summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2008-02-15 21:41:16 +0100
committerGünther Deschner <gd@samba.org>2008-02-15 21:41:38 +0100
commitc9f1f3d5ff07224e0da3df759215e7680893812e (patch)
treea2b0f63c53459e0aa1e6a7c329eacccaee4f72f2 /source3
parent55b2292abace1d12b04fb47a61daab26923f887c (diff)
downloadsamba-c9f1f3d5ff07224e0da3df759215e7680893812e.tar.gz
samba-c9f1f3d5ff07224e0da3df759215e7680893812e.tar.bz2
samba-c9f1f3d5ff07224e0da3df759215e7680893812e.zip
Use pidl for _netr_ServerAuthenticate2().
Guenther (This used to be commit 5d81cc136bcd8f53bedea6de5380b1147862c391)
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_server/srv_netlog.c24
-rw-r--r--source3/rpc_server/srv_netlog_nt.c88
2 files changed, 34 insertions, 78 deletions
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 7f67fe51f0..719cdff41c 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -73,29 +73,7 @@ static bool api_net_auth(pipes_struct *p)
static bool api_net_auth_2(pipes_struct *p)
{
- NET_Q_AUTH_2 q_u;
- NET_R_AUTH_2 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the challenge... */
- if(!net_io_q_auth_2("", &q_u, data, 0)) {
- DEBUG(0,("api_net_auth_2: Failed to unmarshall NET_Q_AUTH_2.\n"));
- return False;
- }
-
- r_u.status = _net_auth_2(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!net_io_r_auth_2("", &r_u, rdata, 0)) {
- DEBUG(0,("api_net_auth_2: Failed to marshall NET_R_AUTH_2.\n"));
- return False;
- }
-
- return True;
+ return proxy_netr_call(p, NDR_NETR_SERVERAUTHENTICATE2);
}
/*************************************************************************
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 2b4921921f..c11ada2461 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -457,63 +457,48 @@ NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
}
/*************************************************************************
- init_net_r_auth_2:
+ _netr_ServerAuthenticate2
*************************************************************************/
-static void init_net_r_auth_2(NET_R_AUTH_2 *r_a,
- DOM_CHAL *resp_cred, NEG_FLAGS *flgs, NTSTATUS status)
-{
- memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
- memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs));
- r_a->status = status;
-}
-
-/*************************************************************************
- _net_auth_2
- *************************************************************************/
-
-NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
+NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
+ struct netr_ServerAuthenticate2 *r)
{
NTSTATUS status;
- NEG_FLAGS srv_flgs;
- fstring mach_acct;
- fstring remote_machine;
+ uint32_t srv_flgs;
DOM_CHAL srv_chal_out;
- rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),
- q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
-
- /* We use this as the key to store the creds. */
- rpcstr_pull(remote_machine, q_u->clnt_id.uni_comp_name.buffer,sizeof(fstring),
- q_u->clnt_id.uni_comp_name.uni_str_len*2,0);
+ /* We use this as the key to store the creds: */
+ /* r->in.computer_name */
if (!p->dc || !p->dc->challenge_sent) {
- DEBUG(0,("_net_auth2: no challenge sent to client %s\n",
- remote_machine ));
+ DEBUG(0,("_netr_ServerAuthenticate2: no challenge sent to client %s\n",
+ r->in.computer_name));
return NT_STATUS_ACCESS_DENIED;
}
- if ( (lp_server_schannel() == True) &&
- ((q_u->clnt_flgs.neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
+ if ( (lp_server_schannel() == true) &&
+ ((*r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
/* schannel must be used, but client did not offer it. */
- DEBUG(0,("_net_auth2: schannel required but client failed "
+ DEBUG(0,("_netr_ServerAuthenticate2: schannel required but client failed "
"to offer it. Client was %s\n",
- mach_acct ));
+ r->in.account_name));
return NT_STATUS_ACCESS_DENIED;
}
- status = get_md4pw((char *)p->dc->mach_pw, mach_acct, q_u->clnt_id.sec_chan);
+ status = get_md4pw((char *)p->dc->mach_pw,
+ r->in.account_name,
+ r->in.secure_channel_type);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("_net_auth2: failed to get machine password for "
+ DEBUG(0,("_netr_ServerAuthenticate2: failed to get machine password for "
"account %s: %s\n",
- mach_acct, nt_errstr(status) ));
+ r->in.account_name, nt_errstr(status) ));
/* always return NT_STATUS_ACCESS_DENIED */
return NT_STATUS_ACCESS_DENIED;
}
/* From the client / server challenges and md4 password, generate sess key */
- creds_server_init(q_u->clnt_flgs.neg_flags,
+ creds_server_init(*r->in.negotiate_flags,
p->dc,
&p->dc->clnt_chal, /* Stored client chal. */
&p->dc->srv_chal, /* Stored server chal. */
@@ -521,24 +506,27 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
&srv_chal_out);
/* Check client credentials are valid. */
- if (!creds_server_check(p->dc, &q_u->clnt_chal)) {
- DEBUG(0,("_net_auth2: creds_server_check failed. Rejecting auth "
+ if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
+ DEBUG(0,("_netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth "
"request from client %s machine account %s\n",
- remote_machine, mach_acct ));
+ r->in.computer_name,
+ r->in.account_name));
return NT_STATUS_ACCESS_DENIED;
}
- srv_flgs.neg_flags = 0x000001ff;
+ srv_flgs = 0x000001ff;
- if (lp_server_schannel() != False) {
- srv_flgs.neg_flags |= NETLOGON_NEG_SCHANNEL;
+ if (lp_server_schannel() != false) {
+ srv_flgs |= NETLOGON_NEG_SCHANNEL;
}
/* set up the LSA AUTH 2 response */
- init_net_r_auth_2(r_u, &srv_chal_out, &srv_flgs, NT_STATUS_OK);
+ memcpy(r->out.credentials->data, &srv_chal_out.data,
+ sizeof(r->out.credentials->data));
+ *r->out.negotiate_flags = srv_flgs;
- fstrcpy(p->dc->mach_acct, mach_acct);
- fstrcpy(p->dc->remote_machine, remote_machine);
+ fstrcpy(p->dc->mach_acct, r->in.account_name);
+ fstrcpy(p->dc->remote_machine, r->in.computer_name);
fstrcpy(p->dc->domain, lp_workgroup() );
p->dc->authenticated = True;
@@ -546,11 +534,11 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
/* Store off the state so we can continue after client disconnect. */
become_root();
secrets_store_schannel_session_info(p->mem_ctx,
- remote_machine,
- p->dc);
+ r->in.computer_name,
+ p->dc);
unbecome_root();
- return r_u->status;
+ return NT_STATUS_OK;
}
/*************************************************************************
@@ -1313,16 +1301,6 @@ WERROR _netr_GetAnyDCName(pipes_struct *p,
/****************************************************************
****************************************************************/
-NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
- struct netr_ServerAuthenticate2 *r)
-{
- p->rng_fault_state = true;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
struct netr_DatabaseSync2 *r)
{