summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-02-13 01:35:35 +0100
committerGünther Deschner <gd@samba.org>2009-02-13 01:47:58 +0100
commit99b45f71ccb832b712af6badd28457edf351d0db (patch)
tree83e43d8d60c90403ae7d91b9f34a7753d4c94cf3
parent71632a16977a93968b0d520a491a52f635e611a1 (diff)
downloadsamba-99b45f71ccb832b712af6badd28457edf351d0db.tar.gz
samba-99b45f71ccb832b712af6badd28457edf351d0db.tar.bz2
samba-99b45f71ccb832b712af6badd28457edf351d0db.zip
s3-netlogon: implement _netr_ServerAuthenticate3.
Guenther
-rw-r--r--source3/rpc_server/srv_netlog_nt.c79
1 files changed, 56 insertions, 23 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 16d370ce6d..96e197929e 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -280,7 +280,8 @@ WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
gets a machine password entry. checks access rights of the host.
******************************************************************/
-static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct, uint16 sec_chan_type)
+static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct,
+ uint16_t sec_chan_type, uint32_t *rid)
{
struct samu *sampass = NULL;
const uint8 *pass;
@@ -376,6 +377,10 @@ static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct, uint16 sec_chan_ty
memcpy(md4pw, pass, 16);
dump_data(5, (uint8 *)md4pw, 16);
+ if (rid) {
+ *rid = pdb_get_user_rid(sampass);
+ }
+
TALLOC_FREE(sampass);
return NT_STATUS_OK;
@@ -435,7 +440,8 @@ NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
status = get_md4pw((char *)p->dc->mach_pw,
r->in.account_name,
- r->in.secure_channel_type);
+ r->in.secure_channel_type,
+ NULL);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("_netr_ServerAuthenticate: get_md4pw failed. Failed to "
"get password for machine account %s "
@@ -478,21 +484,33 @@ NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
}
/*************************************************************************
- _netr_ServerAuthenticate2
+ _netr_ServerAuthenticate3
*************************************************************************/
-NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
- struct netr_ServerAuthenticate2 *r)
+NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
+ struct netr_ServerAuthenticate3 *r)
{
NTSTATUS status;
uint32_t srv_flgs;
struct netr_Credential srv_chal_out;
+ const char *fn;
+
+ switch (p->hdr_req.opnum) {
+ case NDR_NETR_SERVERAUTHENTICATE2:
+ fn = "_netr_ServerAuthenticate2";
+ break;
+ case NDR_NETR_SERVERAUTHENTICATE3:
+ fn = "_netr_ServerAuthenticate3";
+ break;
+ default:
+ return NT_STATUS_INTERNAL_ERROR;
+ }
/* We use this as the key to store the creds: */
/* r->in.computer_name */
if (!p->dc || !p->dc->challenge_sent) {
- DEBUG(0,("_netr_ServerAuthenticate2: no challenge sent to client %s\n",
+ DEBUG(0,("%s: no challenge sent to client %s\n", fn,
r->in.computer_name));
return NT_STATUS_ACCESS_DENIED;
}
@@ -501,19 +519,20 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
((*r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
/* schannel must be used, but client did not offer it. */
- DEBUG(0,("_netr_ServerAuthenticate2: schannel required but client failed "
+ DEBUG(0,("%s: schannel required but client failed "
"to offer it. Client was %s\n",
- r->in.account_name));
+ fn, r->in.account_name));
return NT_STATUS_ACCESS_DENIED;
}
status = get_md4pw((char *)p->dc->mach_pw,
r->in.account_name,
- r->in.secure_channel_type);
+ r->in.secure_channel_type,
+ r->out.rid);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("_netr_ServerAuthenticate2: failed to get machine password for "
+ DEBUG(0,("%s: failed to get machine password for "
"account %s: %s\n",
- r->in.account_name, nt_errstr(status) ));
+ fn, r->in.account_name, nt_errstr(status) ));
/* always return NT_STATUS_ACCESS_DENIED */
return NT_STATUS_ACCESS_DENIED;
}
@@ -528,9 +547,9 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
/* Check client credentials are valid. */
if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
- DEBUG(0,("_netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth "
+ DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
"request from client %s machine account %s\n",
- r->in.computer_name,
+ fn, r->in.computer_name,
r->in.account_name));
return NT_STATUS_ACCESS_DENIED;
}
@@ -572,6 +591,30 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
}
/*************************************************************************
+ _netr_ServerAuthenticate2
+ *************************************************************************/
+
+NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
+ struct netr_ServerAuthenticate2 *r)
+{
+ struct netr_ServerAuthenticate3 a;
+ uint32_t rid;
+
+ a.in.server_name = r->in.server_name;
+ a.in.account_name = r->in.account_name;
+ a.in.secure_channel_type = r->in.secure_channel_type;
+ a.in.computer_name = r->in.computer_name;
+ a.in.credentials = r->in.credentials;
+ a.in.negotiate_flags = r->in.negotiate_flags;
+
+ a.out.return_credentials = r->out.return_credentials;
+ a.out.rid = &rid;
+ a.out.negotiate_flags = r->out.negotiate_flags;
+
+ return _netr_ServerAuthenticate3(p, &a);
+}
+
+/*************************************************************************
_netr_ServerPasswordSet
*************************************************************************/
@@ -1216,16 +1259,6 @@ WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
/****************************************************************
****************************************************************/
-NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
- struct netr_ServerAuthenticate3 *r)
-{
- p->rng_fault_state = true;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
struct netr_DsRGetDCNameEx *r)
{