summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-09-08 15:31:01 +0200
committerGünther Deschner <gd@samba.org>2009-09-08 17:07:03 +0200
commit3984738646eaa91c9d03b28f8a535d6eed79c0be (patch)
tree269161e559524d8252b05395cda90949a24a2617 /source3/rpc_server
parentde0bf36493ada3d815d4ee03ddb90e9949d4316b (diff)
downloadsamba-3984738646eaa91c9d03b28f8a535d6eed79c0be.tar.gz
samba-3984738646eaa91c9d03b28f8a535d6eed79c0be.tar.bz2
samba-3984738646eaa91c9d03b28f8a535d6eed79c0be.zip
s3-rpc_server: use NL_AUTH_MESSAGE in pipe_schannel_auth_bind().
Guenther
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_pipe.c29
1 files changed, 23 insertions, 6 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index bf55d47d0a..e42c81ed4f 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -29,6 +29,7 @@
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/ndr_schannel.h"
extern struct current_user current_user;
@@ -1326,28 +1327,44 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
RPC_HDR_AUTH *pauth_info, prs_struct *pout_auth)
{
RPC_HDR_AUTH auth_info;
- RPC_AUTH_SCHANNEL_NEG neg;
+ struct NL_AUTH_MESSAGE neg;
RPC_AUTH_VERIFIER auth_verifier;
bool ret;
NTSTATUS status;
struct netlogon_creds_CredentialState *creds;
uint32 flags;
DATA_BLOB session_key;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+
+ blob = data_blob_const(prs_data_p(rpc_in_p) + prs_offset(rpc_in_p),
+ prs_data_size(rpc_in_p));
- if (!smb_io_rpc_auth_schannel_neg("", &neg, rpc_in_p, 0)) {
+ ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &neg,
+ (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n"));
- return False;
+ return false;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &neg);
+ }
+
+ if (!(neg.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME)) {
+ DEBUG(0,("pipe_schannel_auth_bind: Did not receive netbios computer name\n"));
+ return false;
}
/*
- * The neg.myname key here must match the remote computer name
+ * The neg.oem_netbios_computer.a key here must match the remote computer name
* given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe
* operations that use credentials.
*/
become_root();
status = schannel_fetch_session_key(p->mem_ctx,
- neg.myname,
+ neg.oem_netbios_computer.a,
&creds);
unbecome_root();
@@ -1419,7 +1436,7 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
}
DEBUG(10,("pipe_schannel_auth_bind: schannel auth: domain [%s] myname [%s]\n",
- neg.domain, neg.myname));
+ neg.oem_netbios_domain.a, neg.oem_netbios_computer.a));
/* We're finished with this bind - no more packets. */
p->auth.auth_data_free_func = NULL;