diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-04-09 14:26:04 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-04-14 16:23:45 +1000 |
commit | d78cdc5fe2e45b5f447a3ed90d33a10f7cda831a (patch) | |
tree | 4a9cdec5d51c1304b849d35b5c8bc3bdf6e1d020 | |
parent | 1cee31f5889d7b7f8a365a83426b29e804684f9f (diff) | |
download | samba-d78cdc5fe2e45b5f447a3ed90d33a10f7cda831a.tar.gz samba-d78cdc5fe2e45b5f447a3ed90d33a10f7cda831a.tar.bz2 samba-d78cdc5fe2e45b5f447a3ed90d33a10f7cda831a.zip |
Rework to use new API for common netlogon credential chaining
-rw-r--r-- | source4/auth/gensec/schannel.c | 2 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 30 |
2 files changed, 19 insertions, 13 deletions
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index b71748943b..08fce2f049 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -171,7 +171,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ } /** - * Return the struct creds_CredentialState. + * Return the struct netlogon_creds_CredentialState. * * Make sure not to call this unless gensec is using schannel... */ diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 05f39f7817..b17ab86e26 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -240,8 +240,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca } creds = netlogon_creds_server_init(mem_ctx, - r->in.computer_name, r->in.account_name, + r->in.computer_name, r->in.secure_channel_type, &pipe_state->client_challenge, &pipe_state->server_challenge, @@ -325,15 +325,17 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_ca */ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dce_call, - const char *computer_name, TALLOC_CTX *mem_ctx, + const char *computer_name, struct netr_Authenticator *received_authenticator, struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out) { NTSTATUS nt_status; struct ldb_context *ldb; - bool schannel_in_use = dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL + bool schannel_global_required = false; /* Should be lp_schannel_server() == true */ + bool schannel_in_use = dce_call->conn->auth_state.auth_info + && dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL && (dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY || dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY); @@ -341,10 +343,10 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc if (!ldb) { return NT_STATUS_ACCESS_DENIED; } - nt_status = schannel_creds_server_step_check(ldb, mem_ctx, - schannel_in_use, computer_name, + schannel_global_required, + schannel_in_use, received_authenticator, return_authenticator, creds_out); talloc_free(ldb); @@ -364,7 +366,8 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call NTSTATUS nt_status; nt_status = dcesrv_netr_creds_server_step_check(dce_call, - r->in.computer_name, mem_ctx, + mem_ctx, + r->in.computer_name, r->in.credential, r->out.return_authenticator, &creds); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -401,7 +404,8 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal struct samr_CryptPassword password_buf; nt_status = dcesrv_netr_creds_server_step_check(dce_call, - r->in.computer_name, mem_ctx, + mem_ctx, + r->in.computer_name, r->in.credential, r->out.return_authenticator, &creds); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -703,7 +707,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce NT_STATUS_HAVE_NO_MEMORY(return_authenticator); nt_status = dcesrv_netr_creds_server_step_check(dce_call, - r->in.computer_name, mem_ctx, + mem_ctx, + r->in.computer_name, r->in.credential, return_authenticator, &creds); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -1070,10 +1075,11 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal const char *local_domain; status = dcesrv_netr_creds_server_step_check(dce_call, - r->in.computer_name, mem_ctx, - r->in.credential, - r->out.return_authenticator, - NULL); + mem_ctx, + r->in.computer_name, + r->in.credential, + r->out.return_authenticator, + NULL); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,(__location__ " Bad credentials - error\n")); } |