diff options
author | Günther Deschner <gd@samba.org> | 2009-02-13 01:35:35 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-02-13 01:47:58 +0100 |
commit | 99b45f71ccb832b712af6badd28457edf351d0db (patch) | |
tree | 83e43d8d60c90403ae7d91b9f34a7753d4c94cf3 /source3/rpc_server | |
parent | 71632a16977a93968b0d520a491a52f635e611a1 (diff) | |
download | samba-99b45f71ccb832b712af6badd28457edf351d0db.tar.gz samba-99b45f71ccb832b712af6badd28457edf351d0db.tar.bz2 samba-99b45f71ccb832b712af6badd28457edf351d0db.zip |
s3-netlogon: implement _netr_ServerAuthenticate3.
Guenther
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 79 |
1 files changed, 56 insertions, 23 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 16d370ce6d..96e197929e 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -280,7 +280,8 @@ WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p, gets a machine password entry. checks access rights of the host. ******************************************************************/ -static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct, uint16 sec_chan_type) +static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct, + uint16_t sec_chan_type, uint32_t *rid) { struct samu *sampass = NULL; const uint8 *pass; @@ -376,6 +377,10 @@ static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct, uint16 sec_chan_ty memcpy(md4pw, pass, 16); dump_data(5, (uint8 *)md4pw, 16); + if (rid) { + *rid = pdb_get_user_rid(sampass); + } + TALLOC_FREE(sampass); return NT_STATUS_OK; @@ -435,7 +440,8 @@ NTSTATUS _netr_ServerAuthenticate(pipes_struct *p, status = get_md4pw((char *)p->dc->mach_pw, r->in.account_name, - r->in.secure_channel_type); + r->in.secure_channel_type, + NULL); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("_netr_ServerAuthenticate: get_md4pw failed. Failed to " "get password for machine account %s " @@ -478,21 +484,33 @@ NTSTATUS _netr_ServerAuthenticate(pipes_struct *p, } /************************************************************************* - _netr_ServerAuthenticate2 + _netr_ServerAuthenticate3 *************************************************************************/ -NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, - struct netr_ServerAuthenticate2 *r) +NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, + struct netr_ServerAuthenticate3 *r) { NTSTATUS status; uint32_t srv_flgs; struct netr_Credential srv_chal_out; + const char *fn; + + switch (p->hdr_req.opnum) { + case NDR_NETR_SERVERAUTHENTICATE2: + fn = "_netr_ServerAuthenticate2"; + break; + case NDR_NETR_SERVERAUTHENTICATE3: + fn = "_netr_ServerAuthenticate3"; + break; + default: + return NT_STATUS_INTERNAL_ERROR; + } /* We use this as the key to store the creds: */ /* r->in.computer_name */ if (!p->dc || !p->dc->challenge_sent) { - DEBUG(0,("_netr_ServerAuthenticate2: no challenge sent to client %s\n", + DEBUG(0,("%s: no challenge sent to client %s\n", fn, r->in.computer_name)); return NT_STATUS_ACCESS_DENIED; } @@ -501,19 +519,20 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, ((*r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) { /* schannel must be used, but client did not offer it. */ - DEBUG(0,("_netr_ServerAuthenticate2: schannel required but client failed " + DEBUG(0,("%s: schannel required but client failed " "to offer it. Client was %s\n", - r->in.account_name)); + fn, r->in.account_name)); return NT_STATUS_ACCESS_DENIED; } status = get_md4pw((char *)p->dc->mach_pw, r->in.account_name, - r->in.secure_channel_type); + r->in.secure_channel_type, + r->out.rid); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("_netr_ServerAuthenticate2: failed to get machine password for " + DEBUG(0,("%s: failed to get machine password for " "account %s: %s\n", - r->in.account_name, nt_errstr(status) )); + fn, r->in.account_name, nt_errstr(status) )); /* always return NT_STATUS_ACCESS_DENIED */ return NT_STATUS_ACCESS_DENIED; } @@ -528,9 +547,9 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, /* Check client credentials are valid. */ if (!netlogon_creds_server_check(p->dc, r->in.credentials)) { - DEBUG(0,("_netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth " + DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth " "request from client %s machine account %s\n", - r->in.computer_name, + fn, r->in.computer_name, r->in.account_name)); return NT_STATUS_ACCESS_DENIED; } @@ -572,6 +591,30 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, } /************************************************************************* + _netr_ServerAuthenticate2 + *************************************************************************/ + +NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, + struct netr_ServerAuthenticate2 *r) +{ + struct netr_ServerAuthenticate3 a; + uint32_t rid; + + a.in.server_name = r->in.server_name; + a.in.account_name = r->in.account_name; + a.in.secure_channel_type = r->in.secure_channel_type; + a.in.computer_name = r->in.computer_name; + a.in.credentials = r->in.credentials; + a.in.negotiate_flags = r->in.negotiate_flags; + + a.out.return_credentials = r->out.return_credentials; + a.out.rid = &rid; + a.out.negotiate_flags = r->out.negotiate_flags; + + return _netr_ServerAuthenticate3(p, &a); +} + +/************************************************************************* _netr_ServerPasswordSet *************************************************************************/ @@ -1216,16 +1259,6 @@ WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p, /**************************************************************** ****************************************************************/ -NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, - struct netr_ServerAuthenticate3 *r) -{ - p->rng_fault_state = true; - return NT_STATUS_NOT_IMPLEMENTED; -} - -/**************************************************************** -****************************************************************/ - WERROR _netr_DsRGetDCNameEx(pipes_struct *p, struct netr_DsRGetDCNameEx *r) { |