentials *creds,
 				      struct rpc_pipe_client **presult);
 
+NTSTATUS cli_rpc_pipe_client_auth_schannel(
+	struct rpc_pipe_client *rpccli,
+	const struct ndr_interface_table *table,
+	struct netlogon_creds_cli_context *netlogon_creds);
 NTSTATUS cli_rpc_pipe_open_bind_schannel(
 	struct cli_state *cli,
 	const struct ndr_interface_table *table,
-- 
2.47.2