summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-04-09 14:26:04 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-04-14 16:23:45 +1000
commitd78cdc5fe2e45b5f447a3ed90d33a10f7cda831a (patch)
tree4a9cdec5d51c1304b849d35b5c8bc3bdf6e1d020
parent1cee31f5889d7b7f8a365a83426b29e804684f9f (diff)
downloadsamba-d78cdc5fe2e45b5f447a3ed90d33a10f7cda831a.tar.gz
samba-d78cdc5fe2e45b5f447a3ed90d33a10f7cda831a.tar.bz2
samba-d78cdc5fe2e45b5f447a3ed90d33a10f7cda831a.zip
Rework to use new API for common netlogon credential chaining
-rw-r--r--source4/auth/gensec/schannel.c2
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c30
2 files changed, 19 insertions, 13 deletions
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index b71748943b..08fce2f049 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -171,7 +171,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
}
/**
- * Return the struct creds_CredentialState.
+ * Return the struct netlogon_creds_CredentialState.
*
* Make sure not to call this unless gensec is using schannel...
*/
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 05f39f7817..b17ab86e26 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -240,8 +240,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
}
creds = netlogon_creds_server_init(mem_ctx,
- r->in.computer_name,
r->in.account_name,
+ r->in.computer_name,
r->in.secure_channel_type,
&pipe_state->client_challenge,
&pipe_state->server_challenge,
@@ -325,15 +325,17 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_ca
*/
static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dce_call,
- const char *computer_name,
TALLOC_CTX *mem_ctx,
+ const char *computer_name,
struct netr_Authenticator *received_authenticator,
struct netr_Authenticator *return_authenticator,
struct netlogon_creds_CredentialState **creds_out)
{
NTSTATUS nt_status;
struct ldb_context *ldb;
- bool schannel_in_use = dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL
+ bool schannel_global_required = false; /* Should be lp_schannel_server() == true */
+ bool schannel_in_use = dce_call->conn->auth_state.auth_info
+ && dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL
&& (dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY
|| dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY);
@@ -341,10 +343,10 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
if (!ldb) {
return NT_STATUS_ACCESS_DENIED;
}
-
nt_status = schannel_creds_server_step_check(ldb, mem_ctx,
- schannel_in_use,
computer_name,
+ schannel_global_required,
+ schannel_in_use,
received_authenticator,
return_authenticator, creds_out);
talloc_free(ldb);
@@ -364,7 +366,8 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
NTSTATUS nt_status;
nt_status = dcesrv_netr_creds_server_step_check(dce_call,
- r->in.computer_name, mem_ctx,
+ mem_ctx,
+ r->in.computer_name,
r->in.credential, r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -401,7 +404,8 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
struct samr_CryptPassword password_buf;
nt_status = dcesrv_netr_creds_server_step_check(dce_call,
- r->in.computer_name, mem_ctx,
+ mem_ctx,
+ r->in.computer_name,
r->in.credential, r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -703,7 +707,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
nt_status = dcesrv_netr_creds_server_step_check(dce_call,
- r->in.computer_name, mem_ctx,
+ mem_ctx,
+ r->in.computer_name,
r->in.credential, return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -1070,10 +1075,11 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
const char *local_domain;
status = dcesrv_netr_creds_server_step_check(dce_call,
- r->in.computer_name, mem_ctx,
- r->in.credential,
- r->out.return_authenticator,
- NULL);
+ mem_ctx,
+ r->in.computer_name,
+ r->in.credential,
+ r->out.return_authenticator,
+ NULL);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,(__location__ " Bad credentials - error\n"));
}